Hello all...
i'm studying with particular interest IPv6. In particular my focus is on IPv6 multicast.
My topology, matches the diagram below. I have a full dual stack hub and spoke topology where hub and spokes are connected via DMVPN.
Gateway is the hub. Is also RP. Configured with BSR. Gateway acts as candidate rp and as mapping agent.
Unicast routing between hub and spokes is done using eBGP each site is a different AS (so dmvpn phase 2 does work).
![]()
Here some show commands and configuration abstracts. (just from HUB and 1 spoke.. other spokes have basically identically config)
HUB config and show commands
Gateway#show ipv6 interface brief
Em0/0 [administratively down/down]
unassigned
GigabitEthernet0/0 [up/up]
unassigned
GigabitEthernet0/1 [up/up]
unassigned
FastEthernet0/0/0 [up/up]
unassigned
FastEthernet0/0/1 [up/up]
unassigned
FastEthernet0/0/2 [up/up]
unassigned
FastEthernet0/0/3 [up/up]
unassigned
FastEthernet0/0/0 [up/up]
unassigned
FastEthernet0/0/1 [up/up]
unassigned
FastEthernet0/0/2 [up/up]
unassigned
FastEthernet0/0/3 [up/up]
unassigned
BVI1 [up/up]
FE80::D2D0:FDFF:FE80:9E21
2001:470:6F:4AB:D2D0:FDFF:FE80:9E21
Loopback1 [up/up]
FE80::D2D0:FDFF:FE80:9E20
2001:470:596C:1::1
NVI0 [up/up]
unassigned
Tunnel0 [up/up]
FE80::59B1:7D7C
2001:470:6E:4AB::2
Tunnel1 [up/up]
FE80::D2D0:FDFF:FE80:9E20
2001:470:596C:2::1
Tunnel2 [up/up]
FE80::D2D0:FDFF:FE80:9E20
unnumbered (Loopback1)
Tunnel3 [up/up]
unassigned
Tunnel4 [up/up]
unassigned
Tunnel5 [up/up]
FE80::D2D0:FDFF:FE80:9E20
unnumbered (Tunnel1)
Tunnel6 [up/up]
FE80::D2D0:FDFF:FE80:9E20
unnumbered (Loopback1)
Virtual-Access1 [down/down]
unassigned
Virtual-Template1 [down/down]
FE80::D2D0:FDFF:FE80:9E20
unnumbered (Loopback1)
Vlan1 [administratively down/down]
unassigned
Vlan10 [up/up]
unassigned
Gateway#sh int description
Interface Status Protocol Description
Em0/0 admin down down
Gi0/0 up up Connection to cable modem
Gi0/1 up up LACIE NAS - 192.168.0.20
Fa0/0/0 up up raspberry-pi server - 192.168.0.18
Fa0/0/1 up up 3D TV
Fa0/0/2 up up wifi AP
Fa0/0/3 up up raspberry-pi NAGIOS - 192.168.0.19
BV1 up up LAN - Bridge Vlan 10 + Giga 0/1
Lo1 up up loop for VPN
NV0 up up
Tu0 up up IPv6 uplink to Hurricane
Tu1 up up VPN hub Tunnel
Tu2 up up Pim Register Tunnel (Encap) for Embedded RP
Tu3 up up Pim Register Tunnel (Encap) for RP 10.100.1.1
Tu4 up up Pim Register Tunnel (Decap) for RP 10.100.1.1
Tu5 up up Pim Register Tunnel (Encap) for RP 2001:470:596C:1::1
Tu6 up up Pim Register Tunnel (Decap) for RP 2001:470:596C:1::1
Vi1 down down
Vt1 down down template for PPTP VPN users
Vl1 admin down down
Vl10 up up Bridged with Giga0/1
Gateway#show bgp ipv6 unicast summary | b N
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:470:596C:2::3
4 65200 42 44 16 0 0 00:34:14 1
2001:470:596C:2::11
4 65300 42 45 16 0 0 00:34:13 2
Gateway#show dmvpn ipv6
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel1, IPv6 NHRP Details
Type:Hub, Total NBMA Peers (v4/v6): 2
1.Peer NBMA Address: 151.72.80.92
Tunnel IPv6 Address: 2001:470:596C:2::3
IPv6 Target Network: 2001:470:596C:2::3/128
# Ent: 1, Status: UP, UpDn Time: 13:44:15, Cache Attrib: D
2.Peer NBMA Address: 81.91.28.55
Tunnel IPv6 Address: 2001:470:596C:2::11
IPv6 Target Network: 2001:470:596C:2::11/128
# Ent: 1, Status: UP, UpDn Time: 13:44:17, Cache Attrib: D
Gateway#sh run int tun 1
Building configuration...
Current configuration : 725 bytes
!
interface Tunnel1
description VPN hub Tunnel
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip flow egress
ip pim dr-priority 100
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication !@auth%$
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 100
ip nhrp registration timeout 40
ip tcp adjust-mss 1360
load-interval 30
ipv6 address 2001:470:596C:2::1/64
ipv6 mtu 1400
ipv6 pim dr-priority 100
ipv6 nhrp authentication !@auth%$
ipv6 nhrp map multicast dynamic
ipv6 nhrp network-id 1
ipv6 nhrp holdtime 300
ipv6 nhrp registration timeout 40
keepalive 5 2
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
end
Gateway#show ipv6 pim interface state-on
Interface PIM Nbr Hello DR
Count Intvl Prior
BVI1 on 0 30 1
Address: FE80::D2D0:FDFF:FE80:9E21
DR : this system
Loopback1 on 0 30 1
Address: FE80::D2D0:FDFF:FE80:9E20
DR : this system
Tunnel0 on 0 30 1
Address: FE80::59B1:7D7C
DR : this system
Tunnel1 on 2 30 100
Address: FE80::D2D0:FDFF:FE80:9E20
DR : this system
Gateway#sh run | i ipv6 pim
ipv6 pim dr-priority 100
ipv6 pim bsr candidate bsr 2001:470:596C:1::1
ipv6 pim bsr candidate rp 2001:470:596C:1::1
Gateway#show ipv6 pim bsr election
PIMv2 BSR information
BSR Election Information
Scope Range List: ff00::/8
This system is the Bootstrap Router (BSR)
BSR Address: 2001:470:596C:1::1
Uptime: 13:48:12, BSR Priority: 0, Hash mask length: 126
RPF: FE80::D2D0:FDFF:FE80:9E20,Loopback1
BS Timer: 00:00:32
This system is candidate BSR
Candidate BSR address: 2001:470:596C:1::1, priority: 0, hash mask length: 126
Gateway#show ipv6 route
IPv6 Routing Table - default - 13 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, ls - LISP site
ld - LISP dyn-EID, a - Application
S ::/0 [1/0]
via Tunnel0, directly connected
C 2001:470:6E:4AB::/64 [0/0]
via Tunnel0, directly connected
L 2001:470:6E:4AB::2/128 [0/0]
via Tunnel0, receive
C 2001:470:6F:4AB::/64 [0/0]
via BVI1, directly connected
L 2001:470:6F:4AB:D2D0:FDFF:FE80:9E21/128 [0/0]
via BVI1, receive
C 2001:470:596C:1::/64 [0/0]
via Loopback1, directly connected
L 2001:470:596C:1::1/128 [0/0]
via Loopback1, receive
C 2001:470:596C:2::/64 [0/0]
via Tunnel1, directly connected
L 2001:470:596C:2::1/128 [0/0]
via Tunnel1, receive
B 2001:470:596C:3::/64 [20/0]
via FE80::214:F1FF:FE60:4AF0, Tunnel1
B 2001:470:596C:5::/64 [20/0]
via FE80::264:40FF:FE21:BB54, Tunnel1
B 2001:470:596C:6::/64 [20/0]
via FE80::264:40FF:FE21:BB54, Tunnel1
L FF00::/8 [0/0]
via Null0, receive
spoke config and show commands:
CASA-BR#show ipv6 interface brief
ATM0 [up/up]
unassigned
BVI1 [up/up]
FE80::214:F1FF:FE60:4AF0
2001:470:596C:3:214:F1FF:FE60:4AF0
Dialer0 [up/up]
unassigned
Dot11Radio0 [up/up]
unassigned
Dot11Radio0.2 [up/up]
unassigned
FastEthernet0 [up/up]
unassigned
FastEthernet1 [up/down]
unassigned
FastEthernet2 [up/down]
unassigned
FastEthernet3 [up/down]
unassigned
NVI0 [administratively down/down]
unassigned
Tunnel0 [up/up]
FE80::214:F1FF:FE60:4AF0
2001:470:596C:2::3
Tunnel2 [up/up]
FE80::214:F1FF:FE60:4AF0
unnumbered (BVI1)
Tunnel3 [up/up]
unassigned
Virtual-Access1 [up/up]
unassigned
Virtual-Access2 [up/up]
CASA-BR#sh int description
Interface Status Protocol Description
AT0 up up physical ADSL WAN port
BV1 up up Lan Virtual interface (bridge wired + wireless)
Di0 up up Connection to WIND ADSL
Do0 up up
Do0.2 up up Wireless - SSID: Sitecom691C35
Fa0 up up COMPUTER FISSO
Fa1 up down
Fa2 up down
Fa3 up down
NV0 admin down down
Tu0 up up DMVPN tunnel - HUB BRNO
Tu2 up up
Tu3 up up
Vi1 up up
Vi2 up up
Vl1 admin down down
Vl2 up up
CASA-BR#show bgp ipv6 unicast summary | b N
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:470:596C:2::1
4 65000 59 57 84 0 0 00:48:03 6
4 65000 59 57 84 0 0 00:48:03 6
CASA-BR#show dmvpn ipv6
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel0, IPv6 NHRP Details
Type:Spoke, Total NBMA Peers (v4/v6): 1
1.Peer NBMA Address: XX.XX.XX.XX
Tunnel IPv6 Address: 2001:470:596C:2::1
IPv6 Target Network: 2001:470:596C:2::1/128
# Ent: 1, Status: UP, UpDn Time: 13:58:01, Cache Attrib: S
CASA-BR#sh run int tun 0
Building configuration...
Current configuration : 837 bytes
!
interface Tunnel0
description DMVPN tunnel - HUB BRNO
ip address 172.16.1.3 255.255.255.0
no ip redirects
ip mtu 1400
ip flow egress
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication !@auth%$
ip nhrp map multicast XX.XX.XX.XX
ip nhrp map 172.16.1.1 XX.XX.XX.XX
ip nhrp network-id 1
ip nhrp holdtime 100
ip nhrp nhs 172.16.1.1
ip nhrp registration timeout 40
ip tcp adjust-mss 1360
load-interval 30
ipv6 address 2001:470:596C:2::3/64
ipv6 mtu 1400
ipv6 nhrp authentication !@auth%$
ipv6 nhrp map 2001:470:596C:2::1/128 XX.XX.XX.XX
ipv6 nhrp map multicast XX.XX.XX.XX
ipv6 nhrp network-id 1
ipv6 nhrp holdtime 300
ipv6 nhrp nhs 2001:470:596C:2::1
ipv6 nhrp registration timeout 40
keepalive 5 2
tunnel source Dialer0
tunnel mode gre multipoint
tunnel protection ipsec profile DMVPN
end
CASA-BR#show ipv6 pim interface state-on
Interface PIM Nbr Hello DR
Count Intvl Prior
BVI1 on 0 30 1
Address: FE80::214:F1FF:FE60:4AF0
DR : this system
Tunnel0 on 1 30 1
Address: FE80::214:F1FF:FE60:4AF0
DR : FE80::D2D0:FDFF:FE80:9E20
CASA-BR#sh run | i ipv6 pim
CASA-BR#show ipv6 pim bsr election
No BSR information found
CASA-BR#show ipv6 route
IPv6 Routing Table - default - 10 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
D - EIGRP, EX - EIGRP external, ND - Neighbor Discovery, l - LISP
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B 2001:470:6E:4AB::/64 [20/0]
via FE80::D2D0:FDFF:FE80:9E20, Tunnel0
B 2001:470:6F:4AB::/64 [20/0]
via FE80::D2D0:FDFF:FE80:9E20, Tunnel0
B 2001:470:596C:1::/64 [20/0]
via FE80::D2D0:FDFF:FE80:9E20, Tunnel0
C 2001:470:596C:2::/64 [0/0]
via Tunnel0, directly connected
L 2001:470:596C:2::3/128 [0/0]
via Tunnel0, receive
C 2001:470:596C:3::/64 [0/0]
via BVI1, directly connected
L 2001:470:596C:3:214:F1FF:FE60:4AF0/128 [0/0]
via BVI1, receive
