Mailing List Archive: nsp: juniper

6pe between Cisco and Juniper

Index | Next | Previous | View Threaded

mihaigabriel at gmail

Sep 3, 2012, 8:04 AM

Post #1 of 12 (942 views)
Permalink

6pe between Cisco and Juniper

Hello,
Did any of you manage to configure a bgp session between Cisco and Juniper
using family inet6 labeled-unicast on Juniper? I am trying to configure 6PE
but the bgp session does not come up because Juniper does not send
ipv6-unicast capabity to Cisco

Juniper config:

group test {
type internal;
local-address 10.10.10.10;
import pol-reject-any;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
export pol-reject-any;
neighbor 10.10.10.20;

Cisco config:

neighbor test peer-group
neighbor test remote-as 65500
neighbor test update-group loopback0

address-family ipv4
neighbor test send-community
neighbor test send-label
neighbor 10.10.10.10 activate

address-family ipv6
neighbor test send-community
neighbor test send-label
neighbor 10.10.10.10 activate

and the error:

Sep 3 17:33:31 juniper rpd[2115]: bgp_process_caps: mismatch NLRI with
10.10.10.20 (Internal AS 65500):
peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
<inet-unicast inet6-labeled-unicast>(257)

Any advice?
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

cbarth at juniper

Sep 3, 2012, 8:22 AM

Post #2 of 12 (918 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

Mihai-

Based on the error message:

"peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
<inet-unicast inet6-labeled-unicast>(257)"

You need to enable the unicast address family under ipv6

set protocols bgp group test family inet6 unicast

-cb

On Sep 3, 2012, at 11:04 AM, Mihai Gabriel wrote:

> Hello,
> Did any of you manage to configure a bgp session between Cisco and Juniper
> using family inet6 labeled-unicast on Juniper? I am trying to configure 6PE
> but the bgp session does not come up because Juniper does not send
> ipv6-unicast capabity to Cisco
>
> Juniper config:
>
> group test {
> type internal;
> local-address 10.10.10.10;
> import pol-reject-any;
> family inet {
> unicast;
> }
> family inet6 {
> labeled-unicast {
> explicit-null;
> }
> }
> export pol-reject-any;
> neighbor 10.10.10.20;
>
> Cisco config:
>
> neighbor test peer-group
> neighbor test remote-as 65500
> neighbor test update-group loopback0
>
> address-family ipv4
> neighbor test send-community
> neighbor test send-label
> neighbor 10.10.10.10 activate
>
> address-family ipv6
> neighbor test send-community
> neighbor test send-label
> neighbor 10.10.10.10 activate
>
>
> and the error:
>
> Sep 3 17:33:31 juniper rpd[2115]: bgp_process_caps: mismatch NLRI with
> 10.10.10.20 (Internal AS 65500):
> peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> <inet-unicast inet6-labeled-unicast>(257)
>
> Any advice?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

mihaigabriel at gmail

Sep 3, 2012, 8:30 AM

Post #3 of 12 (927 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

I thought so,but Juniper doesn't let me :

juniper# commit check
re0:
[edit protocols]
'bgp'
Error in neighbor 10.10.10.20 of group test:
peer cannot have both inet6 unicast and inet6 labeled-unicast nlri

On Mon, Sep 3, 2012 at 6:22 PM, Colby Barth <cbarth [at] juniper> wrote:

> Mihai-
>
> Based on the error message:
>
> "peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> <inet-unicast inet6-labeled-unicast>(257)"
>
> You need to enable the unicast address family under ipv6
>
> set protocols bgp group test family inet6 unicast
>
> -cb
>
> On Sep 3, 2012, at 11:04 AM, Mihai Gabriel wrote:
>
> > Hello,
> > Did any of you manage to configure a bgp session between Cisco and
> Juniper
> > using family inet6 labeled-unicast on Juniper? I am trying to configure
> 6PE
> > but the bgp session does not come up because Juniper does not send
> > ipv6-unicast capabity to Cisco
> >
> > Juniper config:
> >
> > group test {
> > type internal;
> > local-address 10.10.10.10;
> > import pol-reject-any;
> > family inet {
> > unicast;
> > }
> > family inet6 {
> > labeled-unicast {
> > explicit-null;
> > }
> > }
> > export pol-reject-any;
> > neighbor 10.10.10.20;
> >
> > Cisco config:
> >
> > neighbor test peer-group
> > neighbor test remote-as 65500
> > neighbor test update-group loopback0
> >
> > address-family ipv4
> > neighbor test send-community
> > neighbor test send-label
> > neighbor 10.10.10.10 activate
> >
> > address-family ipv6
> > neighbor test send-community
> > neighbor test send-label
> > neighbor 10.10.10.10 activate
> >
> >
> > and the error:
> >
> > Sep 3 17:33:31 juniper rpd[2115]: bgp_process_caps: mismatch NLRI with
> > 10.10.10.20 (Internal AS 65500):
> > peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> > <inet-unicast inet6-labeled-unicast>(257)
> >
> > Any advice?
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp [at] puck
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

dr at cluenet

Sep 3, 2012, 9:12 AM

Post #4 of 12 (916 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

Hi,

On Mon, Sep 03, 2012 at 11:22:02AM -0400, Colby Barth wrote:
> Based on the error message:
>
> "peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> <inet-unicast inet6-labeled-unicast>(257)"
>
> You need to enable the unicast address family under ipv6

Not really. This "error" message just points out the different
capability set, but this shouldn't prevent the session to come up. The
common set of capabilities is <inet-unicast inet6-labeled-unicast>,
this should work fine. inet6-unicast ain't needed for 6PE anyway, and
JUNOS even stops you trying to do so.

There is a different reason why the session doesn't come up. Should be
visible in logs.

Best regards,
Daniel

--
CLUE-RIPE -- Jabber: dr [at] cluenet -- dr [at] IRCne -- PGP: 0xA85C8AA0
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

dlockuan at gmail

Sep 3, 2012, 9:21 AM

Post #5 of 12 (928 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

Hi Mihai,

I think that you scheme is a topology of "IPv6 over cloud IPv4". If you
want to test 6PE over this scenary you need configure some steps:

1.- Configure family inet6 on interfaces CE-facing and Core.
2.- Configure on protocols mpls: ipv6-tunneling
3.- Configure on protocols bgp: capability labeled-unicast explicit-null on
inet6.

I used this link as reference:

http://www.juniper.net/techpubs/en_US/junos11.2/information-products/topic-collections/fg-ipv6-islands-to-ipv4-mpls-tc/fg-ipv6-islands-to-ipv4-mpls-tc.pdf

I hope this can help you.

BR

---
David

On Mon, Sep 3, 2012 at 10:30 AM, Mihai Gabriel <mihaigabriel [at] gmail>wrote:

> I thought so,but Juniper doesn't let me :
>
> juniper# commit check
> re0:
> [edit protocols]
> 'bgp'
> Error in neighbor 10.10.10.20 of group test:
> peer cannot have both inet6 unicast and inet6 labeled-unicast nlri
>
>
>
> On Mon, Sep 3, 2012 at 6:22 PM, Colby Barth <cbarth [at] juniper> wrote:
>
> > Mihai-
> >
> > Based on the error message:
> >
> > "peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> > <inet-unicast inet6-labeled-unicast>(257)"
> >
> > You need to enable the unicast address family under ipv6
> >
> > set protocols bgp group test family inet6 unicast
> >
> > -cb
> >
> > On Sep 3, 2012, at 11:04 AM, Mihai Gabriel wrote:
> >
> > > Hello,
> > > Did any of you manage to configure a bgp session between Cisco and
> > Juniper
> > > using family inet6 labeled-unicast on Juniper? I am trying to configure
> > 6PE
> > > but the bgp session does not come up because Juniper does not send
> > > ipv6-unicast capabity to Cisco
> > >
> > > Juniper config:
> > >
> > > group test {
> > > type internal;
> > > local-address 10.10.10.10;
> > > import pol-reject-any;
> > > family inet {
> > > unicast;
> > > }
> > > family inet6 {
> > > labeled-unicast {
> > > explicit-null;
> > > }
> > > }
> > > export pol-reject-any;
> > > neighbor 10.10.10.20;
> > >
> > > Cisco config:
> > >
> > > neighbor test peer-group
> > > neighbor test remote-as 65500
> > > neighbor test update-group loopback0
> > >
> > > address-family ipv4
> > > neighbor test send-community
> > > neighbor test send-label
> > > neighbor 10.10.10.10 activate
> > >
> > > address-family ipv6
> > > neighbor test send-community
> > > neighbor test send-label
> > > neighbor 10.10.10.10 activate
> > >
> > >
> > > and the error:
> > >
> > > Sep 3 17:33:31 juniper rpd[2115]: bgp_process_caps: mismatch NLRI
> with
> > > 10.10.10.20 (Internal AS 65500):
> > > peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> > > <inet-unicast inet6-labeled-unicast>(257)
> > >
> > > Any advice?
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp [at] puck
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

mihaigabriel at gmail

Sep 4, 2012, 4:12 AM

Post #6 of 12 (916 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

You are partially right. The bgp session is established without
inet6-unicast capability advertised by Juniper, but as soon as Juniper
receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will
immediately close the session .

My Cisco router is a route reflector with a lot of clients and some of them
are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4
prefixes.In this setup,closing the session will affect all services..

Cisco can receive both labeled and unlabeled prefixes over the same bgp
session

Cisco 6PE implementation:

Capability Negotiation

Cisco IOS Software already supports Capability Negotiation as specified in
[BGP_CAP], but the Cisco 6PE feature extends BGP capability negotiation for
supporting �IPv6+label� capability in the following way:

�6PE advertises capability for �IPv6+label� to a neighbor when configured
to do so for this neighbor via the new command (see Command Line Interface
section in this document).

�6PE also advertises capability for unlabeled IPv6 since there is a
separate Capabilities Optional Parameters for each SAFI (Subsequent Address
Family Identifier).

�If a neighbor has advertised �IPv6+label� capability, the 6PE advertises
all IPv6 routes as labeled routes.

�If a neighbor has not advertised �IPv6+label� capability but has
advertised �IPv6� capability, the 6PE advertises all IPv6 routes as IPv6
(unlabelled) routes to this neighbor. Note that if a 6PE receives
unlabelled IPv6 routes, then the 6PE does not resolve the recursion and
marks these prefixes as unreachable in the IPv6 routing table so that
packets to this destination get dropped and not sent into the MPLS cloud.
This behavior avoids having a penultimate MPLS/IPv4 P router dropping an
IPv6 packet because of Penultimate Hop Popping (PHP).

This is what is happening when Cisco announce a non-labeled ipv6 prefix:
Sep 3 23:40:18.324255 BGP RECV flags 0x80 code MP_reach(14): AFI/SAFI 2/1
Sep 3 23:40:18.324277 BGP RECV nhop FC00:1000:1000::1 len 16
Sep 3 23:40:18.324297 BGP RECV xxxx/54 ,
Sep 3 23:40:18.324309 bgp_should_merge_as2_and_as4_path():2111 AS4-Peer
10.10.10.20 (Internal AS 65500)(RECV): No AS4 Path or Aggregator4 Path
Attribute received
Sep 3 23:40:18.324315 bgp_process_aspath_and_aggr_attr():2480 AS4-Peer
10.10.10.20 (Internal AS 65500)(RECV): bgp_should_merge_as2_and_as4_path()
says NO
Sep 3 23:40:18.324323 bgp_process_aspath_and_aggr_attr():2517 AS4-Peer
10.10.10.20 (Internal AS 65500)(RECV): Merged asp: path_len 0, path_seg_len
0, path2_len 0, path2_seg_len 0, path4_len 0, path4_seg_len 0,
path_attr_len 11, path_aggr_len 0, path4_aggr_len 0, path4_flags 0x0,
path_flags 0x4
Sep 3 23:40:18.324365 bgp_read_v4_update:9575: NOTIFICATION sent to
10.10.10.20 (Internal AS 65500): code 3 (Update Message Error) subcode 9
(error with optional attribute), Reason: peer 10.10.10.20 (Internal AS
65500) UPDATE - NLRI inet6-unicast not negotiated

