[minipost]Quick LAB/config example for IPv6 BGP between HP Networking Comware v5 andCisco

A small lab showing basic configuration of BGP between Cisco and HP (Comware v5). This is just something small we deploying recently, there is nothing grand here, only a minor configuration example to follow later when needed.

NOTE on HP Comware v5  vs newer Comware v7, I understand I am using older version of the operating system on HP devices, the point is that this article is using one of my real work projects where Comware v5 was used without possibility to upgrade. However ALL Ipv6 functions that we needed were provided already on this older Comware, and when I checked, Comware v7 variant of this LAB is only changing commands syntax (actually quite easy to convert from v5 to v7 only following the “?”), therefore this article will remain in Comware v5 and I believe many readers will take the principles and will have no problem to upgrade to Comware v7 on their own.

Contents

Lab Topology:

This is a simple topology that is trying to simulate a typical L3 Edge / Distribution / Access with several HP 5800 layer3 switches and Cisco 3750 is simulating a typical WAN provider with dual-homing access. Of course all with limits of my LAB equipment. The target is to have full routing between the IPv6 Loopback on HP L3 Access and two Loopbacks on Cisco side simulating WAN destinations.

LAB Topoplogy used to present IPv6 and BGP between HP Networking Comware v5 and Cisco IOS boxes
LAB Topoplogy used to present IPv6 and BGP between HP Networking Comware v5 and Cisco IOS boxes

Part 1: Preparing cisco for IPv6

In my lab, I used my 3750 layer 3 switches. On these boxes, I had IPv6 support, but I needed to activate the IPv6 configurations via Switch Database Management (SDM) templates. This is something that controls resource allocation and by default doesn’t give any system resources to IPv6 functionality. To actually activate IPv6, you need to activate dual IPv4/IPv6 template and reload the switch. So we are going to do just that here:

3750# ip routing
3750# ip cef distributed
3750# show sdm prefer
 The current template is "desktop default" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs. 

  number of unicast mac addresses:                  6K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    8K
    number of directly-connected IPv4 hosts:        6K
    number of indirect IPv4 routes:                 2K
  number of IPv4 policy based routing aces:         0
  number of IPv4/MAC qos aces:                      0.75K
  number of IPv4/MAC security aces:                 1K

3750(config)#sdm prefer ?
  access              Access bias
  default             Default bias
  dual-ipv4-and-ipv6  Support both IPv4 and IPv6
  ipe                 IPe bias
  routing             Unicast bias
  vlan                VLAN bias 

3750(config)#sdm prefer dual-ipv4-and-ipv6 ?
  default  Default bias
  routing  Unicast bias
  vlan     VLAN bias

3750(config)#sdm prefer dual-ipv4-and-ipv6 routing 
Changes to the running SDM preferences have been stored, but cannot take effect 
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.

3750(config)#do reload

and after reboot:

3750(config)#ipv6 unicast-routing
3750(config)#ipv6 cef

real config

T6_CiscoL3-2(config)#router bgp 64512

T6_CiscoL3-2(config-router)#bgp router-id 6.6.6.6

T6_CiscoL3-2(config-router)#no bgp default ipv4-unicast 

T6_CiscoL3-2(config-router)#neighbor 2a02:d200::0:1 remote-as 64512

T6_CiscoL3-2(config-router)#address-family ipv6 unicast 

T6_CiscoL3-2(config-router-af)#neighbor 2a02:d200::0:1 activate 

T6_CiscoL3-2(config-router-af)#network AAAA::2/128


after the same done on the oposite T5_CiscoL3-1, on T6 you can see the routes coming from the loopback:

T6_CiscoL3-2(config-router-af)#do sh ipv6 route
IPv6 Routing Table - Default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, D - EIGRP, EX - EIGRP external
       ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   2A02:D200::/126 [0/0]
     via FastEthernet1/0/11, directly connected
L   2A02:D200::2/128 [0/0]
     via FastEthernet1/0/11, receive
B   AAAA::1/128 [200/0]
     via 2A02:D200::1
LC  AAAA::2/128 [0/0]
     via Loopback0, receive
L   FF00::/8 [0/0]
     via Null0, receive

You can also ping the BGP route for a test.