B 2001:470:596C:5::/64 [20/0]
via FE80::D2D0:FDFF:FE80:9E20, Tunnel0
B 2001:470:596C:6::/64 [20/0]
via FE80::D2D0:FDFF:FE80:9E20, Tunnel0
L FF00::/8 [0/0]
via Null0, receive
CASA-BR#show ipv6 route 2001:470:596C:1::1
Routing entry for 2001:470:596C:1::/64
Known via "bgp 65200", distance 20, metric 0, type external
Route count is 1/1, share count 0
Routing paths:
FE80::D2D0:FDFF:FE80:9E20, Tunnel0
Last updated 00:55:07 ago
so.. basically config seems ok. hub and spoke have all routes needed in their unicast table but the spoke CASA-BR is not learning the RP information from PIM even if pim neighborship is established. There are NO redundant paths so PIM RPF checks should be ok ... but debug shows otherwise ... :
on the spoke i run "debug ipv6 pim" and this is what i see:
CASA-BR#debug ipv6 pim
IPv6 PIM debugging is on
CASA-BR#
Jan 28 09:55:02.157: IPv6 PIM: [0x0] RPF lookup failed for root 2001:470:596C:1::1
CASA-BR#
Jan 28 09:55:07.098: IPv6 PIM: [0x0] (*,FF05::1:3) Processing Periodic Join-Prune timer
Jan 28 09:55:07.098: IPv6 PIM: [0x0] (*,FF05::1:3) J/P processing
Jan 28 09:55:07.098: IPv6 PIM: [0x0] (*,FF05::1:3) Periodic J/P scheduled in 60 secs. Exact schedule time including jitter is: 58883 msec
Jan 28 09:55:07.098: IPv6 PIM: [0x0] (*,FF05::1:3) No RPF interface to send J/P
CASA-BR#
Jan 28 10:03:03.735: IPv6 BSR: [0x0] BSR message from FE80::D2D0:FDFF:FE80:9E20/Tunnel0 for 2001:470:596C:1::1 RPF failed, dropped
Jan 28 10:04:03.936: IPv6 BSR: [0x0] BSR message from FE80::D2D0:FDFF:FE80:9E20/Tunnel0 for 2001:470:596C:1::1 RPF failed, dropped
Jan 28 10:05:04.138: IPv6 BSR: [0x0] BSR message from FE80::D2D0:FDFF:FE80:9E20/Tunnel0 for 2001:470:596C:1::1 RPF failed, dropped
RPF lookup for the RP is failed? what? why ? there is no redundant path, packets has to come FROM tunnel 0.. indeed the unicast routing table does agree with me ...
CASA-BR#show ipv6 route 2001:470:596C:1::1 ?
| Output modifiers
<cr>
CASA-BR#show ipv6 route 2001:470:596C:1::1
Routing entry for 2001:470:596C:1::/64
Known via "bgp 65200", distance 20, metric 0, type external
Route count is 1/1, share count 0
Routing paths:
FE80::D2D0:FDFF:FE80:9E20, Tunnel0
Last updated 01:07:50 ago
so, well.. i am super sure that is the interface so just for the saik to test i added a multicast route matching unicast one!
CASA-BR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CASA-BR(config)#ipv6 route 2001:470:596C:1::/64 Tunnel0 multicast
CASA-BR(config)#
Jan 28 10:09:18.314: IPv6 PIM: [0x0] Received RPF change notification, triggering RPF check in 500 msec
CASA-BR(config)#^Z
it didn't actually work.. and i do not understand why RPF is still failing ... multicast static route and unicat route both match where the bsr advertisment is coming in ... so why is RPF failing ?
i have those routes learned via MBGP, so i decided to just add ipv6-multicast address family since those routes are used just for RPF... and see if that changes something.
i didn't want to change how routes are advertised i don't want to get a missmatch between multicast and unicast routes .. so i just copied on hub and spokes the config of address-family ipv6 and pasted it into address family ipv6 multicast
HUB config:
address-family ipv6
network 2001:470:6E:4AB::/64
network 2001:470:6F:4AB::/64
network 2001:470:596C:1::/64
network 2001:470:596C:2::/64
network 2001:470:596C:4::/64
neighbor 2001:470:596C:2::3 activate
neighbor 2001:470:596C:2::3 soft-reconfiguration inbound
neighbor 2001:470:596C:2::11 activate
neighbor 2001:470:596C:2::11 soft-reconfiguration inbound
exit-address-family
!
address-family ipv6 multicast
network 2001:470:6E:4AB::/64
network 2001:470:6F:4AB::/64
network 2001:470:596C:1::/64
network 2001:470:596C:2::/64
network 2001:470:596C:4::/64
neighbor 2001:470:596C:2::3 activate
neighbor 2001:470:596C:2::3 soft-reconfiguration inbound
neighbor 2001:470:596C:2::11 activate
neighbor 2001:470:596C:2::11 soft-reconfiguration inbound
exit-address-family
Spoke config:
!
address-family ipv6
network 2001:470:596C:3::/64
neighbor 2001:470:596C:2::1 activate
neighbor 2001:470:596C:2::1 soft-reconfiguration inbound
exit-address-family
!
address-family ipv6 multicast
network 2001:470:596C:3::/64
neighbor 2001:470:596C:2::1 activate
neighbor 2001:470:596C:2::1 soft-reconfiguration inbound
exit-address-family
now guess what? after bgp neighborship established, there RPF succed and we learn about our RP...
Jan 28 10:26:08.328: IPv6 BSR: [0x0] Received BSR message from FE80::D2D0:FDFF:FE80:9E20 for 2001:470:596C:1::1, BSR priority 0 hash mask length 126
Jan 28 10:26:08.328: IPv6 BSR: [0x0] RPF changed for BSR 2001:470:596C:1::1 from ::/- to FE80::D2D0:FDFF:FE80:9E20/Tunnel0
Jan 28 10:26:08.328: IPv6 BSR: [0x0] BSR elected state changed from Accept-Any to Accept-Preferred
Jan 28 10:26:08.328: IPv6 BSR: [0x0] Skipping interface Tunnel0, incoming interface
Jan 28 10:26:08.328: IPv6 BSR: [0x0] Skipping interface BVI1, no PIM neighbors found
Jan 28 10:26:08.328: IPv6 BSR: [0x0] Received Group range FF00::/8, RP count 1 Fragment RP count1
Jan 28 10:26:08.328: IPv6 BSR: [0x0] Update RP 2001:470:596C:1::1, Holdtime 150, Priority 192
Jan 28 10:26:09.332: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
CASA-BR#show ipv6 pim bsr election
PIMv2 BSR information
BSR Election Information
Scope Range List: ff00::/8
BSR Address: 2001:470:596C:1::1
Uptime: 00:12:38, BSR Priority: 0, Hash mask length: 126
RPF: FE80::D2D0:FDFF:FE80:9E20,Tunnel0
BS Timer: 00:01:34
now what i do not understand is why ? ipv6 unicast and ipv6 multicast tables are the same! why is pim not using the unicast table? why is the static mroute not working either ? any clue? anyone ?
For address family: IPv6 Unicast
BGP table version is 110, local router ID is 172.16.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2001:470:6E:4AB::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:6F:4AB::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:596C:1::/64
2001:470:596C:2::1
0 0 65000 i
r> 2001:470:596C:2::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:596C:3::/64
:: 0 32768 i
*> 2001:470:596C:5::/64
2001:470:596C:2::11
0 65000 65300 i
*> 2001:470:596C:6::/64
2001:470:596C:2::11
0 65000 65300 i
For address family: IPv6 Multicast
BGP table version is 48, local router ID is 172.16.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2001:470:6E:4AB::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:6F:4AB::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:596C:1::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:596C:2::/64
2001:470:596C:2::1
0 0 65000 i
*> 2001:470:596C:3::/64
:: 0 32768 i
*> 2001:470:596C:5::/64
2001:470:596C:2::1
0 65000 65300 i
*> 2001:470:596C:6::/64
2001:470:596C:2::1
0 65000 65300 i
