The world of 6RD / Configuring 6RD in Cisco IOS

Well, early in this month I went to Cisco Configuration guide to refresh my concept, and interesting enough that I've found this new topic under IPv6 Tunneling. I used to look at 12.4T IOS configuration guide, based on my CCIE lab study habit, until I realized that Cisco always developed their IOS, and now its been 15.2S train >.<.

ok let's go back to the 6RD concept, I will brief out a scenario, then go to an overview of this technology and, finally, followed by the Configuration required to run 6RD:

Scenario

1. R1 will act as Border Router (BR) with Prefix [2012:0123::/32], connecting to IPv4 island 192.168.x.x/16 using EIGRP 123 and also connecting to IPv6 Island [2001:1212:2928::/64] using EIGRPv6.
2. R2 will act as Customer Edge Router (CE), connecting to IPv4 island 192.168.x.x/16 using EIGRP 123 and also connecting to IPv6 Island [2012:0123:202:2727::/64], which is derived from 6RD using RIPng
3. R3 will act as Customer Edge Router (CE), connecting to IPv4 island 192.168.x.x/16 using EIGRP 123 and also connecting to IPv6 Island [2012:0123:303:3434::/64], which is derived from 6RD using OSPFv3
4. Make Sure both SW2 and R4 can reach 2001:1212:2928::/64 subnet :)

6RD Overview

6RD (Rapid Deployment), in my oppinion,  is a descendant of 6to4 Tunneling. 6to4 tunneling is cool, but think about this, when a SP wanna deploy a large scale deployment of 6to4, they cannot use their own IPv6 prefix, because 2002::/16 is mandatory in 6to4 Deployment.

Well, 6RD is then born to overcome the 6to4 tunneling with give the freedom to the SP to use their own IPv6 prefix. How the 6RD work, in the example above, the SP will have the prefix 150.1.x.x/16 as their IP Public.

SP will assign their own IPv6 Prefix, in this case is : 2012:0123::/32 as their prefix. Well because 150.1.x.x is well known in this SP, they can eventually ‘SUMMARIZE’ or tell the router that the first 16-bit prefix are well know, so they will not converted into the IPv6 Prefix. In this case R1-R3 will have their 6RD prefix:

R1 : 150.1.1.1 ==> OMIT bit.OMIT bit. 00000001. 00000001 ==> 0101 ==> [2012:0123:0101::/48]
R2 : 150.1.2.2 ==> OMIT bit.OMIT bit. 00000010. 00000010 ==> 0202 ==> [2012:0123:0202::/48]
R3 : 150.1.3.3 ==> OMIT bit.OMIT bit. 00000011. 00000011 ==> 0303 ==> [2012:0123:0101::/48]

R2 can use additional subnet to identify that this subnet is sourcing from the R2, here is the idea
2012:123:202::/48 (R2 Tunnel to R1) ==> 2012:123:202:2727::/64 (R2’s own prefix)

While R3 can use additional subnet to identify that this subnet is sourcing from the R3, here is the idea
2012:123:303::/48 (R2 Tunnel to R1) ==> 2012:123:303:3434::/64 (R3’s own prefix)

In this case, if R1,R2,R3 want to communicate each other, they will use 2012:123::/32 prefix, while CE (R2-R3) will have a default-route to the BR (R1) if they want to go outside 2012:123::/32 prefix.

In the production CE device could be a Wi-Fi router, such as Linksys, that will have their inside interface having native IPv6 Prefix to the end user like Windows 7. In our example those client are SW2 and R4. The goal is that those hosts can communicate with each other  as well as connecting to the Internet using pure IPv6 prefix [2001:1212:2928::/64], how cool is that.

