Difference between revisions of "IPv6Tunnels/ExampleConfigs"

From initLab
Jump to navigation Jump to search
(Add an equal cost multipath switch and a description for it for bird 1.6.2+ users)
 
(9 intermediate revisions by 3 users not shown)
Line 3: Line 3:
= Linux =
= Linux =


== Tunnel interface ==
== Tunnel interface on Debian ==
<pre>
<pre>
auto marla-ipv6-spn
auto marla-ipv6-spn
Line 14: Line 14:
endpoint 79.98.105.18
endpoint 79.98.105.18
gateway 2001:67c:21bc:7fff:0001:2:0:1
gateway 2001:67c:21bc:7fff:0001:2:0:1
</pre>
== Tunnel interface on OpenWRT ==
Install the 6in4 package, and add something like this to /etc/config/network (change the addresses):
<pre>
config interface 'crock6'
option proto '6in4'
option peeraddr '79.98.105.18'
option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64'
option ip6gw '2001:67c:21bc:7fff:0001:10:0:1'
option ip6prefix '2001:67c:21bc:c::/64'
option ttl '255'
</pre>
</pre>


== quagga ==
== quagga ==
In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.
Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".
(this is actually the live configuration of initLab)
bgpd.conf:
<pre>
!
router bgp 65535
bgp router-id 192.168.232.1
no bgp default ipv4-unicast
neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533
neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od
neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10
neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533
neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc
neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10
!
address-family ipv6
network 2001:67c:21bc:4::/62
neighbor 2001:67c:21bc:7fff:2:1:0:1 activate
neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out
neighbor 2001:67c:21bc:7fff:2:1:1:1 activate
neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out
exit-address-family
!
ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62
ipv6 prefix-list mine seq 15 deny any
!
route-map external-out permit 10
match ipv6 address prefix-list mine
!
route-map external-out deny 20
!
</pre>
== bird ==
This is /etc/bird/bird6.conf:
<pre>
# Configure logging
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
# Listen only on IPv6
listen bgp v6only;
# Write your router id here, any ipv4 address that you have will do
router id 46.233.38.1;
# The direct protocol automatically generates device routes to
# all network interfaces. Can exist in as many instances as you wish
# if you want to populate multiple routing tables with device routes.
protocol direct {
interface "*";
}
# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
export all;
# Usually, only best routes are exported to the kernel protocol. With
# path merging enabled, both best routes and equivalent non-best routes
# are merged during export to generate one ECMP (equal-cost multipath)
# route for each network. This is useful e.g. for BGP multipath. Note
# that best routes are still pivotal for route export (responsible for
# most properties of resulting ECMP routes), while exported non-best
# routes are responsible just for additional multipath next hops. This
# option also allows to specify a limit on maximal number of nexthops in
# one route. By default, multipath merging is disabled. If enabled,
# default value of the limit is 16. bird 1.6.2+ required.
#merge paths;
}
# This pseudo-protocol watches all interface up/down events.
protocol device {
# Time in seconds between two scans of the network interface list. On
# systems where we are notified about interface status changes
# asynchronously (such as newer versions of Linux), we need to scan the
# list only in order to avoid confusion by lost notification messages,
# so the default time is set to a large value.
#scan time 10;          # Scan interfaces every 10 seconds
}
protocol static {
# REPLACE WITH YOUR NET HERE
route 2001:67c:21bc:4::/64 unreachable; # Sink route
}
filter ext_originate_ip6 {
# REPLACE WITH YOUR NET HERE
if (net = 2001:67c:21bc:4::/64 ) then accept;
else reject;
}
template bgp t_ext_ip6 {
# replace ASN here!
local as 65532;
export filter ext_originate_ip6;
}
# REPLACE NEIGHBOR IPs HERE
# IPv6 bgp link to marla
protocol bgp marla_tbc_ip6 from t_ext_ip6 {
description "uplink to marla/tbc over ipv6";
neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533;
# preference 110;        # Set higher preference for Marla
}
# IPv6 bgp link to tyler
protocol bgp tyler_tbc_ip6 from t_ext_ip6 {
description "uplink to tyler/tbc over ipv6";
neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533;
}
</pre>


