Inbound IPV6 BGP Filterlists for ISP

Hi people,
I work for an company that is a tier2 ISP, we get full table transit from two tier 1 providers, we have recently gone with dual stack IPV4/6 and have the IPV6 BGP connection up from the teir1's but have no idea what to use for inbound prefix list filters.
Can anyone give me a current upto date IPv6 prefix list we can use to filter out potential troublesome traffic from upstream?
Many thanks.

Hi Matthew,
You might want to start with the Team CYMRU website. There are some excellent reference on that site about ipv4 and ipv6 filtering. They have been maintaning the ipv4 bogon list for many years and are considered a reference in the ISP community.
http://www.team-cymru.org/ReadingRoom/Templates/IPv6Routers/
Regards

Similar Messages

Recommended transition solution for ISP:s with enterprise customers?

What would be the recommended solution(s) for ISP:s with enterprises only as customers?
It both needs to support IPv6 and at the same time save IPv4 resources.
Thanks in advance!

Hi,
There are many possible choice for a soft transition of the Service Provider:
- Dual-Stack
The SP can run both protocols in the backbone for a while so he can test IPv6 Service by switching some part of the Network to IPv6 Only and see if it is OK. In case there is a problem he can get back to dual-stack, fix the issue and resume its testing until it is Ok and he can allow IPv6 Only.
- It is possible to provide IPv6 Service without upgrading the backbone to IPv6 Immediately using 6RD if the backbone is IPv4 or 6PE /6VPE (I did the dev-test for 6PE and 6VPE for CISCO for 3 years) if the backbone is IPv4/MPLS. This way the SP can start providing both IPv4 and IPv6 without upgrading the backbone. He can then move slowly to IPv6 with a Dual-Stack period not to switch immediately to IPv6 and allow to fallback if soething is not properly configured to work in IPv6 Only.
With 6VPE, the customer benefit of a dual-stack VPN and recently, CISCO has improved the Support of Multicast in MPLS which was main weakness of MPLS based solutions.
Once the SP has migrated to IPv6 Only, it is still possible to offer dual-stack, IPv4 and IPv6 service to its customers using DS-Lite or better, A+P when it will be available as A+P (dIVI-pd based) does not rely on CGN which has a couple of drawbacks for the SPs.
Once the Customer has migrated to IPv6 Only, it is also still possible to access some IPv4 resources (Networks, servers, applications) using NAT64.
I have a presentation for you:
http://www.slideshare.net/fredbovy/transition-to-ipv6-and-security
And you will find more on my page:
http://www.fredbovy.com
I will be glad to help you further.
Fred Bovy
15 years ccie #3013
18 years ccsi #33517 (former #95003)
IPv6 Forum Gold Certified Engineer
IPv6 Forum Gold Certified Trainer
Email: [email protected]
Web: http://www.fredbovy.com
Wicki: http://www.fredbovy.com/MediaWiki
Twitter: http://twitter.com/#!/Fr

IPV6 BGP and Neighbor Discovery

My understanding of IPv6 may not be accurate, so if there are any incorrect statements, please correct them.
We have a requirement that prohibits FE80::/10 addresses from passing from end sites to the provider network. FE80::/10 are the IPv6 link-local addresses. Since link-local addresses are required Neighbor Discovery Protocol, this blocks those operations that are part of it.
The sites use BGP with the provider network, so can IPv6 BGP work without link-local addresses? Is Neighbor Discovery necessary for reachability between BGP peers?

(The below messgage is just to address the concern whether blocking LL breaks all ND, it does not tie into rest of BGP configuration)
Larry,
Speaking of ND only... RFC (4861) only mandates that source IP is assigned address
http://tools.ietf.org/html/rfc4861#section-4.3
It does not mandate link-local, I have not read the updated RFC.
I did a simple test with two devices with assigned IP addresses.
Spoke2#ping vrf VRF 2001:db8::1 re 1Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 2001:DB8::1, timeout is 2 seconds:!Success rate is 100 percent (1/1), round-trip min/avg/max = 9/9/9 msSpoke2#*Nov 27 13:27:43.246: IPv6-Fwd: Destination lookup for 2001:DB8::1 : i/f=Ethernet0/0, nexthop=2001:DB8::1*Nov 27 13:27:43.246: IPv6-Fwd: SAS picked source 2001:DB8::FFFF for 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: ICMPv6: Sent echo request, Src=2001:DB8::FFFF, Dst=2001:DB8::1*Nov 27 13:27:43.246: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.246: dest 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.246: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating*Nov 27 13:27:43.246: IPv6-Fwd: Created tmp mtu cache entry for 2001:DB8::FFFF 2001:DB8::1 1E000001*Nov 27 13:27:43.246: IPv6-Fwd: Encapsulation postponed, performing resolution*Nov 27 13:27:43.250: ICMPv6: Sent N-Solicit, Src=2001:DB8::FFFF, Dst=FF02::1:FF00:1*Nov 27 13:27:43.250: IPV6: source 2001:DB8::FFFF (local)*Nov 27 13:27:43.250: dest FF02::1:FF00:1 (Ethernet0/0)*Nov 27 13:27:43.250: traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating*Nov 27 13:27:43.250: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255: dest 2001:DB8::FFFF (Ethernet0/0)Spoke2#*Nov 27 13:27:43.255: traffic class 224, flow 0x0, len 72+14, prot 58, hops 255, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received N-Advert, Src=2001:DB8::1, Dst=2001:DB8::FFFF*Nov 27 13:27:43.255: IPv6-Fwd: Sending on Ethernet0/0*Nov 27 13:27:43.255: IPv6-Fwd: Destination lookup for 2001:DB8::FFFF : Local, i/f=Ethernet0/0, nexthop=2001:DB8::FFFF*Nov 27 13:27:43.255: IPV6: source 2001:DB8::1 (Ethernet0/0)*Nov 27 13:27:43.255: dest 2001:DB8::FFFF (Ethernet0/0)*Nov 27 13:27:43.255: traffic class 0, flow 0x0, len 100+14, prot 58, hops 64, forward to ulp*Nov 27 13:27:43.255: ICMPv6: Received echo reply, Src=2001:DB8::1, Dst=2001:DB8::FFFF
M.
Message was edited by: Marcin Latosiewicz, edited for clarity.

Advertising ipv4 routes via ipv6 bgp peers

Hello,
I have established IPV6 bgp sessions with ipv6 prefix-list filter. But ipv4 routes were advertised over this bgp session. Do I I need special configuration under address family or ipv4 prefix-list filters required ?
Note : the config was IBGP between 7200 routers and 6509 core switches.
Thank you all
Nael

Hi Nael,
This is because address-family ipv4 unicast gets activated by default when you configure a new neighbor in BGP. You either need to configure "no bgp default ipv4-unicast" or go under address-family ipv4 unicast and do a "no neighbor" for the ipv6 neighbor.
Hope this helps

To Monitor inbound and outbound messages for ECC 6.0 business system

Hi Guys,
I am working on ABAP proxy. I want to monitor the flow of Inbound and Outbound messages for my Business system (ECC 6.0).
XI server is on a different system.
I understand that SXMB_MONI is used for tracking XML messages. What kind of tracking can we do by this transaction in our Business system and the XI system?
And how do I know whether the outbound XML message sent is lying in the Sending Business system or in the XI system?
When I am testing my interface, there is a fault message generated. How do I know whether the fault message is being sent to XI?
Thanks,
James.

James,
Go to SXMB_MONI in your sending system.
Here you will find a message ID fro your Message.
Go to XI, --> SXMB_MONI -->Monitor For Processed XML messages --> Advanced Selection Crieteria and use the Message ID here to see if the Message has hit XI or not.
Likeiwse it can be traced in the target system as well.
The basic point, The messages will have same Message Id on your R3 and on XI.
Regards
Bhavesh

Exact inbound Idoc or RFC for BP based on ROLE/Customer/Vendor ?

Hi ,
I need a inbound IDOC or RFC for Business partner in BP transaction posting based on Customer master or vendor master Role ...

Hi Frederic,
I need to post data in to BP transaction(customer master data and vendor master) role using BODS via IDOC. Required IDOC's for posting.

Monitoring of inbound and outbound messages for business system ECC 6.0

Hi Guys,
I am working on ABAP proxy. I want to monitor the flow of Inbound and Outbound messages for my Business system (ECC 6.0).
XI server is on a different system.
I understand that SXMB_MONI is used for tracking XML messages. What kind of tracking can we do by this transaction in our Business system and the XI system?
And how do I know whether the outbound XML message sent is lying in the Sending Business system or in the XI system?
When I am testing my interface, there is a fault message generated. How do I know whether the fault message is being sent to XI?
Thanks,
James.

James,
Go to SXMB_MONI in your sending system.
Here you will find a message ID fro your Message.
Go to XI, --> SXMB_MONI -->Monitor For Processed XML messages --> Advanced Selection Crieteria and use the Message ID here to see if the Message has hit XI or not.
Likeiwse it can be traced in the target system as well.
The basic point, The messages will have same Message Id on your R3 and on XI.
Regards
Bhavesh

Identification whether inbound delivery is created for a PO or not ?

Is there a way that one can identity whether inbound delivery is created for a given PO or not ?

Dear Eshwar,
There are several ways to check whether Inbound delivery had been created or even completed.
It will also depend on how u configured your system.
1) Also one of the most important would be if you check the delivery tab in a PO there would be delivery complete tab, which would be checked if inbound delivery is created for that PO.
2) Also you can find the delivery details in the Purchase order history
3) The confirmation control tab will have the delivery number which you check with VL33N.
Hope this helps
Thanks
Murtuza

How can I see "show ip bgp neighbors" for only VPNv4 enabled?

Hi,
I have only VPNv4-BGP-neighbors defined (IPv4-cfg is inactivated).
Is there any command showing the status of the VPNv4-neighbors ??
I am missing a command like "show ip bgp sum", "show ip bgp neigh" for VPNv4.
I use Cisco7206 with 12.2(14)S at the moment
What about neighbor status (established, number of prefixes, statistics updates/keepalives,....)
Regards,
Chris

Hi,
I found the command I searched for:
sh ip bgp vpnv4 all sum
sh ip bgp vpnv4 all neighbor
Thanks,
Chris

Inbound deliveries not created for Stock transfer process

Hi Every body
Inbound deliveries not created for Stock transfer process
We have Triggred Y458 output in Shipment VT02n and Output showing Green
But Inbound data not received in PO confirmation Tab
Any body help
Thanks in Advance
SAP MM

Manually processed

IPv6 Multicast support for service providers 6PE / 6VPE

Hi,
Can anyone comment on the current state of development for IPv6 Multicast support for Service Providers who are using 6PE or 6VPE in their MPLS core.
(6PE - SP is running MPLS in its IPv4 core, it uses IPv6-enabled provider edge (PE) routers to transport IPv6 traffic over an IPv4-only enabled core. 6PE does not support VPN,s it just provides a mechanism for tunneling IPv6 packets from ingress PE to egress PE routers)
(6VPE - refers to a PE router capable of supporting IPv6 VPNs. A 6VPE solution can be used to provide IPv6 based layer 3 VPN services in a similar way to IPv4 based Layer 3 VPN services.)
My understanding is that 6PE and 6VPE solution are unable to support IPv6 multicast traffic.
Any further information on configuration, design or development work in the pipeline would be gratefully received,
kind regards John

Hi John,
From our question I understand you are sking about the MVPN support for IPv6 multicast. It is actually supported on the XR platform as of now. Please refer:
http://www.cisco.com/en/US/docs/routers/xr12000/software/xr12k_r4.0/multicast/configuration/guide/mc40mcst.html#wp2890031
I hope this helps.
Regards,
Ruchir

Hyper-v for isp

hello,
we want to establish a new isp we planning to use hyper-v for isp system (dns,billing,hosting...)
instead of install too dns on sperate serve will installed in same on in two virtual machine and we will make the cluster for better performance
the vm vhd will placed in data storage with fiber link connected to switch then to server
so do you think there is any problem for that ?
do you think there is any problem to use ms dns as main one ?
thanks.

Hello,
is the hyper-v is trusted solution for internet service provider ?
mean can i use it i have around 10000 users connect to this isp and vm will placed on hp p2040 with fiber channel
also can can i use Microsoft dns for isp client? is it trusted to serve them ?
all vm will will be ubuntu server
thanks.
There are quite many small and middle-sized (f.e. TeleComputing) and big (f.e. Azure) cloud providers using Windows and Hyper-V as a core virtualization platform. You may find more here:
Hosted Solutions
http://www.microsoft.com/hosting/en/us/smallbusiness/default.aspx
...and here:
Azure
http://azure.microsoft.com/en-us/
Good luck!
StarWind Virtual SAN clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.

IPv6 Test Case for LinkSys Routers - Based on Ubuntu + Radvd + DHCPv6 - E1200v2 isn't ready for IPv6

Hello!
Here on this guide, you'll learn how to deploy your own Linux IPv6 Router, that can be used in ANY network, to give IPv6 connectivity to ANY ethernet device, including Windows, Mac, Ubuntu Server and Desktop, RedHat and, of course, LinkSys routers like E1200v2 and E2500 for its WAN interfaces.
I wrote this guide because I found a BUG on E1200v2, which doesn't work with IPv6 yet, already lost some money to figure this out.
That's it, when you see a E1200v2 box at the store, you can read: "* IPv6 Enabled", but that is not entirely true, since it does not work as expected.
Here on this post, it is a complete procedure to reproduce the problem.
NOTE: The model E2500 v1 does not suffer from this problem!
NOTE: This guide is very usefull if you have a LinkSys E2500 router and want to connect it directly into a Linux Router!
Who am I?
A.: I'm Thiago, I work in Brazil, for a company called iG (ig.com.br), I'm working here as a Network Engineer / SysAdmin and I have +10 years of experience with IPv4 networks + 5 years with IPv6.
* Brief
1- Install a Ubuntu 12.04.3, to act as your router, on a PC computer with two ethernet cards (eth0 will be Ubuntu's default route, eth1 will be used to connect LinkSys E1200v2);
2- Prepare your Ubuntu Router (very important step, read it carefully)
3- Connect E1200v2 directly into Ubuntu's eth1 ethernet card;
4- Connect a Windows PC at E1200v2 LAN port 1 (used to configure your E1200 with Cisco Connect everytime a reset is desired);
5- Reset (restore it from factory defaults) your E1200v2 router;
6- Install Cisco Connect in your Windows PC (LAN port 1);
7- Configure your E1200v2 as usual;
8- Browse the Internet (still IPv4);
9- Open Windows Command Prompt and type: ipconfig, ping, etc;
10- Open Google Chrome or Firefox and go to your E1200v2 Web Admin Interface at http://192.168.1.1/
11- Install a Ubuntu 12.04.3 Server connected at E1200v2 LAN port 2 to test IPv6 connectivity in deep, or;
12- Boot a Ubuntu Desktop 13.04 Live CD connected at E1200v2 LAN port 3 to test IPv6 connectivity in deep;
IMPORTANT NOTE:
* This tests will require IPv4 connectivity to the Internet, since the IPv6 blocks used on this example, are blocks used only for documentation (or small tests) porpuses, which means that those IPv6 tests we're about to do, will not reach the Internet (in IPv6), neighter be routed out from your E1200v2. But it is enough to prove that E1200v2 drops its clients IPv6 connectivity. Feel free to replace those IPv6 address with your current / valid IPv6 blocks (if you have a IPv6 /48 block from your ISP, you know what I'm talking about).
* Network Topology (Ubuntu Linux Router)
IPv6:
eth0
2001:db8:0:1::/64 = uplink allocation
2001:db8:0:1::1 = upstream router IP (Ubuntu's gateway IPv6)
2001:db8:0:1::2 = customer configured IP (your WAN uplink interface to provider - Ubuntu's eth0 IPv6 address)
eth1
2001:db8:1::/48 = statically routed subnet pointing at 2001:db8:0:1::2 that come from you IPv6-ISP
2001:db8:1::1 = your first IPv6 within your own infrastructure (Ubuntu's eth1 - E1200v2 directly connected here)
eth1:0
2001:db8:1:1::/64 = your first IPv6 /64 with Router Advertisement plus DHCPv6 running on Linux (radvd) (Ubuntu's eth1:0 - E1200v2 gets its WAN IPv6 address from this subnet)
2001:db8:1:1::1 = IP of your first /64 subnet, Radvd + DHCPv6 running here, Ubuntu as IPv6 router
IPv4:
eth0
192.168.10.0/24 = uplink allocation
192.168.10.1 = upstream router IP (Ubuntu's gateway IPv4)
192.168.10.2 = customer configured IP (your WAN uplink interface to provider - Ubuntu's eth0 IPv4 address)
eth1