On Mon, Sep 3, 2012 at 7:12 PM, Daniel Roesen <dr [at] cluenet> wrote:

> Hi,
>
> On Mon, Sep 03, 2012 at 11:22:02AM -0400, Colby Barth wrote:
> > Based on the error message:
> >
> > "peer: <inet-unicast inet6-unicast inet6-labeled-unicast>(273) us:
> > <inet-unicast inet6-labeled-unicast>(257)"
> >
> > You need to enable the unicast address family under ipv6
>
> Not really. This "error" message just points out the different
> capability set, but this shouldn't prevent the session to come up. The
> common set of capabilities is <inet-unicast inet6-labeled-unicast>,
> this should work fine. inet6-unicast ain't needed for 6PE anyway, and
> JUNOS even stops you trying to do so.
>
> There is a different reason why the session doesn't come up. Should be
> visible in logs.
>
> Best regards,
> Daniel
>
> --
> CLUE-RIPE -- Jabber: dr [at] cluenet -- dr [at] IRCne -- PGP: 0xA85C8AA0
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

olivier.benghozi at wifirst

Sep 4, 2012, 6:47 AM

Post #7 of 12 (906 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

Maybe you could try to configure next-hop-self on the Cisco's side, on all AFI?

Le 4 sept. 2012 � 13:12, Mihai Gabriel a �crit :

> You are partially right. The bgp session is established without
> inet6-unicast capability advertised by Juniper, but as soon as Juniper
> receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will
> immediately close the session .
>
> My Cisco router is a route reflector with a lot of clients and some of them
> are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4
> prefixes.In this setup,closing the session will affect all services..

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

mihaigabriel at gmail

Sep 4, 2012, 6:53 AM

Post #8 of 12 (903 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

and move all the traffic through RR? :)

On Tue, Sep 4, 2012 at 4:47 PM, Olivier Benghozi <
olivier.benghozi [at] wifirst> wrote:

> Maybe you could try to configure next-hop-self on the Cisco's side, on all
> AFI?
>
> Le 4 sept. 2012 � 13:12, Mihai Gabriel a �crit :
>
> > You are partially right. The bgp session is established without
> > inet6-unicast capability advertised by Juniper, but as soon as Juniper
> > receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will
> > immediately close the session .
> >
> > My Cisco router is a route reflector with a lot of clients and some of
> them
> > are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4
> > prefixes.In this setup,closing the session will affect all services..
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

olivier.benghozi at wifirst

Sep 4, 2012, 7:16 AM

Post #9 of 12 (907 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

No, the neighbor next-hop-self command doesn't have any impact on reflected routes. But I guess it would prevent IPv6 routes known from eBGP by the RR to be sent with an IPv6 NH as unlabeled (but maybe there are none?).
I wonder if BGP IPv6 routes in the RR, known with an IPv6 NH instead of an IPv4+label NH, could be the source of your problem ? In those conditions, maybe a generalized next-hop-self in your whole iBGP could be fine? Just thinking aloud, but it could make sense.

> and move all the traffic through RR? :)
>
> On Tue, Sep 4, 2012 at 4:47 PM, Olivier Benghozi <olivier.benghozi [at] wifirst> wrote:
> Maybe you could try to configure next-hop-self on the Cisco's side, on all AFI?
>
> Le 4 sept. 2012 � 13:12, Mihai Gabriel a �crit :
>
> > You are partially right. The bgp session is established without
> > inet6-unicast capability advertised by Juniper, but as soon as Juniper
> > receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will
> > immediately close the session .
> >
> > My Cisco router is a route reflector with a lot of clients and some of them
> > are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4
> > prefixes.In this setup,closing the session will affect all services..

