training:sanog35:d-static
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
| — | training:sanog35:d-static [2019/12/14 22:02] (current) – created philip | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== IPv6 Lab - Customer Connections ====== | ||
| + | |||
| + | |||
| + | ===== Background ===== | ||
| + | |||
| + | This series of small labs is going to focus on how to deploy IPv6 into a customer’s network. Several technologies will be examined, including: | ||
| + | |||
| + | * static configuration with static route | ||
| + | * DHCPv6-PD | ||
| + | * 6rd | ||
| + | |||
| + | The lab has been set up to include a sample Customer router connected to the Access router for each Autonomous System. We will use this extended lab network to explore the different technologies. The lab topology is shown in the following diagram: | ||
| + | |||
| + | {{: | ||
| + | |||
| + | ===== Static Configuration ===== | ||
| + | |||
| + | This first lab looks at how to set up a static configuration between network operator and the end-user. This is the traditional method the industry has used for years for IPv4, and is also used for IPv6 in the case of a dual-stack connection from operator to customer and within the customer’s own network. | ||
| + | |||
| + | ===== Configuring the Customer Router ===== | ||
| + | |||
| + | Before we start, each group needs to configure their customer router, to give it the basic configuration. We do exactly as we did at the start of these labs. To help you, the configuration steps are listed here. Consult the [[training: | ||
| + | |||
| + | ==== Name the router ==== | ||
| + | |||
| + | Router> enable | ||
| + | Router# config terminal | ||
| + | Router(config)# | ||
| + | |||
| + | ==== Configure Authentication ==== | ||
| + | |||
| + | aaa new-model | ||
| + | aaa authentication login default local | ||
| + | aaa authentication enable default enable | ||
| + | username v6cust secret cust-PW | ||
| + | enable secret cust-EN | ||
| + | service password-encryption | ||
| + | line vty 0 4 | ||
| + | | ||
| + | line console 0 | ||
| + | | ||
| + | |||
| + | ==== Configure logging ==== | ||
| + | |||
| + | no logging console | ||
| + | logging buffered 8192 debugging | ||
| + | |||
| + | |||
| + | ==== Disable DNS resolution ==== | ||
| + | |||
| + | no ip domain-lookup | ||
| + | |||
| + | ==== Activate IPv6 routing ==== | ||
| + | |||
| + | |||
| + | Turn on IPv6 Routing and activate IPv6 CEF (not on by default in Cisco IOS) | ||
| + | |||
| + | ipv6 unicast-routing | ||
| + | ipv6 cef | ||
| + | |||
| + | ==== Disable source routing for IPv4 and IPv6 ==== | ||
| + | |||
| + | no ip source-route | ||
| + | no ipv6 source-route | ||
| + | |||
| + | ==== Path MTU Discovery ==== | ||
| + | |||
| + | Enable Path MTU Discovery on the router - this is not enabled by default for connections to the control plane (but it is enabled by default now for BGP). | ||
| + | |||
| + | ip tcp path-mtu-discovery | ||
| + | |||
| + | Exit configuration mode and save | ||
| + | |||
| + | end | ||
| + | write memory | ||
| + | |||
| + | |||
| + | ===== Configuring Interfaces on Customer Router ===== | ||
| + | |||
| + | Now that the basic configuration is in place, we need to configure the interface linking the Customer router to our Access router. Refer to the [[training: | ||
| + | |||
| + | Here is a configuration example: | ||
| + | |||
| + | interface FastEthernet0/ | ||
| + | | ||
| + | ip address 100.68.X.34 255.255.255.252 | ||
| + | no ip directed-broadcast | ||
| + | no ip redirects | ||
| + | no ip proxy-arp | ||
| + | ipv6 address 2001: | ||
| + | ipv6 nd prefix default no-advertise | ||
| + | ipv6 nd ra suppress all | ||
| + | no shutdown | ||
| + | ! | ||
| + | |||
| + | |||
| + | ===== Configuring Interfaces on Access Router ===== | ||
| + | |||
| + | We also need to configure the interface on the Access router which connects to the Customer router. Again, referring to the address plan, here is a possible configuration example: | ||
| + | |||
| + | interface FastEthernet0/ | ||
| + | | ||
| + | ip address 100.68.X.33 255.255.255.252 | ||
| + | no ip directed-broadcast | ||
| + | no ip redirects | ||
| + | no ip proxy-arp | ||
| + | ipv6 address 2001: | ||
| + | ipv6 nd prefix default no-advertise | ||
| + | ipv6 nd ra suppress all | ||
| + | no shutdown | ||
| + | ! | ||
| + | |||
| + | Once the interfaces on both the Customer and Access routers have been configured, try and ping the other end - check both IPv4 and IPv6. | ||
| + | |||
| + | ===== Adding a customer route ===== | ||
| + | |||
| + | We previously set up simulated customer connection on the Access Router. We can now redo this, so that rather than pointing the static route at the Null0 interface, we can point it to the actual Customer router we have just configured. | ||
| + | |||
| + | First we delete the static routes we set up earlier: | ||
| + | |||
| + | no ip route 100.68.X.64 255.255.255.192 null0 | ||
| + | ! | ||
| + | no ipv6 route 2001: | ||
| + | ! | ||
| + | |||
| + | And then we add the static routes on the Access router to point to the point-to-point link address on the Customer router: | ||
| + | |||
| + | ip route 100.68.X.64 255.255.255.192 100.68.X.34 | ||
| + | ! | ||
| + | ipv6 route 2001: | ||
| + | ! | ||
| + | |||
| + | Once this has been configured, check that you can still see the customer IPv4 /26 and IPv6 /52 visible in the iBGP for the AS. Check on the Border, Peering and Core routers, and make sure the prefix is still visible. Use these commands: | ||
| + | |||
| + | show ip bgp | ||
| + | show bgp ipv6 unicast | ||
| + | |||
| + | ===== Default route on Customer Router ===== | ||
| + | |||
| + | To complete the connectivity we need to set up a static default route (IPv4 and IPv6) on the Customer router pointing to the Access router. We also need to create a source anchor point for the address space we have assigned to the customer. The simplest way to do this is to route create a Loopback interface on the Customer router with a single IP address from IPv4 and IPv6 address blocks in question, and point the entire IPv4 and IPv6 blocks to the Null0 interface. This way we have a target to test connectivity to, as well as following best practices by Null routing any address space which is not in use. | ||
| + | |||
| + | Here is an example for the Customer router: | ||
| + | |||
| + | interface Loopback0 | ||
| + | | ||
| + | ip address 100.68.X.64 255.255.255.255 | ||
| + | ipv6 address 2001: | ||
| + | ! | ||
| + | ip route 0.0.0.0 0.0.0.0 100.68.X.33 | ||
| + | ip route 100.68.X.64 255.255.255.192 Null0 | ||
| + | ! | ||
| + | ipv6 route ::/0 2001: | ||
| + | ipv6 route 2001: | ||
| + | ! | ||
| + | |||
| + | With this in place it should be possible to reach the Internet from the Customer router. Check connectivity from: | ||
| + | |||
| + | * your AS towards the Customer router too, using the newly created Loopback interface as a target. | ||
| + | * our Customer router, using the newly created Loopback interface as the source, towards the Internet, e.g. to 8.8.8.8 for IPv4 and 2001: | ||
| + | |||
| + | **Note:** Can you explain why, in the latter case, we are running the traceroute from the Loopback interface, and not using the default (which would be the point-to-point link to the network operator’s Access router)? | ||
| + | |||
| + | |||
| + | Once complete, make sure you save a copy of the configuration on the Access and Customer routers - simple copy and paste into a text document is easiest. We will need to revert to this configuration at a future stage in the lab. | ||
| + | |||
| + | [[: | ||
training/sanog35/d-static.txt · Last modified: 2019/12/14 22:02 by philip