Dual stacking your infrastructure part 2

In the last weeks here's what I have done :

• Reboot our core routers to use the dual ipv4/ipv6 SDM template
• Realize that this wasn't enough to support BGP over ipv6
• Install a test C3750 with a newer IOS and the v4/v6 SDM template
• Set up a vlan for ipv6
• Set up BGP to advertise my v6 block

Finally as of yesterday my v6 block is announced to the internet !

Here are the steps in more detail :

So as I was saying last time I needed to reboot my core router (a stack of 3750) to change the SDM template in order to support ipv4/ipv6 routing. So I did but after that I realized it wasn't enough to support IPv6 BGP, I had to update the IOS version of my router.

In order to make absolutely sure that it would work in production I did what I should have done from the very beginning : set up a spare 3750 with the new IOS image and see what the pitfalls are.

With my provider we added a vlan just for ipv6 BGP. Once that was done it was just a matter of setting up the BGP session with some ipv6 specifics. Here is the interesting part of the configuration :

 router bgp 46720
  bgp router-id x.x.x.x
  bgp always-compare-med
  bgp log-neighbor-changes
  neighbor XX:XX:XX:XX:XX:XX remote-as <stripped>
  neighbor XX:XX:XX:XX:XX:XX description <stripped>
  neighbor XX:XX:XX:XX:XX:XX transport path-mtu-discovery
  neighbor XX:XX:XX:XX:XX:XX password <stripped>
  !
  address-family ipv4
   no neighbor XX:XX:XX:XX:XX:XX activate
   no auto-summary
   no synchronization
  exit-address-family
  !
  address-family ipv6
   neighbor XX:XX:XX:XX:XX:XX activate
   neighbor XX:XX:XX:XX:XX:XX remove-private-as
   neighbor XX:XX:XX:XX:XX:XX prefix-list announcements-v6 out
   neighbor XX:XX:XX:XX:XX:XX route-map ASXXXX-v6-in in
   neighbor XX:XX:XX:XX:XX:XX maximum-prefix 1000 restart 300
   network 2620:61::/48
  exit-address-family

This basically declares a neighbor and instructs the router to only use it for ipv6.

And once the session was up, IPv6 was working. I created a vlan on my internal network specifically for ipv6 (I don't really want servers getting ipv6 through slaac so I will add the right vlan interface where I want ipv6 to be enabled).

The next step will be to upgrade the production router to the latest IOS version and then to move the BGP session to the production router. Then we will be able to start testing services over ipv6.