IPv6 Router Interface Configuration

How routing on classic cisco IOS devices for end user subnets should be configured on the campus network.

IOS-XR Example Router Configuration with HSRP

Primary RouterSecondary Router
interface Bundle-Ether9.9999
 description Awesomesauce network
 ipv4 mtu 1500
 ipv4 address 144.92.67.3 255.255.255.0
 ipv4 verify unicast source reachable-via rx allow-self-ping
 ipv6 nd ns-interval 5000
 ipv6 nd reachable-time 900000
 ipv6 mtu 1500
 ipv6 verify unicast source reachable-via rx allow-self-ping
 ipv6 address fe80::3 link-local
 ipv6 address 2607:f388:e:100::3/64
 encapsulation dot1q 42

router ospfv3 1
 area 0
  interface Bundle-Ether9.9999

router hsrp
 interface Bundle-Ether9.9999
  address-family ipv4
   hsrp 9999 slave
    follow CSSCHsrpMaster
    address 144.92.67.1
   !
  address-family ipv6
   hsrp 42 slave
    follow CSSCHsrpMaster
    address linklocal fe80::1
  !
 !
interface Bundle-Ether9.9999
 description Awesomesauce network backup
 ipv4 mtu 1500
 ipv4 address 144.92.67.2 255.255.255.0
 ipv4 verify unicast source reachable-via any allow-self-ping
 ipv6 nd ns-interval 5000
 ipv6 nd reachable-time 900000
 ipv6 mtu 1500
 ipv6 verify unicast source reachable-via any allow-self-ping
 ipv6 address fe80::2 link-local
 ipv6 address 2607:f388:e:100::2/64
 encapsulation dot1q 42

router ospfv3 1
 area 0
  interface Bundle-Ether9.9999
   cost 250

router hsrp
 interface Bundle-Ether9.9999
  address-family ipv4
   hsrp 9999 slave
    follow CSSCHsrpMaster
    address 144.92.67.1
   !
  address-family ipv6
   hsrp 42 slave
    follow CSSCHsrpMaster
    address linklocal fe80::1
  !
 !

Classic IOS Example Router Configuration with HSRP

Primary RouterSecondary Router
interface Vlan3741
 description UWNET at CSSC TechLab
 ip address 72.33.13.227 255.255.255.224
 ip verify unicast source reachable-via rx allow-self-ping
 ip helper-address 144.92.254.252
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip pim dr-priority 4294967294
 ip pim sparse-mode
 ip multicast boundary mcast-filter
 ip igmp access-group mcast-filter
 ipv6 address FE80::3 link-local
 ipv6 address 2607:F388:F:7::3/64
 ipv6 nd reachable-time 900000
 ipv6 nd ns-interval 5000
 ipv6 nd router-preference High
 ipv6 pim dr-priority 4294967295
 ipv6 ospf 1 area 0
 standby version 2
 standby 0 ip 72.33.13.225
 standby 0 preempt
 standby 0 authentication vlan3741
 standby 1 ipv6 FE80::1
 standby 1 preempt
 standby 1 authentication vlan3741
interface Vlan3741
 description UWNET at CSSC TechLab backup
 ip address 72.33.13.226 255.255.255.224
 ip verify unicast source reachable-via any allow-self-ping
 ip helper-address 144.92.254.252
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip pim dr-priority 2147483647
 ip pim sparse-mode
 ip multicast boundary mcast-filter
 ip igmp access-group mcast-filter
 ip ospf cost 250
 ipv6 address FE80::2 link-local
 ipv6 address 2607:F388:F:7::2/64
 ipv6 nd reachable-time 900000
 ipv6 nd ns-interval 5000
 ipv6 pim dr-priority 2147483647
 ipv6 ospf cost 250
 ipv6 ospf 1 area 0
 standby version 2
 standby 0 ip 72.33.13.225
 standby 0 priority 90
 standby 0 preempt
 standby 0 authentication vlan3741
 standby 1 ipv6 FE80::1
 standby 1 priority 90
 standby 1 preempt
 standby 1 authentication vlan3741

Classic IOS Example Configuration, no HSRP

interface Vlan3741
 description UWNET at CSSC TechLab
 ip address 72.33.13.225 255.255.255.224
 ip verify unicast source reachable-via rx allow-self-ping
 ip helper-address 144.92.254.252
 no ip redirects
 no ip proxy-arp
 ip flow ingress
 ip pim dr-priority 4294967294
 ip pim sparse-mode
 ip multicast boundary mcast-filter
 ip igmp access-group mcast-filter
 ipv6 address FE80::1 link-local
 ipv6 address 2607:F388:F:7::1/64
 ipv6 pim dr-priority 4294967295
 ipv6 ospf 1 area 0

