IPv6 design, deployment, standards, and best practices.
Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

IPv6 RA overriding static or BGP-learned default routes

Wed Mar 05, 2014 6:23 pm

Is this possible?

User avatar
burnyd
Post Whore
Posts:
3160
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: IPv6 RA overriding static or BGP-learned default routes

Wed Mar 05, 2014 6:55 pm

Without trying only theory thinking about it I would imagine you would given the admin distance. Hence why you probably have RA guards out there now.
http://danielhertzberg.wordpress.com - I blog about networks!

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Wed Mar 05, 2014 7:10 pm

That's exactly what I'm wondering about... what would the admin distance be? Would it be a static route? Connected?

EDIT - Obviously it's been a while and I need to brush up...

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Wed Mar 05, 2014 8:24 pm

I found a Brocade article that says an IPv6 RA route has an admin distance of 254. Hard to believe that would override a statically configured or BGP learned default?

User avatar
wintermute000
Post Whore
Posts:
1008
Joined:
Mon Jan 14, 2013 10:40 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Wed Mar 05, 2014 8:33 pm

without researching this would appear to be something that's a bit vendor specific, but yeah I find it hard to believe any vendor would implement a stack that lets it override say a static. 254 is logical.

User avatar
Beginners_mind
Senior Member
Posts:
287
Joined:
Fri Jan 31, 2014 2:29 am

Re: IPv6 RA overriding static or BGP-learned default routes

Wed Mar 05, 2014 11:24 pm

Hello.

As luck would have it I've got a ipv6 lab for homework tonight so it only took a couple of minutes to set up a router to receive a default from both a RA and a EBGP peer.

BGP peer is on a serial link. RA's are coming from a router on f0/0.

On IOS 12.4T at least, an RA default route has the admin distance of a static route.

Code: Select all
Rack1R2#sh ipv6 ro
IPv6 Routing Table - 7 entries
[...snip...]
S   ::/0 [1/0]
     via FE80::219:6FF:FE23:190, FastEthernet0/0

Rack1R2#sh ip bgp all
For address family: IPv6 Unicast
BGP table version is 2, local router ID is 10.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> ::/0             2001:DEAD:BEEF:123::1
                                             0             0 1000 i

[***routing table after removing 'default' keyword from ipv6 address autoconfigure***]

Rack1R2#sh ipv6 route
[...snip...]
B   ::/0 [20/0]
     via FE80::1, Serial0/0/0.123


-b
"Certs: CCIE written but expire"

User avatar
wintermute000
Post Whore
Posts:
1008
Joined:
Mon Jan 14, 2013 10:40 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 2:20 am

That is just tragic!!!!!!!

User avatar
burnyd
Post Whore
Posts:
3160
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 7:38 am

that is interesting. I have to try this tonight. I wonder what is built into either RA or the router to tell it to preempt other routing protocols routes with a high admin distance comparing ebgp 20 to 1 of static in your example/
http://danielhertzberg.wordpress.com - I blog about networks!

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 7:43 am

We turn off RA on all interfaces running routing protocols. Some vendors allow you to switch it off globally

User avatar
burnyd
Post Whore
Posts:
3160
Joined:
Fri Nov 13, 2009 5:15 pm
Certs:
CCIE R&S/SP,CCNP-SP,JNCIA,VCP510,VCA-DCV

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 7:45 am

you guys and your v6. My enterprise still has not adapt to v6 yet :(
http://danielhertzberg.wordpress.com - I blog about networks!

User avatar
Beginners_mind
Senior Member
Posts:
287
Joined:
Fri Jan 31, 2014 2:29 am

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 9:30 am

Point of clarification: I had to explicitly instruct R2 to make the RA router it's default gateway. That was a configured not a default behavior. Hence the administrative distance of static.

Rack1R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Rack1R2(config)#int f0/0
Rack1R2(config-if)#ipv6 address autoconfigure default
"Certs: CCIE written but expire"

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 12:08 pm

Beginners_mind wrote:Hello.

As luck would have it I've got a ipv6 lab for homework tonight so it only took a couple of minutes to set up a router to receive a default from both a RA and a EBGP peer.

BGP peer is on a serial link. RA's are coming from a router on f0/0.

On IOS 12.4T at least, an RA default route has the admin distance of a static route.

Code: Select all
Rack1R2#sh ipv6 ro
IPv6 Routing Table - 7 entries
[...snip...]
S   ::/0 [1/0]
     via FE80::219:6FF:FE23:190, FastEthernet0/0

Rack1R2#sh ip bgp all
For address family: IPv6 Unicast
BGP table version is 2, local router ID is 10.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> ::/0             2001:DEAD:BEEF:123::1
                                             0             0 1000 i

[***routing table after removing 'default' keyword from ipv6 address autoconfigure***]

Rack1R2#sh ipv6 route
[...snip...]
B   ::/0 [20/0]
     via FE80::1, Serial0/0/0.123


-b



This is awesome - thank you sir. You saved me some hassle setting it up myself (Although I probably should have for re-training purposes). As winter stated... that is tragic. That definitely shouldn't be treated as a static route in my opinion...

Now I fully understand the purpose of RA Guard. From what I read from Cisco docs and the RFC, it seemed like a feature positioned for L2 switches where you have some ports where a router hangs off of and you want RAs from, and some other ports that should only have hosts and you would NOT want to see RAs from. I now see the concern in a situation where a router could send RAs and override default routes on other misconfigured routers.

User avatar
Beginners_mind
Senior Member
Posts:
287
Joined:
Fri Jan 31, 2014 2:29 am

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 2:04 pm

I think it's an "internet of things" concept where all devices are networked and networks are self configuring....kinda sci-fi but it seems like that reality is not far away. In that context SLAAC makes world of sense. In a world of humans manually configuring the machines perhaps not as much.

lot of things being figured out about ipv6 as we go along. It's a testament to how fast the world of networking is changing that I'm spending a bunch of time learning and labbing dead tech that's really not very old. I'm becoming an expert on PFR woo....not really woo.

My .02.

-b
"Certs: CCIE written but expire"

User avatar
mellowd
CCIE #38070
Posts:
13814
Joined:
Wed Jun 18, 2008 7:49 am
Certs:
CCIE (RS,SP), JNCIE-SP, BC-/SPNE/NP

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 2:11 pm

RA only really makes sense on an interface pointing to hosts. I would never ever leave it active between routers

User avatar
wintermute000
Post Whore
Posts:
1008
Joined:
Mon Jan 14, 2013 10:40 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Thu Mar 06, 2014 4:34 pm

Agreed.

Also take care re: suppression, the suppress keyword does not do what you think it does....

You basically want to deploy RA guard in the same logic as DHCP snooping

Retired Account
Post Whore
Posts:
3512
Joined:
Mon Nov 16, 2009 8:10 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Fri Mar 07, 2014 2:38 am

wintermute000 wrote:Agreed.

Also take care re: suppression, the suppress keyword does not do what you think it does....

You basically want to deploy RA guard in the same logic as DHCP snooping


Is it like BPDU Filter vs. BPDU Guard? One prevents sending RAs, the other guards against the receipt of them?

User avatar
wintermute000
Post Whore
Posts:
1008
Joined:
Mon Jan 14, 2013 10:40 pm

Re: IPv6 RA overriding static or BGP-learned default routes

Fri Mar 07, 2014 3:03 am

Suppress only stops periodic ra

Sent from my LG-D802T using Tapatalk


Return to IPv6

Who is online

Users browsing this forum: No registered users and 18 guests