IPv6 Internet Connectivity - Internet Connectivity - CCNP Routing and Switching ROUTE 300-101 Official Cert Guide (2015)

CCNP Routing and Switching ROUTE 300-101 Official Cert Guide (2015)

Part IV. Internet Connectivity

Chapter 15. IPv6 Internet Connectivity

This chapter covers the following subjects:

Image IPv6 Internet Connections: This section examines how to configure a single-homed connection to an Internet service provider (ISP) using IPv6 on your Internet-facing router.

Image BGP Support for IPv6: This section discusses how Multiprotocol BGP (MP-BGP) can be used to support the routing of both IPv4 and IPv6 networks. Two configuration approaches are demonstrated, followed by a look at route filtering and influencing outbound path selection.

For decades, enterprise networks have connected to the Internet through IPv4 connections. However, with IPv6’s growing popularity, those IPv4 Internet connections are being joined by (and in some cases, replaced by) IPv6 Internet connections.

This chapter begins its look at IPv6 Internet connectivity by considering a single-homed Internet connection. With a single-homed connection, an enterprise’s Internet-facing router probably does not need to learn IPv6 routes through BGP from its ISP. Instead, that enterprise router could be configured with an IPv6 address and point to the IPv6 address of the ISP’s router, using a default static route. This chapter begins by discussing how that IPv6 address could be assigned to the enterprise’s Internet-facing router.

When an enterprise has more than one connection to the Internet, the use of default static routes might not be sufficient. Fortunately, an update to Border Gateway Protocol version 4 (BGP-4), called Multiprotocol BGP (MP-BGP), allows the advertisement of both IPv4 and IPv6 networks. This chapter demonstrates two approaches to MP-BGP configuration. Specifically, you will see how both IPv4 and IPv6 routes can be advertised over a single IPv4 BGP session. Then, you will see how IPv6 routes can use their own IPv6 BGP session, while IPv4 routes use their own IPv4 BGP session. Finally, this chapter looks at how to perform route filtering with MP-BGP and how to influence outbound path selection using the Local Preference attribute.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. If you miss no more than one of these seven self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks” section. Table 15-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those headings so that you can assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A.

Image

Table 15-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

1. Which of the following methods of address assignment can assign a collection of IPv6 networks to a router, which could then assign those IPv6 networks to its various interfaces?

a. Stateful DHCPv6

b. DHCPv6-PD

c. SLAAC

d. Stateless SLAAC

2. Identify the command used to create an IPv6 default static route.

a. ipv6 route ::0 next_hop_ipv6_address

b. ipv6 route 0/128 next_hop_ipv6_address

c. ipv6 route 0/0 next_hop_ipv6_address

d. ipv6 route ::/0 next_hop_ipv6_address

3. Select the implicit instructions that reside at the bottom of an IPv6 ACL. (Choose all that apply.)

a. permit icmp any any nd-na

b. deny ipv6 any any

c. permit icmp any any na-ns

d. permit icmp any any nd-ns

4. You are configuring IPv6 routing over an IPv4 BGP session. Your initial configuration on Router R1 is the following:

router bgp 64702
neighbor 198.51.100.1 remote-as 64701
!
address-family ipv4
network 203.0.113.0
neighbor 198.51.100.1 activate
exit-address-family
!
address-family ipv6
network 2000:3::/64
neighbor 198.51.100.1 activate

Your BGP neighbor has a similar configuration. You notice that IPv4 routes are being successful exchanged, but IPv6 routes are not being exchanged. What is missing from the above configuration?

a. You need an IPv6 ACL to match the routes to be advertised.

b. You need a route map that specifies a local next-hop IPv6 address to advertise to a neighbor.

c. You need a neighbor statement that references an IPv6 address.

d. You need an additional BGP AS for IPv6.

5. What information can be obtained by issuing the show bgp ipv6 unicast summary command? (Choose all that apply.)

a. The local router’s BGP router ID

b. A list of IPv6 routes known to the BGP table

c. A list of configured BGP neighbors

d. The AS of configured BGP neighbors

6. Identify the valid IPv6 prefix list commands. (Choose two.)

a. ipv6 prefix-list LIST1 seq 10 permit 2000::/16 ge 64

b. ipv6 prefix-list LIST1 seq 10 permit 2000::/16 le 64

c. ipv6 prefix-list LIST1 seq 10 permit 2000::/16 eq 64

d. ipv6 prefix-list LIST1 seq 10 permit 2000::/16 ne 64

7. Given the following output, determine why BGP chose 2000:3::2 as the best next hop to reach the 2000:4::/64 network.

R1# show bgp ipv6 unicast
BGP table version is 7, local router ID is 198.51.100.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - inter-
nal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 :: 0 32768 i
* 2000:2::/64 2000:2::2 0 50 0 64702 i
*> :: 0 32768 i
* 2000:3::/64 2000:3::2 0 150 0 64703 i
*> :: 0 32768 i
*> 2000:4::/64 2000:3::2 0 150 0 64703 i
* 2000:2::2 0 50 0 64702 i

a. Lower router ID

b. Shorter AS path

c. Higher Local Preference

d. Lower Weight

Foundation Topics

IPv6 Internet Connections

Not only is IPv6 rapidly being adopted inside enterprise networks, but it is also increasingly being used for connecting enterprises out to the public Internet. Interestingly, connecting to an Internet service provider (ISP) using IPv6 (as opposed to IPv4) comes with some new security concerns, and network engineers need to be aware of these new threats and have strategies to mitigate them.

