Ipv6 p2p link

Similar Messages

• How to secure IPv6 P2P Link between two distinguished Routers using ospfv3

  I have two Routers - one Catalyst 6500 Sup720 and one Nexus 7009 SUP2-E - connected
  via ospfv3 P2P Link using  /64 IPv6 Networkaddresses. What must be configured in order to secure this P2P Link against possible security attacks ! Any example configuration available ?
  Greetings Manfred

  Hi Manfred,
  You should configure authentication on both of the P2P interfaces/ SVIs:
  int te1/0/1
     desc 6500 uplink
     ipv6 ospf authentication ipsec spi 500 sha1 <40_bit_hash>
  int te1/0/1
     desc 7009 uplink
     ipv6 ospf authentication ipsec spi 500 sha1 <40_bit_hash>
  ...ensure that either end of the link have same spi index value and obviously hash value too.
  cheers,
  Seb.

• Best VoIP QoS to use over a 350 P2P link

  Hi,
  I have implemented a wireless point to point link for a customer, using 350 bridges and 1760 routers to do the QoS.
  We are running Data along with the voice traffic... the Nortel VoIP products use DSCP EF to mark the IP packets for QoS.
  What is the best QoS mechanism to use on the routers? Currently I have set-up modular QoS using Shaping (to create a state of congestion on the outbound Ethernet interface) and LLQ as a child policy to take care of the VoIP packets. Is this my only option until 802.11e is ratified?
  Thanks,
  Darren

  We're running the same and getting good voice quality. I would run through the voice quality troubleshooting info on Cisco's site if you're experiencing voice quality issues.

• IPv6 Addressing Point to Point Links in the enterprise

  For an enterprise, it doesn't seem to make sense to use Global addressing for point to point, transit-only links and loopbacks.
  Link-local only addressing breaks debugging tools like traceroute, DNS, etc.
  Is Unique Local the correct choice for this?
  I've searched quite a bit and I've not found a lot of discussion about scope selection for point to point links.  Some RFCs such as 6164 imply Global scope vs Unique Local scope usage is a preference.  Most discussions of point to point addressing focus on bit length.  I'm assuming this means design concerns are agnostic toward scope selection.
  Is anyone aware of documentation I've missed or have any recommendations in this area?
  If ULA was the correct choice, address hierarchy might look like this:
  DataNetwork1 -- Router1 -- ULA.1.1 -- Link -- ULA1.2 -- Agg Router -- Core
  DataNetwork2 -- Router2 -- ULA.2.1 -- Link -- ULA2.2 -- Agg Router /
  DataNetwork3 -- Router3 -- ULA.3.1 -- Link -- ULA3.2 -- Agg Router /
  The network core would have summarized entries for DataNetwork[1|2|3] and ULA[1|2|3].  IE, there would be a Global hierarchy and a ULA hierarchy.

  Scott,
  Let me break this down into some categories for you.
  Address selection:
  I believe that best practice is to use Global Unicast Addressing everywhere (coupled with a proper security policy at your edge). ULA was a compromise for Site Local never being properly defined and whilst it can be used in the same way as GUA I don't believe it is worth it. Irrespective of what you use (GUA or ULA), subject to your security and routing policy traceroute will work from both ends (e.g. you tracing out, someone tracing in)
  Address masking:
  The general rule of thumb is that you allocate /64s to eveything and then mask down to the appropriate mask for the function you are expecting (P.S. Forget everything you learnt about IPv4 address conservation). If you are using /127 masks then in theory every p2p link in your network is either a 0 (::) or a 1 (::1)
  e.g.
  traceroute HostB:
  1     2001:1234:abcd:1::1
  2     2001:1234:abcd:2::1
  3     2001:1234:abcd:3::1
  4     2001::4:10
  The only exception to this is loopbacks, you can sequentially allocate /128s from the same /64 block
  NOTE: /127 support is recent and may not be supported by some vendors, in this case use /126 masking (same as you would use /30s in IPv4)
  If you have a /48 ( a normal enterise allocation) or larger then this should not be an issue ( you have access to 65536 x /64s) the only reason you would consider ULA for infrastructure numbering is because you have a small IPv6 pool. I would still argue you should get more IPv6 addresses than use ULA.
  I hope this helps
  Cheers