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

mihaigabriel at gmail

Sep 4, 2012, 10:35 AM

Post #10 of 12 (908 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

The logical topology is this:

Juniper <-bgp-> RR1 <-bgp-> Cisco with 6pe (client for RR1, RR2 for CE)
<-ipv6 bgp-> non 6pe device (CE).

None of your suggestions worked in this setup, so I disabled the bgp
session between RR2 and CE and configured a new IPV6 session between CE
and RR1 using a new group.

ce#sh bgp ipv6 unicast summar | b Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd

FC00:2000:2000::1
4 65500 36 59 6 0 0 00:32:01
0
ce#

rr1#show bgp ipv6 unicast summary | b Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
State/PfxRcd
10.10.10.10 4 65500 118 130 8 0 0 00:10:20 0
FC00:1000:1000::1
4 65500 41 36 8 0 0 00:32:54
1

juniper#show configuration protocols bgp
group test {
type internal;
local-address 10.10.10.10;
family inet {
unicast;
}
family inet6 {
labeled-unicast {
explicit-null;
}
}
neighbor 10.10.10.20;
}
group test2 {
type internal;
local-address fc00:3000:3000::1;
family inet6 {
unicast;
}
neighbor FC00:2000:2000::1;
}

Now both sessions are up,but the prefix received by the neighbor in
inet6 labeled-unicast family is strange:

juniper#show route receive-protocol bgp 10.10.10.20

inet6.0: 9 destinations, 9 routes (8 active, 0 holddown, 1 hidden)
Prefix Nexthop MED Lclpref AS path
7700::/23 fc00:1000:1000::1 0 100 I

The good thing is that I receive the correct prefix over the ipv6 bgp
session and I can block the bad one in inet6 labeled-unicast using a policy.

juniper#show route receive-protocol bgp fc00:2000:2000::1
* fc00:7777::/47 fc00:1000:1000::1 0 100 I

This is a curious case of 6PE:)

Thank you all for your answers!

On 09/04/2012 05:16 PM, Olivier Benghozi wrote:
> No, the neighbor next-hop-self command doesn't have any impact on reflected routes. But I guess it would prevent IPv6 routes known from eBGP by the RR to be sent with an IPv6 NH as unlabeled (but maybe there are none?).
> I wonder if BGP IPv6 routes in the RR, known with an IPv6 NH instead of an IPv4+label NH, could be the source of your problem ? In those conditions, maybe a generalized next-hop-self in your whole iBGP could be fine? Just thinking aloud, but it could make sense.
>
>
>> and move all the traffic through RR? :)
>>
>> On Tue, Sep 4, 2012 at 4:47 PM, Olivier Benghozi<olivier.benghozi [at] wifirst> wrote:
>> Maybe you could try to configure next-hop-self on the Cisco's side, on all AFI?
>>
>> Le 4 sept. 2012 � 13:12, Mihai Gabriel a �crit :
>>
>>> You are partially right. The bgp session is established without
>>> inet6-unicast capability advertised by Juniper, but as soon as Juniper
>>> receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will
>>> immediately close the session .
>>>
>>> My Cisco router is a route reflector with a lot of clients and some of them
>>> are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4
>>> prefixes.In this setup,closing the session will affect all services..
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

mihaigabriel at gmail

Sep 4, 2012, 12:06 PM

Post #11 of 12 (914 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

The last test was made using a different version of IOS than the first
time on RR1.Returning to SRD6 brings me back to the initial problem.
I will give up at 6pe on this Juniper device for a while.