Therefore, this section begins with a look at how an ISP might assign an IPv6 address to one of its customer’s Internet-facing routers. Then, a configuration example is presented, showing how to assign an IPv6 address to an Internet-facing router, and how to configure that router with a default gateway that points to the IPv6 address of an ISP router. Next, IPv6 access control lists (ACL) are introduced, and their configuration is contrasted with the configuration of IPv4 ACLs. Finally in this section, you are introduced to IPv6-specific security threats and methods for defending against these threats.

Methods of Assigning an IPv6 Address to a Customer Router

A router residing at a customer’s location (often referred to as customer premises equipment [CPE]) needing to connect with an ISP using IPv6 can obtain an IPv6 address in a variety of ways:

Image

Image Manual configuration: An ISP could provide an IPv6 address to its customer and instruct the customer to manually configure that IPv6 address on its router’s Internet-facing interface.

Image Stateless Address Autoconfiguration (SLAAC): With SLAAC, an ISP router could send Router Advertisements (RA), which advertise an IPv6 prefix, on the link connecting to a customer router. The customer router could then take the advertised prefix and fill in the remainder of the IPv6 address by either randomly selecting those bits or by using the EUI-64 process.

Image Stateless DHCPv6: If a router needs more IPv6 information than just an IPv6 address, it might benefit from a stateless DHCPv6 configuration. With this approach, a router obtains an IPv6 address using SLAAC. However, the RA has an other-config-flag set, which tells the router to check with a DHCP server to obtain additional IPv6 information (for example, the address of a Domain Name System [DNS] server). However, because the router’s IPv6 address was obtained through SLAAC, the DHCPv6 server does not keep track of IPv6 address assignment.

Image Stateful DHCPv6: While stateless DHCPv6 allowed a router (or other device) to obtain an IPv6 address through SLAAC and set the other-config-flag instructing the router to learn additional IPv6 configuration information from a DHCPv6 server, stateful DHCPv6 sets the managed-config-flag to instruct the router to obtain its IPv6 address (along with other IPv6 configuration information) from a DHCPv6 server. Therefore, with stateful DHCPv6, a DHCPv6 server does keep track of IPv6 address assignment.

Image DHCPv6 Prefix Delegation (DHCPv6-PD): Rather than assigning a single IPv6 address to a router, DHCPv6-PD allows a DHCPv6 server to assign a collection of IPv6 networks to the router (or other DHCPv6 client). A router could then assign those different IPv6 networks to its various interfaces.

Manual Configuration of IPv6 Address and Default Route

Manually configuring a CPE router to point to an IPv6-speaking ISP router is a fairly simple process, involving only two steps:

Image

Step 1. Configure the ISP-provided IPv6 address on a CPE router’s Internet-facing interface with the ipv6 address ipv6_address/prefix_length command in interface configuration mode.

Step 2. Statically configure a default route pointing to the IPv6 address of the next-hop ISP router, using the ipv6 route ::/0 next_hop_ipv6_address command in global configuration mode.

To illustrate this configuration, consider Figure 15-1. Router R1 needs to point to the ISP router to allow devices at its site to reach the Internet. The ISP has told the network engineer responsible for Router R1’s configuration to assign an IPv6 address of 2000:1::2/64 to Router R1’s Internet-facing interface (that is, Fa 0/0). Also, for other devices at Router R1’s site to reach the Internet, Router R1 should be statically configured with a default routing pointing to the ISP router’s IPv6 address of 2000:1::1. Example 15-1 shows the required configuration on router R1, along withping command output from R1, CLIENT1, and TFTP_SERVER, verifying that all three of those devices can reach the web server (with an IPv6 address of 2000:A::1/64) located on the Internet.

Image

Figure 15-1 IPv6 Router with a Single-Homed Internet Connection


Note

The type of connection seen in Figure 15-1 is called a single-homed Internet connection, because there is a single connection to the Internet from the customer’s location.


Image

Example 15-1 Manual IPv6 Address Assignment and Static Default Route Configuration


*** CONFIGURATION AND VERIFICATION ON ROUTER R1 ***

R1# conf term
R1(config)# interface fa 0/0
R1(config-if)# ipv6 address 2000:1::2/64
R1(config-if)# exit
R1(config)# ipv6 route ::/0 2000:1::1
R1(config)# end
R1# ping 2000:a::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:A::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/62/88 ms
R1#

*** VERIFICATION ON CLIENT1 ***

CLIENT1# ping 2000:a::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:A::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/87/96 ms
Client1#

*** VERIFICATION ON TFTP_SERVER ***

TFTP_SERVER# ping 2000:a::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:A::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/82/120 ms
TFTP_SERVER#



Note

In Example 15-1, the CLIENT1 and TFTP_SERVER computers are actually routers (configured with an IPv6 address and a default gateway configuration pointing to Router R1).


IPv6 Access Control Lists

In your CCNA studies, you learned how to configure IPv4 access control lists (ACL). Recall that ACLs are not exclusively used to permit or deny traffic. You could also use an ACL to match traffic (for example, to identify traffic to be forwarded using Policy-Based Routing or to match inside local addresses to be translated with Network Address Translation).