• Linking AirPort Extreme to my bt home hub

  I have bought a 2tb AirPort Extreme for back ups and stronger wireless at home but as part of set up to my existing bt modem am getting error messages which pale or bt can't fix. When using the airport utility it keeps on asking for PPPoE details which BT say I don't need, any advice please

  Should I be connected to LAN  or WAN port?
  I said LAN port on the BT router.. since WAN port is not available.. on the TC it makes no difference wan or lan but by convention we say WAN.. in bridge the WAN port is joined to LAN.
  Connect using DHCP, IPv4 address 169.254.102.175
  This is self generated IP .. you have no connection.
  have blank IPv6 DNS Servers box and don't know a what to add
  Nothing you don't need ipv6. You need it on the computer for the link to the TC.. not the TC to the internet.
  I have just give the full manual method to connect to a BThome hub.
  Please follow this .. it is rather more complicated than it needs to be because apparently the airport utility is failing to set it correctly.. therefore do the whole thing manually.
  https://discussions.apple.com/thread/6169029?tstart=0#
  This was done for a Time Capsule.. TC.. In your case it is Airport Extreme.. please just read TC = AE.
  1. Factory reset the TC.
  The Factory Reset universal
  Unplug your TC/AE. Hold in reset. and power the TC/AE back on..  all without releasing reset and keep holding in for about 10sec. The time is not important.. it is the front LED rapid flashing that indicates you are in factory mode.
  Release reset.
  If it doesn’t flash rapidly you have released reset at some point and try again.
  Be Gentle! Feel the switch click on. It has a positive feel..  add no more pressure after that.
  TC/AE will reboot after a couple of minutes with default factory settings and will wipe out previous configurations.
  No files are deleted on the hard disk.. No reset of the TC deletes files.. to do that you use erase from the airport utility.
  2. Plug it by ethernet into your computer. Open the ethernet in your system preferences/ networking.
  Ensure you have IPv6 set link-local.
  Your IP address should show 10.0.1.2
  3. Open the airport utility. Go to the top menu.. Click on Configure Other.
  4. Type in the IP address, exactly as shown. No password is needed. Click OK.
  5. You will now open the manual setup pages of the TC. This is new screen that will come up.
  Since you are doing it manually you must go through all the pages and and give it the right settings.
  6. Click on base station. Type in a name.. short, no spaces and pure alphanumeric.
  eg.
  7. Click on the internet tab. Set to dhcp.
  8. Click on the wireless tab and set as below.. Create a wireless network.. use a suitable name, short, no spaces and pure alphanumeric. Also set wireless security password and use WPA2 personal.
  9. Click on the Network tab.
  Choose off (bridge mode). Then at the bottom click update.
  10. Wait for the TC to restart.. unplug it.. it won't work now plugged into the computer. It must now be connected to your main router to function.
  Plug the WAN port of the TC.. the one with sunburst symbol.. to the BT router LAN port by ethernet.
  On the Mac connect to the TC wireless which you set at step 8. Type in the password for wireless you just set.
  Follow this exactly and it will work.

• Facing issue in HSRP configuration with IPV6

  Hi,
  i am trying to configure hsrp with ipv6 and all command are running for hsrp excep this command standby 1 ipv6 2001::10/64
  and i have also tried  standby 1 ipv6 2001::10, then showing error:- % invalid link-local address.
  i have also configred  standby 1 ipv6 autoconfig then hsrp is not running
  So i need help kindly help me anyone one this.