Best regards

On 09/04/2012 08:35 PM, Mihai wrote:
> The logical topology is this:
>
> Juniper <-bgp-> RR1 <-bgp-> Cisco with 6pe (client for RR1, RR2 for CE)
> <-ipv6 bgp-> non 6pe device (CE).
>
> None of your suggestions worked in this setup, so I disabled the bgp
> session between RR2 and CE and configured a new IPV6 session between CE
> and RR1 using a new group.
>
> ce#sh bgp ipv6 unicast summar | b Nei
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
>
> FC00:2000:2000::1
> 4 65500 36 59 6 0 0 00:32:01 0
> ce#
>
> rr1#show bgp ipv6 unicast summary | b Nei
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
> 10.10.10.10 4 65500 118 130 8 0 0 00:10:20 0
> FC00:1000:1000::1
> 4 65500 41 36 8 0 0 00:32:54 1
>
> juniper#show configuration protocols bgp
> group test {
> type internal;
> local-address 10.10.10.10;
> family inet {
> unicast;
> }
> family inet6 {
> labeled-unicast {
> explicit-null;
> }
> }
> neighbor 10.10.10.20;
> }
> group test2 {
> type internal;
> local-address fc00:3000:3000::1;
> family inet6 {
> unicast;
> }
> neighbor FC00:2000:2000::1;
> }
>
> Now both sessions are up,but the prefix received by the neighbor in
> inet6 labeled-unicast family is strange:
>
> juniper#show route receive-protocol bgp 10.10.10.20
>
> inet6.0: 9 destinations, 9 routes (8 active, 0 holddown, 1 hidden)
> Prefix Nexthop MED Lclpref AS path
> 7700::/23 fc00:1000:1000::1 0 100 I
>
> The good thing is that I receive the correct prefix over the ipv6 bgp
> session and I can block the bad one in inet6 labeled-unicast using a
> policy.
>
> juniper#show route receive-protocol bgp fc00:2000:2000::1
> * fc00:7777::/47 fc00:1000:1000::1 0 100 I
>
> This is a curious case of 6PE:)
>
> Thank you all for your answers!
>
> On 09/04/2012 05:16 PM, Olivier Benghozi wrote:
>> No, the neighbor next-hop-self command doesn't have any impact on
>> reflected routes. But I guess it would prevent IPv6 routes known from
>> eBGP by the RR to be sent with an IPv6 NH as unlabeled (but maybe
>> there are none?).
>> I wonder if BGP IPv6 routes in the RR, known with an IPv6 NH instead
>> of an IPv4+label NH, could be the source of your problem ? In those
>> conditions, maybe a generalized next-hop-self in your whole iBGP could
>> be fine? Just thinking aloud, but it could make sense.
>>
>>
>>> and move all the traffic through RR? :)
>>>
>>> On Tue, Sep 4, 2012 at 4:47 PM, Olivier
>>> Benghozi<olivier.benghozi [at] wifirst> wrote:
>>> Maybe you could try to configure next-hop-self on the Cisco's side,
>>> on all AFI?
>>>
>>> Le 4 sept. 2012 � 13:12, Mihai Gabriel a �crit :
>>>
>>>> You are partially right. The bgp session is established without
>>>> inet6-unicast capability advertised by Juniper, but as soon as Juniper
>>>> receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it will
>>>> immediately close the session .
>>>>
>>>> My Cisco router is a route reflector with a lot of clients and some
>>>> of them
>>>> are advertising ipv6 prefixes with a native ipv6 next-hop and also ipv4
>>>> prefixes.In this setup,closing the session will affect all services..
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

mihaigabriel at gmail

Sep 5, 2012, 2:28 PM

Post #12 of 12 (890 views)
Permalink

Re: 6pe between Cisco and Juniper [In reply to]

And the cause is... CSCtf27303 .
I made some test with some theoretically non affected IOS versions but
they have the same behavior (my RR is a Cisco 7201).