NX-OS Example, no HSRP

interface Vlan321
  description whatever
  no shutdown
  no ip redirects
  ip address 144.92.180.1/23
  ip address 10.128.198.1/24 secondary
  ipv6 address 2607:f388:101c:1000::1/64
  ipv6 link-local fe80::1
  ipv6 verify unicast source reachable-via rx
  ipv6 nd ns-interval 5000
  ipv6 nd reachable-time 900000
  ip router ospf 122 area 0.0.0.122
  ospfv3 passive-interface
  ipv6 router ospfv3 122 area 0.0.0.122
  ip pim dr-priority 4294967294
  ipv6 pim dr-priority 4294967294

Additional Options

FeatureCommandNotes
Hosts should get DNS info from DHCPv6, but not their address ipv6 nd other-config-flag Hosts that have dhcpv6 clients will get DNS and other related info from the dhcpv6 server. Hosts that do not have dhcpv6 clients will silently ignore this.
Hosts should get all info from DHCPv6, including their address ipv6 nd managed-config-flag Note the word should Hosts that have dhcp clients will try to get their address and all other configuration options from the dhcp server. If they do not have a dhcpv6 client, they will autogenerate their address with SLAAC.
Disable SLAAC autoconfiguration ipv6 nd prefix default no-autoconfig This can be used with the managed-config-flag. This command is used when you want to disable clients from auto-configuring their ipv6 addresses. This can be useful for datacenters or other very statically controlled environments where hosts must be statically provisioned or when you want some static hosts on v6, but other hosts with v6 capability should not be on by default.
Hosts should get DNS info from route advertisements, but not their address. ipv6 nd ra dns server 2607:F388::53:1
ipv6 nd ra dns server 2607:F388::53:2
This is often unsupported on clients and old routers. Hosts that support rfc 6106 will get DNS server info from the router advertisement. Hosts that do not not support rfc 6106 will silently ignore this.
DHCPv6 relay (classic IOS) ipv6 dhcp relay destination 2607:f388::547:1 This is often unsupported on old routers. If not supported, the dhcpv6 server must be on the same L2 network as the clients.
DHCPv6 relay (IOS-XR)
dhcp ipv6
 profile DoIT-DHCPv6 relay
  helper-address vrf default 2607:f388::547:1
 !
 interface Bundle-Ether9.9999 relay profile DoIT-DHCPv6
!
This is often unsupported on old routers. If not supported, the dhcpv6 server must be on the same L2 network as the clients.

Overview & Differences between IPv4 configurations

  • To support IPv6 with HSRP, it is necessary to move from HSRPv1 (the current campus configuration) to HSRPv2. This is done via the command standby version 2 THIS WILL CAUSE AN OUTAGE, but there are ways to significantly minimize the downtime as described here: Document 14072 is unavailable at this time.
  • IPv4 and IPv6 must be configured as different HSRP standby groups.
  • PIM DR priority is the same as for v4. Even though multicast is currently not enabled, we might as well put this command in now.
  • The primary router uses the 2607:F388:[subnet]::3/64 address and the secondary router uses the 2607:F388:[subnet]::2/64 address as their IPv6 addressses for the global scope when using HSRP. This is chosen to more or less match what we do in IPv4 today.
  • The primary router is statically configured to use FE80::3 for link-local address and the secondary router is statically configured to use FE80::2 as its link-local address, similar to the above.
  • If you don't statically set the link-local addresses, they will by default generate EUI-64 addresses based off either their built-in mac addr or the hsrp mac addr dependent on group number. This does not seem like a good approach for long-term ease of troubleshooting and uniformity.
  • The HSRP shared address is statically set to share FE80::1
  • The address 2607:F388:[subnet]::1 is not used in an HSRP configuration. Hosts use FE80::1 as their default router.
  • if the customer is supplying the dhcpv6 server, you will need to remove the edge port acl blocking dhcpv6 servers (just like you would for ipv4).
  • OSPF is configured as part of the interface config, so there is no need to edit ipv6 router ospf 1 unless you need to disable it from being a passive interface for PTP links.
  • uRPF is not supported for IPv6 on obsolete routers such as cisco cat6500/sup720
  • On a network without HSRP, ipv6 nd ra-interval can be used as the failover timer between two routers on the same network. One could set to 60 seconds (or smaller) on an interface to provide a hsrp-like failover.

    ra-interval should be <= ra-lifetime. Both default to 300 or 200, depending on the platform.

    ra-interval is how often the router has to send a packet. It consumes CPU to set this too low for lots of interfaces. ra-lifetime is how long it takes for a client to consider a router dead (absent the standby router sending its advertisement, based on its ra-interval).

    Setting ra-interval to 60 would make it closer to a 1-minute failover between routers. Two routers on the same link should not have the exact same timer configured in order to prevent synchronization. So, something like set one to 57 and the other to 60 or similar could be appropriate.

    Ideally HSRP would be used if it is available. In particular, using HSRP w/ BFD for failover probably would be sub-second and result in minimal CPU impact.




Keywords:hsrp ipv6 standby   Doc ID:13284
Owner:Dale C.Group:Network Services
Created:2010-02-08 19:00 CDTUpdated:2015-05-12 09:59 CDT
Sites:Network Services
Feedback:  2   0