• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Adding OS X ipv6 clients to LAN with Cisco 87x router

Started by derby, December 08, 2009, 11:51:55 AM

Previous topic - Next topic

jimb

Try using a real IPv6 address on the vlan1 interface.  You can't use zero as a host address..

Change ipv6 address 2001:470:8:444::/64 eui-64 to ipv6 address 2001:470:8:444::1/64 eui-64.

You may also want to lose the eui-64, since it's not an (m)eui-64 although I can't say I'm familiar with what this option is supposed to do.

HobbesIE

success - finally!

the problem I was running into was that I was assigning a /64 address to the vlan1 interface, and the same to the dot11radio0.1 sub-interface. Cisco doesn't like this - so I got a /48 allocation from HE, and gave vlan1 & dot11radio0.1 /64 addresses from the /48 range. Here's the relevant config:

interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
ipv6 enable
ipv6 address 2001:xxx:xxxx:2::/64
ipv6 rip 1 enable
ipv6 dhcp server test

interface Vlan1
description Internal Network
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
ipv6 enable
ipv6 address 2001:xxx:xxxx:1::/64
ipv6 rip 1 enable
ipv6 dhcp server test


and voila it worked!

I think it is quite wasteful to not just split my existing /64 down further, but when I tried the same technique as above but setting the /64 address as xxxx:xxxx:xxxx:xxxx:1::/80 didn't work...I reckon that as MAC addresses are xxxx:xxxx:xxxx:xxxx it wouldn't leave enough space in the ipv6 address for it...

Let me know how you get on!

jimb

Don't use prefix lengths > 64.  There's some debate over using things like /126s on p-t-p and /128s on loopbacks, but in general stick to /64s.  Thinking that /64s are wasteful is "IPv4 thinking".  :p  You may want to check out RFC 4291, and RFC 3627.

What's with the all-zeros host type addresses (2001:xxx:xxxx:1::/64) ?  When given one of those, does the cisco generate a meui-64 address on the interface or something?  Otherwise, do you realize you're not supposed to use that?

Also, have you now split your wifi and wired LANs into separate LANs?

kcochran

Actually, for the router, an all-zeros host segment isn't an error, and in fact is something the router should be doing already.  RFC4291, 2.6.1 notes the following:
2.6.1. Required Anycast Address

   The Subnet-Router anycast address is predefined.  Its format is as
   follows:

   |                         n bits                 |   128-n bits   |
   +------------------------------------------------+----------------+
   |                   subnet prefix                | 00000000000000 |
   +------------------------------------------------+----------------+

   The "subnet prefix" in an anycast address is the prefix that
   identifies a specific link.  This anycast address is syntactically
   the same as a unicast address for an interface on the link with the
   interface identifier set to zero.

   Packets sent to the Subnet-Router anycast address will be delivered
   to one router on the subnet.  All routers are required to support the
   Subnet-Router anycast addresses for the subnets to which they have
   interfaces.

   The Subnet-Router anycast address is intended to be used for
   applications where a node needs to communicate with any one of the
   set of routers.


By specifying the all-zeros, he's likely just not giving the router a unicast address.

jimb

Quote from: kcochran on January 19, 2010, 08:00:18 PM
Actually, for the router, an all-zeros host segment isn't an error, and in fact is something the router should be doing already.  RFC4291, 2.6.1 notes the following:
2.6.1. Required Anycast Address

   The Subnet-Router anycast address is predefined.  Its format is as
   follows:

   |                         n bits                 |   128-n bits   |
   +------------------------------------------------+----------------+
   |                   subnet prefix                | 00000000000000 |
   +------------------------------------------------+----------------+

   The "subnet prefix" in an anycast address is the prefix that
   identifies a specific link.  This anycast address is syntactically
   the same as a unicast address for an interface on the link with the
   interface identifier set to zero.

   Packets sent to the Subnet-Router anycast address will be delivered
   to one router on the subnet.  All routers are required to support the
   Subnet-Router anycast addresses for the subnets to which they have
   interfaces.

   The Subnet-Router anycast address is intended to be used for
   applications where a node needs to communicate with any one of the
   set of routers.


By specifying the all-zeros, he's likely just not giving the router a unicast address.
Hrm.  I was under the impression that the subnet-router anycast was an address that routers would answer for with ND automatically, and not an address that's configured on the actual interface.  For instance, when I ping that address on my LAN, my router answers, with its unicast address:

{root@gts/pts/5}~# ping6 -n -c3 2001:db8:1234::
PING 2001:db8:1234::(2001:db8:1234::) 56 data bytes
64 bytes from 2001:db8:1234::1: icmp_seq=1 ttl=64 time=0.522 ms
64 bytes from 2001:db8:1234::1: icmp_seq=2 ttl=64 time=0.501 ms
64 bytes from 2001:db8:1234::1: icmp_seq=3 ttl=64 time=0.501 ms

--- 2001:db8:1234:: ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.501/0.508/0.522/0.009 ms


But I guess it's "legal" to not give your router a unicast address at all?  It'd make it sort of difficult to get to the router to log in or whatever, if there were multiple routers on the LAN, no?  Unless there was a management interface w/ a unicast or something I guess.  :shrug:


mlksoft

My cisco 1811 let me use a zero address, but complained:

%Vlan1: Warning: 2001:470:E0EC:1::/64 is a Subnet Router Anycast

So, I am led to wonder if this is a best practice.  I am OK with the fact that in ipv6 thinking, most sites will be assigned a /48, perhaps with residential users assigned a /56.

I am able to connect to ipv6.google.com, www.ipv6.org, and www.whatismyipv6.net, so the configuration is working.

jimb

Quote from: mlksoft on January 22, 2010, 06:47:59 PM
My cisco 1811 let me use a zero address, but complained:

%Vlan1: Warning: 2001:470:E0EC:1::/64 is a Subnet Router Anycast

So, I am led to wonder if this is a best practice.  I am OK with the fact that in ipv6 thinking, most sites will be assigned a /48, perhaps with residential users assigned a /56.

I am able to connect to ipv6.google.com, www.ipv6.org, and www.whatismyipv6.net, so the configuration is working.

Yeh I don't think it's good practice IMHO.  :P  Use ::1.

Addressing plans will depend largely on the ISP's own policies.  But the IAB outlines recommendations in RFC3177.  Basically it says that end users should get either a /64 if they have a single LAN, or a /48 if they have multiple LANs.  Businesses will also get /48s (one or multiple).  ISPs get /32s.  Also, just the currently assigned global unicast range, 2000::/3 (2000:: - 3fff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) contains ~537 million /32s (2^29 /32s).  So running out of /32s for ISPs won't happen any time soon.  And every /32 has 64Ki /48s, which in turn has 64Ki /64s, each of which have 2^64 - 1 interface addresses.   :)