Cisco IOS also supports IPv6 ACLs; however, a few differences exist with IPv6 ACLs as compared with IPv4 ACLs:

Image While IPv4 ACLs could be either standard or extended, and either numbered or named, IPv6 ACLs are always extended and named.

Image IPv4 ACLs have an implicit deny all instruction as the last instruction in all ACLs, whereas IPv6 ACLs have three implicit instructions residing at the bottom of all ACLs:

permit icmp any any nd-na
permit icmp any any nd-ns
deny ipv6 any any

The permit icmp any any nd-na command permits Neighbor Discovery – Neighbor Advertisements, and the permit icmp any any nd-ns command permits Neighbor Discovery – Neighbor Solicitations. These Neighbor Discovery commands are required for IPv6 to function correctly, because they serve a purpose, similar to Address Resolution Protocol (ARP) in an IPv4 network. Therefore, be aware that these messages will be denied if you enter a deny ipv6 any any command in an IPv6 ACL.

Example 15-2 illustrates an IPv6 ACL, based on the topology previously seen in Figure 15-1. The goal of the configuration is to allow HTTP and HTTPS connections to the Internet, while blocking other connection types.

Image

Example 15-2 IPv6 ACL Configuration and Verification


*** TESTING ON CLIENT 1 ***
Client1# telnet 2000:a::1 80
Trying 2000:A::1, 80 ... Open *** SUCCESSFUL HTTP CONNECTION ***
exit
HTTP/1.1 400 Bad Request
Date: Tue, 10 Jun 2014 14:34:55 GMT
Server: cisco-IOS
Accept-Ranges: none

400 Bad Request
[Connection to 2000:a::1 closed by foreign host]
Client1# telnet 2000:a::1
Trying 2000:A::1 ... Open *** SUCCESSFUL TELNET CONNECTION ***

User Access Verification

Password:
WEB_SERVER> exit

[Connection to 2000:a::1 closed by foreign host]
Client1#

*** IPv6 ACL CONFIGURATION AND VERIFICATION ON R1 ***
R1# conf term
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# ipv6 access-list ALLOW_WEB
R1(config-ipv6-acl)# permit tcp any any eq www
R1(config-ipv6-acl)# permit tcp any any eq 443
R1(config-ipv6-acl)# exit
R1(config)# interface fa 0/0
R1(config-if)# ipv6 traffic-filter ALLOW_WEB out
R1(config-if)# end
R1# show access-lists
IPv6 access list ALLOW_WEB
permit tcp any any eq www (23 matches) sequence 10
permit tcp any any eq 443 sequence 20

*** TESTING ON CLIENT 1 ***
Client1# telnet 2000:a::1 80
Trying 2000:A::1, 80 ... Open *** SUCCESSFUL HTTP CONNECTION ***
exit
HTTP/1.1 400 Bad Request
Date: Tue, 10 Jun 2014 14:37:55 GMT
Server: cisco-IOS
Accept-Ranges: none

400 Bad Request
[Connection to 2000:a::1 closed by foreign host]
Client1# telnet 2000:a::1
Trying 2000:A::1 ...
% Destination unreachable; gateway or host down *** UNSUCCESSFUL TELNET
CONNECTION ***


Example 15-2 begins on Client 1, where the telnet 2000:a::1 80 command is used to telnet to the Internet-based web server, using port 80 (that is, the HTTP port). The connection was successful as evidenced by the Open response. Similarly, Client 1 successfully established a Telnet session with the Internet-based server (using the default Telnet port of 23), as seen with the Open response.

Next, an extended-named ACL was created on Router R1 with the ipv6 access-list ALLOW_WEB command. In IPv6 ACL configuration mode, the permit tcp any any eq www and permit tcp any any eq 443 commands instruct the ACL to permit HTTP and HTTPS (that is, port 443) traffic. Then, in interface configuration mode, the ALLOW_WEB IPv6 ACL was applied to interface Fa 0/0 in the outbound direction with the ipv6 traffic-filter ALLOW_WEB out command. Notice the use of the traffic-filter command option, as opposed to access-group used with IPv4 ACLs. Finally on Router R1, the show access-lists command was issued, showing the configuration of the ALLOW_WEB IPv6 ACL.

Finally, to test the operation of the IPv6 ACL, two connection attempts are once again made, one using a permitted protocol (HTTP) and one using a denied protocol (Telnet). This time, with the IPv6 ACL in place, the HTTP session succeeds while the Telnet session fails.

IPv6 Internet Connection Security

Connecting an enterprise network to the Internet through IPv6 introduces some security risks. A couple of examples are as follows:

Image The Neighbor Discovery process used by IPv6 might be leveraged by a malicious user to launch a man-in-the-middle attack, similar to a gratuitous ARP attack in an IPv4 network.

Image If an IPv4 network used NAT, the inside local addresses assigned to network devices would not be visible to devices on the Internet, because of NAT’s translation of inside local addresses to inside global addresses. However, because NAT is not typically used in IPv6 networks, IPv6 addresses of network devices are no longer concealed.

To mitigate such threats, Cisco recommends protecting an enterprise network with a stateful firewall. Additionally, IPv6 protocols should be hardened by disabling any unnecessary functions or services and tweaking any suboptimal default settings.