Step 2 – creating Cisco to HP BGP sessions

Cisco part T6 example:

T6_CiscoL3-1(config-router)#neighbor 2a02:d200::2:2 remote-as 65100
T6_CiscoL3-1(config-router)#address-family ipv6
T6_CiscoL3-1(config-router-af)#neighbor 2a02:d200::2:2 activate

H3C part TS4 example:

 

[TS4_HP5800]ipv6 

[TS4_HP5800]ip vpn-instance IPv6DMZ
[TS4_HP5800-vpn-instance-IPv6DMZ]route-distinguisher 65100:65100


[TS4_HP5800-4]interface GigabitEthernet 1/0/22
[TS4_HP5800-GigabitEthernet1/0/22]ip binding vpn-instance IPv6DMZ
[TS4_HP5800-GigabitEthernet1/0/22]port link-mode route
[TS4_HP5800-GigabitEthernet1/0/22]ipv6 address 2a02:d200::2:2/126

[TS4_HP5800-GigabitEthernet1/0/22]ping ipv6 -vpn-instance IPv6DMZ 2a02:d200::2:1        
  PING 2a02:d200::1:1 : 56  data bytes, press CTRL_C to break
    Reply from 2A02:D200::1:1 
    bytes=56 Sequence=1 hop limit=64  time = 40 ms
    Reply from 2A02:D200::1:1 
    bytes=56 Sequence=2 hop limit=64  time = 6 ms
    Reply from 2A02:D200::1:1 
    bytes=56 Sequence=3 hop limit=64  time = 43 ms
    Reply from 2A02:D200::1:1 
    bytes=56 Sequence=4 hop limit=64  time = 23 ms
    Reply from 2A02:D200::1:1 
    bytes=56 Sequence=5 hop limit=64  time = 10 ms

  --- 2a02:d200::1:1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 6/24/43 ms

 

Now on H3C we need to initiate the BGP parts

[TS4_HP5800]bgp 65100
[TS4_HP5800-bgp]router-id 4.4.4.4
[TS4_HP5800-bgp]ipv6-family
[Ts1_5800-bgp-af-ipv6] undo synchronization
[Ts1_5800-bgp-af-ipv6] quit
[TS4_HP5800-bgp]ipv6-family vpn-instance IPv6DMZ 
[TS4_HP5800-bgp-ipv6-IPv6DMZ]peer 2a02:d200::2:1 as-number 64512 
%Apr 26 12:44:55:001 2000 TS4_HP5800 BGP/5/BGP_STATE_CHANGED: 
 2A02:D200::2:1 state is changed from OPENCONFIRM to ESTABLISHED.

[TS4_HP5800-bgp-ipv6-IPv6DMZ]display ipv6 routing-table vpn-instance IPv6DMZ
Routing Table : IPv6DMZ
        Destinations : 6        Routes : 6

Destination: ::1/128                                     Protocol  : Direct
NextHop    : ::1                                         Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: 2A02:D200::2:0/126                          Protocol  : Direct
NextHop    : 2A02:D200::2:2                              Preference: 0
Interface  : GE1/0/22                                    Cost      : 0

Destination: 2A02:D200::2:2/128                          Protocol  : Direct
NextHop    : ::1                                         Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: AAAA::1/128                                 Protocol  : BGP4+
NextHop    : 2A02:D200::2:1                              Preference: 255
Interface  : GE1/0/22                                    Cost      : 0

Destination: AAAA::2/128                                 Protocol  : BGP4+
NextHop    : 2A02:D200::2:1                              Preference: 255
Interface  : GE1/0/22                                    Cost      : 0

Destination: FE80::/10                                   Protocol  : Direct
NextHop    : ::                                          Preference: 0
Interface  : NULL0                                       Cost      : 0

Ok, great, now we have a BGP peering between Cisco and H3C established, and the HP routers see the Cisco Loopback interfaces.

SKIP – more VLANs, more basic BGP sessions and we jump to TS1/TS2 and MSR VRRPv6 groups

Step 3 – Configuring VRRP for IPv6 on H3C

This is a small extra on enabling servers access to our topology with VRRP, which functions only a little bit different on IPv6 as it uses link-local addresses for negotiation and global unicast IPv6 addresses are negotiated on top of this negotiation.

First, lets just configure the basic IPv6 VRRP in global and have a look on the interface with which we are starting here.