192.168.20.1 = your E1200 will gets its WAN IPv4 address from this subnet - most common scenario for IPv4 wifi routers running inside enterprise environments today
* Complete procedure
1- Install a Ubuntu 12.04.3, to act as your router, on a PC computer with two ethernet cards
Install the following packages in your Ubuntu Router:
sudo apt-get install radvd isc-dhcp-server
2- Prepare your Ubuntu Router (very important step, read it carefully)
2.1- Ubuntu's file /etc/network/interfaces contents:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# IPv6
iface eth0 inet6 static
address 2001:db8:0:1::2
netmask 64
gateway 2001:db8:0:1::1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 2001:4860:4860::8888
dns-search linksys.com
# IPv4
iface eth0 inet static
address 192.168.10.2
netmask 24
gateway 192.168.10.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 8.8.8.8 8.8.4.4
dns-search linksys.com
# The secondary network interface, E1200 LinkSys wifi-router is connected here (WAN port)
auto eth1
# IPv6
iface eth1 inet6 static
address 2001:db8:1::1
netmask 48
auto eth1:0
iface eth1:0 inet6 manual
up ip -6 address add 2001:db8:1:1::1/64 dev $IFACE
down ip -6 address del 2001:db8:1:1::1/64 dev $IFACE
# IPv6 /56 block routed to LinkSys E1200v2, it is delegated to it through Prefix Delegation using DHCPv6
# Uncomment it later when your E1200v2 gets its own IPv6 Internet IP Address, keep reading this guide
#up ip -6 route add 2001:db8:1:f00::/56 via 2001:db8:1:1::2000
# IPv4
iface eth1 inet static
address 192.168.20.1
netmask 24
2.2- Configure Ubuntu /etc/sysctl.conf file
Uncomment the following two lines on it:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
After writting, run "sudo sysctl -p" to apply the changes.
2.3- Configuring Linux Router Advertisement daemon (radvd)
Your Linux Router Advertisement daemon running on Ubuntu, must have the following content:
# Ubuntu eth1
interface eth1
# Enable RA
AdvSendAdvert on;
# Enable clients getting their IPs from DHCPv6
AdvManagedFlag on;
AdvOtherConfigFlag on;
# Enable RA to the following subnet
prefix 2001:db8:1:1::/64
AdvOnLink on;
# When not allowing clients to auto-generate their IPv6 address (SLAAC), DHCPv6 will be used instead
AdvAutonomous off;
2.4- Configuring DHCPv6
Your isc-dhcp-server6 configuration file (/etc/dhcp/dhcpd6.conf) for IPv6 must have the following content:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
# Ubuntu eth1
# This is a very basic subnet declaration with Prefix Delegation enabled.
subnet6 2001:db8:1:1::/64 {
# Range for clients
range6 2001:db8:1:1::2 2001:db8:1:1::2000;
# Extra DHCP options
option dhcp6.name-servers 2001:4860:4860::8888, 2001:4860:4860::8844;
option dhcp6.domain-search "linksys.com";
  # The following line will delegate a subnet to LinkSys E1200v2,
  # using Prefix Delagation standards.
  # You'll be able to see this "Prefix Address" under "Status -> Local Network" E1200v2 menu.
prefix6 2001:db8:1:100:: 2001:db8:1:f00:: /56;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# Ubuntu eth0 - no DHCPv6 running but doesn't hurt to declare it here
subnet6 2001:db8:0:1::/64 {
Reference: http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/hints-daemons-isc-dhcp.html
2.5- Configuring DHCPv4
Your isc-dhcp-server configuration file (/etc/dhcp/dhcpd.conf) for IPv4 must have the following content:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
# Ubuntu eth1
# This is a very basic subnet declaration.
subnet 192.168.20.0 netmask 255.255.255.0 {
range 192.168.20.2 192.168.20.200;
option routers 192.168.20.1;
option domain-name "linksys.com";
option domain-name-servers 8.8.8.8, 8.8.4.4;
# No service will be given on this subnet, but declaring it helps the
# DHCP server to understand the network topology.
# Ubuntu eth0 - no DHCPv4 running but doesn't hurt to declare it here
subnet 192.168.10.0 netmask 255.255.255.0 {
* Reboot your Ubuntu Router to apply all the changes
After rebooting it, try to "ping 8.8.8.8" to make sure your Ubuntu Router have at least, IPv4 Internet connectivity.
NOTE: From this point, you'll be able to start testing IPv6 from behind your Ubuntu Router (i.e. from its eth1), if you connect a Ubuntu Desktop, a Mac or a Windows on Ubuntu's eth1, it will provide IPv4 and IPv6 address to that devices, including your E1200v2 WAN port...
3- Connect E1200v2 directly into Ubuntu's eth1 ethernet card;
Plug a RJ45 cable between Ubuntu eth1 ethernet card and E1200v2 WAN port.