BGP Support for IPv6

The predominant routing protocol found on the Internet is Border Gateway Protocol (BGP), as discussed in Chapter 13, “Fundamental BGP Concepts,” and Chapter 14, “Advanced BGP Concepts.” A challenge with traditional BGP version 4 (BGP-4) is that it only supported the routing of IPv4 networks. Fortunately, an update to BGP, called Multiprotocol BGP (MP-BGP), allows BGP to support multiple address types. This update consists of a set of multiprotocol extensions added to BGP-4.

This section begins by introducing MP-BGP and discussing its new components. Then, you will see how IPv6 networks can be routed across an IPv4 BGP session, in addition to an IPv6 session. Next, from a design perspective, this section contrasts the benefits and drawbacks of routing IPv4 and IPv6 networks over a single IPv4 BGP session versus using separate BGP sessions for IPv4 and IPv6 networks. Finally, this section discusses the filtering of IPv6 networks and describes how to perform IPv6 path selection using the Local Preference attribute.

Multiprotocol BGP Fundamentals

MP-BGP allows you to consolidate a variety of protocol types under a single BGP configuration. These protocol types are called address families and include (as just a few examples):

Image Unicast IPv4

Image Multicast IPv4

Image Unicast IPv6

Image Multicast IPv6


Note

MP-BGP supports several additional address families, largely used to support virtualization technologies, such as Virtual Private LAN Service (VPLS) and Layer 2 VPN (L2VPN). However, the ROUTE curriculum focuses on IPv4 and IPv6 address families.


MP-BGP contains several new elements and features not found in BGP-4, including

Image Address Family Identifier (AFI): Specifies the type of address being used by an Address Family.

Image Subsequent Address Family Identifier (SAFI): Provides additional address family information for some address families.

Image Multiprotocol Reachable Network Layer Reachability Information (MP_REACH_NLRI): An attribute that transports a collection of reachable networks, along with next-hop information.

Image Multiprotocol Unreachable Network Layer Reachability Information (MP_UNREACH_NLRI): An attribute that transports a collection of unreachable networks (used to indicate that specific previously reachable networks are no longer reachable).

Image BGP Capabilities Advertisement: Used by a router to tell a neighboring router its BGP capabilities—used during BGP session negotiation.

Note that the multiprotocol extensions making up MP-BGP are backward compatible with traditional BGP-4. As a result, a traditional BGP-4 router can form a neighborship with an MP-BGP router, and simply ignore any received BGP messages containing unrecognized extensions.

IPv6 Routing over an IPv4 BGP Session

MP-BGP routers can exchange updates for a variety of address families over an IPv4 BGP session. The steps to configure IPv6 routing over an IPv4 BGP session are as follows:

Image

Step 1. Enable IPv6 routing with the ipv6 unicast-routing command, in global configuration mode.

Step 2. Create a route map by issuing the route-map route_map_name command, in global configuration mode.

Step 3. Specify the IPv6 address of the router’s interface connecting to a neighbor as a next-hop IPv6 address, using the set ipv6 next-hop ipv6_address, in route map configuration mode.

Step 4. Define the BGP autonomous system with the router bgp as-number command, in global configuration mode.

Step 5. Define an IPv4 BGP neighbor with the neighbor neighbor’s_ipv4_address remote-as command, in router configuration mode.

Step 6. Enter address family configuration mode for the IPv4 address family with the address-family ipv4 command, in router configuration mode.

Step 7. Specify which interfaces will participate in the IPv4 address family by issuing one or more network ip4_network_address [mask subnet_mask] commands, in IPv4 address family configuration mode. (Note: The neighbor neighbor’s_ipv4_address activate command is automatically entered for you in IPv4 address family configuration mode.)

Step 8. Exit IPv4 address family configuration mode with the exit-address-family command, in IPv4 address family configuration mode.

Step 9. Enter address family configuration mode for the IPv6 address family with the address-family ipv6 command, in router configuration mode.

Step 10. Specify which interfaces will participate in the IPv6 address family by issuing one or more network ipv6_network_address/prefix-length commands, in IPv6 address family configuration mode.

Step 11. Activate the BGP neighbor for the IPv6 address family with the neighbor neighbor’s_ipv4_address activate command, in IPv6 address family configuration mode.

Step 12. Associate the previously configured route map (which specifies the next-hop IPv6 address to advertise to a neighbor) with the neighbor using the neighbor neighbor_ipv4_address route-map route_map_name out command, in IPv6 address family configuration mode.

As an example, consider Figure 15-2.

Image

Figure 15-2 BGP Routing for IPv4 and IPv6 Networks

In Figure 15-2, two BGP autonomous systems are configured with both IPv4 and IPv6 networks. The BGP session between Routers R1 and R2 is an IPv4 BGP session. However, both IPv4 and IPv6 route updates are exchanged over the IPv4 BGP session. Example 15-3 shows the configuration on Router R1.

Example 15-3 IPv6 over IPv4 BGP Session—R1 Configuration


ipv6 unicast-routing
! *** OUTPUT OMITTED ***
router bgp 64701
neighbor 198.51.100.2 remote-as 64702
!
address-family ipv4
network 192.0.2.0
neighbor 198.51.100.2 activate
exit-address-family
!
address-family ipv6
network 2000:1::/64
neighbor 198.51.100.2 activate
neighbor 198.51.100.2 route-map IPV6-NEXT-HOP out
exit-address-family
! *** OUTPUT OMITTED ***
route-map IPV6-NEXT-HOP permit 10
set ipv6 next-hop 2000:2::1


In Example 15-3, Router R1 belongs to AS 64701 and is forming a neighborship with Router R2, which has an IPv4 address of 198.51.100.2 and resides in AS 64702. Then, in IPv4 address family configuration mode, the network 192.0.2.0 command was issued to make Router R1’s Fa 0/0 interface participate in the IPv4 address family. The neighbor 198.51.100.2 activate command is automatically entered in IPv4 address family configuration mode, to activate the previously configured neighbor for the IPv4 address family.