R2 Configuration

R2 (CE)
!
ipv6 general-prefix PREFIX 6rd Tunnel123
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel123
 no ip address
 no ip redirects
 ipv6 enable
 tunnel source Loopback0
 tunnel mode ipv6ip 6rd
 tunnel 6rd ipv4 prefix-len 16
 tunnel 6rd prefix 2012:123::/32
 tunnel 6rd br 150.1.1.1
!
ipv6 route 2012:123::/32 Tunnel123
ipv6 route ::/0 Tunnel123 2012:123:101::
!
interface FastEthernet0/1
 no ip address
 duplex full
 speed 100
 ipv6 address 2012:123:202:2727::2/64
 ipv6 rip RIP6 enable
!
ipv6 router eigrp 12
!
End


R3 Configuration

R3 (CE)
!
ipv6 general-prefix PREFIX 6rd Tunnel123 (Not Mandatory)
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel123
 no ip address
 no ip redirects
 ipv6 enable
 tunnel source Loopback0
 tunnel mode ipv6ip 6rd
 tunnel 6rd ipv4 prefix-len 16
 tunnel 6rd prefix 2012:123::/32
 tunnel 6rd br 150.1.1.1
!
ipv6 route 2012:123::/32 Tunnel123
ipv6 route ::/0 Tunnel123 2012:123:101::
!
!
interface Serial1/2
 description Connecting to R4 using Pure IPv6 prefix
 no ip address
 encapsulation ppp
 no peer neighbor-route
 ipv6 address 2012:123:303:3434::3/64
 ipv6 ospf 34 area 0
 serial restart-delay 0
!
ipv6 router ospf 34
 default-information originate metric 333
 redistribute static metric-type 1
!
end

R1 Configuration

R1 – BR
!
ipv6 general-prefix PREFIX 6rd Tunnel123
ipv6 unicast-routing
ipv6 cef
!
interface Tunnel123
 no ip address
 no ip redirects
 ipv6 enable
 ipv6 eigrp 12
 tunnel source Loopback0
 tunnel mode ipv6ip 6rd
 tunnel 6rd ipv4 prefix-len 16
 tunnel 6rd prefix 2012:123::/32
!
ipv6 route 2012:123::/32 Tunnel123
!
!
interface Serial1/1
 description Connecting to R2 VRF using Pure IPv6 prefix
 no ip address
 encapsulation ppp
 no peer neighbor-route
 ipv6 address 2001:1212:2928::1/64
 ipv6 eigrp 12
 serial restart-delay 0
!
ipv6 router eigrp 12
 no shutdown
!
end


Verification

R2#show tunnel 6rd
Interface Tunnel123:
  Tunnel Source: 150.1.2.2
  6RD: Operational, V6 Prefix: 2012:123::/32
       V4 Prefix, Length: 16, Value: 150.1.0.0
       V4 Suffix, Length: 0, Value: 0.0.0.0
       Border Relay address: 150.1.1.1
  General Prefix: 2012:123:202::/48
R2#
R2#show ipv6 interface tunnel 123
Tunnel123 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::9601:202
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF01:202
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Post_Encap features: Tunnel 6RD
  ND DAD is not supported
  ND reachable time is 30000 milliseconds (using 30000)
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.

R3#show tunnel 6rd
Interface Tunnel123:
  Tunnel Source: 150.1.3.3
  6RD: Operational, V6 Prefix: 2012:123::/32
       V4 Prefix, Length: 16, Value: 150.1.0.0
       V4 Suffix, Length: 0, Value: 0.0.0.0
       Border Relay address: 150.1.1.1
  General Prefix: 2012:123:303::/48
R3#
R3#show ipv6 int
R3#show ipv6 interface tun
R3#show ipv6 interface tunnel 123
Tunnel123 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::9601:303
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::5
    FF02::1:FF01:303
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Post_Encap features: Tunnel 6RD
  ND DAD is not supported
  ND reachable time is 30000 milliseconds (using 30000)
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.