4- Connect a Windows PC at E1200v2 LAN port 1
This Windows computer will be used to (re)configure your E1200v2 with Cisco Connect everytime a reset is desired.
5- Reset (restore it from factory defaults) your E1200v2 router;
Press and hold the reset button for about 10 seconds.
6- Install Cisco Connect in your Windows PC (LAN port 1);
Boot(reboot) Windows and install Cisco Connect on it.
7- Configure your E1200v2 as usual (by finishing Cisco Connect installation procedure);
After concluding this step, your Windows PC will have both IPv4 and IPv6 address, that come from E1200v2.
Windows gets its IPv4 from DHCP and IPv6 from SLAAC (main point of the problem), both provided by E1200v2.
NOTE: From this point, you'll be able to see the problem with E1200v2 internal RA daemon, you'll lose your IPv6 connectivity that come from E1200v2. But, lets keep testing it...
8- Browse the Internet (still IPv4);
That's it, try to browse google.com from your Windows PC, if Ubuntu Router can "ping google.com", Windows PC should be able to do it so.
9- Open Windows Command Prompt and type: ipconfig, ping, etc;
Run "ipconfig" to see your IPv4 and IPv6 address...
Run "ping 8.8.8.8" to see if you can reach the Internet...
10- Open Google Chrome or Firefox and open your E1200v2 Web Admin Interface at http://192.168.1.1/
Access your E1200v2 Web Admin and go to the "Status -> Router" menu.
Write down its Internet IPv6 address, it will be something like this:
IPv6 - Internet IP Address: 2001:db8:1:1::2000
NOTE: You can get this address at the Ubuntu Router itself, by reading the file /var/log/syslog (`grep pool' might help), for example:
# grep pool /var/log/syslog
Sep 24 00:47:13 ubuntu-router-1 dhcpd: Picking pool address 2001:db8:1:1::2000
Sep 24 00:47:13 ubuntu-router-1 dhcpd: Picking pool prefix 2001:db8:1:1::/56
You'll see the above message on your Ubuntu Router, right after turning on your E1200v2. Pool address is the IPv6 Internet IP Address of your E1200v2's WAN port, pool prefix is the delegated subnet to your E1200v2 router. After thatn, it will start to advertiser that block on its LAN ports and WiFi (which doesn't work as expected, there is a problem there, whithin E1200v2 itself.
11- Install a Ubuntu 12.04.3 Server connected at E1200v2 LAN port 2, to test IPv6 connectivity in deep;
Here is the most important test:
* Testing the IPv6 connectivity from E1200v2 LAN ports.
This test is very simple, we just need to try ping E1200v2's IPv6 Internet IP Address.
This Ubuntu Server will have the following content on its /etc/network/interfaces file:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# IPv6 - SLAAC - No DHCPv6 client required - E1200v2 will kicks off this IPv6, and I don't know why...
iface eth0 inet6 auto
# IPv4 - Requires DHCPv4
iface eth0 inet dhcp
After this, your Ubuntu Server will be able to "ping 8.8.8.8" and "ping6 2001:db8:1:1::2000" (E1200v2 WAN IPv6 Address noted before).
To prove that E1200v2 have a problem with IPv6, try to ping it, just run:
mtr -n 2001:db8:1:1::2000
...And after a few minutes, Ubuntu Server will lose its IPv6 address, because E1200v2 is kicking it off.
You'll be able to see a lots of package loss going on "mtr -n 2001:db8:1:1::2000".
If you connect a Mac OSX on E1200v2 LAN por 3, for example, it will also lose its IPv6 from time to time.
Wireless clients connected at E1200v2, like Android, iPad, Windows, Mac and Ubuntu laptops, also loses its IPv6 (that come from E1200v2) from time to time.
You guys must note that the E1200v2 itself, ramdomly becomes unreacheable from its own LAN ports (via IPv6)!! Which is unnaceptable.
12- Boot a Ubuntu Desktop 13.04 Live CD connected at E1200v2 LAN port 3 to test IPv6 connectivity in deep;
Boot a Ubuntu Desktop connected at your LinkSys E1200v2 router, and open 2 Terminals, on each of it, you should run:
Terminal 1:
mtr -n 2001:db8:1:1::2000
Terminal 2:
sudo tail -f /var/log/syslog
You'll be able to see a lots of package loss going on "mtr -n 2001:db8:1:1::2000" after a few minutes AND at the syslog, you'll be able to see when you lose your IPv6, that come from E1200v2.
Conclusion
E1200v2 doesn't have a working IPv6 Router Advertisement service. Please Cisco, fix it!
The IPv4 from behind E1200v2 is fine, I'm using LinkSys products for about +10 years now... First time with problems like this but, IPv6 is more or like new and, problems are expected... Lets work on it?!
Best Regards,
Thiago