[Ts1_5800]vrrp ipv6 method virtual-mac
[Ts1_5800]vrrp ipv6 ping-enable

[Ts1_5800-GigabitEthernet1/0/22]display this
#
interface GigabitEthernet1/0/22
 port link-mode route
 ip binding vpn-instance IPv6DMZ
 ipv6 address 2A02:D200::5:A/124
#

Next, what we need to realize is that in the broadcast domain where we want VRRP to function, we need to enable link-local IPv6 addresses first (these are the FE80::/10). We do this by simply enabling the auto configuration and then checking the interface. In the picture below we autoconfigured the FE80::BAAF:67FF:FE22:C47E as our link-local IP :

[Ts1_5800-GigabitEthernet1/0/22] ipv6 address auto
[Ts1_5800-GigabitEthernet1/0/22] quit

[Ts1_5800]display ipv6 interface g1/0/22
GigabitEthernet1/0/22 current state :UP
Line protocol current state :UP
IPv6 is enabled, link-local address is FE80::BAAF:67FF:FE22:C47E
  Global unicast address(es):
    2A02:D200::5:A, subnet is 2A02:D200::5:0/112
  Joined group address(es):
    FF02::12
    FF02::1:FF05:0
    FF02::1:FF05:A
    FF02::1:FF22:C47E
    FF02::2
    FF02::1
  MTU is 1500 bytes
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND retransmit interval is 1000 milliseconds
  Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
  InReceives:                   1595
  InTooShorts:                  0
  InTruncatedPkts:              0
  InHopLimitExceeds:            0
  InBadHeaders:                 0

You can see that we now have a link-local IP of FE80::BAAF:67FF:FE22:C47E, we can move to VRRP configuration itself. First, we need to create a link-local VRRP IP with the typical virtual router ID (1-255). So lets choose vrid of 5 and the link-local address lets choose for simplicity “FE80::1”.

 [Ts1_5800-GigabitEthernet1/0/22] vrrp ipv6 vrid 5 virtual-ip FE80::100 link-local

Only after this, we can create the globally unique VRRP IP with a second command:

 [Ts1_5800-GigabitEthernet1/0/22] vrrp ipv6 vrid 5 virtual-ip 2A02:D200::5:100

In summary, this is the interface configuration on the interface.

[Ts1_5800-GigabitEthernet1/0/22]display this
#
interface GigabitEthernet1/0/22
 port link-mode route
 ip binding vpn-instance IPv6DMZ
 ipv6 address 2A02:D200::5:A/112
 ipv6 address auto
 vrrp ipv6 vrid 5 virtual-ip FE80::100 link-local
 vrrp ipv6 vrid 5 virtual-ip 2A02:D200::5:100
#

Verification is with the typical “display vrrp” commands, but with IPv6 extension, please note that in the quick view with “display vrrp ipv6” you only see the link-local IPv6, the global unicast one is hidden under the verbose version of this command.

[Ts1_5800]display vrrp ipv6
 IPv6 Standby Information:
     Run Mode       : Standard
     Run Method     : Virtual MAC
 Total number of virtual routers : 1
 Interface          VRID   State       Run     Adver   Auth     Virtual
                                       Pri     Timer   Type        IP
 ---------------------------------------------------------------------
 GE1/0/22           5      Backup      100     100     None     FE80::100

[Ts1_5800]display vrrp ipv6 verbose 
 IPv6 Standby Information:
     Run Mode       : Standard
     Run Method     : Virtual MAC
 Total number of virtual routers : 1
   Interface GigabitEthernet1/0/22
     VRID           : 5               Adver Timer : 100
     Admin Status   : Up              State       : Backup
     Config Pri     : 100             Running Pri : 100
     Preempt Mode   : Yes             Delay Time  : 0
     Become Master  : 2800ms left
     Auth Type      : None
     Virtual IP     : FE80::100
                      2A02:D200::5:100
     Master IP      : FE80::BAAF:67FF:FE3D:7FC2

By default, we would now go to the router on the very left side of the LAB, give it a IPv6 IP on the Eth0/0 interface, configure default route towards the VRRP IP manually and that is the end like this:

[TS7_MSR1]ipv6 route-static 0::0 0 2a02:d200::5:100
[TS7_MSR1-Ethernet0/0]disp this
#
interface Ethernet0/0
 port link-mode route
 ipv6 address 2A02:D200::5:C/112
#

 Step 4 – Redistributing static to BGP

On the TS1 and TS2 routers, we are going to create a static route towards the loopback on the TS7 router.

[Ts1_5800]ipv6 route-static vpn-instance IPv6DMZ 2a02:d200::10:0 112 2a02:d200::5:C

Now static routes are not moved to BGP tables by default and we need to use a redistribution for this, which is not hard. In fact in our very simple scenario this is just these commands to achieve:

[TS2_5800]bgp 65101
[TS2_5800-bgp]ipv6-family vpn-instance IPv6DMZ
[TS2_5800-bgp-ipv6-IPv6DMZ]import-route static

Verification is via the display bgp vpnv6 commands like this

[TS2_5800]display bgp vpnv6 vpn-instance IPv6DMZ routing-table

 BGP Local router ID is 2.2.2.2
 Status codes: * - valid, ^ - VPN best, > - best, d - damped,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete

 Total routes of vpn-instance IPv6DMZ: 6


 *^>  Network : 2A02:D200::10:0                          PrefixLen : 112
      NextHop : ::                                       LocPrf    :
      PrefVal : 0                                        Label     : NULL
      MED     : 0
      Path/Ogn: ?

