L3 switching: IPv6

Showing posts with label IPv6. Show all posts

Monday, April 28, 2014

IS-IS configuration.

IS-IS was a terra incognita for me for a long time, even though I used to configure several networks with IS-IS (copy'n'paste mostly). Since IS-IS is excluded from CCNP R&S track I decided to study it on my own.
This post will observe basic configuration and some best practices for IS-IS.
The topology is as following:

I adjusted several settings so let's investigate configurations.
R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis 1 #I find it convenient to configure routing process under the interface level.
isis metric 123 #One of the ways to change the interface metric.
!
interface FastEthernet0/0.123
encapsulation dot1Q 123
ip address 10.0.123.1 255.255.255.0
ip router isis 1
isis circuit-type level-2-only #It is excess command, since L2 only is set under the router configuration.
!
router isis 1
net 49.0001.0010.0100.1001.00 #I embedded loopbacks interfaces.
metric-style wide #Without this the maximum metric value is 64. By default all interfaces use the metric of 10 regardless of bandwidth.
is-type level-2-only

R4:
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip router isis 1
!
interface Loopback1 #Loopbacks below are created for summarization's sake.
ip address 10.0.0.1 255.255.255.252
ip router isis 1
!
interface Loopback2
ip address 10.0.0.5 255.255.255.252
ip router isis 1
!
interface Loopback3
ip address 10.0.0.9 255.255.255.252
ip router isis 1
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ip address 10.0.24.4 255.255.255.0
ip router isis 1
isis network point-to-point #Like with OSPF you can set the network type, the choice is limited though.
isis hello-interval 2 #Unlike OSPF timers do not have to match between neighbors.
!
router isis 1
net 49.0002.0040.0400.4004.00
metric-style wide
is-type level-1

R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip router isis 1
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ip address 10.0.24.2 255.255.255.0
ip router isis 1
isis network point-to-point
!
interface FastEthernet0/0.123
encapsulation dot1Q 123
ip address 10.0.123.2 255.255.255.0
ip router isis 1
isis priority 123 #I selected R2 as DIS (analogous to OSPF DR, but there is no BDR).
!
router isis 1
net 49.0002.0020.0200.2002.00
metric-style wide
summary-address 10.0.0.0 255.255.255.240 #This will create aggregated prefix for L1 and L2.

Ok, basic connectivity is established, let's check what do we have.
R2#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R1 L2 Fa0/0.123 10.0.123.1 UP 28 R2.02
R3 L2 Fa0/0.123 10.0.123.3 UP 25 R2.02
R4 L1 Fa0/0.24 10.0.24.4 UP 23 02

R4 is L1 only router so it should receive only default route (Like R5):
R4#show ip route
Gateway of last resort is 10.0.24.2 to network 0.0.0.0
2.0.0.0/32 is subnetted, 1 subnets
i L1 2.2.2.2 [115/20] via 10.0.24.2, FastEthernet0/0.24
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.0.8/30 is directly connected, Loopback3
C 10.0.0.0/30 is directly connected, Loopback1
C 10.0.0.4/30 is directly connected, Loopback2
C 10.0.24.0/24 is directly connected, FastEthernet0/0.24
i L1 10.0.123.0/24 [115/20] via 10.0.24.2, FastEthernet0/0.24
i*L1 0.0.0.0/0 [115/10] via 10.0.24.2, FastEthernet0/0.24
Actually, R2 doesn't advertise this route, rather R4 creates it on its own and installs in the routing table.

Only L1/2 routers can summarize (R2):
R1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
i L2 2.2.2.2 [115/20] via 10.0.123.2, FastEthernet0/0.123
3.0.0.0/32 is subnetted, 1 subnets
i L2 3.3.3.3 [115/20] via 10.0.123.3, FastEthernet0/0.123
4.0.0.0/32 is subnetted, 1 subnets
i L2 4.4.4.4 [115/30] via 10.0.123.2, FastEthernet0/0.123
5.0.0.0/32 is subnetted, 1 subnets
i L2 5.5.5.5 [115/30] via 10.0.123.3, FastEthernet0/0.123
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
i L2 10.0.0.0/28 [115/30] via 10.0.123.2, FastEthernet0/0.123 #As configured on R2.
i L2 10.0.24.0/24 [115/20] via 10.0.123.2, FastEthernet0/0.123
i L2 10.0.35.0/24 [115/20] via 10.0.123.3, FastEthernet0/0.123
C 10.0.123.0/24 is directly connected, FastEthernet0/0.123

R2#show ip route
1.0.0.0/32 is subnetted, 1 subnets
i L2 1.1.1.1 [115/133] via 10.0.123.1, FastEthernet0/0.123
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
i L2 3.3.3.3 [115/20] via 10.0.123.3, FastEthernet0/0.123
4.0.0.0/32 is subnetted, 1 subnets
i L1 4.4.4.4 [115/20] via 10.0.24.4, FastEthernet0/0.24
5.0.0.0/32 is subnetted, 1 subnets
i L2 5.5.5.5 [115/30] via 10.0.123.3, FastEthernet0/0.123
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
i L1 10.0.0.8/30 [115/20] via 10.0.24.4, FastEthernet0/0.24
i L1 10.0.0.0/30 [115/20] via 10.0.24.4, FastEthernet0/0.24
i su 10.0.0.0/28 [115/20] via 0.0.0.0, Null0 #Notice summary route.
i L1 10.0.0.4/30 [115/20] via 10.0.24.4, FastEthernet0/0.24
C 10.0.24.0/24 is directly connected, FastEthernet0/0.24
i L2 10.0.35.0/24 [115/20] via 10.0.123.3, FastEthernet0/0.123
C 10.0.123.0/24 is directly connected, FastEthernet0/0.123

Let's check that DIS was elected correctly:

R3#show clns interface f0/0.123

FastEthernet0/0.123 is up, line protocol is up

Checksums enabled, MTU 1497, Encapsulation SAP

ERPDUs enabled, min. interval 10 msec.

CLNS fast switching enabled

CLNS SSE switching disabled

DEC compatibility mode OFF for this interface

Next ESH/ISH in 12 seconds

Routing Protocol: IS-IS

Circuit Type: level-1-2

Interface number 0x1, local circuit ID 0x2

Level-1 Metric: 10, Priority: 64, Circuit ID: R3.02

DR ID: 0000.0000.0000.00

Level-1 IPv6 Metric: 10

Number of active level-1 adjacencies: 0

Level-2 Metric: 10, Priority: 64, Circuit ID: R2.02

DR ID: R2.02

Level-2 IPv6 Metric: 10

Number of active level-2 adjacencies: 2

Next IS-IS LAN Level-1 Hello in 2 seconds #I haven't found the exact command to check timers on the interface, the only way as with EIGRP is to periodically repeat this command.

Next IS-IS LAN Level-2 Hello in 65 milliseconds

Next, let's configure IS-IS authentication.

Basic L1 plain text authentication:

R4 & R2:

router isis 1

area-password ISIS-L1-PASS

This doesn't authenticate Hello packets, thus the neighborship is established, but no routes are accepted.

L2 plain text authentication:

R1 & R2 & R3:

router isis 1

domain-password ISIS-L2-PASS authenticate snp validate #Here we authenticate and validate SNP packets. But not Hello packets.

For area 3 I will use L1 md5 authentication (for L2 it is applicable as well):

R3 & R5:

key chain ISIS-KEY-CHAIN

key 1

key-string ISIS-MD5-L1

interface FastEthernet0/0.35

isis authentication mode md5 level-1

isis authentication key-chain ISIS-KEY-CHAIN level-1

Notice that per interface authentication configuration forces Hello packets to include authentication information, thus preventing neighborship to be established.

Now let's cover an interesting behavior of IS-IS when redistributing between protocols.

In the topology above I will add R6 and configure RIP between R6 and R1:

R1:

interface FastEthernet0/0.16

encapsulation dot1Q 16

ip address 20.0.16.1 255.255.255.0

router rip

version 2

network 20.0.0.0

no auto-summary

R6:

interface Loopback0

ip address 6.6.6.6 255.255.255.255

interface FastEthernet0/0.16

encapsulation dot1Q 16

ip address 20.0.16.6 255.255.255.0

router rip

version 2

network 6.0.0.0

network 20.0.0.0

no auto-summary

Now let's redistribute IS-IS into RIP and vice versa:

R1:

router rip

redistribute isis 1 level-2 metric 5

router isis 1

redistribute rip metric 15

R6:

R6#show ip route

2.0.0.0/32 is subnetted, 1 subnets

R 2.2.2.2 [120/5] via 20.0.16.1, 00:00:06, FastEthernet0/0.16

3.0.0.0/32 is subnetted, 1 subnets

R 3.3.3.3 [120/5] via 20.0.16.1, 00:00:06, FastEthernet0/0.16

4.0.0.0/32 is subnetted, 1 subnets

R 4.4.4.4 [120/5] via 20.0.16.1, 00:00:06, FastEthernet0/0.16

20.0.0.0/24 is subnetted, 1 subnets

C 20.0.16.0 is directly connected, FastEthernet0/0.16

5.0.0.0/32 is subnetted, 1 subnets

R 5.5.5.5 [120/5] via 20.0.16.1, 00:00:07, FastEthernet0/0.16

6.0.0.0/32 is subnetted, 1 subnets

C 6.6.6.6 is directly connected, Loopback0

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

R 10.0.0.0/28 [120/5] via 20.0.16.1, 00:00:07, FastEthernet0/0.16

R 10.0.24.0/24 [120/5] via 20.0.16.1, 00:00:07, FastEthernet0/0.16

R 10.0.35.0/24 [120/5] via 20.0.16.1, 00:00:07, FastEthernet0/0.16

Notice that R6 has no route to 10.0.123.0/24. And the reason for this is that IS-IS doesn't redistribute connected prefixes, which is odd in my opinion. The same rule applies to IPv6 (even though I haven't found the way to redistribute RIPng into IS-IS).

To fix this we can use just "redistribute connected", but I'll do it the right way (:

ip prefix-list CONNECTED-2-RIP seq 5 permit 10.0.123.0/24

ip prefix-list CONNECTED-2-RIP seq 10 deny 0.0.0.0/0 le 32

route-map CONNECTED-2-RIP permit 10

match ip address prefix-list CONNECTED-2-RIP

route-map CONNECTED-2-RIP deny 100

router rip

redistribute connected route-map CONNECTED-2-RIP

Voila:

R6#show ip route 10.0.123.0

Routing entry for 10.0.123.0/24

Known via "rip", distance 120, metric 1

Redistributing via rip

Last update from 20.0.16.1 on FastEthernet0/0.16, 00:00:17 ago

Routing Descriptor Blocks:

* 20.0.16.1, from 20.0.16.1, 00:00:17 ago, via FastEthernet0/0.16

Route metric is 1, traffic share count is 1

Now let's apply some best practices (I'll use R5 as example):

interface FastEthernet0/0.35

isis hello-multiplier 4 #Hello-interval * Hello-multiplier = Hold time.

isis hello-interval minimal #Sets helllo interval to 1 second.

router isis 1

ispf level-1-2 60 #Interval before iSFP execution.

fast-flood 15 #The number of LSPs to be sent before SPF is run.

set-overload-bit on-startup 180 #Signals to other routers not to use this router as a transit point.

max-lsp-lifetime 65535 #This reduces the flooding.

lsp-refresh-interval 65505 #And this too.

spf-interval 5 1 20 #Throttling of SPF calculations.

lsp-gen-interval 5 1 20 #Throttling of LSP generation.

no hello padding #By default Hello packets are padded to match MTU size of the interface.

bfd all-interfaces #Simple and so powerful.

Ok, We've done with IPv4, time to add IPv6 stuff to the topology:

R2:

ipv6 unicast-routing

interface FastEthernet0/0.24

ipv6 address 2024::2/64

ipv6 router isis 1

interface FastEthernet0/0.123

ipv6 address 2123::2/64

ipv6 router isis 1

R1:

ipv6 unicast-routing

interface FastEthernet0/0.123

ipv6 address 2123::1/64

ipv6 router isis 1

Other routers are configured similar.

R1#show ipv6 route

I2 2024::/64 [115/20]

via FE80::C002:12FF:FE5C:0, FastEthernet0/0.123

I2 2035::/64 [115/20]

via FE80::C004:1DFF:FE8C:0, FastEthernet0/0.123

C 2123::/64 [0/0]

via ::, FastEthernet0/0.123

L 2123::1/128 [0/0]

via ::, FastEthernet0/0.123

L FF00::/8 [0/0]

via ::, Null0

Notice that the same IS-IS process is used for both IPv4 and IPv6, because IS-IS doesn't rely on multicast (as most of IPv4 IGPs).

The topology used along with the configuration files is available here.

Some useful tips: IS-IS NOTES

Thursday, September 5, 2013

Dynamic IPv6 point-to-multipoint tunnels configuration.

This post is a continuation of the previous one.Recently I was preparing to my CCDA and realised that I remember almost nothing regarding dynamic multipoint IPv6 tunnels.
With dynamic multipoint tunnels we have two options - automatic 6to4 tunnels and ISATAP tunnels. Both options work pretty similarly.

Automatic 6to4 tunnels.
For this type of tunnels you can choose which type of IPv6 addresses you will provide to your users/customers - private or unique global (routable).
If you don't need the Internet access you can assign addresses from those reserved for 6to4 tunnels - 2002::/16.
The topology is as following:

R2 is IPv4 only router (no ipv6 unicast-routing enabled). R1, R3 and R4 will use dynamic IPv6 tunnels. The topology and configuration is very simple so I won't provide it here. As IGP I will use OSPF with single area.
With dynamic tunnels you don't need to specify tunnel destination, only the source. And if you have any kind of redundancy in the topology it is better to use loopbacks.
The idea is that you incorporate IPv4 address in the 2nd and 3rd quartets of the IPv6 address 2002::/16, which is specially reserved for these tunnels.
For R1 as example it will be 2002:0101:0101::/48. And then you just subnetting this prefix for your LANs. In my topology customers receive network 2002:101:101:1::/64 (for R1).
Then for tunnel you assign the ip address from the first subnet with prefix length of 128 (thus host prefix) - 2002:101:101::/128.
In order for all this to work you need to create a static route for prefix 2002::/16 pointing to your tunnel interface (since dynamic IPv6 tunnels don't support IGPs). Then when a router receives a packet destined to remote IPv6 branch it will deduce destination IPv4 address from destination IPv6 address (2nd and 3rd quartets) and send it to appropriate router.
Configuration is fairly simple:
R1:
ipv6 unicast-routing #I spend about 20 minutes trying to figure out why my lab was refusing to work.
!
interface Tunnel0
ipv6 address 2002:101:101::/128
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet1/0
ipv6 address 2002:101:101:1::1/64
!
ipv6 route 2002::/16 Tunnel0 #This route will cover all the tunnels and customers addresses.

R3:
ipv6 unicast-routing
!
interface Tunnel0
ipv6 address 2002:303:303::/128
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet1/0
ipv6 address 2002:303:303:1::3/64
!
ipv6 route 2002::/16 Tunnel0

VPCS[1]> ping 2002:303:303:1::100
2002:303:303:1::100 icmp6_seq=1 ttl=60 time=94.064 ms
2002:303:303:1::100 icmp6_seq=2 ttl=60 time=69.046 ms

VPCS[1]> trace 2002:303:303:1::100
trace to 2002:303:303:1::100, 64 hops max
1 2002:101:101:1::1   16.011 ms 9.005 ms 9.005 ms
2 2002:303:303::   59.039 ms 49.033 ms 48.035 ms
3 2002:303:303:1::100   69.046 ms 59.040 ms 89.059 ms

In theory, you can use any /16 prefix for this type of tunnels and addresses assignement while you use related static route and incorporate IPv4 address in the 2nd and 3rd quarters of the tunnel's IP.
And this is how it works when you assign global unique routable addresses to you customers. The only difference is that you need to specify a static route for each branch LAN including next hop ip (remote tunnel IPv6 address) in order to recursive lookup to work.
Let's consider the same topology but with public addresses (ISP assigned prefix 2999:10:20::/48 to your company and you use /64 subnets):

R1:
ipv6 unicast-routing
!
interface Tunnel0
ipv6 address 2002:101:101::/128 #The same 2002::/16 prefix for tunnels sources.
tunnel source Loopback0
tunnel mode ipv6ip 6to4
!
interface FastEthernet1/0
ipv6 address 2999:10:20:1::1/64 #And different subnet for customers.
!
ipv6 route 2002::/16 Tunnel0
ipv6 route 2999:10:20:3::/64 Tunnel0 2002:303:303:: #Separate statis route for each branch LAN.
ipv6 route 2999:10:20:4::/64 Tunnel0 2002:404:404::

Configuration of R3 and R4 is similar.
VPCS[2]> ping 2999:10:20:1::100
2999:10:20:1::100 icmp6_seq=1 ttl=60 time=92.064 ms
2999:10:20:1::100 icmp6_seq=2 ttl=60 time=60.038 ms

VPCS[2]> trace 2999:10:20:1::100
trace to 2999:10:20:1::100, 64 hops max
1 2999:10:20:3::1   13.007 ms 10.008 ms 9.005 ms
2 2002:101:101::   59.039 ms 49.032 ms 59.040 ms
3 2999:10:20:1::100   59.039 ms 69.046 ms 59.039 ms

ISATAP tunnels.
With ISATAP tunnels you don't have reserved address space like 2002::/16 and you have to use global unicast. The good thing is that all of your tunnel sources are in the same subnet, because ISATAP incorporates IPv4 address in 7th and 8th quartets using changed EUI-64 logic.
The topology is almost the same, only tunnel addresses were changed:

R1:
ipv6 unicast-routing
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel0
ipv6 address 2000::/64 eui-64 #Here I use 2000::/64 for my tunnels. EUI-64 is a must for this type of tunnels. It uses changed EUI-64 logic - incorporate IPv4 address in 7th and 8th quartets and add 0000:5EFE before them (5th and 6th quartets respectively).
tunnel source Loopback0
tunnel mode ipv6ip isatap
!
interface FastEthernet1/0
ipv6 address 2999:10:20:1::1/64 #Customers use the same networks.
!
ipv6 route 2999:10:20:3::/64 2000::5EFE:303:303 #As with automatic 6to4 tunnels you need a static route for each brach LAN. Notice that there is remote tunnel source IPv6 address of R3.
ipv6 route 2999:10:20:4::/64 2000::5EFE:404:404

Configuration of R3 and R4 is similar.
VPCS[2]> ping 2999:10:20:1::100
2999:10:20:1::100 icmp6_seq=1 ttl=60 time=95.062 ms
2999:10:20:1::100 icmp6_seq=2 ttl=60 time=81.054 ms

VPCS[2]> trace 2999:10:20:1::100
trace to 2999:10:20:1::100, 64 hops max
1 2999:10:20:3::1   15.011 ms 9.004 ms 10.007 ms
2 2000::5efe:101:101   61.042 ms 49.033 ms 51.034 ms
3 2999:10:20:1::100   60.040 ms 61.041 ms 81.054 ms

Even though these dynamic tunnels are convenient and simple in use, the scalability isn't their strong side (except maybe Automatic tunnels using 2002::/16). I would recommend them only when you really have no opportunity to implement dual stack.
P.S.: and my simple mind map as a bonus:

Saturday, February 16, 2013

Static IPv6 point-to-point tunnels configuration.

This post is just a refresher, because knowledge that you don't use prone to vanish.
For point-to-point tunnels there are two options available - manual tunnels (RFC 4213) and GRE tunnels (RFC 2784). Both options support IGPs, IPv6 multicast, etc. Besides, GRE tunnels can carry not only IPv6 payload.
Let's consider both options. The topology is as following:

Basic configuration is straightforward using OSPF as IGP for interconnects and loopback interfaces. R1 as example:
ipv6 unicast-routing
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 10.0.12.1 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
!
interface FastEthernet0/1
no ip address
ipv6 address 2001::1/64
!
R1#show ip route
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 10.0.12.2, 00:05:33, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/3] via 10.0.12.2, 00:05:33, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.0.12.0 is directly connected, FastEthernet0/0
O       10.0.23.0 [110/2] via 10.0.12.2, 00:05:33, FastEthernet0/0
R1#show ipv6 route
C   2001::/64 [0/0]
     via ::, FastEthernet0/1
L   2001::1/128 [0/0]
     via ::, FastEthernet0/1
L   FF00::/8 [0/0]
     via ::, Null0
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/80 ms
R1#ping 2001::100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/52 ms
R2 is IPv4-only enabled and can be represented as IPv4-only cloud.

Manual IPv6 point-to-point tunnels.
R1:
interface Tunnel0 #Tunnel number is only locally significant and doesn't have to match on both ends.
no ip address
ipv6 address 2013::1/64 #After setting up this interface will be treated as regular interface.
ipv6 ospf 1 area 0 #To reach remote prefixes you can use static routes instead.
tunnel source Loopback0 #You can specify source interface or IP address. It only have to be in the up/up state, otherwise tunnel interface won't become up/up.
tunnel destination 3.3.3.3 #This pair of source and destination have to match on both ends of the tunnel.
tunnel mode ipv6ip #Default mode is GRE.
!
interface FastEthernet0/1
no ip address
ipv6 address 2001::1/64 #Don't forget to add client's prefixes into IPv6 IGP.
ipv6 ospf 1 area 0
R3:
interface Tunnel1
no ip address
ipv6 address 2013::3/64
ipv6 ospf 1 area 0
tunnel source 3.3.3.3 #If a network has redundant paths it is better to use logical interfaces for reachability.
tunnel destination 1.1.1.1
tunnel mode ipv6ip
!
interface FastEthernet0/0
no ip address
ipv6 address 2002::1/64
ipv6 ospf 1 area 0
So, that's it:
R1#show ipv6 route
C   2001::/64 [0/0]
     via ::, FastEthernet0/1
L   2001::1/128 [0/0]
     via ::, FastEthernet0/1
O   2002::/64 [110/11112]
     via FE80::303:303, Tunnel0
C   2013::/64 [0/0]
     via ::, Tunnel0
L   2013::1/128 [0/0]
     via ::, Tunnel0
L   FF00::/8 [0/0]
     via ::, Null0

VPCS[1]> ping 2002::100
2002::100 icmp6_seq=1 ttl=60 time=90.000 ms
2002::100 icmp6_seq=2 ttl=60 time=90.000 ms
2002::100 icmp6_seq=3 ttl=60 time=95.000 ms
2002::100 icmp6_seq=4 ttl=60 time=85.000 ms
2002::100 icmp6_seq=5 ttl=60 time=100.000 ms

VPCS[1]> tracert 2002::100
traceroute to 2002::100, 64 hops max
1 2001::1   35.000 ms 30.000 ms 25.000 ms
2 2013::3   65.000 ms 80.000 ms 65.000 ms
3 2002::100   90.000 ms 85.000 ms 100.000 ms

One thing to mention:
R1#show ipv6 interface tunnel 0 | include FE80
IPv6 is enabled, link-local address is FE80::101:101
R3#show ipv6 interface tunnel 1 | include FE80
IPv6 is enabled, link-local address is FE80::303:303
In Link-Local address of manual IPv6 tunnel interfaces last 32 bits represent configured source IPv4 address.

GRE IPv6 point-to-point tunnels.
The only difference in configuration is encapsulation type. And as IOS default to "tunnel mode gre ip" you can just omit command "tunnel mode" (it won't be displayed in the configuration anyway).
R1:
interface Tunnel0
no ip address
ipv6 address 2013::1/64
ipv6 ospf 1 area 0
tunnel source Loopback0
tunnel destination 3.3.3.3
R3:
interface Tunnel1
no ip address
ipv6 address 2013::3/64
ipv6 ospf 1 area 0
tunnel source 3.3.3.3
tunnel destination 1.1.1.1
And the result is the same:
VPCS[2]> tracert 2001::100
traceroute to 2001::100, 64 hops max
1 2002::1   35.000 ms 20.000 ms 25.000 ms
2 2013::1   75.000 ms 75.000 ms 75.000 ms
3 2001::100   95.000 ms 90.000 ms 90.000 ms
Nevertheless GRE tunnel interfaces are slightly different:
R1#show ipv6 interface tunnel 0 | include FE80
IPv6 is enabled, link-local address is FE80::C000:13FF:FEA8:0
Link-Local address is derived from first physical interface using EUI-64:
R1#show interfaces fastEthernet 0/0 | include bia
Hardware is Gt96k FE, address is c200.13a8.0000 (bia c200.13a8.0000)
This is because tunnel interface is a logical interface, thus it doesn't have physical mac-address.
These tunnel types also use different MTU values due to different encapsulation headers.

Saturday, January 12, 2013

OSPFv3 configuration.

This lab tries to duplicate the previous one but this time with OSPFv3. I am going to implement all the OSPF features from this post.
The topology was also changed for the simplicity sake and now is as following:

Although in this lab I could use Link-Local only addresses on the interconnects (the reasons were explained in this post).I used global unicast addresses.
At first only basic configs:
R1:
ipv6 unicast-routing #It is required for IPv6 dynamic routing protocols to work.
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255 #If you don't have any IPv4 interface in the Up/Up state, you will need to manually configure router-id under the router configuration or routing process won't start.
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ipv6 address 2001::1/64
ipv6 ospf 1 area 1 #You don't have to specify "network" command anymore. Such a relief for someone.
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ipv6 address 2012::1/64
ipv6 ospf 1 area 2
!
interface FastEthernet0/0.13
encapsulation dot1Q 13
ipv6 address 2013::1/64
ipv6 ospf hello-interval 5 #OSPF hello and dead intervlas are configured almost the same as for OSPFv2.
ipv6 ospf dead-interval 10 #And both parameters still have to match on both ends of the link.
ipv6 ospf 1 area 1
!
ipv6 router ospf 1 #Process number is still only locally significant. (Each router will use different process-id).
log-adjacency-changes
auto-cost reference-bandwidth 1000 #I changed the reference-bandwidth in order to decrease metric values in the routing table.
passive-interface default
no passive-interface FastEthernet0/0.12
no passive-interface FastEthernet0/0.13

R2:
ipv6 unicast-routing
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ipv6 address 2002::1/64
ipv6 ospf 2 area 2
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ipv6 address 2012::2/64
ipv6 ospf 2 area 2
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ipv6 address 2024::2/64
!
ipv6 router ospf 2
log-adjacency-changes
auto-cost reference-bandwidth 1000
passive-interface FastEthernet0/0.2
passive-interface FastEthernet0/0.24
R3:
ipv6 unicast-routing
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ipv6 address 2003::1/64
ipv6 ospf 3 area 0
!
interface FastEthernet0/0.13
encapsulation dot1Q 13
ipv6 address 2013::3/64
ipv6 ospf hello-interval 5 #The same timers as on R1.
ipv6 ospf dead-interval 10
ipv6 ospf 3 area 1
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ipv6 address 2034::3/64
ipv6 mtu 1400 #As with OSPFv2 MTU mismatch can cause unexpected results.
ipv6 ospf 3 area 3
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ipv6 address 2035::3/64
ipv6 ospf network point-to-point #Network types logically the same.
ipv6 ospf 3 area 0
!
ipv6 router ospf 3
log-adjacency-changes
auto-cost reference-bandwidth 1000R4:
ipv6 unicast-routing
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ipv6 address 2004::1/64
ipv6 ospf 4 area 3
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ipv6 address 2024::4/64
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ipv6 address 2034::4/63
ipv6 mtu 1400
ipv6 ospf 4 area 3
!
interface FastEthernet0/0.46
encapsulation dot1Q 46
ipv6 address 2046::4/64
ipv6 ospf network non-broadcast #This prevents OSPF multicast on the interface, which requires static neighbor specification. See below.
ipv6 ospf neighbor FE80::C002:15FF:FE18:0 #You can use only Link-Local address for neighbors.
ipv6 ospf 4 area 4
!
ipv6 router ospf 4
log-adjacency-changes
auto-cost reference-bandwidth 1000
R5:
ipv6 unicast-routing
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ipv6 address 2005::1/64
ipv6 ospf 5 area 0
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ipv6 address 2035::5/64
ipv6 ospf network point-to-point
ipv6 ospf 5 area 0
!
interface FastEthernet0/0.56
encapsulation dot1Q 56
ipv6 address 2056::5/64
ipv6 ospf 5 area 4
!
ipv6 router ospf 5
router-id 55.55.55.55 #Notice that RID was changed although interface loopback 0 was preconfigured. This kind of reconfiguraation requires process clearing.
log-adjacency-changes
auto-cost reference-bandwidth 1000
R6:
ipv6 unicast-routing
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0.6
encapsulation dot1Q 6
ipv6 address 2006::1/64
ipv6 ospf cost 1 #You also can change the metric of the route by adjusting the bandwidth.
ipv6 ospf 6 area 4
!
interface FastEthernet0/0.46
encapsulation dot1Q 46
ipv6 address 2046::6/64
ipv6 ospf network non-broadcast
ipv6 ospf priority 200 #Even though network type non-broadcast prevents dynamic neighbor discovery, they still form DR/BDR relationship.
ipv6 ospf neighbor FE80::C000:15FF:FE18:0
ipv6 ospf 6 area 4
!
interface FastEthernet0/0.56
encapsulation dot1Q 56
ipv6 address 2056::6/64
ipv6 ospf 6 area 4
!
ipv6 router ospf 6
log-adjacency-changes
auto-cost reference-bandwidth 1000
maximum-paths 13 #It is still the same and depend on the platform.

While I was performing this basic configuration I noticed that at least my IOS (12.4) doesn't support "max-lsa" command. Maybe they think that low-end routers wouldn't use OSPFv3.1

Just to check that everything is working as expected:
R3#show ipv6 route ospf
O   2001::/64 [110/20]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O   2001::1/128 [110/10]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O   2004::/64 [110/20]
     via FE80::C000:15FF:FE18:0, FastEthernet0/0.34
O   2005::/64 [110/20]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2006::/64 [110/21]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
O   2034::/63 [110/10]
     via ::, FastEthernet0/0.34
OI 2046::/64 [110/30]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2056::/64 [110/20]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
At this point area 2 is orphaned (no 2002::/64 prefix), let's create a virtual link for it:
R1:
ipv6 router ospf 1
area 1 virtual-link 3.3.3.3 authentication ipsec spi 256 md5 ABCDEFABCDEFABCDEFABCDEFABCDEFAB
R3:
ipv6 router ospf 3
area 1 virtual-link 1.1.1.1 authentication ipsec spi 256 md5 ABCDEFABCDEFABCDEFABCDEFABCDEFAB
You can use IPSec stack for either authentication or encryption but not both.
R3#show ipv6 ospf 3 neighbor
Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
1.1.1.1           1   FULL/ -           -        31              OSPFv3_VL0
55.55.55.55       1   FULL/ -        00:00:35    27              FastEthernet0/0.35
1.1.1.1           1   FULL/BDR        00:00:09    28              FastEthernet0/0.13
4.4.4.4           1   FULL/BDR        00:00:31    28              FastEthernet0/0.34
R3#show ipv6 route ospf
O   2001::/64 [110/20]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O   2001::1/128 [110/10]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
OI 2002::/64 [110/30]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O   2004::/64 [110/20]
     via FE80::C000:15FF:FE18:0, FastEthernet0/0.34
O   2005::/64 [110/20]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2012::/64 [110/20]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
O   2034::/63 [110/10]
     via ::, FastEthernet0/0.34
OI 2056::/64 [110/20]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
2002::/64 is now here.
OSPFv3 doesn't support useless clear text authentication, it relies on IPSec instead. But the implementation is pretty complicated unlike EIGRP for IPv6. So let's try other features.

Route summarization.
There are two options for it - summary on ABR and ASBR. There is no ASBR yet, so let's implement summarization on R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ipv6 address 2100::1/64
ipv6 ospf network point-to-point #Without this network type statement these prefixes will be advertised as /128.
ipv6 ospf 5 area 4
!
interface Loopback1
no ip address
ipv6 address 2101::1/64
ipv6 ospf network point-to-point
ipv6 ospf 5 area 4
R3#show ipv6 route ospf
<output omitted>
OI 2100::/64 [110/11]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OI 2101::/64 [110/11]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
Both prefixes are here now. Back to R5:
ipv6 router ospf 5
area 4 range 2100::/15
R3#show ipv6 route ospf
<output omitted>
OI 2100::/15 [110/11]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
So there are no more specific prefixes.
Now let's make R1 ASBR by adding a couple of loopback into the RIPng:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ipv6 address 2200::1/64
ipv6 rip RIP enable
!
interface Loopback1
no ip address
ipv6 address 2201::1/64
ipv6 rip RIP enable
!
ipv6 router ospf 1
redistribute rip RIP include-connected #Interestingly, by default IPv6 IGPs don't redistribute connected networks. In this case it would lead to that OSPFv3 won't redistribute any RIPng prefixes.
R3#show ipv6 route ospf
<output omitted>
OE2 2200::/64 [110/20]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
OE2 2201::/64 [110/20]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
And after summarization on ASBR:
ipv6 router ospf 1
summary-prefix 2200::/15
R3#show ipv6 route ospf
<output omitted>
OE2 2200::/15 [110/20]
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.13
Also notice that OSPFv3 as OSPFv2 has a default metric value for redistributed prefixes.

Route filtering.
At first let's try distribute list. It is not exactly route filtering (actual LSAs are still in the LSDB, but particular prefix won't be installed in the routing table).
Before:
R4#show ipv6 route 2200::/15
OE2 2200::/15 [110/20]
     via FE80::C005:15FF:FE18:0, FastEthernet0/0.34
And after:
ipv6 router ospf 4
distribute-list prefix-list no2200::/15 in #Only prefix lists are supported.
!
ipv6 prefix-list no2200::/15 seq 5 deny 2200::/15
ipv6 prefix-list no2200::/15 seq 10 permit ::/0 le 128
R4#show ipv6 route 2200::/15
% Route not found
But the LSA is still in the LSDB:
R4#show ipv6 ospf database | begin External
                Type-5 AS External Link States
ADV Router      Age         Seq#        Prefix
1.1.1.1         635         0x80000001 2200::/15

In OSPFv2 world you are able to filter LSA 3, 5 and 7 with filter lists. But you cannot do it with OSPFv3, which is pretty strange. The only design option is using stub areas with the default route.

Stub areas.
There are not so much routers in my topology, so I will combine area types.
Let's make area 3 stub area, which will lead to absence of LSA 5.
R4 actually has a link in the area 4 which have to be shutdown to prevent LSA5 leak.
interface FastEthernet0/0.46
shutdown
!
R4#show ipv6 ospf database | begin External
                Type-5 AS External Link States
ADV Router      Age         Seq#        Prefix
1.1.1.1         1778        0x80000003 2200::/15
After making area 3 stub:
R3:
ipv6 router ospf 3
area 3 stub
R4:
ipv6 router ospf 4
area 3 stub
R4#show ipv6 ospf database external
            OSPFv3 Router with ID (4.4.4.4) (Process ID 4)
R4#
Ok, now let's make this area totally stubby (just add "no-summary" on the ABR):
R4#show ipv6 ospf database | begin Inter
                Inter Area Prefix Link States (Area 3)
ADV Router      Age         Seq#        Prefix
3.3.3.3         464         0x8000000C 2013::/64
3.3.3.3         464         0x8000000C 2035::/64
3.3.3.3         1497        0x80000009 2003::/64
3.3.3.3         464         0x80000008 2005::/64
3.3.3.3         464         0x80000008 2056::/64
3.3.3.3         985         0x80000004 2100::/15
3.3.3.3         464         0x80000004 2001::/64
3.3.3.3         464         0x80000004 2001::1/128
3.3.3.3         464         0x80000004 2035::3/128
3.3.3.3         464         0x80000004 2012::/64
3.3.3.3         464         0x80000004 2002::/64
3.3.3.3         269         0x80000001 ::/0
3.3.3.3         57          0x80000001 2046::/64
3.3.3.3         57          0x80000001 2006::/64

R3:
ipv6 router ospf 3
area 3 stub no-summary
R4#show ipv6 ospf database
            OSPFv3 Router with ID (4.4.4.4) (Process ID 4)
                Router Link States (Area 3)
ADV Router      Age         Seq#        Fragment ID Link count Bits
3.3.3.3         62          0x8000001B 0            1           B
4.4.4.4         22          0x80000023 0            1           None
                Net Link States (Area 3)
ADV Router      Age         Seq#        Link ID    Rtr count
3.3.3.3         259         0x80000001 28         2
                Inter Area Prefix Link States (Area 3)
ADV Router      Age         Seq#        Prefix
3.3.3.3         80          0x80000002 ::/0
                Link (Type-8) Link States (Area 3)
ADV Router      Age         Seq#        Link ID    Interface
3.3.3.3         393         0x8000000A 28         Fa0/0.34
4.4.4.4         56          0x8000000F 28         Fa0/0.34
4.4.4.4         62          0x80000001 26         Fa0/0.4
                Intra Area Prefix Link States (Area 3)
ADV Router      Age         Seq#        Link ID    Ref-lstype Ref-LSID
3.3.3.3         259         0x80000001 28672      0x2002      28
4.4.4.4         56          0x80000010 0          0x2001      0
No more LSA3 there. And R4 receives a default route:
R4#show ipv6 route ospf
<output omitted>
OI ::/0 [110/11]
     via FE80::C005:15FF:FE18:0, FastEthernet0/0.34

Area 5 is a great candidate for NSSA area type, because it already has ASBR, but stubby area cannot be a transit area for virtual links:
R3(config-rtr)#area 1 nssa
% OSPFv3: Area cannot be nssa as it contains a virtual link
So let's redistribute something into OSPFv3 from RIPng on R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ipv6 address 2300::1/64
ipv6 rip RIP2 enable
!
interface Loopback1
no ip address
ipv6 address 2301::1/64
ipv6 rip RIP2 enable
!
ipv6 router ospf 6
redistribute rip RIP2 include-connected
!
ipv6 router rip RIP2

R3#show ipv6 route ospf
<output omitted>
OE2 2300::/64 [110/20]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35
OE2 2301::/64 [110/20]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.35

Now let's make area 4 NSSA:
Before:
R6#show ipv6 ospf database | begin External
                Type-5 AS External Link States
ADV Router      Age         Seq#        Prefix
1.1.1.1         990         0x80000004 2200::/15
6.6.6.6         357         0x80000001 2300::/64
6.6.6.6         357         0x80000001 2301::/64

After:
ipv6 router ospf 4
area 4 nssa
ipv6 router ospf 5
area 4 nssa
ipv6 router ospf 6
area 4 nssa
R6#show ipv6 ospf database external
            OSPFv3 Router with ID (6.6.6.6) (Process ID 6)
R6#
And routers inside the NSSA area don't receive default route (as with OSPFv2):
R6#show ipv6 route ::/0
% Route not found

And the final step - make area 4 totally NSSA.
Before:
R6#show ipv6 ospf database
            OSPFv3 Router with ID (6.6.6.6) (Process ID 6)
                Router Link States (Area 4)
ADV Router      Age         Seq#        Fragment ID Link count Bits
4.4.4.4         169         0x8000001D 0            1           None
6.6.6.6         48          0x80000179 0            2           E
55.55.55.55     44          0x8000021F 0            1           EB
                Net Link States (Area 4)
ADV Router      Age         Seq#        Link ID    Rtr count
6.6.6.6         196         0x80000001 27         2
55.55.55.55     44          0x8000020B 28         2
                Inter Area Prefix Link States (Area 4)
ADV Router      Age         Seq#        Prefix
55.55.55.55     335         0x8000000A 2035::/64
55.55.55.55     335         0x8000000A 2003::/64
55.55.55.55     335         0x8000000A 2005::/64
55.55.55.55     335         0x8000000A 2034::/64
55.55.55.55     335         0x8000000A 2013::/64
55.55.55.55     335         0x80000006 2001::/64
55.55.55.55     335         0x80000006 2001::1/128
55.55.55.55     335         0x80000006 2035::3/128
55.55.55.55     335         0x80000006 2012::/64
55.55.55.55     335         0x80000006 2002::/64
55.55.55.55     335         0x80000003 2034::/63
55.55.55.55     335         0x80000003 2004::/64
                Type-7 AS External Link States (Area 4)
ADV Router      Age         Seq#        Prefix
6.6.6.6         337         0x80000001 2300::/64
6.6.6.6         337         0x80000001 2301::/64
                Link (Type-8) Link States (Area 4)
ADV Router      Age         Seq#        Link ID    Interface
4.4.4.4         334         0x80000001 29         Fa0/0.46
6.6.6.6         339         0x80000001 27         Fa0/0.46
6.6.6.6         339         0x80000001 26         Fa0/0.6
6.6.6.6         333         0x8000000A 28         Fa0/0.56
55.55.55.55     340         0x80000009 28         Fa0/0.56
                Intra Area Prefix Link States (Area 4)
ADV Router      Age         Seq#        Link ID    Ref-lstype Ref-LSID
6.6.6.6         196         0x8000001A 0          0x2001      0
6.6.6.6         196         0x80000001 27648      0x2002      27
55.55.55.55     45          0x80000123 0          0x2001      0
55.55.55.55     45          0x8000020B 28672      0x2002      28
After:
R5:
ipv6 router ospf 5
area 4 nssa no-summary
R6#show ipv6 ospf database
            OSPFv3 Router with ID (6.6.6.6) (Process ID 6)
                Router Link States (Area 4)
ADV Router      Age         Seq#        Fragment ID Link count Bits
4.4.4.4         427         0x80000020 0            1           None
6.6.6.6         21          0x80000189 0            2           E
55.55.55.55     18          0x80000235 0            1           EB
                Net Link States (Area 4)
ADV Router      Age         Seq#        Link ID    Rtr count
4.4.4.4         456         0x80000001 29         2
55.55.55.55     18          0x8000021F 28         2
                Inter Area Prefix Link States (Area 4)
ADV Router      Age         Seq#        Prefix
55.55.55.55     23          0x80000001 ::/0
                Type-7 AS External Link States (Area 4)
ADV Router      Age         Seq#        Prefix
6.6.6.6         482         0x80000001 2300::/64
6.6.6.6         482         0x80000001 2301::/64
                Link (Type-8) Link States (Area 4)
ADV Router      Age         Seq#        Link ID    Interface
4.4.4.4         981         0x80000001 29         Fa0/0.46
6.6.6.6         483         0x80000001 27         Fa0/0.46
6.6.6.6         483         0x80000001 26         Fa0/0.6
6.6.6.6         477         0x8000000B 28         Fa0/0.56
55.55.55.55     989         0x80000009 28         Fa0/0.56
                Intra Area Prefix Link States (Area 4)
ADV Router      Age         Seq#        Link ID    Ref-lstype Ref-LSID
4.4.4.4         456         0x80000001 29696      0x2002      29
6.6.6.6         466         0x8000001C 0          0x2001      0
55.55.55.55     18          0x80000137 0          0x2001      0
55.55.55.55     18          0x8000021F 28672      0x2002      28
No LSA 3 and 5 any more but the default route instead:
R6#show ipv6 route ::/0
OI ::/0 [110/11]
     via FE80::C001:15FF:FE18:0, FastEthernet0/0.56

And the last feature - default route propagation:
R5:
ipv6 route ::/0 Loopback0
ipv6 router ospf 5
default-information originate
R2#show ipv6 route ::/0
OE2 ::/0 [110/1], tag 5
     via FE80::C003:15FF:FE18:0, FastEthernet0/0.12

In conclusion, differences between OSPFv3 and OSPFv2:
- distribute-lists support only prefix-lists for route filtering;
- IOS doesn't support filter lists for LSA filtering;
- IOS doesn't support max-lsa command.

Sunday, December 23, 2012

EIGRP for IPv6 configuration.

In this lab I tried to implement all the features of EIGRP from this post but this time with IPv6.
The topology was changed though:

On interconnects link-local addresses only.
At first - only basic EIGRP configuration:
R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.255 #EIGRP for IPv6 still requires some IPv4 address for it's RID. If there is no any IPv4 interface in the up/up state, EIGRP will set it's RID to "0.0.0.0".
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ipv6 address 2001::1/64
ipv6 eigrp 10
no ipv6 split-horizon eigrp 10 #Just for example.
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ipv6 enable
ipv6 eigrp 10
ipv6 bandwidth-percent eigrp 10 30
!
interface FastEthernet0/0.13
encapsulation dot1Q 13
ipv6 enable
ipv6 eigrp 10
!
ipv6 router eigrp 10
variance 2
metric weights 0 0 0 1 0 0 #K values still have to be the same across the domain.
no shutdown #In implementation for IPv6 EIGRP starts in shutdown mode.
passive-interface default #Configuration for passive interfaces is the same.
no passive-interface FastEthernet0/0.12
no passive-interface FastEthernet0/0.13
maximum-paths 20

R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ipv6 address 2002::1/64
ipv6 eigrp 10
!
interface FastEthernet0/0.12
encapsulation dot1Q 12
ipv6 enable
ipv6 eigrp 10
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ipv6 enable
ipv6 eigrp 10
!
ipv6 router eigrp 10
metric weights 0 0 0 1 0 0
no shutdown
passive-interface FastEthernet0/0.2

R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ipv6 address 2003::1/64
ipv6 eigrp 10
ipv6 eigrp 20 #Actually it is not a new feature. You could do the same with IPv4 using "network" statements instead.
!
interface FastEthernet0/0.13
encapsulation dot1Q 13
ipv6 enable
ipv6 eigrp 10
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ipv6 enable
ipv6 eigrp 10
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ipv6 enable
ipv6 eigrp 10
ipv6 eigrp 20 #In fact the second EIGRP process is used only for demonstration sake. And to show static neighbor configuration.
!
ipv6 router eigrp 10
metric weights 0 0 0 1 0 0
no shutdown
passive-interface FastEthernet0/0.3
!
ipv6 router eigrp 20
neighbor FE80::C001:1AFF:FE4C:0 FastEthernet0/0.35 #I use only Link-local addresses on the interconnects, therefore I have to specify Link-local address of the neighbor's interface.
no shutdown
passive-interface FastEthernet0/0.3

R4:
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ipv6 address 2004::1/64
ipv6 eigrp 10
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ipv6 enable
ipv6 eigrp 10
!
interface FastEthernet0/0.34
encapsulation dot1Q 34
ipv6 enable
ipv6 eigrp 10
!
interface FastEthernet0/0.46
encapsulation dot1Q 46
ipv6 enable
ipv6 eigrp 10
!
ipv6 router eigrp 10
metric weights 0 0 0 1 0 0
no shutdown
passive-interface FastEthernet0/0.4

R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0.5
encapsulation dot1Q 5
ipv6 address 2005::1/64
ipv6 eigrp 10
ipv6 eigrp 20
!
interface FastEthernet0/0.35
encapsulation dot1Q 35
ipv6 enable
ipv6 eigrp 10
ipv6 eigrp 20
!
interface FastEthernet0/0.56
encapsulation dot1Q 56
ipv6 enable
ipv6 eigrp 10
!
ipv6 router eigrp 10
metric weights 0 0 0 1 0 0
no shutdown
passive-interface FastEthernet0/0.5
!
ipv6 router eigrp 20
neighbor FE80::C005:1AFF:FE4C:0 FastEthernet0/0.35
router-id 55.55.55.55
no shutdown
passive-interface FastEthernet0/0.5

R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0.6
encapsulation dot1Q 6
ipv6 address 2006::1/64
ipv6 eigrp 10
!
interface FastEthernet0/0.46
encapsulation dot1Q 46
ipv6 enable
ipv6 eigrp 10
!
interface FastEthernet0/0.56
encapsulation dot1Q 56
ipv6 enable
ipv6 eigrp 10
ipv6 hello-interval eigrp 10 1 #Only ip version was changed in the syntax.
ipv6 hold-time eigrp 10 4
!
ipv6 router eigrp 10
metric weights 0 0 0 1 0 0
no shutdown
passive-interface FastEthernet0/0.6
timers active-time 1

Just to confirm that we have full connectivity:
R1#show ipv6 route eigrp
D   2002::/64 [90/51200]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2003::/64 [90/28160]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
D   2004::/64 [90/76800]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
D   2005::/64 [90/76800]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
D   2006::/64 [90/79360]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12

Now let's implement other features.

Using distribute-list to prevent R1 using link through R3 to 2005::/64 (Loopback0 of R5).
R1:
ipv6 router eigrp 10
distribute-list prefix-list Deny2005::/64 in FastEthernet0/0.13 #For IPv6 you can use only prefix-list with distribute-list.
!
ipv6 prefix-list Deny2005::/64 seq 5 deny 2005::/64 #Syntax and logic are still the same.
ipv6 prefix-list Deny2005::/64 seq 10 permit ::/0 le 128
!
R1#show ipv6 route 2005::/64
D   2005::/64 [90/104960]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12 #Now R1 uses R2 as the next-hop for this prefix.

Now let's add couple loopbacks on R2 and start advertising a summary route for them.
R2:
interface Loopback1
no ip address
ipv6 address 3000::1/64
ipv6 eigrp 10
!
interface Loopback2
no ip address
ipv6 address 3000:0:0:1::1/64
ipv6 eigrp 10

R1#show ipv6 route eigrp
D   2002::/64 [90/51200]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2003::/64 [90/28160]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
D   2004::/64 [90/76800]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2005::/64 [90/104960]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2006::/64 [90/79360]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   3000::/64 [90/153600] #Both specific routes are here now.
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   3000:0:0:1::/64 [90/153600]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12

R2:
interface FastEthernet0/0.12
ipv6 summary-address eigrp 10 3000::/63 5
!
interface FastEthernet0/0.24
ipv6 summary-address eigrp 10 3000::/63 5

R1#show ipv6 route eigrp
D   2002::/64 [90/51200]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2003::/64 [90/28160]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
D   2004::/64 [90/76800]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2005::/64 [90/104960]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   2006::/64 [90/79360]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.13
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12
D   3000::/63 [90/153600] #And now here is only one summary route.
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.12

Now let's advertise a default route from R6. You can use either redistribution or summary. IOS doesn't support "default-network" for IPv6.
interface FastEthernet0/0.46
ipv6 summary-address eigrp 10 ::/0 200 #Notice that AD is only locally significant.
!
interface FastEthernet0/0.56
ipv6 summary-address eigrp 10 ::/0 200 #If you don't advertise this route from both interfaces, R5 would learn specific routes (and default route with suboptimal path through R3).

R4#show ipv6 route eigrp #Notice that there is no more any specific routes from R6 (including it's loopback).
D   ::/0 [90/28160]
     via FE80::C002:1AFF:FE4C:0, FastEthernet0/0.46
D   2001::/64 [90/76800]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.24
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.34
D   2002::/64 [90/51200]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.24
D   2003::/64 [90/28160]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.34
D   2005::/64 [90/76800]
     via FE80::C005:1AFF:FE4C:0, FastEthernet0/0.34
D   3000::/63 [90/153600]
     via FE80::C004:1AFF:FE4C:0, FastEthernet0/0.24

Let's remove summary from R5:
R3#show ipv6 route 2006::/64
D   2006::/64 [90/53760]
     via FE80::C000:1AFF:FE4C:0, FastEthernet0/0.34
     via FE80::C001:1AFF:FE4C:0, FastEthernet0/0.35
R3 uses two equal-cost paths to reach R6's loopback.
If we define R5 as a stub router it will lead to that R3 will have only one path to 2006::/64 (via R4).
R5:
ipv6 router eigrp 10
stub connected summary #Connected and summary - are defaults as with IPv4.
!
R3#show ipv6 route 2006::/64
D   2006::/64 [90/53760]
     via FE80::C000:1AFF:FE4C:0, FastEthernet0/0.34

It seems like IOS doesn't support offset-lists for EIGRPv6 route influencing. At least in my version (12.4). It means that only tools for route influencing is bandwith and delay parameters on related interfaces, which are the same as for IPv4. R4 as example:
R4#show ipv6 route 2003::/64
D   2003::/64 [90/51200]
     via FE80::C005:1CFF:FEB0:0, FastEthernet0/0.34
!
interface FastEthernet0/0.34
delay 10
!
R4#show ipv6 route 2003::/64
D   2003::/64 [90/28160]
     via FE80::C005:1CFF:FEB0:0, FastEthernet0/0.34
I didn't change the bandwidth because metric weights was changed to not include it in the metric calculations.

The last thing to check - authentication. It is said that EIGRP for IPv6 relies on built-in authentication mechanisms of IPv6 (namely AH/ESP). But configuration is almost the same as with IPv4 (key chains with md5-hashed keys). It means that AH/ESP use md5 under the hood. R5 as example:
key chain EIGRPv6
key 1
   key-string cisco
!
interface FastEthernet0/0.56
ipv6 authentication mode eigrp 10 md5
ipv6 authentication key-chain eigrp 10 EIGRPv6
R6 should be configured the same way to form neighborship:
R6#show ipv6 eigrp neighbors
IPv6-EIGRP neighbors for process 10
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
0   Link-local address:     Fa0/0.56           3 00:00:26   38   228 0 34
    FE80::C001:1CFF:FEB0:0
1   Link-local address:     Fa0/0.46          12 00:22:17 206 1236 0 29
    FE80::C000:1CFF:FEB0:0

In conclusion, differences between EIGRP for IPv6 and IPv4:
- distribute-lists support only prefix-lists for route filtering;
- IOS doesn't support "default-network" command for IPv6;
- EIGRP for IPv6 doesn't support offset-lists.