IPv6 Foun­da­tion Part 11: IPv6 Rout­ing

IPv6 Foundation Part 11 - IPv6 Routing
IPv6 Rout­ing explained in-depth, what’s new in IPv6 BGP, OSPF, EIGRP, VRRP, HSRP! Updat­ed Tipps & Tricks! Find all your answers and more in this free Course!

Table of Con­tents

About this course

So you are inter­est­ed in IPv6, which is absolute­ly great!

IPv6 is not only the future of net­work­ing, it is already here today! All the big play­ers on the Inter­net are already IPv6 enabled and it is now time for you to join the par­ty!

This course cov­ers all major aspects of the new Inter­net Pro­to­col and what changed, com­pared to IPv4. You will under­stand the fun­da­men­tals and be ahead of your peers that are still on the sink­ing ship of IPv4! As of today, there are no IPv4 address­es left and we have no oth­er option but to go ahead and deploy IPv6.

IPv6 Act Now

IPv6 Foun­da­tion Part 11: IPv6 Rout­ing

In this major sec­tion we will cov­er all the impor­tant IPv6 rout­ing pro­to­cols and options that are avail­able.

How Next Hop Redun­dan­cy works with IPv6 (NHRP)

Next Hop Redun­dan­cy Pro­to­cols (NHRPs), some­times also called First Hop Redun­dan­cy Pro­to­cols (FHRPs) have the pur­pose to pro­vide a redun­dant gate­way in your net­work. Usu­al­ly a vir­tu­al IP address (VIP) is pro­vid­ed, which is float­ing vir­tu­al­ly between two phys­i­cal routers. If one device fails, the vir­tu­al IP address is still avail­able and will con­tin­ue serv­ing clients.

Let’s jump into the dif­fer­ent options:

The New Sub­net Router Any­cast Pro­to­col for IPv6

The only option exclu­sive to IPv6 and built-in, is Sub­net Router Any­cast.

Sub­net Router Any­cast is an IPv6-embed­ded func­tion that can replace tra­di­tion­al Next Hop Redun­dan­cy Pro­to­cols such as HSRP and VRRP.

There is one defined address for the router of each sub­net or net­work:

Sub­net Router Address: all host bits are set to 0:

  • net­work: 2a02:69e0:1234::/64
  • Sub­net Router Any­cast address: 2a02:69e0:1234::/64 (2a02:69e0:1234:0000:​0000:0000:0000:0000/64)

In IPv4 you would call this address the “net­work address”, it is the first address of the net­work (all 0s), but in IPv6 there is no reserved net­work address any­more! This is sim­ply the first usable address on the net­work.

All routers can lis­ten to this mul­ti­cast address.

To use the fea­ture, hosts can send traf­fic to this Sub­net Router Any­cast address and a router lis­ten­ing to this mul­ti­cast address will for­ward traf­fic towards the des­ti­na­tion.

By best prac­tice you should not use this address (::) for man­u­al con­fig­u­ra­tion of devices, because it is reserved for sub­net router any­cast. Usu­al­ly, man­u­al con­fig­u­ra­tion of this address to a host does work, but it is non con­form­ing to stan­dards and some imple­men­ta­tions in your devices might remind you, that you should not do this.

VRRPv3 — Vir­tu­al Router Redun­dan­cy Pro­to­col for IPv6

The Vir­tu­al Router Redun­dan­cy Pro­to­col (VRRP) in Ver­sion 3 is updat­ed for use with IPv6.

IPv6 VRRP sup­ports IPv6 and IPv4 and was stan­dard­ized in RFC5798
It offers sub-sec­ond con­ver­gence, as com­pared to up to 38 sec­onds (neigh­bor cache time­out) using Sub­net Router Any­cast or stan­dard Router Adver­tise­ments!

VRRPv2 for IPv4 vs VRRPv3 for IPv6

HSRPv2 — Hot Stand­by Router Pro­to­col for IPv6

Cis­co invent­ed the Hot Stand­by Router Pro­to­col (HSRP) back in the day for IPv4. Now it was updat­ed to Ver­sion 2 as HSRPv2, which sup­ports IPv6.

The IPv6 HSRP pro­to­col is still Cis­co pro­pri­etary, which means you prob­a­bly can­not use it with oth­er ven­dors.

HSRPv2 is func­tion­al­ly iden­ti­cal with HSRPv1 for IPv4.

  1. The active router sends the Router Adver­tise­ment (RA) to the con­nect­ed net­work link
  2. Sub-sec­ond failover to the back­up router is pos­si­ble by tun­ing the timers. The back­up router will send a new Router Adver­tise­ment as soon as the old pri­ma­ry router fails and pre­empt it as the pri­ma­ry.

IPv6 Rout­ing Pro­to­cols explained

Now that you know the three main options how to pro­vide a redun­dant first hop gate­way in your net­work, you need to know the next step of IPv6 rout­ing in your net­work.

Let’s start with the basics again:

The IPv6 Rout­ing Table — same, same but dif­fer­ent

The cen­tral table that con­tains all rout­ing infor­ma­tion is called the Rout­ing Table.

The IPv6 rout­ing table is gen­er­at­ed like the one for IPv4
, but both stay sep­a­rate.
It con­tains impor­tant infor­ma­tion:

  • IPv6 Pre­fix (net­work)
  • Pre­fix length (/64)
  • Next Hop our router to des­ti­na­tion
  • Route Source (the Pro­to­col that the route was learned from
  • Next Hop inter­face (which inter­face do I use to reach the next hop, espe­cial­ly if the next hop is a Link Local address!)
  • Met­ric (which route is best, do I want to pre­fer one over anoth­er?)

RIP­ng — The IPv6 Rout­ing Infor­ma­tion Pro­to­col

RIP­ng is the IPv6 Ver­sion of the orig­i­nal Rout­ing Infor­ma­tion Pro­to­col (RIP), which is one of the old­est dis­tance vec­tor rout­ing pro­to­cols out there.

I have to say it is the one that most net­work­ing peo­ple dis­like strong­ly.

Unfor­tu­nate­ly, I can­not say this has changed with the IPv6 ver­sion.

RIP­ng was defined back in 1997 via RFC2080.

After RIPv1 and RIPv2, RIP­ng (next gen­er­a­tion) was cre­at­ed for IPv6. It is still a Dis­tance Vec­tor Rout­ing Pro­to­col.

It is an open stan­dard, sup­port­ed by all ven­dors, which is nice.

As with the old­er ver­sions, its met­ric (cost) is hop count — the max­i­mum is 15. This means it does not scale to net­work sizes with more than 15 hops. For a small to medi­um net­work this might be enough, but RIP­ng can cer­tain­ly not be rec­om­mend­ed for larg­er net­work deploy­ments.

The met­ric does not care about link speed, so a 100 Mbps link towards the tar­get, which has 1 hop less than a 100 Gbps link would be pre­ferred. Let’s talk about scale again…

Addi­tion­al­ly, con­ver­gence is slow­er than with the oth­er IPv6 rout­ing pro­to­cols.

You should try RIP­ng in a lab set­up but I don’t rec­om­mend it for pro­duc­tion use in your net­work.

OSPFv3 — The best Inte­ri­or Gate­way Pro­to­col for IPv6 Rout­ing

Open Short­est Path First, in short OSPF is one of the most pop­u­lar inte­ri­or gate­way rout­ing pro­to­cols (IGPs) out there.

After OSPFv1 and OSPFv2, a third gen­er­a­tion, which also includes full sup­port for IPv6 was defined in RFC2740 (1997) and updat­ed to its cur­rent ver­sion in 2008 by RFC5340.

  • OSPF is a Link-State Rout­ing Pro­to­col.
  • In its newest Ver­sion OSPFv3 it ful­ly sup­ports IPv6 and IPv4.
  • IPv6 OSPF is an open stan­dard and sup­port­ed by all ven­dors.
  • It is a scal­able, sta­ble and proven IPv6 rout­ing pro­to­col for all net­work sizes.

You can read more in this OSPF Wikipedia arti­cle. Cov­er­ing the whole pro­to­col is out of scope for this IPv6 Mas­ter Class.

Let’s have a look at the dif­fer­ences between OSPFv3 for IPv6 and the pre­vi­ous ver­sion OSPFv2 for IPv4:

What’s changed in OSPFv3 for IPv6 com­pared to OSPFv2
  • The Router LSA, Net­work LSA und Router ID stay 32 bit, so no IPv6 address can be used for these! (This is crit­i­cal, as you need to have at least one IPv4 address such as a Loop­back address on your router)
  • Pro­cess­ing hap­pens per link (inter­face) and not per sub­net, because a sin­gle link pos­si­bly con­tains mul­ti­ple IPv6 net­works.
  • Mul­ti­ple OSPF instances per link are pos­si­ble.
  • Com­mu­ni­ca­tion hap­pens over Link-Local address­es (per link) except for the OSPF Vir­tu­al Link (glob­al address­es are used as source for these)
  • Authen­ti­ca­tion is not includ­ed in OSPF but done via IPv6-inte­grat­ed IPsec AH (Authen­ti­ca­tion Head­er).
  • OSPF pack­ets are encap­su­lat­ed direct­ly into IPv6, there is no more
TCP or UDP.
  • The Next Head­er field con­tains pro­to­col num­ber 89 for OSPFv3.
OSPFv3’s new LSA Types explained and com­pared to OSPFv2
OSPFv3 Type OSPFv3 Name OSPFv2 Type OSPFv2 Name
0x2001
Router LSA
1
Router LSA
0x2002
Net­work LSA
2
Net­work LSA
0x2003
Inter-Area-Pre­fix LSA
3
Net­work Sum­ma­ry LSA
0x2004
Inter-Area-Router LSA
4
ASBR Sum­ma­ry LSA
0x2005
AS-Exter­nal LSA
5
AS-Exter­nal LSA

0x2006

MOSPF LSA (dep­re­cat­ed)

6

Group Mem­ber­ship LSA

0x2007
NSSA LSA
7
NSSA Exter­nal LSA
0x2008
Link LSA
0x2009
Intra-Area-Pre­fix LSA

EIGRP (Enhanced IGRP) IPv6 Rout­ing Pro­to­col

The Enhanced Inte­ri­or Gate­way Rout­ing Pro­to­col (EIGRP) was invent­ed by Cis­co Sys­tems and in its newest updat­ed ver­sion for IPv6 EIGRP is capa­ble of run­ning Dual Stack.

EIGRP is a Link-State Rout­ing Pro­to­col, like OSPF. It is still a Cis­co pro­pri­etary stan­dard, so it is not avail­able on all plat­form and from oth­er ven­dors.

Like OSPF, EIGRP is very scal­able, sta­ble and proven in all net­work sizes.

Cis­co pro­vides EIGRP IPv6 Con­fig­u­ra­tion Exam­ples which you should check out.

Now let’s take a look at the dif­fer­ences between EIGRP for IPv6 and EIGRP for IPv4:

What’s changed in IPv6 EIGRP com­pared to EIGRP for IPv4
  • The Router ID stays 32 bit, no IPv6 address is con­fig­urable as router ID (This is crit­i­cal, as you need to have at least one IPv4 address such as a Loop­back address on your router).
  • The EIGRP process does not start until a Router ID has been set (see above!).
  • There is no Auto Sum­ma­ry, because IPv6 is always class­less.
  • EIGRP for IPv6 has no Split Hori­zon, because inter­faces can have mul­ti­ple pre­fix­es.
  • An explic­it “no shut­down” in the EIGRP process is need­ed on start.
  • The source address of the Hel­lo Pack­et is the Link-Local address, tar­get is mul­ti­cast group ff02::a (all EIGRP routers).
  • Updates are sent via uni­cast to the spe­cif­ic neigh­bor.
  • Authen­ti­ca­tion can be either MD5 (or IPsec — this is not avail­able yet)

IPv6 BGP (MP-BGP) and why I love it so much

My favorite IPv4 and IPv6 rout­ing pro­to­col of all time is BGP, the Bor­der Gate­way Pro­to­col. It is the rout­ing pro­to­col used on the Inter­net and it is extreme­ly cus­tomiz­able and ver­sa­tile and scales lim­it­less, hence it’s usage on the Inter­net.