 *  i Network : 2A02:D200::10:0                          PrefixLen : 112
      NextHop : 2A02:D200::5:A                           LocPrf    : 100
      PrefVal : 0                                        Label     : NULL
      MED     : 0
      Path/Ogn: ?

 *^>  Network : AAAA::1                                  PrefixLen : 128
      NextHop : 2A02:D200::4:1                           LocPrf    :
      PrefVal : 0                                        Label     : NULL
      MED     :
      Path/Ogn: 65100 64512 i

    i Network : AAAA::1                                  PrefixLen : 128
      NextHop : 2A02:D200::3:1                           LocPrf    : 100
      PrefVal : 0                                        Label     : NULL
      MED     :
      Path/Ogn: 65100 64512 i

 *^>  Network : AAAA::2                                  PrefixLen : 128
      NextHop : 2A02:D200::4:1                           LocPrf    :
      PrefVal : 0                                        Label     : NULL
      MED     :
      Path/Ogn: 65100 64512 i

    i Network : AAAA::2                                  PrefixLen : 128
      NextHop : 2A02:D200::3:1                           LocPrf    : 100
      PrefVal : 0                                        Label     : NULL
      MED     :
      Path/Ogn: 65100 64512 i

But more importantly, lets check this on the far end cisco box that this static route has arrived to it.

T5_CiscoL3-1#show ipv6 route 
IPv6 Routing Table - Default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, D - EIGRP, EX - EIGRP external
       ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C   2A02:D200::/126 [0/0]
     via FastEthernet1/0/11, directly connected
L   2A02:D200::1/128 [0/0]
     via FastEthernet1/0/11, receive
C   2A02:D200::1:0/126 [0/0]
     via FastEthernet1/0/22, directly connected
L   2A02:D200::1:1/128 [0/0]
     via FastEthernet1/0/22, receive
B   2A02:D200::10:0/112 [20/0]
     via FE80::BAAF:67FF:FE3D:9F66, FastEthernet1/0/22
LC  AAAA::1/128 [0/0]
     via Loopback0, receive
B   AAAA::2/128 [200/0]
     via 2A02:D200::2
L   FF00::/8 [0/0]
     via Null0, receive

And the very FINAL TEST, pinging the two loopbacks from the oposite sides of this lab.

  1. Cisco to H3C ping
    T5_CiscoL3-1#ping ipv6 2A02:D200::10:1 source loopback 0 
    
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 2A02:D200::10:1, timeout is 2 seconds:
    Packet sent with a source address of AAAA::1
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/9 ms
  2. H3C to Cisco ping
    <TS7_MSR1>ping ipv6 -a 2A02:D200::10:1 AAAA::1 
      PING AAAA::1 : 56  data bytes, press CTRL_C to break
        Reply from AAAA::1 
        bytes=56 Sequence=1 hop limit=62  time = 4 ms
        Reply from AAAA::1 
        bytes=56 Sequence=2 hop limit=62  time = 2 ms
        Reply from AAAA::1 
        bytes=56 Sequence=3 hop limit=62  time = 2 ms
        Reply from AAAA::1 
        bytes=56 Sequence=4 hop limit=62  time = 3 ms
        Reply from AAAA::1 
        bytes=56 Sequence=5 hop limit=62  time = 4 ms
    
      --- AAAA::1 ping statistics ---
        5 packet(s) transmitted
        5 packet(s) received
        0.00% packet loss
        round-trip min/avg/max = 2/3/4 ms

References:

H3C/HP VRRP for IPv6

H3C/HP IPv6 configuration

OPTIONAL : IPv6 ND RA

<span lang="EN-US"># Specify the advertised address prefix as 2001::/64, its valid lifetime as 86400 seconds, and its preferred lifetime as 3600 seconds.</span>
[DeviceA-Ethernet1/1] ipv6 nd ra prefix 2001::/64 86400 3600

 

---
Peter Havrila , published on

3 comments ...

  1. Hey Peter,

    I could not comment on vPC confg. post.

    May I ask you how could you colored your command line? If you share it somewhere,
    i apprciate it.

    Thanks.

Comments are closed.