= Mikrotik =
= Mikrotik =
TODO: explain config
<pre>
/interface 6to4
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
    marla-ipv6-bsc remote-address=79.98.105.18
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
    tyler-ipv6-bst remote-address=78.128.1.18
/routing bgp instance
set default as=65531
/ipv6 address
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \
    interface=marla-ipv6-bsc
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\
    yes interface=bridge-lan
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \
    interface=tyler-ipv6-bst
/routing bgp network
add network=2001:67c:21bc:2::/64 synchronize=no
/routing bgp peer
add address-families=ipv6 name=tyler remote-address=\
    2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default
add address-families=ipv6 name=marla remote-address=\
    2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default
</pre>
= Juniper =
== Juniper SRX ==
* XX.XX.XX.XX is your local ip address
<pre>
interfaces {
  ip-0/0/0 {
        unit 0 {
            tunnel {
                source XX.XX.XX.XX;
                destination 79.98.105.18;
                ttl 255;
            }
            family inet6 {
                address 2001:67c:21bc:7fff:0001:12:1:2/120;
            }
        }
        unit 1 {
            tunnel {
                source XX.XX.XX.XX;
                destination 78.128.1.18;
                ttl 255;
            }
            family inet6 {
                address 2001:67c:21bc:7fff:0002:12:0:2/120;
            }
        }
    }
}
routing-options {
    graceful-restart;
    rib inet6.0 {
        static {
            route 2001:67c:21bc:e::/64 {
                discard;
                as-path {
                    origin igp;
                }
            }
        }
    }
    router-id XX.XX.XX.XX;
    autonomous-system 65529;
}
protocols {
    bgp {
        group IPv6-BG-Tunnels {
            type external;
            import import-IPv6-ludost-net;
            family inet6 {
                any;
            }
            export export-IPv6-ludost-net;
            neighbor 2001:67c:21bc:7fff:0001:12:1:1 {
                local-address 2001:67c:21bc:7fff:0001:12:1:2;
                peer-as 200533;
                local-as 65529;
            }
            neighbor 2001:67c:21bc:7fff:0002:12:0:1 {
                local-address 2001:67c:21bc:7fff:0002:12:0:2;
                peer-as 200533;
                local-as 65529;
            }
        }
    }
}
policy-options {
    policy-statement export-IPv6-ludost-net {
        term 0 {
            from {
                route-filter 2001:67c:21bc:e::/64 exact;
            }
            then accept;
        }
        term default {
            then reject;
        }
    }
    policy-statement import-IPv6-ludost-net {
        term default {
            then accept;
        }
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
        }
    }
}
</pre>

Latest revision as of 01:11, 12 October 2016

Example configs

Linux

Tunnel interface on Debian

auto marla-ipv6-spn
iface marla-ipv6-spn inet6 v4tunnel
	mode ipip
	ttl 225
	address 2001:67c:21bc:7fff:0001:2:0:2
	netmask 120
	local USER-IP-ADDRESS
	endpoint 79.98.105.18
	gateway 2001:67c:21bc:7fff:0001:2:0:1

Tunnel interface on OpenWRT

Install the 6in4 package, and add something like this to /etc/config/network (change the addresses):

config interface 'crock6'
	option proto '6in4'
	option peeraddr '79.98.105.18'
	option ip6addr '2001:67c:21bc:7fff:0001:10:0:2/64'
	option ip6gw '2001:67c:21bc:7fff:0001:10:0:1'
	option ip6prefix '2001:67c:21bc:c::/64'
	option ttl '255'

quagga

In this example, 2001:67c:21bc:7fff:2:1:0:1 and 2001:67c:21bc:7fff:2:1:1:1 are the remote end-points of the tunnels, 2001:67c:21bc:4::/62 is the assigned network, and 65535 is the ASN delegated to this peer.

Basically, this configuration says "connect to the two peers, and filter what I announce to them to be just my own network".

(this is actually the live configuration of initLab)

bgpd.conf:

!
router bgp 65535
 bgp router-id 192.168.232.1
 no bgp default ipv4-unicast
 neighbor 2001:67c:21bc:7fff:2:1:0:1 remote-as 200533
 neighbor 2001:67c:21bc:7fff:2:1:0:1 interface lab-ipv6-od
 neighbor 2001:67c:21bc:7fff:2:1:0:1 timers 3 10
 neighbor 2001:67c:21bc:7fff:2:1:1:1 remote-as 200533
 neighbor 2001:67c:21bc:7fff:2:1:1:1 interface lab-ipv6-tbc
 neighbor 2001:67c:21bc:7fff:2:1:1:1 timers 3 10
!
 address-family ipv6
 network 2001:67c:21bc:4::/62
 neighbor 2001:67c:21bc:7fff:2:1:0:1 activate
 neighbor 2001:67c:21bc:7fff:2:1:0:1 route-map external-out out
 neighbor 2001:67c:21bc:7fff:2:1:1:1 activate
 neighbor 2001:67c:21bc:7fff:2:1:1:1 route-map external-out out
 exit-address-family
!
ipv6 prefix-list mine seq 5 permit 2001:67c:21bc:4::/62
ipv6 prefix-list mine seq 15 deny any
!
route-map external-out permit 10
 match ipv6 address prefix-list mine
!
route-map external-out deny 20
!

bird

This is /etc/bird/bird6.conf:


# Configure logging
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };

# Listen only on IPv6
listen bgp v6only;


# Write your router id here, any ipv4 address that you have will do
router id 46.233.38.1;

# The direct protocol automatically generates device routes to
# all network interfaces. Can exist in as many instances as you wish
# if you want to populate multiple routing tables with device routes.
protocol direct {
	interface "*";
}

# This pseudo-protocol performs synchronization between BIRD's routing
# tables and the kernel. If your kernel supports multiple routing tables
# (as Linux 2.2.x does), you can run multiple instances of the kernel
# protocol and synchronize different kernel tables with different BIRD tables.
protocol kernel {
	export all;