In IPv6 address family configuration mode, the network 2000:1::/64 command is issued to make Router R1’s Fa 0/0 interface participate in the IPv6 address family. Also, unlike the IPv4 address family, the BGP neighbor (198.51.100.2) configuration has to be manually activated to associate the preconfigured neighbor with the IPv6 address family. This is done with the neighbor 198.51.100.2 activate command. Finally, in IPv6 address family configuration mode, the neighbor 198.51.100.2 route-map IPV6-NEXT-HOP out command is issued. This command causes BGP route advertisements sent to Router R2 to specify Router R1’s Fa 0/1 IPv6 address as an IPv6 next-hop address, as specified in the IPV6-NEXT-HOP route map.

The previously mentioned route map is created with the route-map IPV6-NEXT-HOP permit 10 command. Then, in route map configuration mode, the set ipv6 next-hop 2000:2::1 command was entered to specify the IPv6 address of Router R1’s Fa 0/1 interface as the next-hop IPv6 address that Router R2 should use when attempting to reach IPv6 networks advertised by Router R1. Without this route map instruction, Router R2 will receive IPv6 route advertisements, but those advertisements will not have a reachable next-hop address and therefore will not be injected into Router R2’s IPv6 routing table.

Example 15-4 shows the complementary configuration on Router R2.

Example 15-4 IPv6 over IPv4 BGP Session—R2 Configuration


ipv6 unicast-routing
! *** OUTPUT OMITTED ***
router bgp 64702
neighbor 198.51.100.1 remote-as 64701
!
address-family ipv4
network 203.0.113.0
neighbor 198.51.100.1 activate
exit-address-family
!
address-family ipv6
network 2000:3::/64
neighbor 198.51.100.1 activate
neighbor 198.51.100.1 route-map IPV6-NEXT-HOP out
exit-address-family
! *** OUTPUT OMITTED ***
route-map IPV6-NEXT-HOP permit 10
set ipv6 next-hop 2000:2::2


The show ipv6 route command issued on both Routers R1 and R2, as seen in Example 15-5, confirms that Routers R1 and R2 are exchanging IPv6 routing information.

Example 15-5 show ipv6 route Output on Routers R1 and R2


*** ROUTER R1 ***
R1# show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2000:1::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:1::1/128 [0/0]
via FastEthernet0/0, receive
C 2000:2::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:2::1/128 [0/0]
via FastEthernet0/1, receive
B 2000:3::/64 [20/0]
via FE80::C801:13FF:FE74:8, FastEthernet0/1
L FF00::/8 [0/0]
via Null0, receive


*** ROUTER R2 ***
R2# show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
B 2000:1::/64 [20/0]
via FE80::C800:13FF:FE74:6, FastEthernet0/0
C 2000:2::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:2::2/128 [0/0]
via FastEthernet0/0, receive
C 2000:3::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:3::1/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive


The show bgp ipv6 unicast command, as seen in Example 15-6, displays IPv6 networks known to BGP, along with next-hop information to reach those networks. Note that a next-hop address of :: indicates that the network is local to the router.

Example 15-6 show bgp ipv6 unicast Output on Routers R1 and R2


*** ROUTER R1 ***
R1# show bgp ipv6 unicast
BGP table version is 3, local router ID is 198.51.100.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 :: 0 32768 i
*> 2000:3::/64 2000:2::2 0 0 64702 i


*** ROUTER R2 ***
R2# show bgp ipv6 unicast
BGP table version is 3, local router ID is 203.0.113.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 2000:2::1 0 0 64701 i
*> 2000:3::/64 :: 0 32768 i


The show bgp ipv6 unicast summary command, as demonstrated in Example 15-7, provides a collection of valuable output, including a router’s BGP router ID, the local autonomous system (AS) number, and a listing of neighbors and their AS numbers.

Example 15-7 show bgp ipv6 unicast summary Output on Routers R1 and R2


*** ROUTER R1 ***
R1# show bgp ipv6 unicast summary
BGP router identifier 198.51.100.1, local AS number 64701
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
198.51.100.2 4 64702 8 8 3 0 0 00:02:10 1


*** ROUTER R2 ***
R2# show bgp ipv6 unicast summary
BGP router identifier 203.0.113.1, local AS number 64702
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
198.51.100.1 4 64701 11 10 3 0 0 00:04:28 1


IPv6 Routing over an IPv6 BGP Session

While you could configure an IPv4 BGP session and advertise IPv6 networks over that session (as seen in the previous discussion), an alternative is to create an IPv6 BGP session between two routers and then advertise IPv6 networks over that session. If you also needed to advertise IPv4 networks, you could do so by creating an additional BGP routing process, using an IPv4 BGP session, just for the handling of IPv4 networks.

