Aug 302011
 

Here i am again, my server was down for some days because i moved to another location and now its back up and running.

On this move to the new location i realized that they dont have IPv6 in their network, at first i was thinking to implement Dual Stack IPv6 on their Cisco router but unfortunately the router there doesnt support IPv6, it needs IOS upgrade and i cant disrupt the traffic to reboot for such reason, so eventually i forgot this idea and thought that a GRE tunnel over IPv4 would be a good solution to my problem for some time until the upgrade of the Cisco router.

Topology Information:

Cisco WAN IP: 192.168.0.1
OpenBSD WAN IP: 172.16.0.1

Cisco Router Configuration

interface tun0
description IPv6_Over_IPv4_GRE
ipv6 address 2001:1::1/126
tunnel source 192.168.0.1
tunnel destination 172.16.0.1

OpenBSD Host Configuration

Enable GRE tunnel.

basilisk:~# sysctl net.inet.gre.allow=1
basilisk:~# sysctl net.inet.gre.wccp=1

Create the interface.

basilisk:~# ifconfig gre0 create

Assign IPv6 address to the new interface

basilisk:~# ifconfig gre0 inet6 2001:1::2/126

Tell the GRE tunnel where to connect

basilisk:~# ifconfig gre0 tunnel 172.16.0.1 192.168.0.1

Activate the tunnel

basilisk:~# ifconfig gre0 link1 up

Add default gateway for the IPv6 traffic

basilisk:~# route -n add -inet6 default 2001:1::1

And at last verify IPv6 connectivity

basilisk:~# ping6 -c 4 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:1::1 --> 2a00:1450:8007::63
16 bytes from 2a00:1450:8007::63, icmp_seq=0 hlim=54 time=70.275 ms
16 bytes from 2a00:1450:8007::63, icmp_seq=1 hlim=54 time=66.095 ms
16 bytes from 2a00:1450:8007::63, icmp_seq=2 hlim=54 time=66.804 ms
16 bytes from 2a00:1450:8007::63, icmp_seq=3 hlim=54 time=66.031 ms

--- ipv6.l.google.com ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 66.031/67.301/70.275/1.743 ms

Now that all worked as expected you can make this configuration persistent.

Enable GRE at boot.

basilisk:~# echo "net.inet.gre.allow=1" >> /etc/sysctl.conf
basilisk:~# echo "net.inet.gre.wccp=1" >> /etc/sysctl.conf

My interface’s configuration file looks like this:

basilisk:~# more /etc/hostname.gre0
inet6 2001:1::2/126
tunnel 172.16.0.1 192.168.0.1
link1 up
!route -n add -inet6 default 2001:1::1

You may now reboot and verify that you can ping IPv6 addresses

Jul 232011
 

This is my first post and also the first post of a series that it deals with simple configuration examples on implementing IPv4/IPv6 Dual Stack BGP on Open Source Routing platforms, these configurations are only the basics to help you get Dual Stack up on your network. The post have the intention of giving informations on how to configure OpenBGPD. I will not explain tha basics of OpenBSD’s networking like installation or interface configuration etc, i will just give you the complete solution to get it running, maybe later i will make a post about these basics but i think the official FAQ is enough.

OpenBGPD

In my opinion OpenBSD with OpenBGPD and/or OpenOSPFD is the most rock-solid stable open source solution out there but this ofcourse is my point of view, both stable and easy to use, and it comes with the world’s best man pages, so use this only as starting point if you man bgpd.conf all configuration options are there very clear, if you dont see a feature on this man page then OpenBGPD doesnt support the feature at all, this is the cost to stay stable i think. I am running a number of production servers with OpenBSD and OpenBGPD but i dont use Dual Stack yet so i havent tested such configuration in the real world.

Lets go straight to lab informations.

ISP router details:

AS: 1000

IPv4 network: 10.0.0.0/8

IPv6 network: fc00::/32

Peering Interface: f0/1

Peering address IPv4: 10.0.0.1/30

Peering address IPv6: fc00::1:1/126

OpenBGPD router details:

AS: 100

IPv4 network: 192.168.0.0/21

IPv6 network: fc00:1::/32

Peering Interface: em0

Peering address IPv4: 10.0.0.2/30

Peering address IPv6: fc00::1:2/126

The configuration of OpenBGPD to announce our networks and learn our ISP’s networks is as follow:

# cat /etc/bgpd.conf
# Global configuration
AS 100
router-id 10.0.0.2

# Our Address Space
network 192.168.0.0/21
network fc00:1::/32

# IPv4 Peers
neighbor 10.0.0.1 {
        remote-as       1000
        descr           UpstreamIPv4
        local-address   10.0.0.2
        announce        IPv4 unicast
}

# IPv6 Peers
neighbor fc00::1:1 {
        remote-as       1000
        descr           UpstreamIPv6
        local-address   fc00::1:2
        announce        IPv6 unicast
}

OpenBSD by default doesnt forwards traffic so we have to turn on forwarding for IPv4 and IPv6 this can be done from the console with the following commands:

# sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
# sysctl net.inet6.ip6.forwarding=1
net.inet6.ip6.forwarding: 1 -> 1

if you want to start forwarding at boot you must change the above values on /etc/sysctl.conf as shown below.

#       $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets
#net.inet.ip.mforwarding=1      # 1=Permit forwarding (routing) of IPv4 multicast packets
#net.inet.ip.multipath=1        # 1=Enable IP multipath routing
#net.inet.icmp.rediraccept=1    # 1=Accept ICMP redirects
#net.inet6.icmp6.rediraccept=0  # 0=Don't accept IPv6 ICMP redirects
net.inet6.ip6.forwarding=1      # 1=Permit forwarding (routing) of IPv6 packets
#net.inet6.ip6.mforwarding=1    # 1=Permit forwarding (routing) of IPv6 multicast packets
#net.inet6.ip6.multipath=1      # 1=Enable IPv6 multipath routing
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding must be 0)
...
...
...

Next we need to start BGP daemon, this can be done from console with the following command:

# bgpd

if you want to start bgpd at boot you must change the below line on the file /etc/rc.local

# more /etc/rc.conf | grep bgpd
bgpd_flags=""           # for normal use: ""

Verify Commands:

# bgpctl show
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
UpstreamIPv6             1000          8          3     0 00:00:28      4
UpstreamIPv4             1000          8          3     0 00:00:28      4

shows us our neighbors their uptime and received prefixes numbers.

# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination          gateway          lpref   med aspath origin
*>    10.0.0.0/8           10.0.0.1           100     0 1000 i
AI*>  192.168.0.0/21       0.0.0.0            100     0 i
      192.168.0.0/21       10.0.0.1           100     0 1000 100 i
*>    192.168.8.0/21       10.0.0.1           100     0 1000 200 i
*>    192.168.16.0/21      10.0.0.1           100     0 1000 300 i
*>    fc00::/32            fc00::1:1          100     0 1000 i
AI*>  fc00:1::/32          ::                 100     0 i
      fc00:1::/32          fc00::1:1          100     0 1000 100 i
*>    fc00:2::/32          fc00::1:1          100     0 1000 200 i
*>    fc00:3::/32          fc00::1:1          100     0 1000 300 i

shows us all routes received from our neigbors and they are added to our RIB it also shows our announced prefixes.

# bgpctl show fib bgp
flags: * = valid, B = BGP, C = Connected, S = Static
       N = BGP Nexthop reachable via this route
       r = reject route, b = blackhole route

flags prio destination          gateway
*B      48 10.0.0.0/8           10.0.0.1
*B      48 192.168.8.0/21       10.0.0.1
*B      48 192.168.16.0/21      10.0.0.1
*B      48 fc00::/32            fc00::1:1
*B      48 fc00:2::/32          fc00::1:1
*B      48 fc00:3::/32          fc00::1:1

show us routes selected from bgp daemon and they are placed to the kernel’s routing table or Forwarding Table.

Thats all for OpenBGPD configuration, i am not an OpenBGPD or OpenBSD master so i will be very glad to receive feedback from you about any mistakes i have done in this post or recommendations.