Advertising IPv4 NLRI with IPv6 Next-Hop
This chapter describes Advertising IPv4 NLRI with IPv6 Next-Hop.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 20.7.R2. Advertising IPv4 Network Layer Reachability Information (NLRI) with IPv6 next-hop is supported in SR OS Release 19.5.R1 and later.
Overview
In networks where the routers are interconnected by IPv6-only links, SR OS routers can advertise and receive BGP routes that convey reachability to IPv4-unicast destinations that are reachable through IPv6 next-hops. Advertising and receiving IPv4 routes with IPv6 next-hops is useful in networks or regions with IPv6-only interfaces, such as data center deployments where leaf, spine, and aggregation routers are interconnected by IPv6-only links that carry a mix of unencapsulated IPv4 and IPv6 packets.
This feature requires the Extended Next Hop encoding BGP capability which is described in RFC 5549, Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop. BGP capabilities are advertised between peers. For the Extended Next Hop encoding capability, the capability code field must be set to 5, the capability length field set to the length of the capability value field, and a capability value field with following format:
Each triplet (NLRI AFI, NLRI SAFI, Nexthop AFI) indicates that NLRI AFI/SAFI may be advertised with a next-hop address belonging to the network-layer protocol of "Nexthop AFI".
By default, IPv4-unicast routes are advertised with IPv4 next-hops. However, on IPv6-only TCP transport sessions, IPv4-unicast routes can be advertised with IPv6 next-hops if the advertise-ipv6-next-hops command with the ipv4 option applies to the session. The advertise-ipv6-next-hops command can be enabled for several address families, as follows:
*A:PE-1# configure router bgp advertise-ipv6-next-hops
- advertise-ipv6-next-hops [vpn-ipv6] [label-ipv6] [evpn] [vpn-ipv4]
[label-ipv4] [ipv4]
- no advertise-ipv6-next-hops
<vpn-ipv6> : keyword - provision support of the specific family
<label-ipv6> : keyword - provision support of the specific family
<evpn> : keyword - provision support of the specific family
<vpn-ipv4> : keyword - provision support of the specific family
<label-ipv4> : keyword - provision support of the specific family
<ipv4> : keyword - provision support of the specific family
For receiving IPv4-unicast routes with IPv6 next-hop addresses, the extended-nh-encoding command with the ipv4 option must be applied to the session. This advertises the RFC 5549 capability to the peer for the different address families. The extended-nh-encoding command can be configured for several address families, as follows:
*A:PE-1# configure router bgp extended-nh-encoding
- extended-nh-encoding [label-ipv4] [vpn-ipv4] [ipv4]
- no extended-nh-encoding
<label-ipv4> : keyword - provision support of the specific family
<vpn-ipv4> : keyword - provision support of the specific family
<ipv4> : keyword - provision support of the specific family
When the BGP session is established, the BGP peers advertise the capability to each other, and the Extended Next Hop encoding capability is both a local and a remote capability, as in the following example between BGP peers 2001:db8::12:1 and 2001:db8::12:2:
*A:PE-1# show router bgp neighbor 2001:db8::12:2 | match Capability post-lines 1
Local Capability : RtRefresh MPBGP 4byte ASN
: EXT_NH_ENCODING
Remote Capability : RtRefresh MPBGP 4byte ASN
: EXT_NH_ENCODING
When next-hop-self applies to the BGP session and the neighbor address is IPv6, an IPv4-unicast route that is advertised or re-advertised gets the following as next-hop:
The IPv6 local address used for peering, if the peer opened the BGP session by advertising an extended next-hop encoding capability with NLRI AFI=1, SAFI=1, and nexthop AFI=2, and the session is associated with an advertise-ipv6-next-hops ipv4 command.
The IPv4 system interface address in all other cases.
Configuration
Example topology with IPv6 interfaces shows the example topology with three nodes with IPv6-only interfaces in different Autonomous Systems (ASs).
The initial configuration includes:
Cards, MDAs, ports
Router interfaces with IPv6 addresses
In the example, IPv4, label-IPv4, and VPN-IPv4 routes will be advertised with an IPv6 next-hop. On PE-1, loopback interfaces lo1 (10.1.0.1/32) and lo2 (10.131.0.1/32) are configured; lo1 will be advertised as an IPv4 route and lo2 as a label-IPv4 route. VPRN 1 is configured on all nodes with loopback interface lo3, and prefix 172.31.0.1/32 will be advertised as a VPN-IPv4 route on PE-1. PE-2 and PE-3 have similar loopback interfaces. Loopback addresses and advertised IPv4, label-IPv4, and VPN-IPv4 routes shows the loopback addresses and the advertised routes.
On PE-2, eBGP is configured toward three IPv6 neighbors with next-hop-self enabled. For each of the BGP neighbors, extended-nh-encoding and advertise-ipv6-next-hops are configured for different address families. The BGP configuration is as follows:
# on PE-2:
configure
router Base
bgp
loop-detect discard-route
multi-path
maximum-paths 2 ebgp 2
exit
enable-inter-as-vpn
split-horizon
group "eBGP-IPv6"
family ipv4 ipv6 vpn-ipv4 vpn-ipv6 label-ipv4 label-ipv6
import "import-1:1-3:3"
export "export-10.2" "export-10.132"
local-as 64502
neighbor 2001:db8::12:1
next-hop-self
peer-as 64501
extended-nh-encoding ipv4 vpn-ipv4 label-ipv4
advertise-ipv6-next-hops ipv4 vpn-ipv4 vpn-ipv6 label-ipv4
label-ipv6
exit
neighbor 2001:db8::23:2
next-hop-self
peer-as 64503
extended-nh-encoding ipv4 vpn-ipv4 label-ipv4
advertise-ipv6-next-hops ipv4 vpn-ipv4 vpn-ipv6 label-ipv4
label-ipv6
exit
neighbor 2001:db8::23:6
next-hop-self
peer-as 64503
extended-nh-encoding ipv4 vpn-ipv4 label-ipv4
advertise-ipv6-next-hops ipv4 vpn-ipv4 vpn-ipv6 label-ipv4
label-ipv6
exit
exit
no shutdown
The BGP configuration on PE-1 and PE-3 is similar.
The BGP summary on PE-1 shows that for each of the configured address families, one route is advertised and two routes are received and accepted:
*A:PE-1# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
2001:db8::12:2
Def. Instance 64502 22 0 00h02m38s 2/2/1 (IPv4)
16 0 2/2/1 (IPv6)
2/2/1 (VpnIPv4)
2/2/1 (VpnIPv6)
2/2/1 (Lbl-IPv4)
2/2/1 (Lbl-IPv6)
-------------------------------------------------------------------------------
On PE-1, the following IPv4 routes with IPv6 next-hop are received and used: route 10.2.0.1/32 originates from PE-2 and route 10.3.0.1/32 from PE-3. Both routes have next-hop 2001:db8::12:2 because next-hop-self is enabled, as follows:
*A:PE-1# show router bgp routes
===============================================================================
BGP Router ID:255.0.0.0 AS:64501 Local AS:64501
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.2.0.1/32 None None
2001:db8::12:2 None 0
64502 -
u*>i 10.3.0.1/32 None None
2001:db8::12:2 None 0
64502 64503 -
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
On PE-2, the following VPN-IPv4 routes with different IPv6 next-hops are received and used:
*A:PE-2# show router bgp routes vpn-ipv4
===============================================================================
BGP Router ID:255.0.0.0 AS:64502 Local AS:64502
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 64501:1:172.31.0.1/32 None None
2001:db8::12:1 None 0
64501 524287
u*>i 64503:1:172.31.0.3/32 None None
2001:db8::23:2 None 0
64503 524287
u*>i 64503:1:172.31.0.3/32 None None
2001:db8::23:6 None 0
64503 524287
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
On PE-3, the following label-IPv4 routes with IPv6 next-hop are received and used. Route 10.131.0.1/32 originates from PE-1 and is re-advertised by PE-2 on two eBGP paths, with next-hop addresses 2001:db8::23:1 and 2001:db8::23:5. Route 10.132.0.1/32 originates from PE-2 and is also advertised over these two eBGP paths.