Try to use dhclient perhaps? Might I also suggest letting systemd deal with the dhcp issue and not NM. That may seem incongruous but it is possible NM is mis-handling the dhcp hand-off to the network card. I'm no guru but I got thinking about this when I saw this in your output:
aug 26 19:15:39 arch_daboka NetworkManager[527]: <info> (enp1s0): device state change: ip-check -> secondaries (reason 'none') [80 90 0]
aug 26 19:15:39 arch_daboka NetworkManager[527]: <info> (enp1s0): device state change: secondaries -> activated (reason 'none') [90 100 0]
aug 26 19:15:40 arch_daboka NetworkManager[527]: <info> NetworkManager state is now CONNECTED_LOCAL
It is very possible that I'm mis-interpreting this information so please take it with a boulder of salt.

Configure IPv6 ACL Extensions for Hop by Hop Filtering

I have IPv6 ACL questions and concerns. The following code is an example:
ipv6 access-list inbound-to-enclave
     remark block IPv6 DO Invalid Options
      deny 60 any any dest-option-type 5
     deny 60 any any dest-option-type 194
     deny 60 any any dest-option-type 195
I see that dest-option-type became available in IOS release 12.4(2)T. I can't tell if this option was added to later releases of 12.2. Also, is it available in all releases of 15.x.
I am guessing that if a version of the IOS that is used is prior to 12.4(2)T that the default action will be to pass this traffic, correct? Thank you for any assistance that you can provide.

Hi Forrest,
This is correct. By default, this traffic would be allowed.
Regards

BGP peering with ISP

Hello Guys
I have a scenario where I would like to have your insights.
1. Client having Main site and DR site connected to same ISP with public IP line.
2. The client has acquired a public IP block (/24) and would like to use same on both main and DR sites.
Would this be possible through BGP? How can we advertise the same IP block on 2 sites?
The sites need to be in an active-active scenario.
Thanks

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If you're going to advertize the same address block, from two different BGP peers, whether to the same ISP or different ISPs, the expectation is, you can get to or from that address block along either path. I.e. you need an "internal" path between your two BGP peers. Otherwise, the "critical" BGP path fails, you continue to advertize an address block that's unreachable.
There's no need to split your block unless you were trying to manually load balance using your two paths.
As another poster noted, you might have asymmetrical routing (depending on path costing), but from a pure L3 perspective it doesn't matter. It can, though, matter to stateful devices like firewalls. The latter might be addressed by firewalls at both sites sharing state information.

Inbound IPV6 BGP Filterlists for ISP

Similar Messages

Maybe you are looking for