Friday, December 21, 2012

IPv6: using Link-local only IP on interconnects.

When I think of IPv6 I am always wondering why do I need to use some IP addresses on the devices' interconnections when they already have the Link-local address.
In the IPv4 world you have no choice but use /30 or /31 prefixes. Besides, IPv6 IGPs always use Link-local addresses in the routing updates as the next-hop, although they don't send their Link-local subnets in those updates (but as long as you have next-hop ip and the outgoing interface - it is enough).
There is an example of the topology:
As an IGP I will use EIGRP here. The configuration is as following:
R1:
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ipv6 address 2001::1/64
 ipv6 eigrp 1
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ipv6 address 2013::1/64
 ipv6 eigrp 1
!
ipv6 router eigrp 1
 no shutdown

R3:
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 ipv6 address 2003::1/64
 ipv6 eigrp 1
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ipv6 address 2013::3/64
 ipv6 eigrp 1
!
interface FastEthernet0/0.35
 encapsulation dot1Q 35
 ipv6 address 2035::3/64
 ipv6 eigrp 1
!
ipv6 router eigrp 1
 no shutdown

R5:
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0.5
 encapsulation dot1Q 5
 ipv6 address 2005::1/64
 ipv6 eigrp 1
!
interface FastEthernet0/0.35
 encapsulation dot1Q 35
 ipv6 address 2035::5/64
 ipv6 eigrp 1
!
ipv6 router eigrp 1
 no shutdown

Everything is pretty straightforward here even with those tremendous /64 prefixes on the interconnects.
R1#show ipv6 route           
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
       U - Per-user Static route, M - MIPv6
       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       D - EIGRP, EX - EIGRP external
C   2001::/64 [0/0]
     via ::, FastEthernet0/0.1
L   2001::1/128 [0/0]
     via ::, FastEthernet0/0.1
D   2003::/64 [90/261120]
     via FE80::C005:1DFF:FEFC:0, FastEthernet0/0.13
D   2005::/64 [90/263680]
     via FE80::C005:1DFF:FEFC:0, FastEthernet0/0.13
C   2013::/64 [0/0]
     via ::, FastEthernet0/0.13
L   2013::1/128 [0/0]
     via ::, FastEthernet0/0.13
D   2035::/64 [90/261120]
     via FE80::C005:1DFF:FEFC:0, FastEthernet0/0.13
L   FF00::/8 [0/0]
     via ::, Null0
But as long as IGPs don't use these prefixes (as their IPv4 IGP brothers) we can simply omit them. R1 as example:
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ipv6 enable #Firstly remove IPv6 address and then enable only the automatic Link-local address.
 ipv6 eigrp 1
R1#show ipv6 interface brief fa0/0.13
FastEthernet0/0.13         [up/up]
    FE80::C003:1DFF:FEFC:0
After completing the same on all the interconnects:
R1#show ipv6 route
C   2001::/64 [0/0]
     via ::, FastEthernet0/0.1
L   2001::1/128 [0/0]
     via ::, FastEthernet0/0.1
D   2003::/64 [90/261120]
     via FE80::C005:1DFF:FEFC:0, FastEthernet0/0.13
D   2005::/64 [90/263680]
     via FE80::C005:1DFF:FEFC:0, FastEthernet0/0.13
L   FF00::/8 [0/0]
     via ::, Null0
R1#ping 2005::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2005::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/52/72 ms
Everything is fine.

From RFC4291:
Link-Local addresses are for use on a single link.
...
Link-Local addresses are designed to be used for addressing on a single link for purposes such as automatic address configuration, neighbor discovery, or when no routers are present.
Routers must not forward any packets with Link-Local source or destination addresses to other links.
Ok let's check it - I removed all Global unicast addresses from R5:
R5#show ipv6 interface brief | exclude down
FastEthernet0/0            [up/up]
FastEthernet0/0.5          [up/up]
    unassigned
FastEthernet0/0.35         [up/up]
    FE80::C001:1BFF:FE9C:0
FastEthernet0/1            [up/up]
Loopback0                  [up/up]
R5#show ipv6 route
D   2001::/64 [90/263680]
     via FE80::C005:1BFF:FE9C:0, FastEthernet0/0.35
L   FF00::/8 [0/0]
     via ::, Null0
R5#ping 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R5#traceroute 2001::1
Type escape sequence to abort.
Tracing the route to 2001::1
  1 FE80::C005:1BFF:FE9C:0 32 msec 24 msec 20 msec
  2  *  *  *
  3  *  *  *
R5 is unable to reach 2001::/64 because it has no non-Link-local addresses. Even though it sends these packets:
But eventually R3 is not forwarding them. Interestingly, that R3 is able to ping 2001::/64:
R3#show ipv6 interface brief | exclude down
FastEthernet0/0            [up/up]
    FE80::C005:1BFF:FE9C:0
FastEthernet0/0.13         [up/up]
    FE80::C005:1BFF:FE9C:0
FastEthernet0/0.35         [up/up]
    FE80::C005:1BFF:FE9C:0
FastEthernet0/1            [up/up]
Loopback0                  [up/up]
R3#ping 2001::1 source fa0/0.35
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
Packet sent with a source address of FE80::C005:1BFF:FE9C:0
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/32 ms
So, there is only one limitation for not using Link-local only prefixes on the interconnections - routers will not forward packets with a Link-local ip as source or destination.
Nevertheless, at least one Unique local or Global IP you would have on a particular router at least for management, so there would not be any such cases.

Finally, I also encountered something interesting with the traceroute:
R1#traceroute ipv6 2005::1
Type escape sequence to abort.
Tracing the route to 2005::1
  1 2003::1 44 msec 24 msec 24 msec
  2 2005::1 24 msec 64 msec 44 msec
Next-hop for this prefix in the routing table is the Link-local address of R3's interface fa0/0.13 but in this trace R2 appears as it's interface fa0/0.3. As I found in the traceroute output router in the transit will always use any of it's regular IPv6 interfaces in the up/up state. And only when all those interfaces are down it will appear as it's link-local address on the appropriate interface:
R3#show ipv6 interface brief | exclude down
FastEthernet0/0            [up/up]
FastEthernet0/0.3          [up/up]
    FE80::C005:1DFF:FEFC:0
    2003::1
FastEthernet0/0.13         [up/up]
    FE80::C005:1DFF:FEFC:0
FastEthernet0/0.35         [up/up]
    FE80::C005:1DFF:FEFC:0
FastEthernet0/1            [up/up]
Loopback0                  [up/up]
And this is how traceroute looks like after fa0/0.3 on R3 was shut down:
R1#traceroute ipv6 2005::1
Type escape sequence to abort.
Tracing the route to 2005::1
  1 FE80::C005:1DFF:FEFC:0 56 msec 44 msec 20 msec
  2 2005::1 28 msec 52 msec 24 msec

Update:
I received pretty interesting reason why not to use Link-Local only IPs from Marko Milivojevic on CLN:
Correct, but think of multiple paths through the network. If you're always getting responses from the Loopback, how can you tell which path your packets took? ;-)
 So, in conclusion, yes, you can, but it depends.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)