The steps to configure IPv6 routing over an IPv6 BGP session are as follows:

Image

Step 1. Enable IPv6 routing with the ipv6 unicast-routing command, in global configuration mode.

Step 2. Define the BGP autonomous system with the router bgp as-number command, in global configuration mode.

Step 3. Define an IPv6 BGP neighbor with the neighbor neighbor’s_ipv6_address remote-as command, in router configuration mode.

Step 4. Enter address family configuration mode for the IPv6 address family with the address-family ipv6 command, in router configuration mode.

Step 5. Specify which interfaces will participate in the IPv6 address family by issuing one or more network ipv6_network_address/prefix-length commands, in IPv6 address family configuration mode.

Step 6. Activate the BGP neighbor for the IPv6 address family with the neighbor neighbor’s_ipv4_address activate command, in IPv6 address family configuration mode.


Note

Unlike the configuration for IPv6 routing over an IPv4 BGP session, the configuration for IPv6 routing over an IPv6 session does not require the configuration of a route map to specify a next-hop IPv6 address. This step is not required, because the neighbors are configured with one another’s IPv6 addresses. Therefore, they know the appropriate next-hop IPv6 address to associate with IPv6 route updates received from a neighbor.


To illustrate this configuration, consider Example 15-8, which is using the topology previously seen in Figure 15-2.

Example 15-8 IPv6 over IPv6 BGP Session—R1 Configuration


ipv6 unicast-routing
! *** OUTPUT OMITTED ***
router bgp 64701
neighbor 2000:2::2 remote-as 64702
!
address-family ipv4
no neighbor 2000:2::2 activate
exit-address-family
!
address-family ipv6
network 2000:1::/64
neighbor 2000:2::2 activate
exit-address-family


In Example 15-8, note that the neighbor 2000:2::2 remote-as 64702 command points to the IPv6 address of Router R2, as opposed to the IPv4 address of Router R2, as seen in Example 15-3. Also, be aware that you do not have to go into IPv4 address family configuration mode and issue the no neighbor neighbor’s_ipv6_address activate command, because that is done automatically. Another difference that you will notice from the configuration in Example 15-3 is the absence of a route map, which is no longer needed, because the neighbor commands on both routers point to one another’s IPv6 addresses, instead of one another’s IPv4 addresses.

Example 15-9 shows the complementary configuration on Router R2.

Example 15-9 IPv6 over IPv6 BGP Session—R2 Configuration


ipv6 unicast-routing
! *** OUTPUT OMITTED ***
router bgp 64702
bgp log-neighbor-changes
neighbor 2000:2::1 remote-as 64701
!
address-family ipv4
no neighbor 2000:2::1 activate
exit-address-family
!
address-family ipv6
network 2000:3::/64
neighbor 2000:2::1 activate
exit-address-family


The show ipv6 route command issued on both Routers R1 and R2, as seen in Example 15-10, confirms that Routers R1 and R2 are exchanging IPv6 routing information.

Example 15-10 show ipv6 route Output on Routers R1 and R2


*** ROUTER R1 ***
R1# show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2000:1::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:1::1/128 [0/0]
via FastEthernet0/0, receive
C 2000:2::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:2::1/128 [0/0]
via FastEthernet0/1, receive
B 2000:3::/64 [20/0]
via FE80::C804:12FF:FEA8:8, FastEthernet0/1
L FF00::/8 [0/0]
via Null0, receive


*** ROUTER R2 ***
R2# show ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
B 2000:1::/64 [20/0]
via FE80::C803:12FF:FEA8:6, FastEthernet0/0
C 2000:2::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:2::2/128 [0/0]
via FastEthernet0/0, receive
C 2000:3::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:3::1/128 [0/0]
via FastEthernet0/1, receive
L FF00::/8 [0/0]
via Null0, receive


The show bgp ipv6 unicast command output, seen in Example 15-11, is similar to what was seen in Example 15-6.

Example 15-11 show bgp ipv6 unicast Output on Routers R1 and R2


*** ROUTER R1 ***
R1# show bgp ipv6 unicast
BGP table version is 3, local router ID is 198.51.100.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 :: 0 32768 i
*> 2000:3::/64 2000:2::2 0 0 64702 i


*** ROUTER R2 ***
R2# show bgp ipv6 unicast
BGP table version is 3, local router ID is 203.0.113.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 2000:2::1 0 0 64701 i
*> 2000:3::/64 :: 0 32768 i


Also, as previously seen in Example 15-7, the show bgp ipv6 unicast summary command, as shown in Example 15-12, provides information such as a router’s BGP router ID, the local AS number, and a listing of neighbors and their AS numbers.

Example 15-12 show bgp ipv6 unicast summary Output on Routers R1 and R2


*** ROUTER R1 ***
R1# show bgp ipv6 unicast summary
BGP router identifier 198.51.100.1, local AS number 64701
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2000:2::2 4 64702 8 9 3 0 0 00:03:52 1

*** ROUTER R2 ***
R2# show bgp ipv6 unicast summary
BGP router identifier 203.0.113.1, local AS number 64702
BGP table version is 3, main routing table version 3
2 network entries using 336 bytes of memory
2 path entries using 208 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 840 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2000:2::1 4 64701 11 10 3 0 0 00:05:42 1


Single IPv4 BGP Session Versus Dual (IPv4 and IPv6) Sessions

At this point in this chapter, you have seen two approaches to support both the routing of IPv4 and IPv6 networks in a BGP environment. One option was to have a single IPv4 BGP session, and use that single session to carry IPv4 and IPv6 route information. The second option was to have an IPv4 BGP session, carrying just IPv4 network advertisements, and an IPv6 BGP session, carrying just IPv6 network advertisements.

While you can choose either approach to support IPv4 and IPv6 routing, from a design perspective, you should understand the benefits (and any drawbacks) of each approach. The following lists highlight the characteristics of each approach:

Image

Image Single IPv4 BGP session:

Image Fewer neighborships are formed.

Image When sending IPv6 route information over the IPv4 BGP session, you need to create a route map to modify the Next-Hop BGP attribute.

Image Dual (IPv4/IPv6) BGP sessions:

Image More neighborships must be configured.

Image You do not need to configure a route map to modify the Next-Hop BGP attribute.

Filtering IPv6 Routes with Prefix Lists

The Cisco IOS implementation of MP-BGP allows you to filter IPv6 routes in much the same way that you filtered IPv4 routes. Specifically, you can filter IPv6 routes using prefix lists, filter lists, and route maps. However, you should understand the order of operations of these various filtering mechanisms. The following lists show the order in which these mechanisms are applied to IPv6 routes, for both incoming and outgoing route advertisements.

Image Order of operations for ingress IPv6 BGP route filtering:

Image Inbound route map

Image Inbound filter list

Image Inbound prefix list

Image Order of operations for egress IPv6 BGP route filtering:

Image Outbound prefix list

Image Outbound filter list

Image Outbound route map

As an example, consider the IPv6 prefix list filtering example presented in Examples 15-13, 15-14, 15-15, and 15-16. The topology is illustrated in Figure 15-3.

Image

Figure 15-3 Prefix List Filtering Sample Topology

Example 15-13 Starting Configuration on Router R2


R2# show run
... OUTPUT OMITTED ...
router bgp 64702
bgp log-neighbor-changes
neighbor 198.51.100.1 remote-as 64701
!
address-family ipv4
network 203.0.113.0
neighbor 198.51.100.1 activate
exit-address-family
!
address-family ipv6
network 2000:3::/64
network 2000:A::/96
network 2000:B::/96
network 2000:C::/64
network 2000:D::/64
neighbor 198.51.100.1 activate
neighbor 198.51.100.1 route-map IPV6-NEXT-HOP out
exit-address-family
... OUTPUT OMITTED ...
route-map IPV6-NEXT-HOP permit 10
set ipv6 next-hop 2000:2::2


Example 15-13 shows the starting configuration on Router R2. Notice that Router R2 is configured to route both IPv4 and IPv6 networks over a single IPv4 BGP session.

Example 15-14 Starting IPv6 Routing Table on Router R1


R1# show ipv6 route
IPv6 Routing Table - default - 10 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2000:1::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:1::1/128 [0/0]
via FastEthernet0/0, receive
C 2000:2::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:2::1/128 [0/0]
via FastEthernet0/1, receive
B 2000:3::/64 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
B 2000:A::/96 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
B 2000:B::/96 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
B 2000:C::/64 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
B 2000:D::/64 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
L FF00::/8 [0/0]
via Null0, receive


Example 15-15 shows that Router R1 has learned five IPv6 routes through BGP from Router R2. Notice that two of the IPv6 networks have a prefix length of 96 bits, while three of the IPv6 networks have a prefix length of 64 bits.

Image

Example 15-15 Prefix List Configuration on Router R2


R2# conf term
R2(config)# ipv6 prefix-list SMALL_NETS seq 10 permit 2000::/16 ?
ge Minimum prefix length to be matched
le Maximum prefix length to be matched
<cr>
R2(config)# ipv6 prefix-list SMALL_NETS seq 10 permit 2000::/16 le 64
R2(config)# router bgp 64702
R2(config-router)# address-family ipv6
R2(config-router-af)# neighbor 198.51.100.1 prefix-list SMALL_NETS out
R2(config-router-af)# end
R2# clear ip bgp * soft


In Example 15-15, an IPv6 prefix list (named SMALL_NETS) is configured to match IPv6 routes beginning with 2000 (as the first 16 bits in hexadecimal notation) and a prefix length less than or equal to 64 bits. This prefix list is then applied in the outbound direction to a neighbor with an IP address of 198.51.100.1 (which is Router R1). Therefore, the 2000:A::/96 and 2000:B::/96 networks known to Router R2 should not be advertised to Router R1, because their prefix length of 96 bits is not less than or equal to the 64-bit length specified by the prefix list.


Note

The clear ip bgp * soft command was used to trigger route changes to immediately be sent to Router R1, without tearing down the existing IPv4 BGP session.


Example 15-16 Final IPv6 Routing Table on Router R1


R1# show ipv6 route
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
C 2000:1::/64 [0/0]
via FastEthernet0/0, directly connected
L 2000:1::1/128 [0/0]
via FastEthernet0/0, receive
C 2000:2::/64 [0/0]
via FastEthernet0/1, directly connected
L 2000:2::1/128 [0/0]
via FastEthernet0/1, receive
B 2000:3::/64 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
B 2000:C::/64 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
B 2000:D::/64 [20/0]
via FE80::C801:10FF:FED0:8, FastEthernet0/1
L FF00::/8 [0/0]
via Null0, receive


In Example 15-16, notice that networks 2000:A::/96 and 2000:B::/96 no longer appear in Router R1’s IPv6 routing table. This output confirms that Router R2 filtered those routes, using a prefix list.