	# Usually, only best routes are exported to the kernel protocol. With
	# path merging enabled, both best routes and equivalent non-best routes
	# are merged during export to generate one ECMP (equal-cost multipath)
	# route for each network. This is useful e.g. for BGP multipath. Note
	# that best routes are still pivotal for route export (responsible for
	# most properties of resulting ECMP routes), while exported non-best
	# routes are responsible just for additional multipath next hops. This
	# option also allows to specify a limit on maximal number of nexthops in
	# one route. By default, multipath merging is disabled. If enabled,
	# default value of the limit is 16. bird 1.6.2+ required.
	#merge paths;
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
	# Time in seconds between two scans of the network interface list. On
	# systems where we are notified about interface status changes
	# asynchronously (such as newer versions of Linux), we need to scan the
	# list only in order to avoid confusion by lost notification messages,
	# so the default time is set to a large value.
	#scan time 10;           # Scan interfaces every 10 seconds
}

protocol static {
	# REPLACE WITH YOUR NET HERE
	route 2001:67c:21bc:4::/64 unreachable; # Sink route
}

filter ext_originate_ip6 {
	# REPLACE WITH YOUR NET HERE
	if (net = 2001:67c:21bc:4::/64 ) then accept;
	else reject;
}

template bgp t_ext_ip6 {
	# replace ASN here!
	local as 65532;
	export filter ext_originate_ip6;
}


# REPLACE NEIGHBOR IPs HERE

# IPv6 bgp link to marla
protocol bgp marla_tbc_ip6 from t_ext_ip6 {
	description "uplink to marla/tbc over ipv6";
	neighbor 2001:67c:21bc:7fff:1:9:0:1 as 200533;
	# preference 110;        # Set higher preference for Marla
}

# IPv6 bgp link to tyler
protocol bgp tyler_tbc_ip6 from t_ext_ip6 {
	description "uplink to tyler/tbc over ipv6";
	neighbor 2001:67c:21bc:7fff:2:9:0:1 as 200533;
}


Mikrotik

TODO: explain config

/interface 6to4
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
    marla-ipv6-bsc remote-address=79.98.105.18
add comment="initlab ipv6" local-address=46.47.81.47 mtu=1480 name=\
    tyler-ipv6-bst remote-address=78.128.1.18
/routing bgp instance
set default as=65531
/ipv6 address
add address=2001:67c:21bc:7fff:1:4:0:2/120 advertise=no comment=uplink-marla \
    interface=marla-ipv6-bsc
add address=2001:67c:21bc:2:4e5e:cff:feb5:3e93 comment="lan" eui-64=\
    yes interface=bridge-lan
add address=2001:67c:21bc:7fff:2:4:1:2/120 advertise=no comment=uplink-tyler \
    interface=tyler-ipv6-bst
/routing bgp network
add network=2001:67c:21bc:2::/64 synchronize=no
/routing bgp peer
add address-families=ipv6 name=tyler remote-address=\
    2001:67c:21bc:7fff:2:4:1:1 remote-as=200533 ttl=default
add address-families=ipv6 name=marla remote-address=\
    2001:67c:21bc:7fff:1:4:0:1 remote-as=200533 ttl=default

Juniper

Juniper SRX

  • XX.XX.XX.XX is your local ip address

interfaces {
   ip-0/0/0 {
        unit 0 {
            tunnel {
                source XX.XX.XX.XX;
                destination 79.98.105.18;
                ttl 255;
            }
            family inet6 {
                address 2001:67c:21bc:7fff:0001:12:1:2/120;
            }
        }
        unit 1 {
            tunnel {
                source XX.XX.XX.XX;
                destination 78.128.1.18;
                ttl 255;
            }
            family inet6 {
                address 2001:67c:21bc:7fff:0002:12:0:2/120;
            }
        }
    }
}
routing-options {
    graceful-restart;
    rib inet6.0 {
        static {
            route 2001:67c:21bc:e::/64 {
                discard;
                as-path {
                    origin igp;
                }
            }
        }
    }
    router-id XX.XX.XX.XX;
    autonomous-system 65529;
}
protocols {
    bgp {
        group IPv6-BG-Tunnels {
            type external;
            import import-IPv6-ludost-net;
            family inet6 {
                any;
            }
            export export-IPv6-ludost-net;
            neighbor 2001:67c:21bc:7fff:0001:12:1:1 {
                local-address 2001:67c:21bc:7fff:0001:12:1:2;
                peer-as 200533;
                local-as 65529;
            }
            neighbor 2001:67c:21bc:7fff:0002:12:0:1 {
                local-address 2001:67c:21bc:7fff:0002:12:0:2;
                peer-as 200533;
                local-as 65529;
            }
        }
    }
}
policy-options {
    policy-statement export-IPv6-ludost-net {
        term 0 {
            from {
                route-filter 2001:67c:21bc:e::/64 exact;
            }
            then accept;
        }
        term default {
            then reject;
        }
    }
    policy-statement import-IPv6-ludost-net {
        term default {
            then accept;
        }
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
        }
    }
}