  Hi Daljitsinghtagore,
  UPDATE:: I found this video from Cisco TAC, this will walk you through configguring IPv6 HSRP. I hope this helps
  https://supportforums.cisco.com/videos/2829
  I have never configured IPv6 HSRP, so you will have to bear with me.
  But something I do notice off the bat is that you are using the '2001::/64' address space.
  Link local addresses are addresses local to that interface and are used to reach neigbors hence the name link local. these addresses beguin with fe80::/10 im pretty sure if you tried fe80::10 as the IPv6 address your router would accept it.
  As soon as you run the command ipv6 enable under an interface
  e.g. router(config-if)ipv6 enable. - This enables a eui-64 link local address.
  If you then do a 'sh ipv6 interface brief'
  you should get an address starting fe80: this is your routers link loal address.
  See below snippet from Cisco
  "The purpose of this document is to provide an  understanding of IPv6 Link-local address in a network. A link-local  address is an IPv6 unicast address that can be automatically configured  on any interface using the link-local prefix FE80::/10 (1111 1110 10)  and the interface identifier in the modified EUI-64 format. Link-local  addresses are not necessarily bound to the MAC address (configured in a  EUI-64 format). Link-local addresses can also be manually configured in  the FE80::/10 format using the ipv6 address link-local command.
  These addresses refer only to a particular physical link and are used  for addressing on a single link for purposes such as automatic address  configuration and neighbor discovery protocol. Link-local addresses can  be used to reach the neighboring nodes attached to the same link. The  nodes do not need a globally unique address to communicate. Routers will  not forward datagram using link-local addresses. IPv6 routers must not  forward packets that have link-local source or destination addresses to  other links. All IPv6 enabled interfaces have a link-local unicast  address."
  http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080ba1d07.shtml#intro
  I will load up GNS3 later when I have some time to confirm.
  Regards,
  Liam
  Message was edited by: Liam Kenneally

• What is the most appropriate way to generate a static IPv6 for a domain controller?

  DNS Role Best practives is giving errors. Looks like I need to assign ONE static IPv6 to each domain controller and use IT in DNS and DHCP. There are two routers on the network, each assigning a 2002: IP, plus a link local FE80: IP is also assigned.
  Is there a way to generate a static IPv6 for domain controllers that will not change even if the network cards or routers are changed?
  What is the best practice so that domain integrated DNS and DHCP with Exchange 2010 in the domain, will continue to function?
  There is ambiguous information as to whether DC's should have static or dynamic IPv6 IPs. I have tried variations such as IPv4 compatible. IPv4 mapped, ISATAP, etc. but over time have gotten different errors from different sources.
  It is one thing for Microsoft to give error messages about IPv6 but I cannot find any definitive recommednations on this.
  Thanks if anyone finds a universal answer.
  Bob.

  Excellent and valid points, Bob. Your outlook explains in an easy way how the challenges setting up Windows Server are in a sense, self-generated, and in every sense fully avoidable.
  No changes have been made to the warnings or errors in 2013 R2 despite improvements in other areas. This release mainly brought improvements to the setup in areas that were truly broken like automatic account generation for ADFS. Since that's a decade old
  feature it's probably best not to wait for Microsoft to clarify, and I appreciate your recommendations.
  I'm bumping this thread since it's the first result for 192.168.1.1 on ipv6 on Google right now, and since there's no way to see how often it's being referenced I wanted to add some additional information.
  Multiple NIC's can be specified by using the scope ID parameter supported since Vista, that appears as a percent-sign at the end of IPv6 addresses. It uniquely identifies the network adapter even when that adapter shares the same host portion of the IPv6
  address space (i.e. essentially, has the same IP, which in IPv4 is invalid.) I'll give some examples at the end of the post.
  Following the recommendation to deprecate the fec0 prefix while maintaining a link-local addressing scheme is possible through the prefix length at the beginning of the IPv6 address. As
  this reference at IBM explains, fe80:: maps to a link-local prefix length of 64 equivalent to the IPv4 version of 24, and anything else before the double-colon refers to the network portion of the IPv6 address.
  The host portion of the IP address then _could_ be ::20, ::21, etc., as you said, but to follow
  this MSDN recommendation, it would be more appropriate to use the same host portion and add a suffix for the scope ID documented on that page. The suffix may be specific to Windows
  and may not work in an equivalent way in heterogeneous platform deployments. But since the effect is limited to the local machine it should help anything past XP differentiate NICs when assigned the same host portion.
  The approach taken in the random IPv6 generator linked elsewhere on this page leaves open the possibility, however unlikely, that the generated IP can route to some other host on an open network that happens to have generated the same network portion of
  the address (the other host would be sharing the same network.) If any part should be random, it's the host portion after the double-colon, not the network portion at the beginning, so that the possibility does not exist.
  Additionally, the host portion doesn't have to be random, it's just done that way because it's usually automatically generated; a random number is safer for a computer than relying on a sequence that may not fully cover all the numbers used so far. If you're
  doing a manual deployment you can combine the above information with the inline 0-supression in IPv6 to assign numbers in the following way:
  fe80::1:1%1 (first computer is 1:1, first interface is %1)
  fe80::1:1%2 (second interface)
  fe80::1:2%1 (second computer, first interface)
  Effectively here we're swapping "192.168.1" for "fe80::1" which is roughly the same length (taking into account variations like 10.0.0). The only gotcha is that _either_ the string after the double-colon can't be 1 by itself since that's
  reserved for local machine loopback, _or_ that the second-to-last number after the double-colons can't be 0, since that's equivalent due to inline supression.
  Other combinations are fine, like fe80::2%1 and fe80::2%2 for the first computer, then ::3 for the second, etc. I thought having a 2-index for the first machine is too uncommon to look familiar so I chose the alternative, but even something like fe80::fe%80
  is perfectly fine.
  If you don't need to identify individual NICs then omitting the part after the percent sign makes fe80::10, fe80::11 a valid sequence for 2 computers. For over 255 computers just add another number before the last, so that it looks like fe80::1:10, fe80::1:11,
  etc. That should be easier to remember than the randomly generated numbers.
  There is also another way if the preference is to use IPv4-lookalike addresses. The mapped address spec is defined in RFC 4291 and it goes along the lines of "::ffff:192.168.1.1" for a valid IPv6 address to the gateway, for example. That is a newer
  recommendation than the RFC which the random-number generated linked elsewhere on this page relies on.