  • The cur­rent ver­sion is BGP4. BGP is a Path Vec­tor Rout­ing Pro­to­col.
  • BGP is also very com­mon in MPLS VPNs.
  • A Mul­ti Pro­to­col exten­sion for IPv6 is avail­able for BGP, some call it MPBGP or MP-BGP, mean­ing Mul­ti Pro­to­col BGP.
  • The Mul­ti Pro­to­col exten­sion enables oth­er pro­to­cols, too.
  • Con­fig­u­ra­tion is done via “address-fam­i­lies” such as  ipv4 uni­cast and ipv6 uni­cast, or vpnv4/vpnv6 for MPLS.
  • Sep­a­rate peer­ings for IPv4 and IPv6 are pos­si­ble and rec­om­mend­ed!
  • A sin­gle peer­ing to trans­ports mul­ti­ple address fam­i­lies over either IPv4 or IPv6 is also pos­si­ble
, but not rec­om­mend­ed.
Why you should use sep­a­rate IPv4 and IPv6 Peer­ings for BGP

You should use two sep­a­rate peer­ings for BGP, one for each address fam­i­ly (IPv4 and IPv6) because:

  • The next-hop for routes does not have to be set man­u­al­ly (the next hop is auto­mat­i­cal­ly set to the neigh­bor adver­tis­ing the route. This is not pos­si­ble if the trans­port pro­to­col would be IPv4 and the IPv6 rout­ing infor­ma­tion would be on top of that)
  • You have no risk of los­ing both IPv4 and IPv6, if the trans­port pro­to­col fails. You can also do changes or main­te­nance with­out affect­ing the oth­er pro­to­col
  • Con­fig­u­ra­tion and trou­bleshoot­ing are clean­er

IS-IS IPv6 Rout­ing Pro­to­col com­mon on ISP Back­bones

IS-IS is the last com­mon IPv6 rout­ing pro­to­col that you need to know about. Its long form name is Inter­me­di­ate Sys­tem to Inter­me­di­ate Sys­tem and it was defined in RFC1142, which has been marked as his­toric recent­ly by RFC7142.

IS-IS is a Link State Rout­ing Pro­to­col like OSPF and EIGRP. It is sim­i­lar to OSPF because it also uses the Dijk­stra Short­est Path First Algo­rithm (SPF).

IS-IS works on top of Lay­er 2 instead of Lay­er 3, so it has been com­pat­i­ble to IPv6 before IPv6 was even invent­ed! IS-IS is com­plete­ly pro­to­col inde­pen­dent and IPv6-capa­ble with­out mod­i­fi­ca­tion.

This pro­to­col is com­mon­ly used by ISPs in large back­bones and you will usu­al­ly not find it in an enter­prise net­work. 

IS-IS is also used for 802.1aq Short­est Path Bridg­ing (SPB), which is a replace­ment for Span­ning Tree. IS-IS is used as the con­trol plane . See RFC6329 for more details.

Thank You

Thank you for attend­ing the Orig­i­nal IPv6 Foun­da­tion Mas­ter Class! You can book­mark this site to use it as a quick ref­er­ence in case you need to re-read some­thing and you can share this page to social media and your friends and col­leagues. Stay tuned to this blog for more in-depth sto­ries like this one.

Rec­om­mend­ed Resources for addi­tion­al read­ing

Apart from the links through­out this course I rec­om­mend the fol­low­ing resources for addi­tion­al infor­ma­tion:

  1. The Inter­net Soci­ety (ISOC) IPv6 Por­tal
  2. Test your IPv6 con­nec­tiv­i­ty on test-ipv6.com
  3. The offi­cial IANA list of assigned IPv6 address space is very inter­est­ing
  4. The Google IPv6 deploy­ment sta­tis­tics
  5. The RIPE NCC IPv6 work­ing group and mail­ing list

Book rec­om­men­da­tions on IPv6

I can rec­om­mend the fol­low­ing 3 books (Ama­zon refer­ral links) which I enjoyed read­ing:

This con­cludes IPv6 Foun­da­tion Part 11: IPv6 Rout­ing of the orig­i­nal IPv6 Foun­da­tion Mas­ter Class.

Pre­vi­ous Part: IPv6 Foun­da­tion Part 10: IPv6 DNS, Mon­i­tor­ing & Address Man­age­ment

Next Part: IPv6 Foun­da­tion Part 12: IPv6 Secu­ri­ty & Tun­nel­ing

Share this post

Share on pocket
Share on reddit
Share on facebook
Share on twitter
Share on linkedin
Share on xing