Using Local Preference for IPv6 Path Selection

Frequent real-world BGP implementations require you to influence outbound path selection on your router. In Chapter 14, you saw how the Local Preference BGP attribute could be used to influence outbound IPv4 path selection decisions. Similarly, you can use the Local Preference attribute to influence outbound IPv6 path selection decisions.

Example 15-17, as illustrated in Figure 15-4, shows a sample Local Preference configuration.

Image

Figure 15-4 Influencing Path Selection with Local Preference

Image

Example 15-17 Local Preference Configuration


R1# show bgp ipv6 unicast
BGP table version is 5, local router ID is 198.51.100.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 :: 0 32768 i
* 2000:2::/64 2000:2::2 0 0 64702 i
*> :: 0 32768 i
* 2000:3::/64 2000:3::2 0 0 64703 i
*> :: 0 32768 i
* 2000:4::/64 2000:3::2 0 0 64703 i
*> 2000:2::2 0 0 64702 i
R1# conf term
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)# route-map LP-R2
R1(config-route-map)# set local-preference 50
R1(config-route-map)# exit
R1(config)# route-map LP-R3
R1(config-route-map)# set local-preference 150
R1(config-route-map)# exit
R1(config)# router bgp 64701
R1(config-router)# address-family ipv6
R1(config-router-af)# neighbor 198.51.100.2 route-map LP-R2 in
R1(config-router-af)# neighbor 198.51.100.6 route-map LP-R3 in
R1(config-router-af)# end
R1# clear ip bgp * soft
R1# show bgp ipv6 unicast
BGP table version is 7, local router ID is 198.51.100.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 2000:1::/64 :: 0 32768 i
* 2000:2::/64 2000:2::2 0 50 0 64702 i
*> :: 0 32768 i
* 2000:3::/64 2000:3::2 0 150 0 64703 i
*> :: 0 32768 i
*> 2000:4::/64 2000:3::2 0 150 0 64703 i
* 2000:2::2 0 50 0 64702 i
R1#


The show bgp ipv6 unicast command output at the beginning of Example 15-17 shows that BGP initially prefers Router R2 as the next hop to reach the 2000:4::/64 network. The reason for this path selection is that Router R2 has the lowest router ID. The purpose of the example is to show how that outbound path selection decision can be altered through a Local Preference configuration.

Two route maps are then configured for Router R1. One route map sets the Local Preference attribute to a value of 50 and is associated with incoming routes from Router R2, while the other route map sets the Local Preference attribute to a value of 150 and is associated with incoming routes from Router R3. BGP prefers higher preference values. Therefore, after refreshing the BGP table with the clear ip bgp * soft command, the show bgp ipv6 unicast command output indicates that Router R1 now prefers Router R3 as the next-hop router to reach the 2000:4::/64 network.

Exam Preparation Tasks

Planning Practice

The CCNP ROUTE exam expects test takers to review design documents, create implementation plans, and create verification plans. This section provides some exercises that can help you to take a step back from the minute details of the topics in this chapter so that you can think about the same technical topics from the planning perspective.

For each planning practice table, simply complete the table. Note that any numbers in parentheses represent the number of options listed for each item in the solutions in Appendix F, “Completed Planning Practice Tables.”

Design Review Table

Table 15-2 lists several design goals related to this chapter. If these design goals were listed in a design document, and you had to take that document and develop an implementation plan, what implementation options come to mind? For any configuration items, a general description can be used, without concern about the specific parameters.

Image

Table 15-2 Design Review

Implementation Plan Peer Review Table

Table 15-3 shows a list of questions that others might ask, or that you might think about, during a peer review of another network engineer’s implementation plan. Complete the table by answering the questions.

Image

Table 15-3 Notable Questions from This Chapter to Consider During an Implementation Plan Peer Review

Create an Implementation Plan Table

To practice skills useful when creating your own OSPF implementation plan, list in Table 15-4 configuration commands related to the configuration of the following features. You might want to record your answers outside the book, and set a goal to complete this table (and others like it) from memory during your final reviews before taking the exam.

Image

Image

Table 15-4 Implementation Plan Configuration Memory Drill

Choose Commands for a Verification Plan Table

To practice skills useful when creating your own OSPF verification plan, list in Table 15-5 all commands that supply the requested information. You might want to record your answers outside the book, and set a goal to complete this table (and others like it) from memory during your final reviews before taking the exam.

Image

Table 15-5 Verification Plan Memory Drill

Review All the Key Topics

Review the most important topics from inside the chapter, noted with the Key Topic icon in the outer margin of the page. Table 15-6 lists a reference of these key topics and the page numbers on which each is found.

Image

Image

Table 15-6 Key Topics for Chapter 15

Complete the Tables and Lists from Memory

Print a copy of Appendix D, “Memory Tables,” (found on the CD) or at least the section for this chapter, and complete the tables and lists from memory. Appendix E, “Memory Tables Answer Key,” also on the CD, includes completed tables and lists to check your work.

Define Key Terms

Define the following key terms from this chapter, and check your answers in the glossary.

SLAAC

Stateless DHCPv6

Stateful DHCPv6

DHCPv6-PD

MP-BGP