• CEF/Point to Point link in ASR 903 not working

  Hi there,
   I have been having some issues with ASR 903 connected to a OLT and upon further testing in the lab I came across a strange issue.I have R1 and R2  connected directly on the p2p link Tengig interface.I have configured below ips but somehow cannot get connectivity.I can see the mac resolved in one router but no in the other and cef entries in both reflects drop.
    Have you guys come across this before?Surely I'm missing something here but considering both routers are straight out of the box, I'running out of ideas here as the setup cannot be any simpler than this however I am unable to establish connectivity.
  Router2#
  Interface              IP-Address      OK? Method Status                Protocol
  Te0/1/0                10.10.10.2      YES manual up                    up      
  uilding configuration...
  Current configuration : 78 bytes
  interface TenGigabitEthernet0/1/0
   ip address 10.10.10.2 255.255.255.0
  end
  Router1#
  Te0/1/0                10.10.10.1      YES manual up                    up    
  uilding configuration...
  Current configuration : 78 bytes
  interface TenGigabitEthernet0/1/0
   ip address 10.10.10.1255.255.255.0
  end
  Router1#sh ip arp
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  10.10.10.1              -   e0d1.73dd.7909  ARPA   TenGigabitEthernet0/1/0
  Internet  10.10.10.2              0   Incomplete      ARPA   
  Router2#sh ip arp
  Protocol  Address          Age (min)  Hardware Addr   Type   Interface
  Internet  10.10.10.1              0   e0d1.73dd.7909  ARPA   TenGigabitEthernet0/1/0
  Internet  10.10.10.2              -   e089.9d0b.2389  ARPA   TenGigabitEthernet0/1/
  Router1#sh ip cef exact-route 10.10.10.2 255.255.255.0
  10.10.10.2 -> 255.255.255.0 =>drop
  Router2#sh ip cef exact-route 10.10.10.1 255.255.255.0
  10.10.10.1 -> 255.255.255.0 =>drop

  Hi,
  According to your post, my understanding is that the Office 365 link on Left suite Bar(Blue bar) failed to work on Sharepoint.
  If you click the “Office 365” logo, it will redirect to the “Office 365 admin center” which URL is
  https://portal.microsoftonline.com/Default.aspx.
  Please make sure you have permission to log on to the Office 365 portal.
  You can use an account that has administrative permissions for your organization.
  Regarding SharePoint Online, for quick and accurate answers to your questions, it is recommended that you initial a new thread in Office 365 forum.
  Office 365 forum
  http://community.office365.com/en-us/forums/default.aspx
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Spanning-tree link-type shared

