Escolar Documentos
Profissional Documentos
Cultura Documentos
Cisco Public 1
Abstract
This session describes the implementation of IP Virtual Private Networks (IP VPNs)
using MPLS. It is the most common Layer 3 VPN technology, as standardized by
IETF RFC2547/4364, realizing IP connectivity between VPN site and MPLS network.
Service Providers have been using IP VPN to provide scalable site-to-site/WAN
connectivity to Enterprises/SMBs for more than a decade. Enterprises have been
using it to address network segmentation (virtualization and traffic separation) inside
the site e.g. Campus, Data Center. This technology realizes IP connectivity between
VPN site and MPLS network.
The session will cover:
IP VPN Technology Overview (RFC2547/RFC4364)
IP VPN Configuration Overview
IP VPN-based services (multihoming, Hub&Spoke, extranet, Internet, NAT, VRF-lite, etc.)
Best Practices
Cisco Public 2
1
9/27/16
Terminology
Reference
Cisco Public 3
Agenda
IP/VPN Overview
IP/VPN Services
Best Practices
Conclusion
Cisco Public 4
2
9/27/16
Agenda
IP/VPN Overview
Technology Overview (How It Works)
Configuration Overview
IP/VPN Services
Best Practices
Conclusion
Cisco Public 5
Cisco Public 6
3
9/27/16
IP/VPN Technology
MPLS IP/VPN Topology / Connection Model
P P
CE CE
PE
PE
MPLS Network
P P
CE
CE
MP-iBGP Session
PE
Routers P
Routers
Sit
at
the
Edge Sit
inside
the
network
Use
MPLS with
P
routers Forward
packets
by
looking
Uses
IP
with
CE
routers at
labels
Distributes
VPN information
P
and
PE
routers
share
a
through
MP-BGP to
other
PE
common
IGP
routers
Cisco Public 7
CE2
VPN
2
PE
Cisco Public 8
4
9/27/16
CE2
VPN
2 VRF Green
PE
Cisco Public 9
CE2
VPN
2 VRF Green
PE
Cisco Public 10
5
9/27/16
MP-BGP Customizes the VPN Customer Routing Information as per the Locally
Configured VRF Information at the PE using:
Route Distinguisher (RD)
Route Target (RT)
Label
Cisco Public 11
Cisco Public 12
6
9/27/16
VPN customer IPv4 prefix is converted into a VPNv4 prefix by appending the
RD (1:1, say) to the IPv4 address (200.1.64.0, say) => 1:1:200.1.64.0
Makes the customers IPv4 address unique inside the SP MPLS network.
Route Distinguisher (rd) is configured in the VRF at PE IOS_PE#
!
RD is not a BGP attribute, just a field. ip vrf green
rd 1:1
!
*
After
12.4(3)T,
12.4(3)
12.2(32)S,
12.0(32)S
etc.,
RD
Configuration
within
VRF
Has
Become
Optional.
Prior
to
That,
It
Was
Mandatory.
Cisco Public 13
Route-target (rt) identifies which VRF(s) keep which VPN prefixes IOS_PE#
!
rt is an 8-byte extended community attribute. ip vrf green
route-target
import
3:3
Each VRF is configured with a set of route-targets at PE route-target
export
3:3
route-target
export
10:3
Export and Import route-targets must be the same for any-to-any IP/VPN !
Cisco Public 14
7
9/27/16
Cisco Public 15
MPLS Backbone
8
9/27/16
Site
1
3 Next-Hop=PE-1
Next-Hop=PE-2 Site
2
RT=1:2,
Label=100
CE1
5
10.1.1.0/24
2 P P 4
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
1 PE1 PE2
MPLS Backbone
PE2 receives and checks whether the RT=1:2 is locally configured as import RT within
any VRF, if yes, then
PE2 translates VPNv4 prefix back to IPv4 prefix
Updates the VRF CEF Table for 10.1.1.0/24 with label=100
PE2 advertises this IPv4 prefix to CE2 (using whatever routing protocol)
Cisco Public 17
Site 1 Site 2
10.1.1.0/24 CE1
P P
CE2
P P
PE1 PE2
MPLS Backbone
Cisco Public 18
9
9/27/16
Site
1 Site
2
CE1
10.1.1.0/24 CE2
P3 P4
PE1 PE2
10.1.1.1 10.1.1.1 IP
Packet
100 10.1.1.1 P1 P2
IP
Packet
PE2 imposes two labels (MPLS headers) for each IP packet going to site2
Outer label is learned via LDP; Corresponds to PE1 address (e.g. IGP route)
Inner label is learned via BGP; corresponds to the VPN address (BGP route)
P1 does the Penultimate Hop Popping (PHP)
PE1 retrieves IP packet (from received MPLS packet) and forwards it to CE1.
Cisco Public 19
Ethernet
Header
Outer
Label
Inner Label
IP Packet
Cisco Public 20
10
9/27/16
Agenda
IP/VPN Overview
Technology Overview
Configuration Overview (IOS, IOS-XR and NX-OS)
IP/VPN Services
Best Practices
Conclusion
Cisco Public 21
Reference
PE-P
Configuration
Interface Serial1
ip address 130.130.1.1 255.255.255.252
P mpls ip
PE1 s1 PE1
Se0
router ospf 1
network 130.130.1.0 0.0.0.3 area 0
Cisco Public 22
11
9/27/16
Cisco Public 23
192.168.10.1
Cisco Public 24
12
9/27/16
Cisco Public 25
192.168.10.2 PE1
192.168.10.1
Cisco Public 26
13
9/27/16
Having familiarized with IOS based config, lets peek through IOS-XR and NX-
OS config for VPNs
Cisco Public 27
Reference
vrf VPN-A
address-family ipv4 unicast
VRF
Definition import route-target 100:1
export route-target 100:1
!
Site
1 router bgp 1
CE1 vrf VPN-A
10.1.1.0/24
PE1 rd 1:1
GE0 PE1 Interface GigaEthernet0/0/0/0
ipv4 address 192.168.10.1 255.255.255.0
192.168.10.1 vrf VPN-A
Cisco Public 28
14
9/27/16
router bgp 1
RR:
MP-IBGP
Config router-id 1.2.3.4
address-family vpnv4 unicast
!
RR neighbor 1.2.3.1
remote-as 1
RR update-source loopback0
PE1 PE2
address-family vpnv4 unicast
route-reflector-client
!
!
Cisco Public 29
Cisco Public 30
15
9/27/16
192.168.10.1
Cisco Public 31
192.168.10.1
Cisco Public 32
16
9/27/16
Cisco Public 33
Agenda
IP/VPN Overview
IP/VPN Services
1. Load-Sharing for Multihomed VPN Sites
2. Hub and Spoke Service
3. Extranet Service
4. Internet Access Service
5. IP/VPN over IP Transport
6. IPv6 VPN Service
Best Practices
Conclusion
Cisco Public 34
17
9/27/16
IP/VPN Services:
1. Loadsharing of VPN Traffic
RR
PE11
PE12
Site
A Site
B
MPLS
Backbone
Route Advertisement
Cisco Public 35
IP/VPN Services:
1. Loadsharing of VPN Traffic: Two Scenarios
RR
1
CE
2
PEs
PE11
PE12
Site
A Site
B
MPLS
Backbone
Traffic Flow
2
CEs
2
PEs
RR
PE11
CE1
PE2 CE2
171.68.2.0/24 CE2
PE12
Site
B
MPLS
Backbone
Site
A
Traffic Flow
Cisco Public 36
18
9/27/16
Supported
in
IOS,
and
IOS-XR.
IP/VPN Services:
1. Loadsharing of VPN Traffic: IOS Configuration
ip
vrf
green
1 rd
300:11 2 router
bgp
1
RR address-family
ipv4
vrf
green
route-target
both
1:1
PE11 maximum-paths
eibgp
2
CE1 CE2
PE2
171.68.2.0/24
PE12
Site
A MPLS
Backbone Site
B
1 ip
vrf
green
rd
300:12 ip
vrf
green
route-target
both
1:1 1 rd
300:13
route-target
both
1:1
Cisco Public 37
Supported
in
IOS,
and
IOS-XR
IP/VPN Services:
1. VPN Fast ConvergencePE-CE Link Failure
Traffic
Is
RR VPN
Traffic
Dropped
by
PE11 PE11 Redirected
VPN
Traffic
In a classic multi-homing case, PE11, upon detecting the PE-CE link failure, sends BGP
message to withdraw the VPN routes towards other PE routers.
This results in the remote PE routers selecting the alternate bestpath
(if any), but until then, they keep sending the MPLS/VPN traffic to PE11,
which keeps dropping the traffic.
Use PIC Edge feature to minimize the loss due to the PE-CE link failure from sec to msec .
Cisco Public 38
19
9/27/16
Supported
in
IOS,
and
IOS-XR
IP/VPN Services:
1. VPN Fast ConvergencePE-CE Link Failure
Traffic
Is
RR VPN
Traffic
Redirected
Redirected
VPN
Traffic
by
PE11 PE11
BGP PIC Edge feature helps PE11 to minimize the traffic loss from sec to msec, during local PE-CE link
failure
PE11 immediately reprograms the forwarding entry with the alternate BGP best path (which is via PE12)
PE11 redirects the CE1 bound traffic to PE12 (with the right label)
In parallel, PE11 sends the BGP withdraw message to RR/PE2, which will run the bestpath algorithm and
removes the path learned via PE11, and then adjust their forwarding entries via PE12
This feature is independent of whether multipath is enabled on PE2 or not, however, dependent on
VPN site multihoming
Cisco Public 39
Agenda
IP/VPN Overview
IP/VPN Services
1. Load-Sharing for Multihomed VPN Sites
2. Hub and Spoke Service
3. Extranet Service
4. Internet Access Service
5. IP/VPN over IP Transport
6. IPv6 VPN Service
Best Practices
Conclusion
Cisco Public 40
20
9/27/16
IP/VPN Services:
2. Hub and Spoke Service
Cisco Public 41
IP/VPN Services:
2. Hub and Spoke Service
HDVRF feature* allows the option#2 to use just one PE-CE interface
21
9/27/16
PE-Hub
Eth0/0
Spoke
B PE-SB
CE-SB CE-Hub
MPLS
VPN
Backbone
171.68.2.0/24
ip
vrf
green-spoke2
description
VRF
for
SPOKE B
rd
300:112
route-target
export
1:1
route-target
import
2:2
Cisco Public
Note:
Only
VRF
Configuration
Is
Shown
Here
43
Eth0/0.1
PE-Hub Eth0/0.2
Spoke
B PE-SB
CE-SB CE-Hub
MPLS
VPN
Backbone
171.68.2.0/24
ip
vrf
HUB-OUT
description
VRF
for
traffic
to
HUB
ip
vrf
green-spoke2 rd
300:12
description
VRF
for
SPOKE B route-target
export
2:2
rd
300:112
route-target
export
1:1
route-target
import
2:2
Cisco Public
Note:
Only
VRF
Configuration
Is
Shown
Here
44
22
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
2. Hub and Spoke Service: Configuration Option#2
*
Only
If
Hub
and
Spoke
Sites
Use
the
Same
BGP
ASN
**
Configuration
for
This
Is
Shown
on
the
Next
Slide
Cisco Public 45
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
2. Hub and Spoke Service: Configuration Option#2
router
bgp
<ASN>
ip
vrf
green-spoke1
address-family
ipv4
vrf
HUB-IN
description
VRF
for
SPOKE
A neighbor
<CE>
as-override
rd
300:111
route-target
export
1:1
route-target
import
2:2 ip
vrf
HUB-IN
description
VRF
for
traffic
from
HUB
Spoke
A PE-SA rd
300:11
CE-SA route-target
import
1:1
171.68.1.0/24
Eth0/0.1
PE-Hub Eth0/0.2
Spoke
B PE-SB
CE-SB CE-Hub
MPLS
VPN
Backbone
171.68.2.0/24
Cisco Public 46
23
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
2. Hub and Spoke Service: Control Plane (Option#2)
Two VRFs at the PE-Hub:
VRF HUB-IN to learn every spoke routes from remote PEs
VRF HUB-OUT to advertise spoke routes or summary 171.68.0.0/16 routes to remote PEs
MP-iBGP Update
VRF
FIB
and
LFIB
171.68.0.0/16 VRF
HUB-IN
171.68.0.0/16
PE-Hub
35
Label
35
171.68.2.0/24
CE-SB PE-Hub VRF
HUB-OUT
PE-SB Route-Target
2:2
Cisco Public 47
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
2. Hub and Spoke Service: Forwarding Plane (Option#2)
This
Is
How
the
Spoke-to-Spoke
Traffic
Flows
VRF
HUB-IN
CE-Hub
Spoke
B PE-Hub
VRF
HUB-OUT
CE-SB PE-SB L1 35 171.68.1.1
171.68.1.1
171.68.2.0/24
171.68.1.1
24
9/27/16
IP/VPN Services:
2. What If Many Spoke Sites Connect to the
Same PE Router?
If more than one spoke router (CE) connects to the same PE router (within the
same VRF), then such spokes can reach other without needing the hub.
Defeats the purpose of hub and spoke L
PE-Hub
CE-SA1
CE-SA2 PE-SA
Half-duplex VRF is the answer
Uses two VRFs on the PE (spoke) router : CE-SA3
Note:
12.2(33)
SRE
Supports
Any
Interface
Type
(Eth,
Ser,
POS,
Virtual-Access,
etc.)
Cisco Public 49
Supported in IOS
IP/VPN Services:
2. Hub and Spoke Service: Half-Duplex VRF
ip vrf green-up ip vrf green-down
description VRF - upstream description VRF - downstream traffic
traffic rd 300:112
rd 300:111 route-target export 1:1
route-target import 2:2 ip vrf HUB-IN
description VRF for traffic from HUB
rd 300:11
Spoke
A route-target import 1:1
CE-SA
171.68.1.0/24 S
Hub
Site
w GE0/0
MPLS
Backbone
PE-SA
PE-Hub
Spoke
B CE-Hub
Interface GigEthernet 0/0
ip vrf HUB-OUT
171.68.2.0/24 ip address 172.18.13.1 255.255.255.0
description VRF for traffic to HUB
ip vrf forward green-up downstream green-down
CE-SB .. rd 300:12
route-target export 2:2
1. PE-SA
installs
the
Spoke
routes
only
in
downstream
VRF i.e.
green-down
2. PE-SA
installs
the
Hub
routes
only
in
upstream
VRF i.e.
green-up
3. PE-SA
forwards
the
incoming
IP
traffic
(from
Spokes)
using
upstream
VRF i.e.
green-up
routing
table.
Cisco Public
4. PE-SA
forwards
the
incoming
MPLS traffic
(from
Hub)
using
downstream
VRF i.e.
green-down
routing
table 50
25
9/27/16
Agenda
IP/VPN Overview
IP/VPN Services
1. Load-Sharing for Multihomed VPN Sites
2. Hub and Spoke Service
3. Extranet Service
4. Internet Access Service
5. IP/VPN over IP Transport
6. IPv6 VPN Service
Best Practices
Conclusion
Cisco Public 51
MPLS-VPN Services
3. Extranet VPN
MPLS based IP/VPN, by default, isolates one VPN customer from another
Separate virtual routing table for each VPN customer
Communication between VPNs may be required
i.e., extranet
External intercompany communication (dealers with manufacturer, retailer with
wholesale provider, etc.)
Management VPN, shared-service VPN, etc.
Needs to share the import and export route-target (RT) values within the VRFs
of extranets.
Export-map or import-map may be used for advanced extranet.
Cisco Public 52
26
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
MPLS-VPN Services
3. Extranet VPN Simple Extranet (IOS Config sample)
192.6.0.0/16
MPLS
Backbone
VPN_A
Site#2
VPN_A
Site#1
71.8.0.0/16 PE1 PE2
P 180.1.0.0/16
VPN_B
Site#1
Supported
in
IOS,
NXOS
and
IOS-XR
MPLS-VPN Services
3. Extranet VPN Advanced Extranet (IOS Config sample)
192.6.0.0/16
MPLS
Backbone
VPN_A
Site#2
VPN_A
Site#1
71.8.0.0/16 PE1 PE2
P 180.1.0.0/16
VPN_B
Site#1
27
9/27/16
Agenda
IP/VPN Overview
IP/VPN Services
1. Load-Sharing for Multihomed VPN Sites
2. Hub and Spoke Service
3. Extranet Service
4. Internet Access Service
5. IP/VPN over IP Transport
6. IPv6 VPN Service
Best Practices
Conclusion
Cisco Public 55
MPLS-VPN Services
4. Internet Access Service to VPN Customers
Cisco Public 56
28
9/27/16
MPLS-VPN Services
4. Internet Access: Design Options
Cisco Public 57
MPLS-VPN Services
4. Internet Access: Design Options
Cisco Public 58
29
9/27/16
Supported in IOS
P
PE1 192.168.1.1
PE1#
ip vrf VPN-A Internet
GW
rd 100:1
route-target both 100:1
Interface Serial0
ip address 192.168.10.1 255.255.255.0 A
default
route,
pointing
to
the
ASBR,
ip vrf forwarding VPN-A is
installed
into
the
site
VRF
at
each
Router bgp 100 PE
no bgp default ipv4-unicast
redistribute static
neighbor 192.168.1.1 remote 100 The
static
route,
pointing
to
the
VRF
neighbor 192.168.1.1 activate interface,
is
installed
in
the
global
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0 routing
table
and
redistributed
into
BGP
ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 global
ip route 71.8.0.0 255.255.0.0 Serial0
Cisco Public 59
Supported in IOS,
Cisco Public 60
30
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services: Internet Access
4.2 Option#2: Separate PE-CE Subinterfaces
Site1
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services: Internet Access
4.2 Option#2: Separate PE-CE Subinterfaces (Forwarding)
Site1
MPLS
Backbone
71.8.0.0/16 IP
Packet
5.1.1.1 Internet
CE1 IP
Packet Internet
MPLS
Packet 5.1.1.1
S0.2
PE1 30 5.1.1.1
PE2
S0.1 192.168.1.2 P 192.168.1.1
Pros Cons
PE1
Global
Table
and
FIB
Internet
Routes
192.168.1.1 1.
CE
is
dual-homed
and
can
perform
1.
PE
to
Hold
Full
Internet
Routes
or
192.168.1.1
Label=30 Optimal
Routing default
route
via
the
Internet
GW
Cisco Public 62
31
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services: Internet Access
4.3 Option#3: Extranet with Internet-VRF
Cisco Public 63
Supported in IOS,
If the VPN customers need Internet access without Internet routes, then VRF-
aware NAT can be used at the Internet-GW i.e., ASBR
The Internet GW doesnt need to have Internet
routes either
Overlapping VPN addresses is no longer a problem
More in the VRF-aware NAT slides
Cisco Public 64
32
9/27/16
Agenda
IP/VPN Overview
IP/VPN Services
1. Load-Sharing for Multihomed VPN Sites
2. Hub and Spoke Service
3. Extranet Service
4. Internet Access Service
5. IP/VPN over IP Transport
6. IPv6 VPN Service
Best Practices
Conclusion
Cisco Public 65
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
10. Providing MPLS/VPN over IP Transport Reference
http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_mplsvpnomgre.html
Cisco Public 66
33
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
10. Providing MPLS/VPN over IP Transport Reference
PE1 PE2
CE1 CE2
GRE/IP
Tunnel
IP
VRF VRF
IP
Header
GRE/IP header and VPN label imposed on VPN
GRE
Header traffic by PE1
VPN
Label
VPN traffic is forwarded towards egress PE using IP forwarding
Egress PE2Srcdecapsulates, and uses VPN
Add
label to forward packet to CE2
Src Add Src Add
IP
Packet Dst Add Dst Add Dst Add
Cisco Public
Source
-- http://www.cisco.com/en/US/docs/ios/interface/configuration/guide/ir_mplsvpnomgre.html 67
Agenda
IP/VPN Overview
IP/VPN Services
1. Load-Sharing for Multihomed VPN Sites
2. Hub and Spoke Service
3. Extranet Service
4. Internet Access Service
5. IP/VPN over IP Transport
6. IPv6 VPN Service
Best Practices
Conclusion
Cisco Public 68
34
9/27/16
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
11. IPv6 VPN Service
v4
and
v6 PE PE v4
and
v6
VPN
A VPN
A
CE P P CE
MPLS/VPN
v4
and
v6 Network
VPN
A
CE
P P
v6
Only VPN
B
PE PE
VPN
B v6
Only CE
iBGP Sessions
in
VPNv4
and
CE VPNv6
Address-Families Cisco Public 69
Supported
in
IOS,
NXOS
and
IOS-XR
IP/VPN Services:
11. IPv6 VPN Service IOS-XR_PE#
! NXOS_PE#
IOS_PE# vrf v2 !
! ! vrf context v2
vrf definition v2 address-family ipv6 unicast rd 2:2
rd 2:2 route-target export 2:2 !
! route-target import 2:2 address-family ipv6 unicast
address-family ipv6 ! route-target export 2:2
route-target export 2:2 router bgp 1 route-target import 2:2
route-target import 2:2 address-family vpnv6 unicast !
! ! router bgp 1
router bgp 1 neighbor 10.13.1.21 neighbor 10.13.1.21
! remote-as 30000 remote-as 1
address-family vpnv6 address-family vpnv6 unicast update-source loopback0
neighbor 10.13.1.21 activate ! address-family vpnv6 unicast
neighbor 10.13.1.21 send-community both vrf v2 send-community extended
! rd 2:2 !
address-family ipv6 vrf v2 address-family ipv6 unicast vrf vpn1
neighbor 200::2 remote-as 30000 ! neighbor 200::2
neighbor 200::2 activate neighbor 200::2 remote-as 30000
! remote-as 30000 address-family ipv6 unicast
address-family ipv6 unicast !
!
v4
and
v6 PE PE v4
and
v6
VPN
A VPN
A
CE P P CE
MPLS/VPN
v4
and
v6 Network
VPN
A
CE
P P
v6
Only VPN
B
PE PE
VPN
B v6
Only CE
iBGP Sessions
in
VPNv4
and Cisco Public
CE VPNv6
Address-Families 70
35
9/27/16
Agenda
IP/VPN Overview
IP/VPN Services
Best Practices
Conclusion
Cisco Public 71
Cisco Public 72
36
9/27/16
Cisco Public 73
Agenda
IP/VPN Overview
IP/VPN Services
Best Practices
Conclusion
Cisco Public 74
37
9/27/16
Conclusion
Cisco Public 75
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
38
9/27/16
IPv6 Addressing
Cisco Public
Cisco Public
39
9/27/16
32 16 16 64
ISP
/32
Customer
Site
/48
Anycast
An identifier for a set of
interfaces
Multicast
An identifier for a group of
nodes
Cisco Public
40
9/27/16
Localhost ::1/128
Unspecified Address ::/128
IPv4-mapped IPv6 address ::ffff/96 [a.b.c.d]
IPv4-compatible IPv6 address ::/96 [a.b.c.d]
81
Cisco Public
82
Cisco Public
41
9/27/16
83
Cisco Public
0011 3000::/3
All five RIRs are given a /12 from the /3 to further distribute within the RIR region
APNIC 2400:0000::/12
ARIN 2600:0000::/12
AfriNIC 2C00:0000::/12
LACNIC 2800:0000::/12
Ripe NCC 2A00:0000::/12
84
Cisco Public
42
9/27/16
85
Cisco Public
Interface ID
Cisco Public
43
9/27/16
EUI-64
Mac Address 0 0 2 6 B 0 E 5 8 3 3 C
EUI-64 Address 0 0 2 6 B 0 E 5 8 3 3 C
0 0 0 0 0 0 0 0 F F F E
U/L bit
0 0 0 0 0 0 1 0
Interface Identifier 0 2 2 6 B 0 F F F E E 5 8 3 3 C
Cisco Public
Cisco Public
44
9/27/16
Cisco Public
45
9/27/16
Cisco Public
IPv6 autoconfiguration
Is
this
address
unique?
Assign
FE80::310:BAFF:FE64:1D
2001:1234:1:1/64
network
Tentative
address (link-local
address)
Well-known
link
local
prefix
+Interface
ID (EUI-64)
Ex:
FE80::310:BAFF:FE64:1D
1. A new host is turned on.
2. Tentative address will be assigned to the new host.
3. Duplicate Address Detection (DAD) is performed. First the host transmit
a Neighbor Solicitation (NS) message to the solicited node multicast address
(FF02::1:FF64:001D) corresponding to its to be used address
5. If no Neighbor Advertisement (NA) message comes back then the address is unique.
6. FE80::310:BAFF:FE64:1D will be assigned to the new host.
Cisco Public
46
9/27/16
IPv6 autoconfiguration
Send
me
Router
Advertisement
FE80::310:BAFF:FE64:1D
2001:1234:1:1/64
network Router Assign
Advertisement
2001:1234:1:1:310:BAFF:FE64:1D
1. The new host will send Router Solicitation (RS) request to the all-routers multicast group
(FF02::2).
2. The router will reply Routing Advertisement (RA).
3. The new host will learn the network prefix. E.g, 2001:1234:1:1/64
4. The new host will assigned a new address Network prefix+Interface ID E.g,
2001:1234:1:1:310:BAFF:FE64:1D
Cisco Public
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
47