IPv6 BGP Routes Show as unreachable

NodeMax · May 7, 2014, 9:24pm

Hi,

I have 2 x CCR’s both running full ip4 BGP to multiple upstreams all working fine.

I have started to set up dual stack ipv6 separate sessions to ipv4.

Ipv6 is up and announces my /32

I have a default route out which routes fine, I can ping ipv6 Google DNS and I can ping from USA to my ipv6 internally. All fine.

I would delete the default route once BGP is working but the BGP routes show as unreachable:

When I delete the default route nothing pings as you would expect that due to the BGP routes being unreachable

On one CCR the ipv6 IP connected to the upstream is on fibre port, on the other CCR I have tried it on a bridge. both do the same BGP unreachable on incomming routes.

0 A S  dst-address=::/0 gateway=2001:978:2:21::59:1 
        gateway-status=2001:978:2:21::59:1 reachable via  ipv6-cogent distance=1 scope=30 
        target-scope=10 

 1  Db  dst-address=2001::/32 gateway=fe80::6600:f1ff:feef:5c0%ipv6-cogent 
        gateway-status=fe80::6600:f1ff:feef:5c0%ipv6-cogent unreachable distance=20 scope=40 
        target-scope=10 bgp-as-path="174,2914,12859" bgp-med=9031 bgp-origin=igp 
        bgp-communities=174:21100,174:22008 received-from=cogentIPv6 

 2  Db  dst-address=2001:200::/32 gateway=fe80::6600:f1ff:feef:5c0%ipv6-cogent 
        gateway-status=fe80::6600:f1ff:feef:5c0%ipv6-cogent unreachable distance=20 scope=40 
        target-scope=10 bgp-as-path="174,2914,2500" bgp-med=9031 bgp-atomic-aggregate=yes 
        bgp-origin=igp bgp-communities=174:21100,174:22008 received-from=cogentIPv6 

 3  Db  dst-address=2001:200:c00::/40 gateway=fe80::6600:f1ff:feef:5c0%ipv6-cogent 
        gateway-status=fe80::6600:f1ff:feef:5c0%ipv6-cogent unreachable distance=20 scope=40 
        target-scope=10 bgp-as-path="174,1239,4725,9607,7530,7530" bgp-med=81051 
        bgp-origin=igp bgp-communities=174:21000,174:22013 received-from=cogentIPv6 

 4  Db  dst-address=2001:200:c000::/35 gateway=fe80::6600:f1ff:feef:5c0%ipv6-cogent 
        gateway-status=fe80::6600:f1ff:feef:5c0%ipv6-cogent unreachable distance=20 scope=40 
        target-scope=10 bgp-as-path="174,1280,2500,23634" bgp-med=141061 bgp-origin=igp 
        bgp-communities=174:21001,174:22013 received-from=cogentIPv6 

 5  Db  dst-address=2001:200:e000::/35 gateway=fe80::6600:f1ff:feef:5c0%ipv6-cogent 
        gateway-status=fe80::6600:f1ff:feef:5c0%ipv6-cogent unreachable distance=20 scope=40 
        target-scope=10 bgp-as-path="174,1239,4725,2907,7660" bgp-med=81051 bgp-origin=igp 
        bgp-communities=174:21000,174:22013 received-from=cogentIPv6 

 6  Db  dst-address=2001:208::/32 gateway=fe80::6600:f1ff:feef:5c0%ipv6-cogent 
        gateway-status=fe80::6600:f1ff:feef:5c0%ipv6-cogent unreachable distance=20 scope=40

Announcements fine

PEER     PREFIX               NEXTHOP          AS-PATH      ORIGIN     LOCAL-PREF
cogen... 2a02:4f60::/32       2001:978:2:21...              igp

Instance…

name="ipv6Cogent" as=60198 router-id=0.0.0.0 redistribute-connected=no 
      redistribute-static=no redistribute-rip=no redistribute-ospf=no 
      redistribute-other-bgp=no out-filter="" client-to-client-reflection=no 
      ignore-as-path-len=no routing-table=""

peer

 E name="cogentIPv6" instance=ipv6Cogent remote-address=2001:978:2:21::59:1 remote-as=174 
     tcp-md5-key="REMOVED" nexthop-choice=default multihop=no route-reflect=no 
     hold-time=3m keepalive-time=10s ttl=60 in-filter=ipv6-cogent-in 
     out-filter=ipv6-cogent-out address-families=ipv6 update-source=2001:978:2:21::59:2 
     default-originate=never remove-private-as=no as-override=no passive=no use-bfd=no

filters …

 5   chain=ipv6-cogent-in prefix=::/0 invert-match=no action=accept 
     set-in-nexthop-ipv6=2001:978:2:21::59:1 set-in-nexthop-direct=ipv6-cogent 
     set-bgp-prepend-path="" 
 7   chain=ipv6-cogent-out prefix=2a02:4f60::/32 prefix-length=32 invert-match=no action=accept 
     set-bgp-prepend-path="" set-bgp-communities="" 

 8   chain=ipv6-cogent-out invert-match=no action=discard set-bgp-prepend-path="" 
     set-bgp-communities=""

bridge interface (now on other CCR no bridge IP direct on interface but same problem)

0  G address=2001:978:2:21::59:2/112 from-pool="" interface=ipv6-cogent 
      actual-interface=ipv6-cogent eui-64=no advertise=no

I have tried adding to inbound filter:

set-in-nexthop-ipv6=2001:978:2:21::59:1 set-in-nexthop-direct=ipv6-cogent

Also in aggregate do I need this on ipv6 BGP, I do on ipv4 but ipv6 is it relevant?

/routing bgp aggregate> print
Flags: X - disabled, A - active 
 #   PREFIX               INSTANCE              
 1   2a02:4f60::/32       ipv6Cogent

And is this relevant on ipv6 (network)

 /routing bgp network> print
Flags: X - disabled 
 #   NETWORK              SYNCHRONIZE      
 1   2a02:4f60::/32       yes

Anyone know why my BGP routes IN are unreachable?

Thanks

Tony

NodeMax · May 8, 2014, 10:08am

Hi

OK getting closer.

The IP address from Cogent is a /112 as 2001:978:2:21::59:2/112

Now the IP in their BGP route is link local.

Does Micortik allow /112 addresses as link local?

How do I get the router to see that as reachable or can I over write their BGP gateway with a filter and specify the gateway as 2001:978:2:21::59:1?

They say they don’t see a link local address from us.

Thanks

Tony

onnoossendrijver · May 8, 2014, 12:37pm

Well, does your interface have a link-local address? (fe80:…)
If not, add one

NodeMax · May 8, 2014, 11:04pm

Hi

mmm nope..

OK how do I add a link local address and what format is it?

Happy to read how to do it do you have a link/URL?

Thanks

Tony

onnoossendrijver · May 9, 2014, 7:27am

It should work automatically.
From Wiki:

A link-local address is required on every IPv6-enabled interface, applications may rely on the existence of a link-local address even when there is no IPv6 routing, that is why link-local address is generated automatically for every active interface using it’s interface identifier (calculated EUI-64 from MAC address if present). Address prefix is always FE80::/64 and IPv6 router never forwards link-local traffic beyond the link.

and also

Note: If interface is set as bridge port, interface specific link-local address is removed leaving only bridge link-local address

NodeMax · May 9, 2014, 7:54am

Hi,

I think it would be automatic if a /64 but the ipv6 address on that interface is /112 from Cogent which can’t be link local.

So I am confused on this.

regards

Tony

onnoossendrijver · May 9, 2014, 9:17am

The interface should at least have 2 IPv6 addresses:

an fe80:/64 IP address, this is called a link-local address.
your 2001:xxxx::/112 address from cogent

The fe80 link-local address is used for most host-to-host communication. For example OSPFv3 uses this address for communication with neighbor routers. I believe BGP (v6) does the same.