  Hi,
  i 've this problem.
  My PC must boot OS (windows) from network (Server sends Operating System by PC's mac-address)
  PC needs a ip-address within 5-10 seconds.
  I try it using hub and PC loads correctly OS and works properly.
  I try on my network (without hub) using Catalyst Switch in 2 ways:
  IOS and CatOS
  For the IOS i find this solution:
  i use the follows CLI:
  spanning-tree portfast
  spanning-tree link-type shared
  in this case i resolved my problem.
  FOR catOS , this command not work properly
  i use the follows CLI:
  set spantree portfast mod/port enable
  set spantree link-type mod/port shared
  After, if i see the configuration , i find the CLI
  "set spantree mst link-type mod/port shared"
  Can you help me?
  Thanks
  FCostalunga

  Configuring a ports STP link type to shared is sort of invalid if the port is also configured as an STP portfast port. 'Shared' effectively means this is a half-duplex connection to a hub that may also be connected to another switch (hence it can't be a point-to-point link). Normal STP operation should operate over 'shared' links and you won't get the rapid start a P2P link has.
  If the port is connected directly to a host then simply configuring the port as a portfast port will be enough (it will also make it a P2P link by default).
  HTH
  Andy

• Eigrp - How to modify Admin distance for redistributing connected links and over WAN

  We have a single EIGRP domain 101 across 2 locations (A and B) separated by a WAN link. Each location has a number of L3 switches at the IDF behind the router which has  the L3 vlans VL1, VL2 etc. We run eigrp 101 across all the switches and on the routers but we dont advertise any of the L3 vlans on them and we do redistribute static and connected for the static and the vlans to be distributed on eigrp.
  Qn
  1. How do i reduce the admin distance of the directly connected vlan on IDF on our core switch. ie. Vl1 and Vl2 that are distributed via connected has a admin distance of 170 locally as the other switches sees that as External without having to advertise the networks individually on each switch.  
  2. Is that possible to increase the admin distance over the WAN link without having to create a 2nd eigrp domain. ie.. Add a admin distance of say 50 over the WAN link  and that way devices on both sides do see that there is a 130 distance for the remote side and 90 for local for admin distance.
  Why?
  I am trying to separate two locations and i don't think we will be able to create an additional domain and i am trying to see alternate methods of achieving this.  
  Additional info-
  The design i mentioned has 2 locations with a WAN connection and i have mixed (90/170) distance based on where the routes are coming(eigrp/connected/static) from eventhough  everything is within the same network.  We only have 1 Eigrp network 101 and was looking to alter the AD for just connected if at all possible.
  Assuming i put in all the routes into the network how can i make site 2 see the site 1 network with a larger admin distance and 1 to 2 with a larger admin distance while not altering the admin distance within the local site.
  Underlying reason: We are getting a MPLS link(lower bandwidth) connecting to site 3,4 and 5 at both sites and wanted to clear the internal routing first before i can add them or redistribute them into bgp.

  If these two sites are connected via a P2P link and you are exchanging EIGRP routes across it then you need to be aware of what you redistribute into BGP because each site will know about it's own subnets but also the other sites subnets.
  If you just redistribute all EIGRP at both sites then it's a lottery as to which MPLS connection the non EIGRP sites use.
  So you either need to -
  1) when you redistribute EIGRP at each site into BGP use a route map and only allow the local networks for that site
  or
  2) if you want each of the EIGRP sites to back each other's MPLS connection up you could have them both advertise out all networks ie. their own and the other EIGRP site's networks but modify the BGP attributes of the non local networks so they are least preferred.
  You still want to use a route map to ensure only the local and other EIGRP sites network are redistributed because remember you are also receiving BGP routes from the non EIGRP sites and redistributing these into EIGRP at each site and these are exchanged via the P2P link as well.
  It realty depends on what you are trying to do.
  The actual basic redistribution is very straightforward, see this link -
  http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/113506-failover-eigrp-bgp-00.html
  but you need to decide what you are going to do in terms of EIGRP to BGP advertisements as covered above.
  I'm not trying to make things complicated for you but because you have a P2P link connecting these sites and you are running EIGRP over it then any routes received via BGP will be redistributed into EIGRP and you need to make sure they are then not redistributed back into BGP on the other site router.
  Jon

• P2P UserDescriptor drops and latency always NAN

  During a P2P video call my UserDescriptor drops and latency are always NAN.  This seems like extremely useful information is there a way to get this information, is it not present for some reason in P2P?
  Thank you,
  -Eric

  Not sure but I'm really looking for anyway I can get some QOS data for the P2P link, that way I can adjust my audio and video settings for lower bandwidth links automatically.
  -Eric

• DC design question: L2 extension. A-VPLS? OTV? Link?

  Ciao a tutti,
  during a redesign phase of 2 datacenters (locate 500mt one from the other), we are wondring what use to extend the L2.
  All devices are 6500 in VSS (excluding the 2 at the top which are 4500), no problem on link to be used (it's a campus, I think we have more or less 20 dark FO).
  In RED: L3 PtP MEC
  In BLUE: L2 link
  A solution proposed is in the file sol_one: L3 ptp in nord-sud (via EIGRP, and it's ok), L2 via dark fiber in est-ovest ... extendig the L2 domain with STP and VTP (!!).
  We think about placing a couple of N7004 with OTV and then stretch vlans (sol_two).
  We think also to use AVPLS but it seems that it's more difficult to be configured (and more expensive).
  Any help is appreciate.
  L.

  well by having pair of nexus 7K in each DC you will  be able to utilize OTV over the p2p links between the two DCs as a data center interconnect DCI
  this DCI need to be L3 link
  OTV need to be in its own VDC using M1/M2 line card
  th eL3 DCI can be used for normal routed traffic between the DCs (none stretched L2 VLANs ) also the VLANs need to be stretched can pass through the OTV VDC and back to the L3 DCI links
  you may consider using OTV in unicast-transport only over multicast if its only p2p DCI link
  please refer to the folowing link for some more details
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI_1.html#wp1186215
  OTV deployment is pretty simple and all what you need is to plan it well in terms of Hardware required, software and interaction between OTV peers
  OTV also support load sharing when you have two edge devices like in your case where odd VLANs go through one device and even VLANs go through the other one
  not to mention there are more other benifit that you can gain from OTV such as:
  No requirements to forward unknown unicast frames
  Control Plane Learning with proactive MAC advertisement
  ARP cache maintained in Edge Device by snooping ARP replies
  Total isolation of the STP domain
  HSRP localisation support
  hope this helps

• QoS on metro ethernet links

  We recently got a metro ethernet link (45Mbps) between 2 of our offices.
  Currently we do not have any QoS services from the provider on this link.
  I want to implement QoS over this link. Should i treat this as a normal P2P link and do the QoS or should i also need to ask the SP to do some sort of QoS in their MEN.
  Does it really matter to have the SP do QoS as well
  Note:- I will be using the link purely as a L3 P2P link
  Thanks in advance
  Narayan

  You would need the QOS on the MAN connect as well. Even though you are running a L3 P2P link you are traversing multiple L2 hops.
  And where there may be contention by others traffic contending for the resources.
  I believe in most cases your SP's 4 to 5 Classes would be good enough. Still you may want to understand his classes and also may want to negotiate the SLA terms.
  Once this is taken care you can simply ask him to trust the incoming DSCP on the attachment circuit at his UPE.
  You may also have to configure incoming DSCP trust on your Metro-CPE link which connects to you internal core routers.
  HTH-Cheers,
  Swaroop

• Can I use a GRE tunnel to solve my problem?

  Please see the attached file for a topology of the relevant portions of this network.
  All but three of the APs at Building B are plugged into Cisco 3650 switches that are also acting as the WLCs.  This allows for local switching of WiFi client traffic.  The WiFi clients are tagged with VLAN 20 and the PCs at Building B are tagged with VLAN 10.  Inter-VLAN routing occurs at the 3560 in Building B.  This is important so that iPads on the WiFi network are switched locally with the PCs in the classroom. I then turn on the mDNS feature on the 3650/WLC so that we can use our PCs as "Apple TVs" via a program called Air Server.  This allows the teacher to project the iPad onto the PC, which is then projected to the SMART Board.
  My problem is with the 3 classrooms whose APs plug into a 2960-PS.  These APs are managed by the dedicated WLC-5760 located at Building A.  This means that the teacher PC is using the 3560 in Building B as the default gateway while the wireless traffic is being handled by the 3750 in Building A.  The last time I checked, the WLC 5700 series controllers did not have Flex Connect as a feature.  
  Here's my question:  Is there any type of IP tunneling solution I could use to tunnel a particular client or VLAN so that it can be routed at Building A?  I've only played with tunneling from an IPv4/IPv6 standpoint.  Thank you for your time!

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  You're correct, you cannot extend L2 across L3 unless you use some kind of encapsulation technology, for example, the already mentioned L2TPv3 or pseudo-wire over MPLS, etc.
  However, what I have in mind for extending a VLAN means converting a routed p2p link to a L2 trunk link (I'm assuming the equipment, e.g. L3 switches, can support this). Across the trunk, you can extend your VLAN(s).  For the routers, you can dedicate a new VLAN, across just the trunk, that takes the place of the former p2p.  I.e. so you can do both L2 and L3 across the same physical link.
  [edit]
  I didn't see Jon's post until after I posted above, but he's explaining, in more detail, what I had in mind.

• AirPort Extreme extends my network and has worked well for three months. Now it can no longer extend the network and flashes Amber. I have restored to factory settings moved it closer to time capsule and rebooted the system without luck

  i have a blinking Amber on my extreme now and it cannot extend the network.  It was working fine and nothing has changed. I have restored to factory settings moved it to another room and rebooted the system without luck. Any suggestions

  What OS are you running?
  Please give me a screenshot of the current AE setup..
  I strongly recommend if you have issues.. take control of all the variables. Apple routers have too much auto..
  Here is a list that I use for setups when using Yosemite.. but it relates to any OS.
  You will need to factory reset again to get going.
  Factory reset universal
  Power off the AE.. ie pull the power cord or power off at the wall.. wait 10sec.. hold in the reset button.. be gentle.. power on again still holding in reset.. and keep holding it in for another 10sec. You may need some help as it is hard to both hold in reset and apply power. It will show success by rapidly blinking the front led. Release the reset.. and wait a couple of min for the AE to reset and come back with factory settings. If the front LED doesn’t blink rapidly you missed it and simply try again. The reset is fairly fragile in these.. press it so you feel it just click and no more.. I have seen people bend the lever or even break it. I use a toothpick as tool.
  Then redo the setup from the computer with Yosemite or whatever you are using.
  1. Use very short names.. NOT APPLE RECOMMENDED names. No spaces and pure alphanumerics.
  eg AEgen5 for basestation.
  Use AE24ghz and AE5ghz for wireless on each band, with fixed channels as this also seems to help stop the nonsense.
  2. Use all passwords that also comply but can be a bit longer. ie 8-20 characters mixed case and numbers.. no non-alphanumerics.
  3. Ensure the AE always takes the same IP address.. this is not a problem for router but if the AE is bridged you can have trouble.. Try using the static IP method or control it via the main router dhcp reservations.
  4. Check your share name on the computer/s is not changing.. make sure it also complies with the above.. short no spaces and pure alphanumeric..
  5. Make sure IPv6 is set to link-local only in the computer. For example wireless open the network preferences, wireless and advanced / TCP/IP.. and fix the IPv6. to link-local only.
  6. Set up the extend to the Express using 2.4ghz and then see how good or bad the connection is.. this is better in the old v5 utility but if you hover your mouse over where it shows connection an extra chunk of info comes up.
  I have specifically used 5ghz to make the extend.. because by testing it works better.. but do not be fooled.. this good connection is poor.. the RSSI.. which is difference signal .. at -79dbm is down the bottom of the stable.. and it drops out on a daily basis.. you want to see that signal around -60dbm at min.
  There is a lot more jiggery pokery you can try but the above is a good start.. if you find it still unreliable.. don't be surprised.