*A:PE-3# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:255.0.0.0 AS:64503 Local AS:64503
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 10.131.0.1/32 None None
2001:db8::23:1 None 0
64502 64501 524284
u*>i 10.131.0.1/32 None None
2001:db8::23:5 None 0
64502 64501 524284
u*>i 10.132.0.1/32 None None
2001:db8::23:1 None 0
64502 524285
u*>i 10.132.0.1/32 None None
2001:db8::23:5 None 0
64502 524285
-------------------------------------------------------------------------------
Routes : 4
===============================================================================
The route table on PE-3 includes BGP IPv4 and label-IPv4 routes with IPv6 next-hops, as follows:
*A:PE-3# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.0.1/32 Remote BGP 00h03m36s 170
2001:db8::23:1 0
10.1.0.1/32 Remote BGP 00h03m36s 170
2001:db8::23:5 0
10.2.0.1/32 Remote BGP 00h03m36s 170
2001:db8::23:1 0
10.2.0.1/32 Remote BGP 00h03m36s 170
2001:db8::23:5 0
10.3.0.1/32 Local Local 00h04m20s 0
lo1 0
10.131.0.1/32 Remote BGP_LABEL 00h03m36s 170
2001:db8::23:1 0
10.131.0.1/32 Remote BGP_LABEL 00h03m36s 170
2001:db8::23:5 0
10.132.0.1/32 Remote BGP_LABEL 00h03m36s 170
2001:db8::23:1 0
10.132.0.1/32 Remote BGP_LABEL 00h03m36s 170
2001:db8::23:5 0
10.133.0.1/32 Local Local 00h04m20s 0
lo2 0
192.0.2.3/32 Local Local 00h04m20s 0
system 0
-------------------------------------------------------------------------------
No. of Routes: 11
The tunnel table on PE-3 shows four BGP tunnels with IPv6 next-hops, as follows:
*A:PE-3# show router tunnel-table
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
Color
-------------------------------------------------------------------------------
10.131.0.1/32 bgp MPLS 262146 12 2001:db8::23:1 1000
10.131.0.1/32 bgp MPLS 262146 12 2001:db8::23:5 1000
10.132.0.1/32 bgp MPLS 262145 12 2001:db8::23:1 1000
10.132.0.1/32 bgp MPLS 262145 12 2001:db8::23:5 1000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
E = Inactive best-external BGP route
k = RIB-API or Forwarding Policy backup hop
===============================================================================
The route table for VPRN 1 on PE-3 includes BGP VPN-IPv4 routes with IPv6 next-hops, as follows:
*A:PE-3# show router 1 route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.31.0.1/32 Remote BGP VPN 00h03m36s 170
2001:db8::23:1 0
172.31.0.1/32 Remote BGP VPN 00h03m36s 170
2001:db8::23:5 0
172.31.0.2/32 Remote BGP VPN 00h03m36s 170
2001:db8::23:1 0
172.31.0.2/32 Remote BGP VPN 00h03m36s 170
2001:db8::23:5 0
172.31.0.3/32 Local Local 00h04m20s 0
lo1 0
-------------------------------------------------------------------------------
No. of Routes: 5
The reachability between source address 172.31.0.3 and destination 172.31.0.1 can be verified, but the following traceroute does not display any address for the intermediate node:
*A:PE-3# traceroute router 1 no-dns 172.31.0.1 source 172.31.0.3
traceroute to 172.31.0.1 from 172.31.0.3, 30 hops max, 40 byte packets
1 0.0.0.0 * * *
2 172.31.0.1 3.68 ms 3.51 ms 3.78 ms
However, the following traceroute from lo1 on PE-3 to lo1 on PE-1 fails:
*A:PE-3# traceroute no-dns 10.1.0.1 source 10.3.0.1
traceroute to 10.1.0.1 from 10.3.0.1, 30 hops max, 40 byte packets
1 0.0.0.0 * * *
2 0.0.0.0 * * *
3 0.0.0.0 * * *
4 0.0.0.0 * * *
5 0.0.0.0 * * * ^C
Likewise, the traceroute from lo2 on PE-3 to PE-1 will fail (not shown here).
In an IPv6-only network, the IPv4 interfaces are down, as follows:
*A:PE-2# show router interface
===============================================================================
Interface Table (Router: Base)
===============================================================================
Interface-Name Adm Opr(v4/v6) Mode Port/SapId
IP-Address PfxState
-------------------------------------------------------------------------------
int-PE-2-PE-1 Up Down/Up Network 1/1/2:100
2001:db8::12:2/126 PREFERRED
fe80::14:1ff:fe01:2/64 PREFERRED
int-PE-2-PE-3_0 Up Down/Up Network 1/1/1:100
2001:db8::23:1/126 PREFERRED
fe80::14:1ff:fe01:1/64 PREFERRED
int-PE-2-PE-3_4 Up Down/Up Network 1/1/3:100
2001:db8::23:5/126 PREFERRED
fe80::14:1ff:fe01:3/64 PREFERRED
lo1 Up Up/Up Network loopback
10.2.0.1/32 n/a
2001:db8::10:2:0:1/128 PREFERRED
fe80::13:ffff:fe00:0/64 PREFERRED
lo2 Up Up/Up Network loopback
10.132.0.1/32 n/a
2001:db8::10:132:0:1/128 PREFERRED
fe80::13:ffff:fe00:0/64 PREFERRED
system Up Up/Up Network system
192.0.2.2/32 n/a
2001:db8::2:2/128 PREFERRED
-------------------------------------------------------------------------------
Interfaces : 6
===============================================================================
To allow CPM-originated or terminated packets, such as IPv4 ping or traceroute traffic, the forward-ipv4-packets command is configured in the ipv6 context of these interfaces, as follows:
# on PE-2:
configure
router Base
interface "int-PE-2-PE-1"
port 1/1/2:100
ipv6
address 2001:db8::12:2/126
forward-ipv4-packets
exit
no shutdown
exit
interface "int-PE-2-PE-3_0"
port 1/1/1:100
ipv6
address 2001:db8::23:1/126
forward-ipv4-packets
exit
no shutdown
exit
interface "int-PE-2-PE-3_4"
port 1/1/3:100
ipv6
address 2001:db8::23:5/126
forward-ipv4-packets
exit
no shutdown
exit
The connectivity between the lo1 and lo2 interfaces can now be verified from PE-3, as follows:
*A:PE-3# traceroute no-dns 10.1.0.1 source 10.3.0.1
traceroute to 10.1.0.1 from 10.3.0.1, 30 hops max, 40 byte packets
1 10.2.0.1 2.36 ms 2.69 ms 2.79 ms
2 10.1.0.1 3.89 ms 3.58 ms 3.61 ms
*A:PE-3# traceroute no-dns 10.2.0.1 source 10.3.0.1
traceroute to 10.2.0.1 from 10.3.0.1, 30 hops max, 40 byte packets
1 10.2.0.1 2.88 ms 2.93 ms 2.79 ms
*A:PE-3# traceroute no-dns 10.131.0.1 source 10.133.0.1
traceroute to 10.131.0.1 from 10.133.0.1, 30 hops max, 40 byte packets
1 10.2.0.1 2.78 ms 2.97 ms 2.77 ms
2 10.131.0.1 3.58 ms 3.65 ms 3.36 ms
*A:PE-3# traceroute no-dns 10.132.0.1 source 10.133.0.1
traceroute to 10.132.0.1 from 10.3.0.1, 30 hops max, 40 byte packets
1 10.132.0.1 2.71 ms 2.93 ms 2.81 ms
With the forward-ipv4-packets command, the IOM is instructed by the CPM to consider the IPv4 operational state of the interface as up when the IPv6 interface is operationally up. IPv4 packets can be sent and received on the interface when the IPv6 interface is up, even when the IPv4 interface is operationally down.
Conclusion
SR OS routers can advertise and receive BGP routes for IPv4 destinations with IPv6 next-hops. This feature requires the Extended Next Hop encoding BGP capability in RFC 5549 and is useful in IPv6-only networks or regions.