R1#show tunnel 6rd
Interface Tunnel123:
  Tunnel Source: 150.1.1.1
  6RD: Operational, V6 Prefix: 2012:123::/32
       V4 Prefix, Length: 16, Value: 150.1.0.0
       V4 Suffix, Length: 0, Value: 0.0.0.0
  General Prefix: 2012:123:101::/48
R1#
R1#show ipv6 interface tunnel 123
Tunnel123 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::9601:101
  No Virtual link-local address(es):
  No global unicast address is configured
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::A
    FF02::1:FF01:101
  MTU is 1480 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  Post_Encap features: Tunnel 6RD
  ND DAD is not supported
  ND reachable time is 30000 milliseconds (using 30000)
  ND RAs are suppressed (periodic)
  Hosts use stateless autoconfig for addresses.


Conectivity Testing

SW2#ping 2001:1212:2928::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1212:2928::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/68/96 ms
SW2#traceroute 2001:1212:2928::1

Type escape sequence to abort.
Tracing the route to 2001:1212:2928::1

  1 2012:123:202:2727::2 52 msec 28 msec 4 msec
  2 2001:1212:2928::1 64 msec 108 msec 48 msec


R4#ping 2001:1212:2928::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:1212:2928::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/108/120 ms
R4#trace 2001:1212:2928::1
Type escape sequence to abort.
Tracing the route to 2001:1212:2928::1

  1 2012:123:303:3434::3 52 msec 40 msec 32 msec
  2 2001:1212:2928::1 116 msec 112 msec 112 msec

CCIE Lab Study Plan / CCIE Study Strategy

When I look back one year ago, June 16 2011, I was doing my CCIE Lab, the exam that later give me a chance to a better opportunity to deal with Networking Technology. Well, tomorrow is going to be my first anniversary of my CCIE, one year just passes by 

I guess this is the good time for me to share my experience regarding to my Strategy with the preparation to deal with this 8 long hours exam. In my opinion, there are 2 phase for studying for CCIE R/S, I am going to discuss it here in my blog.

Phase 1 – Learning the Technology Fundamental Back and forth
This phase start with get the general or overview idea about the specific technology (especially the topic on the blueprint), more specifically we have to ask about ‘What is the Technology?’. Ok let’s pick up one topic that is Multicast-Routing, before I go configuring this technology, I will dig at least the general idea of what is Multicast Technology, what is benefit for company if they are using this? What is the example of this technology in the real world? Etc….

With all those question, in my opinion, we will get the big picture of the technology. The best way to do this is searching through the google, I would recommend not directly go the the Cisco DocCD at this moment.

After getting the big idea, now is the time to learn more deeper, if we continue the multicast-Routing technology, there are two Mode of operation in order the multicast to be run, first is using Dense-Mode and one using Sparse-Mode, study how they work, what are the difference, etc…

Then after we know the concept, or sometimes getting confused with the concept, just like me :p, now it is time to go configuring ‘Basic Multicast’ on Routers and know how to verified it, and also don’t forget how to test it, either using NTP or IGMP join group (you could study for the IGMP for the client to be connected, or we can leave it later for other study )

Getting the basic thing worked is great, now take it further to more intermediate scenario, If we talked about Sparse-Mode (SM), we have to use the Rendezvous point, the first method should be static in order to configure it. After we done it statically, we then realize if we want to deploy in the large scale and have to configured manually all the router to point to the rendezvous point, it would be a nightmare right?!?. Later then,  we are searching for the automatic method, which is Auto-RP. Get the idea about it get and continue with basic configuration for that. It doesn’t stop there, Later on we realize that this Auto-RP method is Cisco proprietary, then dig it up further we will found the Industry standard way to do so, that is Bootstrap Router (BSR). Again get the idea and concept and then get to the basic configuration.

By the time we dig all the information about Multicast-Routing, we will eventually have learned quite a lot about this specific technology (Multicast-Routing, DM, SM, RP, Static-RP, Auto-RP, BSR) and that will boost our confidence in my case ;)

This is what I called learn the specific technology, I was using this method to learn the R/S Technology in the blueprint (which was Version 4 in my Era/up to this time of writing). We can also combined it with the CCIE Learning vendor such as INE. I used INE Volume 1 in conjunction in my learning the technology.

