Configuring IPv6 Tunneling for MPLS
You can configure the IPv6 tunneling for MPLS to tunnel IPv6 traffic over an MPLS-based IPv4 network. This configuration allows you to interconnect a number of smaller IPv6 networks over an IPv4-based network core, giving you the ability to provide IPv6 service without having to upgrade the switches in your core network. BGP is configured to exchange routes between the IPv6 networks, and data is tunneled between these IPv6 networks by means of IPv4-based MPLS.
To configure IPv6 tunneling for MPLS on your EX Series switch:
- Configure IPv4 and IPv6 IP addresses for all the core
user@switch# set interfaces interface-name unit logical-unit-number family inet address address
- Configure the number assigned to you by the Network Information
Center (NIC) as the autonomous system (AS) number
user@switch# set autonomous-system number
- Advertise label 0 to the egress router of the LSP:
- Configure the LSP to allow IPv6 routes to be resolved
over an MPLS network by converting all routes stored in the inet3
routing table to IPv4-mapped IPv6 addresses and then copying them
into the inet6.3 routing table:
user@switch# set mpls ipv6-tunneling
- Set the local AS number:
[edit protocols bgp]
user@switch# set local-as local-autonomous-system-number
- Configure the default import and export policies:
- Configure a BGP group that recognizes only the specified
BGP systems as peers. Define a group name, group type, local end of
a BGP session, and a neighbor (peer). To configure multiple BGP peers,
include multiple neighbor statements:
[edit protocols bgp]
user@switch# set group group-name type internal
user@switch# set group group-name local-address address-of-the-local-end-of-a-bgp-session
user@switch# set group group-name family inet6 labeled-unicast explicit-null
user@switch# set group group-name peer-as peer-autonomous-system-number
user@switch# set group group-name neighbor address family inet6 labeled-unicast explicit-null
- Configure routing options to accept the default import
and export policies:
user@switch# set policy-statement default-import then accept
user@switch# set policy-statement default-export then accept
Example: Tunneling IPv6 Traffic over MPLS IPv4 Networks
This example shows how to configure the Junos OS to tunnel IPv6 over an MPLS-based IPv4 network. External BGP (EBGP) is used between the customer edge (CE) and provider edge (PE) devices. The remote CE devices have different AS numbers for loop detection.
No special configuration beyond device initialization is required before you configure this example.
Detailed information about the Juniper Networks implementation of IPv6 over MPLS is described in the following Internet drafts:
Internet draft draft-ietf-l3vpn-bgp-ipv6-07.txt, BGP-MPLS IP VPN extension for IPv6 VPN (expires January 2006)
Internet draft draft-ooms-v6ops-bgp-tunnel-06.txt, Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (expires July 2006)
These Internet drafts are available on the IETF website at http://www.ietf.org/.
This example shows you how to interconnect a two IPv6 networks over an IPv4-based network core, giving you the ability to provide IPv6 service without having to upgrade the routers in your core network. Multiprotocol Border Gateway Protocol (MP-BGP) is configured to exchange routes between the IPv6 networks, and data is tunneled between these IPv6 networks by means of IPv4-based MPLS.
In Figure 1, Routers PE1 and PE2 are dual-stack BGP routers, meaning they have both IPv4 and IPv6 stacks. The PE routers link the IPv6 networks through the customer edge (CE) routers to the IPv4 core network. The CE routers and the PE routers connect through a link layer that can carry IPv6 traffic. The PE routers use IPv6 on the CE router-facing interfaces and use IPv4 and MPLS on the core-facing interfaces. Note that one of the connected IPv6 networks could be the global IPv6 Internet.
The two PE routers are linked through an MP-BGP session using IPv4 addresses. They use the session to exchange IPv6 routes with an IPv6 (value 2) address family indicator (AFI) and a subsequent AFI (SAFI) (value 4). Each PE router sets the next hop for the IPv6 routes advertised on this session to its own IPv4 address. Because MP-BGP requires the BGP next hop to correspond to the same address family as the network layer reachability information (NLRI), this IPv4 address needs to be embedded within an IPv6 format.