Regards

On 09/04/2012 10:06 PM, Mihai wrote:
> The last test was made using a different version of IOS than the first
> time on RR1.Returning to SRD6 brings me back to the initial problem.
> I will give up at 6pe on this Juniper device for a while.
>
> Best regards
>
> On 09/04/2012 08:35 PM, Mihai wrote:
>> The logical topology is this:
>>
>> Juniper <-bgp-> RR1 <-bgp-> Cisco with 6pe (client for RR1, RR2 for CE)
>> <-ipv6 bgp-> non 6pe device (CE).
>>
>> None of your suggestions worked in this setup, so I disabled the bgp
>> session between RR2 and CE and configured a new IPV6 session between CE
>> and RR1 using a new group.
>>
>> ce#sh bgp ipv6 unicast summar | b Nei
>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
>>
>> FC00:2000:2000::1
>> 4 65500 36 59 6 0 0 00:32:01 0
>> ce#
>>
>> rr1#show bgp ipv6 unicast summary | b Nei
>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
>> 10.10.10.10 4 65500 118 130 8 0 0 00:10:20 0
>> FC00:1000:1000::1
>> 4 65500 41 36 8 0 0 00:32:54 1
>>
>> juniper#show configuration protocols bgp
>> group test {
>> type internal;
>> local-address 10.10.10.10;
>> family inet {
>> unicast;
>> }
>> family inet6 {
>> labeled-unicast {
>> explicit-null;
>> }
>> }
>> neighbor 10.10.10.20;
>> }
>> group test2 {
>> type internal;
>> local-address fc00:3000:3000::1;
>> family inet6 {
>> unicast;
>> }
>> neighbor FC00:2000:2000::1;
>> }
>>
>> Now both sessions are up,but the prefix received by the neighbor in
>> inet6 labeled-unicast family is strange:
>>
>> juniper#show route receive-protocol bgp 10.10.10.20
>>
>> inet6.0: 9 destinations, 9 routes (8 active, 0 holddown, 1 hidden)
>> Prefix Nexthop MED Lclpref AS path
>> 7700::/23 fc00:1000:1000::1 0 100 I
>>
>> The good thing is that I receive the correct prefix over the ipv6 bgp
>> session and I can block the bad one in inet6 labeled-unicast using a
>> policy.
>>
>> juniper#show route receive-protocol bgp fc00:2000:2000::1
>> * fc00:7777::/47 fc00:1000:1000::1 0 100 I
>>
>> This is a curious case of 6PE:)
>>
>> Thank you all for your answers!
>>
>> On 09/04/2012 05:16 PM, Olivier Benghozi wrote:
>>> No, the neighbor next-hop-self command doesn't have any impact on
>>> reflected routes. But I guess it would prevent IPv6 routes known from
>>> eBGP by the RR to be sent with an IPv6 NH as unlabeled (but maybe
>>> there are none?).
>>> I wonder if BGP IPv6 routes in the RR, known with an IPv6 NH instead
>>> of an IPv4+label NH, could be the source of your problem ? In those
>>> conditions, maybe a generalized next-hop-self in your whole iBGP could
>>> be fine? Just thinking aloud, but it could make sense.
>>>
>>>
>>>> and move all the traffic through RR? :)
>>>>
>>>> On Tue, Sep 4, 2012 at 4:47 PM, Olivier
>>>> Benghozi<olivier.benghozi [at] wifirst> wrote:
>>>> Maybe you could try to configure next-hop-self on the Cisco's side,
>>>> on all AFI?
>>>>
>>>> Le 4 sept. 2012 � 13:12, Mihai Gabriel a �crit :
>>>>
>>>>> You are partially right. The bgp session is established without
>>>>> inet6-unicast capability advertised by Juniper, but as soon as Juniper
>>>>> receives an ipv6 prefix with a native ipv6 next-hop from Cisco, it
>>>>> will
>>>>> immediately close the session .
>>>>>
>>>>> My Cisco router is a route reflector with a lot of clients and some
>>>>> of them
>>>>> are advertising ipv6 prefixes with a native ipv6 next-hop and also
>>>>> ipv4
>>>>> prefixes.In this setup,closing the session will affect all services..
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp [at] puck
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
>

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads