Advanced CCIE Routing & Switching

Transcription

Advanced CCIE Routing & Switching
Advanced
CCIE Routing & Switching
v5.0
www.MicronicsTraining.com
Narbik Kocharians
CCSI, CCIE #12410
R&S, Security, SP
VOL-III
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 1 of 24
Lab 3 – OSPF Broadcast Networks
Lo0
2::2/64
Lo0
1::1/64
:2
:1
R2
R1
F0/0
F0/0
10::/64
Lo0
7::7/64
G0/0
Lo0
8::8/64
G0/0
:8
:7
R8
R7
Task 1
Configure the routers based on the above topology, DO NOT configure any routing
protocol. If this configuration is performed properly, these routers should be able to
ping their directly connected routers. The Link-local IPv6 address of the routers should
be set to fe80::1, fe80::2, fe80::7 and fe80::8 for routers R1, R2, R7 and R8 respectively.
On SW1:
SW1(config)#int range f0/1-2 , f0/7-8
SW1(config-if-range)#Swi mode acc
SW1(config-if-range)#Swi acc vl 100
SW1(config-if-range)#Spanning portf
SW1(config-if-range)#No shut
On R1:
R1(config)#int f0/0
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 2 of 24
R1(config-if)#ipv6 address 10::1/64
R1(config-if)#ipv6 address fe80::1 Link-local
R1(config-if)#No shut
R1(config)#int lo0
R1(config-if)#ipv6 address 1::1/64
On R2:
R2(config)#int f0/0
R2(config-if)#ipv6 address 10::2/64
R2(config-if)#ipv6 address fe80::2 Link-local
R2(config-if)#No shut
R2(config)#int lo0
R2(config-if)#ipv6 address 2::2/64
On R7:
R7(config)#int g0/0
R7(config-if)#ipv6 address 10::7/64
R7(config-if)#ipv6 address fe80::7 Link-local
R7(config-if)#No shut
R7(config)#int lo0
R7(config-if)#ipv6 address 7::7/64
On R8:
R8(config)#int g0/0
R8(config-if)#ipv6 address 10::8/64
R8(config-if)#ipv6 address fe80::8 Link-local
R8(config-if)#No shut
R8(config)#int lo0
R8(config-if)#ipv6 address 8::8/64
To verify the configuration:
On R1:
R1#Ping 10::2
Type escape sequence to abort.
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 3 of 24
Sending 5, 100-byte ICMP Echos to 10::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
R1#Ping 10::7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10::7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
R1#Ping 10::8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10::8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/8 ms
Task 2
Configure OSPF area 0 on all routers and run their directly connected interfaces. Ensure
that loopback interfaces are advertised with their correct mask. You should configure
0.0.0.1, 0.0.0.2, 0.0.0.7 and 0.0.0.8 as the router IDs of R1, R2, R7 and R8 respectively.
R7 and R8 should use an address-family to accomplish this task. R7 should be the DR for
this segment.
On All Routers:
Rx(config)#ipv6 unicast-routing
Rx(config-router)#int lo0
Rx(config-if)#ipv6 ospf network point-to-point
On R1:
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 0.0.0.1
R1(config)#int f0/0
R1(config-if)#ipv6 ospf 1 area 0
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 4 of 24
R1(config-if)#int lo0
R1(config-if)#ipv6 ospf 1 area 0
On R2:
R2(config)#ipv6 router ospf 1
R2(config-rtr)#router-id 0.0.0.2
R2(config)#int f0/0
R2(config-if)#ipv6 ospf 1 are 0
R2(config-if)#int lo0
R2(config-if)#ipv6 ospf 1 are 0
You should see the following console message:
%OSPFv3-5-ADJCHG: Process 1, Nbr 0.0.0.1 on FastEthernet0/0 from LOADING
to FULL, Loading Done
On R7:
R7(config)#router ospfv3 1
R7(config-router)#address-family ipv6 unicast
R7(config-router-af)#router-id 0.0.0.7
Just like OSPFv2 the router with the highest priority will be elected as the DR for that given segment, that’s
if all the routers on that given segment come up at the same time. But if the priority of all routers are the
same the tie breaker is the router-id, this means that the router with the highest router-id will win the DR
election.
R7(config)#int g0/0
R7(config-if)#ospfv3 1 ipv6 area 0
R7(config-if)#ospfv3 priority 2
R7(config-if)#int lo0
R7(config-if)#ospfv3 1 ipv6 area 0
You should see the following console message:
%OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 0.0.0.1 on GigabitEthernet0/0 from
LOADING to FULL, Loading Done
%OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 0.0.0.2 on GigabitEthernet0/0 from
LOADING to FULL, Loading Done
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 5 of 24
On R8:
R8(config)#router ospfv3 1
R8(config-router)#address-family ipv6 unicast
R8(config-router-af)#router-id 0.0.0.8
R8(config-if)#int G0/0
R8(config-if)#ospfv3 1 ipv6 area 0
R8(config-if)#int lo0
R8(config-if)#ospfv3 1 ipv6 area 0
You should see the following console message:
%OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 0.0.0.1 on GigabitEthernet0/0 from
LOADING to FULL, Loading Done
%OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 0.0.0.2 on GigabitEthernet0/0 from
LOADING to FULL, Loading Done
To ensure that R7 is the DR, we need to clear ip ospf process on all routers:
R8#Clear ipv6 ospf process
Reset selected OSPFv3 processes? [no]: y
To verify the configuration:
On R1:
R1#Show ipv6 route ospf
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O
O
O
2::/64 [110/2]
via FE80::2, FastEthernet0/0
7::/64 [110/2]
via FE80::7, FastEthernet0/0
8::/64 [110/2]
via FE80::8, FastEthernet0/0
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 6 of 24
R1#Show ipv6 ospf database network
OSPFv3 Router with ID (0.0.0.1) (Process ID 1)
Net Link States (Area 0)
LS age: 63
Options: (V6-Bit, E-Bit, R-bit, DC-Bit)
LS Type: Network Links
Link State ID: 3 (Interface ID of Designated Router)
Advertising Router: 0.0.0.7
LS Seq Number: 80000003
Checksum: 0xDD05
Length: 40
Attached Router: 0.0.0.7
Attached Router: 0.0.0.1
Attached Router: 0.0.0.2
Attached Router: 0.0.0.8
We can see that it’s the DR that floods LSA Type 2s, and on this segment R7 is the DR with a router-id of
0.0.0.7; DR is the only router that is responsible for flooding Network LSAs or LSA Type-2s. We can also see
that Network LSAs also reveal the router IDs of all routers that are attached to this Broadcast Multiaccess
network.
On R8:
R8#Show ospfv3 neighbor
OSPFv3 1 address-family ipv6 (router-id 0.0.0.8)
Neighbor ID
0.0.0.1
0.0.0.2
0.0.0.7
Pri
1
1
2
State
FULL/DROTHER
FULL/DROTHER
FULL/DR
Dead Time
00:00:35
00:00:35
00:00:38
Interface ID
3
3
3
Interface
GigabitEthernet0/0
GigabitEthernet0/0
GigabitEthernet0/0
R8#Show ospfv3 data network
OSPFv3 1 address-family ipv6 (router-id 0.0.0.8)
Net Link States (Area 0)
LS age: 536
Options: (V6-Bit, E-Bit, R-bit, DC-Bit)
LS Type: Network Links
Link State ID: 3 (Interface ID of Designated Router)
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 7 of 24
Advertising Router: 0.0.0.7
LS Seq Number: 80000003
Checksum: 0xDD05
Length: 40
Attached Router: 0.0.0.7
Attached Router: 0.0.0.1
Attached Router: 0.0.0.2
Attached Router: 0.0.0.8
Based on the output of the following show command we can see that hellos are exchanged every 10
seconds and the dead interval is set to 40 seconds:
R8#Show ospfv3 int g0/0 | Inc Timer
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Let’s see the destination address of OSPF hello messages on OSPF Broadcast network types:
R8#Debug ospfv3 hello
OSPFv3 hello debugging is on for process 1, IPv6, Default vrf
OSPFv3-1-IPv6 HELLO Gi0/0: Send hello to FF02::5 area 0 from FE80::8
interface ID 3
We can see that the hello messages are sent to a Multicast group address of FF02::5, this means that the
G0/0 interface of R8 must have joined this Multicast address, let’s see this information:
R8#Show ipv6 interface g0/0 | Inc FF
FF02::1
FF02::2
FF02::5
FF02::6
FF02::FB
FF02::1:FF00:8
We can see that R8 has joined many Multicast groups, let’s explain these groups:




FF02::1 – All nodes within the local segment
FF02::2 – All routers within the local segment, the local router will only join this group if the “IPv6
unicast-routing” command is configured.
FF02::5, and FF02::6 – These are OSPF groups, ::5 is all OSPF routers and ::6 is the DR/BDR. R7 is the
DR on this segment, but R8 is the BDR and this is why it has joined this group.
FF02::FB – This is the mDNS
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 8 of 24

FF02::1:FF00:8 – The Solicited Node Multicast group.
R1#Undebug all
All possible debugging has been turned off
Let’s identify the major points of an OSPF Broadcast Network type:





Ethernet Networks default to OSPF Broadcast Network types.
The timers are 10/40, meaning that the Hello interval is 10 seconds and the dead interval is set to
40 seconds.
Next hop does NOT change. In the output of the above “Show ipv6 route ospf” command we can
see that the next hop IP address is the IP address of the F0/0 or the G0/0 interface of the router
that originated the route.
DR and optionally BDR election will take place in Broadcast Multiaccess networks such as Ethernet.
In Broadcast network types the hellos are sent to Multicast destination of FF02::5.
Task 2
Lab Setup:
To copy and paste the initial configurations, go to “Advanced-init” “IPv6”
“OSPFv3” Lab-3-Task-2.
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 9 of 24
Lo0
1::1/64
.1
R1
F0/0
AREA 0
DMVPN
10::/64
:8
F0/0
G0/0
R8
8::8/64
Lo0
.2
G0/0
R2
:7
R7
2::2/64
Lo0
7::7/64
Lo0
Configure OSPFv3 on the tunnel and Loopback 0 interfaces of all routers based on the
following policy:





R1 is the hub and R2, R7, and R8 are configured as spokes, DO NOT change the
topology.
Configure the tunnel interfaces of all routers to be OSPFv3 broadcast network
type.
The Loopback interfaces should be advertised with their correct mask.
Configure the router-IDs of the routers to be 0.0.0.1, 0.0.0.2, 0.0.0.7, and 0.0.0.8
for R1, R2, R7 and R8 respectively.
The DMVPN network is configured, if you need to change the DMVPN network,
DO NOT configure it using dynamic mapping.
Before we configure OSPFv3 let’s see if we have reachability to the tunnel IPv6 addresses:
On R1:
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 10 of 24
R1#Ping 10::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
R1#Ping 10::7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10::7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
R1#Ping 10::8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10::8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
On All Routers:
Rx(config)#IPv6 unicast-routing
On R1:
To see the interface ID of the tunnel:
R1#Show ipv6 inter br | B Tunne
Tunnel1
FE80::1
10::1
[up/up]
R1(config)#ipv6 router ospf 1
R1(config-rtr)#router-id 0.0.0.1
R1(config)#int lo0
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#ipv6 ospf network point-to-point
R1(config-if)#int tunnel 1
R1(config-if)#ipv6 ospf 1 area 0
R1(config-if)#ipv6 ospf network broadcast
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 11 of 24
On R2:
R2#Show ipv6 inter br | B Tunne
Tunnel2
FE80::2
10::2
[up/up]
R2(config)#ipv6 router ospf 1
R2(config-rtr)#router-id 0.0.0.2
R2(config)#int tunnel 2
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#ipv6 ospf network broadcast
R2(config)#int lo0
R2(config-if)#ipv6 ospf 1 area 0
R2(config-if)#ipv6 ospf network point-to-point
On R7:
R7#Show ipv6 inter bri | B Tunne
Tunnel7
FE80::7
10::7
[up/up]
R7(config)#router ospfv3 1
R7(config-router)#address-family ipv6 unicast
R7(config-router-af)#router-id 0.0.0.7
R7(config)#int lo0
R7(config-if)#ospfv3 1 ipv6 area 0
R7(config-if)#ospfv3 network point-to-point
R7(config)#int tunn 7
R7(config-if)#ospfv3 1 ipv6 area 0
R7(config-if)#ospfv3 network broadcast
On R8:
R8#Show ipv6 inter br | B Tunnel
Tunnel8
[up/up]
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 12 of 24
FE80::8
10::8
R8(config)#router ospfv3 1
R8(config-router)#address-family ipv6 unicast
R8(config-router-af)#router-id 0.0.0.7
R8(config)#int lo0
R8(config-if)#ospfv3 1 ipv6 area 0
R8(config-if)#ospfv3 network point-to-point
R8(config-if)#int tunnel 8
R8(config-if)#ospfv3 1 ipv6 area 0
R8(config-if)#ospfv3 network broadcast
To verify the configuration:
On R1:
R1#Show ipv6 ospf neighbor
R1#
We can see that the routers did not establish an OSPFv3 adjacency. We know that in OSPF Broadcast
Network types the Hellos are sent to destination Multicast address of FF02::5, since we have configured
OSPFv3 on a NBMA network (DMVPN), let’s check and see if we provided Multicast capability:
On R1:
R1#Show run int tunnel 1 | B interface
interface Tunnel1
no ip address
no ip redirects
ipv6 address FE80::1 link-local
ipv6 address 10::1/64
ipv6 nhrp map 10::8/128 192.1.8.8
ipv6 nhrp map 10::7/128 192.1.7.7
ipv6 nhrp map 10::2/128 192.1.2.2
ipv6 nhrp network-id 111
ipv6 ospf network broadcast
ipv6 ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode gre multipoint
end
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 13 of 24
Based on the above output, we can see that Multicast is NOT mapped, let’s check R2:
On R2:
R2#Show run int tunnel 2 | B interface
interface Tunnel2
no ip address
no ip redirects
ipv6 address FE80::2 link-local
ipv6 address 10::2/64
ipv6 nhrp map 10::1/128 192.1.1.1
ipv6 nhrp network-id 222
ipv6 ospf network broadcast
ipv6 ospf 1 area 0
tunnel source FastEthernet0/0
tunnel mode gre multipoint
end
Actually we can see two problems in the above configuration, the first problem is that the configuration
does not provide support for Multicast traffic. The second problem is that the wrong IPv6 address is
mapped to the NBMA-IP. In IPv6, the routing protocols use the link local IPv6 address to establish
adjacency, but the output of the above show command reveals that the actual IPv6 address is mapped to
the NBMA-IP and not the link-local IPv6 address.
Let’s provide Multicast capability to R1 and R2’s Tunnel interface. To provide Multicast capability, we need
to map Multicast to the NBMA-IP address, the NBMA-IP is the IP address of the tunnel source.
On R1:
R1#Show run int f0/0 | Inc ip address
ip address 192.1.1.1 255.255.255.0
On R2:
R2#Show run int f0/0 | Inc ip address
ip address 192.1.2.2 255.255.255.0
On R1:
R1(config)#Int tunnel 1
R1(config-if)#ipv6 nhrp map multicast 192.1.2.2
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 14 of 24
On R2:
R2(config)#Int tunnel 2
R2(config-if)#ipv6 nhrp map multicast 192.1.1.1
Now, let’s map the correct IPv6 address to the NBMA-IP:
On R1:
R1(config)#Int tunnel 1
R1(config-if)#No ipv6 nhrp map 10::2/128 192.1.2.2
R1(config-if)#ipv6 nhrp map fe80::2/128 192.1.2.2
On R2:
R2(config)#int tunn 2
R2(config-if)#No ipv6 nhrp map 10::1/128 192.1.1.1
R2(config-if)#ipv6 nhrp map fe80::1/128 192.1.1.1
You should see the following console message:
%OSPFv3-5-ADJCHG: Process 1, Nbr 0.0.0.2 on Tunnel1 from LOADING to FULL,
Loading Done
To verify the configuration:
On R1:
R1#Show ipv6 route ospf
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
D - EIGRP, EX - EIGRP external, NM - NEMO, ND - Neighbor Discovery
l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O
2::/64 [110/1001]
via FE80::2, Tunnel1
Let’s fix the configuration of the hub (R1) for the other spokes (R7, and R8):
On R1:
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 15 of 24
R1(config)#int tunn 1
R1(config-if)#No ipv6 nhrp map 10::8/128 192.1.8.8
R1(config-if)#No ipv6 nhrp map 10::7/128 192.1.7.7
R1(config-if)#ipv6 nhrp map fe80::7/128 192.1.7.7
R1(config-if)#ipv6 nhrp map fe80::8/128 192.1.8.8
R1(config-if)#ipv6 nhrp map multicast 192.1.7.7
R1(config-if)#ipv6 nhrp map multicast 192.1.8.8
On R7:
R7(config)#int tunn 7
R7(config-if)#No ipv6 nhrp map 10::1/128 192.1.1.1
R7(config-if)#ipv6 nhrp map fe80::1/128 192.1.1.1
R7(config-if)#ipv6 nhrp map multicast 192.1.1.1
You should see the following console message:
%OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 0.0.0.1 on Tunnel7 from LOADING to
FULL, Loading Done
On R8:
R8(config)#int tun 8
R8(config-if)#No ipv6 nhrp map 10::1/128 192.1.1.1
R8(config-if)#ipv6 nhrp map fe80::1/128 192.1.1.1
R8(config-if)#ipv6 nhrp map multicast 192.1.1.1
You should see the following console message:
%OSPFv3-5-ADJCHG: Process 1, IPv6, Nbr 0.0.0.1 on Tunnel7 from LOADING to
FULL, Loading Done
To verify the configuration:
On R1:
R1#Show ipv6 ospf neighbor
Neighbor ID
0.0.0.2
0.0.0.7
0.0.0.8
Pri
1
1
1
State
FULL/DROTHER
FULL/DROTHER
FULL/DR
CCIE R&S by Narbik Kocharians
Dead Time
00:00:32
00:00:37
00:00:32
Interface ID
23
9
9
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Interface
Tunnel1
Tunnel1
Tunnel1
Page 16 of 24
We can see that R8 which happens to be one of the spokes is the DR, we should always configure the hub
router as the DR, let’s configure this and verify:
On R2:
R2(config)#int tunn 2
R2(config-if)#ipv6 ospf priority 0
To verify the configuration:
R2#Show ipv6 ospf interface tunne 2 | inc Pri
Transmit Delay is 1 sec, State DROTHER, Priority 0
On R7:
R7(config)#int tunn 7
R7(config-if)#ospfv3 priority 0
To verify the configuration:
R7#Sh ospfv3 inter tunn 7 | in Pri
Transmit Delay is 1 sec, State DROTHER, Priority 0
On R8:
R8(config)#int tunn 8
R8(config-if)#ipv6 ospf priority 0
To verify the configuration:
R8#Sh ospfv3 inter tunn 8 | in Pri
Transmit Delay is 1 sec, State DROTHER, Priority 0
We need to clear the OSPF process for the changes to take affect:
On R2:
R2#Clear ipv6 ospf process
Reset ALL OSPF processes? [no]: Y
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 17 of 24
On R7 and R8:
Rx#Clear ospfv3 process
Reset selected OSPFv3 processes? [no]: Y
To verify the configuration:
On R8:
R8#Show ospfv3 neighbor
OSPFv3 1 address-family ipv6 (router-id 0.0.0.8)
Neighbor ID
0.0.0.1
Pri
1
State
FULL/DR
Dead Time
00:00:30
Interface ID
23
Interface
Tunnel8
R8#Show ipv6 route ospf
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, ls - LISP site
ld - LISP dyn-EID, a - Application
O
O
O
1::/64 [110/1001]
via FE80::1, Tunnel8
2::/64 [110/1001]
via FE80::2, Tunnel8
7::/64 [110/1001]
via FE80::7, Tunnel8
R8#Ping 1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
The ping failed.
We know that on Broadcast network types the next-hop IP address is set based on the originating router,
we can see that in the routing table, the next-hop IPv6 address to reach 1::/64 network is FE80::1 which is
the link-local IPv6 address of R1, do we have an IPv6 nhrp mapping for that IPv6 address?
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 18 of 24
Let’s verify:
R8#Show ipv6 nhrp
FE80::1/128 via FE80::1
Tunnel8 created 00:19:33, never expire
Type: static, Flags: used
NBMA address: 192.1.1.1
Let’s see if we can ping the link-local IPv6 address of R1:
R8#Ping fe80::1
Output Interface: Tunnel8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::1, timeout is 2 seconds:
Packet sent with a source address of FE80::8%Tunnel8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
We are successful, does this mean that we must have an IPv6 nhrp mapping for the actual IPv6 address as
well?
Let’s configure and verify:
R8(config)#int tunn 8
R8(config-if)#ipv6 nhrp map 10::1/128 192.1.1.1
On R1:
R1(config)#int tunn 1
R1(config-if)#ipv6 nhrp map 10::8/128 192.1.8.8
To verify the configuration:
On R8:
R8#Ping 1::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
OK, we can see why, the reason the pings failed initially was because the source IPv6 address of the ping
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 19 of 24
was the tunnel’s IPv6 address and since we did not have any mapping configured for that IPv6 address, the
pings failed.
Does this mean that if the same ping was sourced from the loopback 0 interface of R8, it would be
successful?
Let’s try this; before we try, let’s examine the routing table of R8 and R7, they must have an ipv6 nhrp
mapping to the next-hop IPv6 address, let’s verify:
R8#Show ipv6 route 7::7
Routing entry for 7::/64
Known via "ospf 1", distance 110, metric 1001, type intra area
Route count is 1/1, share count 0
Routing paths:
FE80::7, Tunnel8
Last updated 00:32:19 ago
Let’s see if we have an IPv6 mapping for the next-hop IPv6 address of fe80::7:
R8#Show ipv6 nhrp
10::1/128 via 10::1
Tunnel8 created 00:18:00, never expire
Type: static, Flags:
NBMA address: 192.1.1.1
FE80::1/128 via FE80::1
Tunnel8 created 00:43:32, never expire
Type: static, Flags: used
NBMA address: 192.1.1.1
No, the local router does not have an IPv6 nhrp mapping for the next-hop IPv6 address of FE80::7. Let’s
configure one:
R8(config)#int tunn 8
R8(config-if)#ipv6 nhrp map fe80::7/128 192.1.7.7
Now, let’s check R7:
On R7:
R7#Show ipv6 route 8::/64
Routing entry for 8::/64
Known via "ospf 1", distance 110, metric 1001, type intra area
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 20 of 24
Route count is 1/1, share count 0
Routing paths:
FE80::8, Tunnel7
Last updated 00:34:43 ago
R7#Show ipv6 nhrp
FE80::1/128 via FE80::1
Tunnel7 created 00:46:42, never expire
Type: static, Flags: used
NBMA address: 192.1.1.1
Let’s configure an IPv6 nhrp mapping for the next-hop IPv6 address of fe80::8:
R7(config)#int tunn 7
R7(config-if)#ipv6 nhrp map fe80::8/128 192.1.8.8
To verify the configuration:
On R8:
R8#Ping 7::7 Source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7::7, timeout is 2 seconds:
Packet sent with a source address of 8::8
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Perfect, it worked. Let’s configure IPv6 nhrp mappings on all routers in a full mesh manner:
R8(config)#int tunn 8
R8(config-if)#ipv6 nhrp map fe80::2/128 192.1.2.2
On R2:
R2(config)#int tunn 2
R2(config-if)#ipv6 nhrp map fe80::7/128 192.1.7.7
R2(config-if)#ipv6 nhrp map fe80::8/128 192.1.8.8
On R7:
R7(config)#int tunn 7
R7(config-if)#ipv6 nhrp map fe80::2/128 192.1.2.2
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 21 of 24
To verify the configuration:
On R2:
R2#Ping 1::1 source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1::1, timeout is 2 seconds:
Packet sent with a source address of 2::2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R2#Ping 7::7 Source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7::7, timeout is 2 seconds:
Packet sent with a source address of 2::2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
R2#Ping 8::8 Source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8::8, timeout is 2 seconds:
Packet sent with a source address of 2::2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
On R1:
R1#Ping 7::7 Source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7::7, timeout is 2 seconds:
Packet sent with a source address of 1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
R1#Ping 8::8 Source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8::8, timeout is 2 seconds:
Packet sent with a source address of 1::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 22 of 24
On R7:
R7#Ping 8::8 Source Lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8::8, timeout is 2 seconds:
Packet sent with a source address of 7::7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
NBMA networks can be configured in two ways: Point-to-point and/or Multipoint.
If the network (DMVPN in this case) is configured in a Point-to-point manner, the routers have Unicast,
Multicast and/or Broadcast capability. In Point-to-point networks, there can only be another router on the
other end of the link, so as long as the destination network is in the routing table, we should be able to
reach that destination.
If the network (DMVPN in this case) is configured in a Multipoint manner, we have unicast reachability
only, but Broadcast/Multicast capability can be available if it’s provided.
Since in multipoint networks there can potentially be more than one router on the other end of the tunnel
or link, the local router MUST have a mapping to the next-hop IPv6 address/es or else, NLRI can not be
achieved.
In this lab, since the spoke routers didn’t have NHRP mappings to the next-hop IPv6 address of the other
endpoints, they could not reach the advertised networks and we had to configure full mesh NHRP
mappings.
In broadcast network types the next-hop IP address is not changed, and if the network is NBMA in nature,
such as DMVPN, and it’s configured in Multipoint manner, we have to remember the following important
points:



Multicast capability must be provided.
Spokes must have NHRP mappings to the next-hop IPv6 address to have reachability to the
networks that other endpoints are advertising.
The hub router should be configured as the DR, and a BDR is not needed. To achieve this, the spoke
routers MUST have an OSPFv3 priority of zero so they never participate in DR election.
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 23 of 24
Task 3
Erase the startup configuration of the routers, the config.text and the VLAN.dat of the
switches and reload them before proceeding to the next lab.
CCIE R&S by Narbik Kocharians
Advanced CCIE R&S Work Book 5.0
© 2015 Narbik Kocharians. All rights reserved
Page 24 of 24