The PE routers can learn the IPv6 routes from the CE routers connected to them using routing protocols Routing Information Protocol next generation (RIPng) or MP-BGP, or through static configuration. Note that if BGP is used as the PE-router-to-CE-router protocol, the MP-BGP session between the PE router and CE router could occur over an IPv4 or IPv6 Transmission Control Protocol (TCP) session. Also, the BGP routes exchanged on that session would have SAFI unicast. You must configure an export policy to pass routes between IBGP and EBGP, and between BGP and any other protocol.
The PE routers have MPLS LSPs routed to each others’ IPv4 addresses. IPv4 provides signaling for the LSPs by means of either LDP or RSVP. These LSPs are used to resolve the next-hop addresses of the IPv6 routes learned from MP-BGP. The next hops use IPv4-mapped IPv6 addresses, while the LSPs use IPv4 addresses.
The PE routers always advertise IPv6 routes to each other using a label value of 2, the explicit null label for IPv6 as defined in RFC 3032, MPLS Label Stack Encoding. As a consequence, each of the forwarding next hops for the IPv6 routes learned from remote PE routers normally push two labels. The inner label is 2 (this label could be different if the advertising PE router is not a Juniper Networks routing platform), and the outer label is the LSP label. If the LSP is a single-hop LSP, then only Label 2 is pushed.
It is also possible for the PE routers to exchange plain IPv6 routes using SAFI unicast. However, there is one major advantage in exchanging labeled IPv6 routes. The penultimate-hop router for an MPLS LSP can pop the outer label and then send the packet with the inner label as an MPLS packet. Without the inner label, the penultimate-hop router would need to discover whether the packet is an IPv4 or IPv6 packet to set the protocol field in the Layer 2 header correctly.
When the PE1 router in Figure 1 receives an IPv6 packet from the CE1 router, it performs a lookup in the IPv6 forwarding table. If the destination matches a prefix learned from the CE2 router, then no labels need to be pushed and the packet is simply sent to the CE2 router. If the destination matches a prefix that was learned from the PE2 router, then the PE1 router pushes two labels onto the packet and sends it to the provider router. The inner label is 2 and the outer label is the LSP label for the PE2 router.
Each provider router in the service provider’s network handles the packet as it would any MPLS packet, swapping labels as it passes from provider router to provider router. The penultimate-hop provider router for the LSP pops the outer label and sends the packet to the PE2 router. When the PE2 router receives the packet, it recognizes the IPv6 explicit null label on the packet (Label 2). It pops this label and treats it as an IPv6 packet, performing a lookup in the IPv6 forwarding table and forwarding the packet to the CE3 router.
This example includes the following settings:
In addition to configuring the family inet6 statement on all the CE router–facing interfaces, you must also configure the statement on all the core-facing interfaces running MPLS. Both configurations are necessary because the router must be able to process any IPv6 packets it receives on these interfaces. You should not see any regular IPv6 traffic arrive on these interfaces, but you will receive MPLS packets tagged with Label 2. Even though Label 2 MPLS packets are sent in IPv4, these packets are treated as native IPv6 packets.
You enable IPv6 tunneling by including the ipv6-tunneling statement in the configuration for the PE routers. This statement allows IPv6 routes to be resolved over an MPLS network by converting all routes stored in the inet.3 routing table to IPv4-mapped IPv6 addresses and then copying them into the inet6.3 routing table. This routing table can be used to resolve next hops for both inet6 and inet6-vpn routes.
BGP automatically runs its import policy even when copying routes from a primary routing table group to a secondary routing table group. If IPv4 labeled routes arrive from a BGP session (for example, when you have configured the labeled-unicast statement at the [edit protocols bgp family inet] hierarchy level on the PE router), the BGP neighbor’s import policy also accepts IPv6 routes, since the neighbor’s import policy is run while doing the copy operation to the inet6.3 routing table.
When you configure MP-BGP to carry IPv6 traffic, the IPv4 MPLS label is removed at the destination PE router. The remaining IPv6 packet without a label can then be forwarded to the IPv6 network. To enable this, include the explicit-null statement in the BGP configuration.
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the  hierarchy level.
Configuring Device PE1
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure Device PE1:
- Configure the interfaces.[edit interfaces]user@PE1# set fe-1/2/0 unit 2 family inet6 address ::10.1.1.2/126user@PE1# set fe-1/2/0 unit 2 family mplsuser@PE1# set fe-1/2/1 unit 5 family inet address 10.1.1.5/30user@PE1# set fe-1/2/1 unit 5 family inet6user@PE1# set fe-1/2/1 unit 5 family mplsuser@PE1# set lo0 unit 2 family inet address 220.127.116.11/32
- Configure MPLS on the interfaces.[edit protocols mpls]user@PE1# set ipv6-tunnelinguser@PE1# set interface fe-1/2/0.2user@PE1# set interface fe-1/2/1.5
- Configure BGP.[edit protocols bgp]user@PE1# set group toCE1 type externaluser@PE1# set group toCE1 local-address ::10.1.1.2user@PE1# set group toCE1 family inet6 unicastuser@PE1# set group toCE1 export send-bgp6user@PE1# set group toCE1 peer-as 1user@PE1# set group toCE1 neighbor ::10.1.1.1user@PE1# set group toPE2 type internaluser@PE1# set group toPE2 local-address 18.104.22.168user@PE1# set group toPE2 family inet6 labeled-unicast explicit-nulluser@PE1# set group toPE2 export next-hop-selfuser@PE1# set group toPE2 export send-v6user@PE1# set group toPE2 neighbor 22.214.171.124
- Configure OSPF[edit protocols ospf area 0.0.0.0]user@PE1# set interface fe-1/2/1.5user@PE1# set interface lo0.2 passive
- Configure a signaling protocol. [edit protocols]user@PE1# set ldp interface fe-1/2/1.5
- Configure the routing policies.[edit policy-options]user@PE1# set policy-statement next-hop-self then next-hop selfuser@PE1# set policy-statement send-bgp6 from family inet6user@PE1# set policy-statement send-bgp6 from protocol bgpuser@PE1# set policy-statement send-bgp6 then acceptuser@PE1# set policy-statement send-v6 from family inet6user@PE1# set policy-statement send-v6 from protocol bgpuser@PE1# set policy-statement send-v6 from protocol directuser@PE1# set policy-statement send-v6 then accept
- Configure the router ID and the autonomous system (AS)
number.[edit routing-options]user@PE1# set router-id 126.96.36.199user@PE1# set autonomous-system 2
From configuration mode, confirm your configuration by entering the show interfaces, show policy-options, show protocols, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
If you are done configuring the device, enter commit from configuration mode.
Configure the other devices in the topology, as shown in CLI Quick Configuration.
Confirm that the configuration is working properly.
Verifying That the CE Devices Have Connectivity
Make sure that the tunnel is operating.
From operational mode, enter the ping command.
user@CE1> ping ::10.1.1.14
PING6(56=40+8+8 bytes) ::10.1.1.1 --> ::10.1.1.14 16 bytes from ::10.1.1.14, icmp_seq=0 hlim=61 time=10.687 ms 16 bytes from ::10.1.1.14, icmp_seq=1 hlim=61 time=9.239 ms 16 bytes from ::10.1.1.14, icmp_seq=2 hlim=61 time=1.842 ms
user@CE3> ping ::10.1.1.1
PING6(56=40+8+8 bytes) ::10.1.1.14 --> ::10.1.1.1 16 bytes from ::10.1.1.1, icmp_seq=0 hlim=61 time=1.484 ms 16 bytes from ::10.1.1.1, icmp_seq=1 hlim=61 time=1.338 ms 16 bytes from ::10.1.1.1, icmp_seq=2 hlim=61 time=1.351 ms
The IPv6 CE devices can communicate over the core IPv4 network.