It took me two years to do this phase, where I spend about one hour a day to study Networking stuff. I sure that everybody will have their own pace to do so, the learning curve is different for everybody ;). After finished with phase one, you could take the Written Exam to register for the lab.


Phase 2 – Learning the Multiprotocol Scenario
Now it is time for us to blend all the specific technology into a single scenario, which I called it Multiprotocol Scenario. Eventually I bought the Workbook from INE, which is Volume 2 to do so. (I’m not promoting the INE, but in my case I used their product).

This is the time to learn about the dependencies between one technology with others, let say for example you’ve done configuring basic L3 connectivity between Routers through Multilayer Switches using OSPF, later on we have to configured, let say, QinQ where we have to modified the MTU on the Switches. After we configure it, later on we will find that the OSPF between the Router and the MLS is breaking. In this case, we will learned that the OSPF, by default, must have the same MTU on both side end. In my case I could use either ignore the MTU or Configuring MTU Routing to the default calue, which is 1500 Bytes on MLS. This is what I called the dependencies, one technology can break another technology, and a lot of example of that when you do that later on. We also should experience this problems as much as possible during study rather than in the real lab or more importantly in the real production Network.

By finishing the phase two, you should have the confidence to deal with the multiprotocol scenario, and that what will you face in the Lab exam ;)

There are so many sources for you guys to search the optimal study plan, such as Blog like:
www.himawan.nu
blog.ine.com

and so many more, but the bottom line is you should find your own pace and your own convenience 

Well the Fact is there are quite a lot CCIE in my countries here in Indonesia. I would reckon that the total CCIE in here around 150 people in June 2012, where half of them are working abroad as expatriate. Once I’ve becoming CCIE, I realized that so much more that I don’t know than what I know, so it keeps me motivated to study more ;)

Well I hope this blog can be informative, especially for you guys who are networking people.

Cert Monkey ......

It's been a while, it seems that I rarely writing in this blog lately
Last week, my peers telling me that I should take the Juniper exam to extended our Partnership with Juniper (My current company have partnership with Juniper). Well at first I really reluctant to say 'YES', but..., because this one was an assignment from the Company, I took it.

the first information was, off course, www.juniper.net and find out the information about the certification. After digging deeper, I found out that Juniper is giving a discount voucher for JNCIA and JNCIS exam...., Cool. Eh, before we move on, I just wanna tell you guys (I reckon most of you knowing this already, hihihi) that Juniper has 4 Level of certification

JNCIA ---> CCENT
JNCIS ---> CCNA
JNCIP ---> CCNP
JNCIE ---> CCIE

and currently there are 3 tracks to be tackled (ENT/RS, SP, and Security). I studied the fundamental one, which is JNCIA-Junos. Fortunate Enough I have the opportunity to find the resources that provide the Junos Emulator, where I studied with several logical router.

after spending time and get use to it, i'm quite comfortable with the way it runs and feels. It seems that Junos is much more modular compare with the IOS (That is why Cisco developing IOS-XR and other IOS version) because it moch more modular.

in my opinion, in Junos you will have to configure based on policy in almost every single feature. And this global policy will then be applied to specific configuration, such as routing protocol or interface.

most of the networking concept are the same between Juniper and Cisco, but I have to admit, some or most I should say, the behavior is realllllly difference, for example in Routing protocol advertisement.

In Cisco we'll just run it in global config, and puff...., the router will start to talking each other. But, in Junos is not that way, RIP routing for example, has a default export policies which is not going to export anything unless we specified to do so....

sort story I took the exam, and alhamdulillah got my JNCIA-Junos. It seems that I will study more for Juniper because I have to take the JNCIS-ENT also. Luckily my current company have 2 EX Juniper switch so i can study the switching part.

when I think of it...., It seems that I am a Cert Monkey#!&#

I don't know, I just love it when I earn something good, in this case the Certification.

good luck for you folks that is persuing Professional Cert.

^_^