donatas abraitis

$Cisco iBGP IPv6 sessions for the win

Today I spent few hours to figure out this hell.

TL;DR;

If you want to use IPv6 iBGP sessions with older Cisco IOS versions (in this case it’s a Cisco 6500 series device).. Come on, you just can’t. Why? Here is the explanation:

10:28:18.428588 IP6 (class 0xc0, hlim 64, next-header TCP (6) payload length: 174) 2a02:4780:1:2::2.44410 > 2a02:4780:1:2::1.179: Flags [P.], cksum 0xb9b3 (correct), seq 130:284, ack 321, win 15008, length 154: BGP, length: 154
  Update Message (2), length: 93
    Multi-Protocol Reach NLRI (14), length: 44, Flags [OE]:
      AFI: IPv6 (2), SAFI: Unicast (1)
===== >>      nexthop: 2a02:4780:1:2::2fe80::ce37:abff:febd:ef70, nh-length: 32, no SNPA
        2a02:4780:bad::/48
      0x0000:  0002 0120 2a02 4780 0001 0002 0000 0000
      0x0010:  0000 0002 fe80 0000 0000 0000 ce37 abff
      0x0020:  febd ef70 0030 2a02 4780 0bad
    Origin (1), length: 1, Flags [T]: IGP
      0x0000:  00
    AS Path (2), length: 0, Flags [TE]: empty
    Multi Exit Discriminator (4), length: 4, Flags [O]: 0
      0x0000:  0000 0000
    Local Preference (5), length: 4, Flags [T]: 100
      0x0000:  0000 0064

What the hell is “nexthop: 2a02:4780:1:2::2fe80::ce37:abff:febd:ef70”? Expected to have something like this:

10:28:18.561391 IP6 (class 0xc0, hlim 255, next-header TCP (6) payload length: 95) 2a02:4780:1:2::1.179 > 2a02:4780:1:2::2.44410: Flags [P.], cksum 0xa0d0 (correct), seq 321:396, ack 284, win 16101, length 75: BGP, length: 75
  Update Message (2), length: 75
    Origin (1), length: 1, Flags [T]: IGP
      0x0000:  00
    AS Path (2), length: 0, Flags [T]: empty
    Multi Exit Discriminator (4), length: 4, Flags [O]: 0
      0x0000:  0000 0000
    Local Preference (5), length: 4, Flags [T]: 100
      0x0000:  0000 0064
    Multi-Protocol Reach NLRI (14), length: 28, Flags [O]:
      AFI: IPv6 (2), SAFI: Unicast (1)
===== >>      nexthop: 2a02:4780:1:2::1, nh-length: 16, no SNPA
        2a02:4780:1::/48
      0x0000:  0002 0110 2a02 4780 0001 0002 0000 0000
      0x0010:  0000 0001 0030 2a02 4780 0001

It’s quite clear $Cisco bug. In this case we are doing workaround by implementing eBGP sessions with private AS numbers to bypass link-local addresses. If you use eBGP, then next-hop-self just skips link-local addresses and doesn’t bundle them into peer’s address.