Cisconinja’s Blog

IPv6 General Prefixes

Posted by Andy on March 10, 2009

This post will look at how general prefixes in IPv6 work.  We will use 1 router configured with 2 different subnets X:X:X:Y::/64, where X is the 48 bit prefix assigned by the ISP and Y is the 16 bit subnet ID/Site-Level Aggregator.  We will also configure 2 hosts to use stateless autoconfiguration, 1 for each subnet:

ipv6-general-prefix-topology

First we will configure link-local addresses on each device:

R1:
interface FastEthernet0/0
 ipv6 address FE80::1 link-local
!
interface FastEthernet0/1
 ipv6 address FE80::2 link-local

HostA:
interface FastEthernet0/0
 ipv6 address FE80::A link-local

HostB:
interface FastEthernet0/0
 ipv6 address FE80::B link-local

Suppose that we’ve been given the prefix 2001:db8:aaaa::/48 from an ISP.  We will define this prefix globally as a general prefix:

R1:
ipv6 general-prefix ISP-prefix 2001:DB8:AAAA::/48

Next, we will configure global unicast addresses on R1 by using the ISP prefix that we just defined:

R1:
interface FastEthernet0/0
 ipv6 address ISP-prefix ::1:0:0:0:1/64

R1#debug ipv6 nd
*Mar 1 00:59:51.019: ICMPv6-ND: Adding prefix 2001:DB8:AAAA:1::1/64 to FastEthernet0/0
*Mar 1 00:59:51.019: ICMPv6-ND: Sending NS for 2001:DB8:AAAA:1::1 on FastEthernet0/0
*Mar 1 00:59:52.019: ICMPv6-ND: DAD: 2001:DB8:AAAA:1::1 is unique.
*Mar 1 00:59:52.019: ICMPv6-ND: Sending NA for 2001:DB8:AAAA:1::1 on FastEthernet0/0
*Mar 1 00:59:52.023: ICMPv6-ND: Address 2001:DB8:AAAA:1::1/64 is up on FastEthernet0/0

R1 prepends the general prefix to the address that was entered to obtain the full address.  We could enter anything in the first 48-bits of the interface address with the same result since the first 48-bits will be overwritten by the general prefix:

R1:
interface FastEthernet0/1
 ipv6 address ISP-prefix 2345:6789:ABCD:2::2/64

R1#debug ipv6 nd
*Mar 1 01:00:27.099: ICMPv6-ND: Adding prefix 2001:DB8:AAAA:2::2/64 to FastEthernet0/1
*Mar 1 01:00:27.099: ICMPv6-ND: Sending NS for 2001:DB8:AAAA:2::2 on FastEthernet0/1
*Mar 1 01:00:28.099: ICMPv6-ND: DAD: 2001:DB8:AAAA:2::2 is unique.
*Mar 1 01:00:28.099: ICMPv6-ND: Sending NA for 2001:DB8:AAAA:2::2 on FastEthernet0/1
*Mar 1 01:00:28.103: ICMPv6-ND: Address 2001:DB8:AAAA:2::2/64 is up on FastEthernet0/1

R1 now has the following addresses configured:

1-r1-show-int-brief

Before configuring R1 to act as a router, we will make some changes to a few default timers so that later on we will be able to see the effects of changing prefixes faster.  By default, IPv6 prefixes are advertised in RA messages with a valid lifetime of 30 days and a preferred lifetime of 7 days.  Even if the prefix is removed from RAs, hosts will continue to use addresses that have been autoconfigured with the prefix until the lifetime expires.  We will reduce the valid lifetime to 300 seconds and the preferred lifetime to 200 seconds.  We will also reduce the interval that unsolicited RAs are sent at from the default of 200 seconds to 60 seconds:

R1:
interface FastEthernet0/0
 ipv6 nd ra-interval 60
 ipv6 nd prefix default 300 200
!
interface FastEthernet0/1
 ipv6 nd ra-interval 60
 ipv6 nd prefix default 300 200

Next, we will enable unicast IPv6 routing and sending of RA messages on R1:

R1:
ipv6 unicast-routing

R1 begins sending RA messages with the configured lifetime values in the prefix option TLV:

R1#debug ipv6 nd
*Mar 1 01:24:42.007: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
*Mar 1 01:24:42.007: ICMPv6-ND: MTU = 1500
*Mar 1 01:24:42.007: ICMPv6-ND: prefix = 2001:DB8:AAAA:1::/64 onlink autoconfig
*Mar 1 01:24:42.011: ICMPv6-ND: 300/200 (valid/preferred)
*Mar 1 01:24:42.011: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/1
*Mar 1 01:24:42.011: ICMPv6-ND: MTU = 1500
*Mar 1 01:24:42.011: ICMPv6-ND: prefix = 2001:DB8:AAAA:2::/64 onlink autoconfig
*Mar 1 01:24:42.015: ICMPv6-ND: 300/200 (valid/preferred)

Next, we will configure HostA and HostB to use stateless autoconfiguration:

HostA:
interface FastEthernet0/0
 ipv6 address autoconfig

HostB:
interface FastEthernet0/0
 ipv6 address autoconfig

Each host obtains the expected address and learns the lifetime of the prefix:

2-hosta-show-int

3-hostb-show-int

Now suppose that we have changed ISPs and our new ISP gives us the prefix 2001:db8:bbbb::/48.  We will add this prefix to the general prefix that we defined on R1:

R1:
ipv6 general-prefix ISP-prefix 2001:DB8:BBBB::/48

R1 configures itself an address in the new prefix as well and begins advertising both prefixes in RAs:

4-r1-show-int-brief

After hearing the next RA, both hosts configure themselves an address in the new prefix as well:

5-hosta-show-int1

6-hostb-show-int

Next we will remove the prefix of the first ISP on R1:

R1:
no ipv6 general-prefix ISP-prefix 2001:DB8:AAAA::/48

R1#debug ipv6 nd
*Mar 1 01:51:00.083: ICMPv6-ND: Deleting prefix 2001:DB8:AAAA:1::1/64 from FastEthernet0/0
*Mar 1 01:51:00.083: ICMPv6-ND: Address 2001:DB8:AAAA:1::1/64 is down on FastEthernet0/0
*Mar 1 01:51:00.083: ICMPv6-ND: Deleting prefix 2001:DB8:AAAA:2::2/64 from FastEthernet0/1
*Mar 1 01:51:00.087: ICMPv6-ND: Address 2001:DB8:AAAA:2::2/64 is down on FastEthernet0/1

R1 removes the address and stops advertising the prefix in RAs.  After 200 seconds, the preferred lifetime for the prefix expires on the hosts and the address is marked as deprecated:

HostA#debug ipv6 nd
*Mar 1 01:54:14.927: ICMPv6-ND: Deprecating 2001:DB8:AAAA:1::A from FastEthernet0/0

HostB#debug ipv6 nd
*Mar 1 01:53:50.035: ICMPv6-ND: Deprecating 2001:DB8:AAAA:2::B from FastEthernet0/0

7-hosta-show-int

8-hostb-show-int

300 seconds after the last RA containing the old prefix was received, the valid lifetime for the prefix expires and the old address is removed:

R1#debug ipv6 nd
*Mar 1 01:55:54.927: ICMPv6-ND: Invalidating 2001:DB8:AAAA:1::A from FastEthernet0/0
*Mar 1 01:55:54.927: ICMPv6-ND: Address 2001:DB8:AAAA:1::A/64 is down on FastEthernet0/0

R2#debug ipv6 nd
*Mar 1 01:55:30.035: ICMPv6-ND: Invalidating 2001:DB8:AAAA:2::B from FastEthernet0/0
*Mar 1 01:55:30.035: ICMPv6-ND: Address 2001:DB8:AAAA:2::B/64 is down on FastEthernet0/0

9-hosta-show-int

10-hostb-show-int

 

Although this method is very easy for changing prefixes, it could result in a period of unreachability during the transition.  Let’s look at what happens in the scenario we just used when a host tries to reach a remote network during the transition.  We will start with the configuration prior to removing the ISP A prefix on R1:

R1:
ipv6 unicast-routing
ipv6 general-prefix ISP-prefix 2001:DB8:AAAA::/48
ipv6 general-prefix ISP-prefix 2001:DB8:BBBB::/48
!
interface FastEthernet0/0
 ipv6 address ISP-prefix ::1:0:0:0:1/64
 ipv6 address FE80::1 link-local
 ipv6 nd ra-interval 60
 ipv6 nd prefix default 300 200
!
interface FastEthernet0/1
 ipv6 address ISP-prefix 2345:6789:ABCD:2::2/64
 ipv6 address FE80::2 link-local
 ipv6 nd ra-interval 60
 ipv6 nd prefix default 300 200

HostA:
interface FastEthernet0/0
 ipv6 address FE80::A link-local
 ipv6 address autoconfig

HostB:
interface FastEthernet0/0
 ipv6 address FE80::B link-local
 ipv6 address autoconfig

Next we will create a loopback on R1 to simulate a remote network:

R1:
interface Loopback0
 ipv6 address 2001:DB8:0:1::1/64

Now we will initiate a continuous ping to R1’s loopback from HostA:

HostA#ping 2001:db8:0:1::1 repeat 1000000
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(continues)

Hosts (or at least Cisco routers acting as hosts) seem to prefer using the address that they autoconfigured first as the source address for reaching remote networks if multiple global addresses are configured. In this case, HostA uses the ISP A address, 2001:db8:aaaa:1::a, as the source address for traffic sent to R1’s loopback:

11-hosta-wireshark

Now we will remove the ISP A prefix from the general prefix on R1 like before:

R1:
no ipv6 general-prefix ISP-prefix 2001:DB8:AAAA::/48

The host immediately stops receiving ping replies:

HostA#............................... (continues)

Return traffic in this case is dropped at R1 because R1 no longer has a route back to the 2001:db8:aaaa:1::/64 network.  This continues until the preferred lifetime for the old prefix expires on the host and the host begins using the ISP B address to reach remote networks:

HostA#debug ipv6 nd
Mar 1 02:09:33.924: ICMPv6-ND: Deprecating 2001:DB8:AAAA:1::A from FastEthernet0/0
!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 98 percent (7799/7895), round-trip min/avg/max = 0/27/1852 ms

96 echo-requests timed out waiting for a reply.  With the default echo-request timeout of 2 seconds, this is roughly equal to the 200 seconds that it took for the preferred lifetime of the ISP A prefix to expire on the host.

 

Let’s look at a way that this could be avoided if we needed to maintain full reachability during the transition period.  We will start from the same point again, with the ISP B prefix just added to R1:

R1:
ipv6 unicast-routing
ipv6 general-prefix ISP-prefix 2001:DB8:AAAA::/48
ipv6 general-prefix ISP-prefix 2001:DB8:BBBB::/48
!
interface FastEthernet0/0
 ipv6 address ISP-prefix ::1:0:0:0:1/64
 ipv6 address FE80::1 link-local
 ipv6 nd ra-interval 60
 ipv6 nd prefix default 300 200
!
interface FastEthernet0/1
 ipv6 address ISP-prefix 2345:6789:ABCD:2::2/64
 ipv6 address FE80::2 link-local
 ipv6 nd ra-interval 60
 ipv6 nd prefix default 300 200

HostA:
interface FastEthernet0/0
 ipv6 address FE80::A link-local
 ipv6 address autoconfig

HostB:
interface FastEthernet0/0
 ipv6 address FE80::B link-local
 ipv6 address autoconfig

We will initiate the ping from HostA to R1’s loopback again

HostA#ping 2001:db8:0:1::1 repeat 1000000
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
(continues)

Before removing the prefix on R1 this time, we will prevent it from being advertised in RAs:

R1:
interface FastEthernet0/0
 ipv6 nd prefix 2001:DB8:AAAA:1::/64 no-advertise
!
interface FastEthernet0/1
 ipv6 nd prefix 2001:DB8:AAAA:2::/64 no-advertise

R1#debug ipv6 nd
*Mar 1 02:20:51.403: ICMPv6-ND: Updating prefix 2001:DB8:AAAA:1::/64 to FastEthernet0/0
*Mar 1 02:20:51.403: ICMPv6-ND: Prefix change 0x401 -> 0x104
*Mar 1 02:20:51.407: ICMPv6-ND: Prefix Information change 0xE0 -> 0xE0
*Mar 1 02:21:16.271: ICMPv6-ND: Updating prefix 2001:DB8:AAAA:2::/64 to FastEthernet0/1
*Mar 1 02:21:16.271: ICMPv6-ND: Prefix change 0x401 -> 0x104
*Mar 1 02:21:16.271: ICMPv6-ND: Prefix Information change 0xE0 -> 0xE0

R1 stops including a TLV for the ISP A prefixes in it’s RAs.  After approximately 200 seconds, HostA’s preferred lifetime for the prefix expires and the address is deprecated:

Mar 1 02:23:46.460: ICMPv6-ND: Deprecating 2001:DB8:AAAA:1::A from FastEthernet0/0

At this point, HostA begins immediately using the address from the ISP B prefix instead of the ISP A prefix as it’s source address for traffic sent to remote destinations:

12-hosta-wireshark

The host continues receiving ping replies with no problems:

HostA#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (continues)

Now we will remove the ISP A prefix from R1:

R1:
no ipv6 general-prefix ISP-prefix 2001:DB8:AAAA::/48

R1 removes the addresses associated with the ISP A prefix from both interfaces:

13-r1-show-int

Not a single packet is lost during the transition:

HostA#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (9134/9134), round-trip min/avg/max = 0/28/224 ms

Advertisements

One Response to “IPv6 General Prefixes”

  1. Great work, thanks….

    Top work…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: