03 Aug

Ease out your IPv6 gateway!

One of very cool features of IPv6 is link-local address which stays local to a given link. For this fe80::/10 is reserved. A /10 is a huge amount of address space in IPv6 (and in IPv4 too 🙂 ). This means from fe80:0000:0000:0000:0000:0000:0000:0000 to
febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff.

 

Since by design link-local address stays local, the address configured on the upstream/gateway router can be kept same for ease of use and comfort. This wasn’t the case of IPv4 where each VLAN/layer 2 domain had it’s own gateway.

 

So e.g if you have two VLANs or interfaces say: Gi1/0 and Gi2/0. You decide to use 10.100.100.0/30 on Gi1/0 and 10.100.100.4/30 on Gi2/0. Thus usual configuration in IPv4 world goes as:

 

Link 1
10.100.100.1 – Uplink/gateway router
10.100.100.2 – User/downstream device

 

Link 2
10.100.100.5 – Uplink/gateway router
10.100.100.6 – User/downstream device

 

Thus link 1 user has to use gateway different from link 2 user.

 

Traditional IPv4 networking

 

IPv4 network setup

 

 

In case of IPv6 since each interface has unique global address as well as link local address, we can give any cool/easy-to-remember link local like fe80::1 on multiple interfaces and hence gateway can remain same across multiple end machines.

Say we have got a pool:  2a04:ec40:e01a::/48. Now we grab two /64 slices out of it (for each interface) –  2a04:ec40:e01a:100::/64 and 2a04:ec40:e01a:200::/64.

Link 1
2a04:ec40:e01a:100::1 – Uplink/gateway router
2a04:ec40:e01a:100::2 – User/downstream device

Link 2
2a04:ec40:e01a:200::1 – Uplink/gateway router
2a04:ec40:e01a:100::2 – User/downstream device

 

 

IPv6 networking

 

Link Local IPv6

 

 

 

Config of GW

GW#sh run
Building configuration...

Current configuration : 955 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
!
!
!
!         
!
!
!
!
!
!
!
!
!
!
!
!
! 
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface GigabitEthernet1/0
 description Link to user1
 no ip address
 negotiation auto
 ipv6 address 2A04:EC40:E01A:100::1/64
 ipv6 address FE80::1 link-local
!
interface GigabitEthernet2/0
 description Link to user2
 no ip address
 negotiation auto
 ipv6 address 2A04:EC40:E01A:200::1/64
 ipv6 address FE80::1 link-local
!
interface GigabitEthernet3/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4/0
 no ip address
 shutdown
 negotiation auto
!         
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!
!
end

GW#

 

User 1

User1#sh run
Building configuration...

Current configuration : 878 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname User1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
!
!
!
!         
!         
!         
!         
!         
!         
!
!
!
!
!
!
!
! 
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface GigabitEthernet1/0
 description "Link to GW"
 no ip address
 negotiation auto
 ipv6 address 2A04:EC40:E01A:100::2/64
!         
interface GigabitEthernet2/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4/0
 no ip address
 shutdown
 negotiation auto
!
!
no ip http server
no ip http secure-server
!
!
ipv6 route ::/0 GigabitEthernet1/0 FE80::1
!
!         
!
!
control-plane
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!
!
end

User1#

 

User 2

User2#sh run
Building configuration...

Current configuration : 879 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname User2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
!
!
!
!         
!
!
!
!
!
!
!
!
!
!
!
!
! 
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface GigabitEthernet1/0
 description "Link to GW" 
 no ip address
 negotiation auto
 ipv6 address 2A04:EC40:E01A:200::2/64
!
interface GigabitEthernet2/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet3/0
 no ip address
 shutdown
 negotiation auto
!
interface GigabitEthernet4/0
 no ip address
 shutdown
 negotiation auto
!
!
no ip http server
no ip http secure-server
!
!
ipv6 route ::/0 GigabitEthernet1/0 FE80::1
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
!         
!
end

User2#

 

 

Quick connectivity tests

User1#ping  2A04:EC40:E01A:100::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2A04:EC40:E01A:100::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
User1# 
User1#
User1#ping fe80::1
Output Interface: GigabitEthernet1/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::1, timeout is 2 seconds:
Packet sent with a source address of FE80::C802:26FF:FE39:1C
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
User1#

 

Example of a Linux interface config file (assuming user 1 is a Linux server)

iface eth0 inet6 static
    address 2A04:EC40:E01A:100::2
    netmask 64
    gateway fe80::1
    accept_ra 0
    autoconf 0
    privext 0

 

 

I hope you enjoyed it. With hope to see more IPv6, time for me to get some sleep! 🙂

30 Jul

Welcome Amazon AWS AS16509 to India!

Today I spotted some routes from Amazon AWS Cloud services –  AS16509 in Indian tables. AS16509 was originating prefixes while sitting in downstream of Tata-VSNL AS4755 and Reliance AS18101. I almost missed Amazon AWS’s announcement on their blog about Indian PoPs for their DNS service – Route53 and CDN service – Cloudfront.

 

New PoP’s of Amazon in India are at Mumbai and Chennai and I see pretty much consistent BGP announcements to Tata and Reliance from these locations. Prefixes I have seen so far:

 

Unicast prefixes originated in India (for Cloufront CDN):

54.230.172.0/22
54.230.188.0/22
54.239.160.0/22
54.239.188.0/22

 

Anycast prefixes (for anycasted DNS route 53)

205.251.192.0/23
205.251.198.0/23

 

Note: I pulled these prefixes by looking at upstream peers in India (which is Tata and Reliance) and running simply sh ip bgp regexp 4755 16509 & sh ip bgp regexp 18101 16509 on Oregon routeviews & few other major data collection points of global IPv4 table. 

I can’t see any upstream from Airtel AS9498 or any other major Indian telco. Also at NIXI prefixes are available partially. I see prefiex at NIXI Mumbai carried by Tata VSNL. At NIXI Chennai prefixes are present with one degree prepend (AS4755 AS4755 twice) making route less preferable. While at NIXI Delhi there seems no route at all for Amazon’s prefixes (Tata follows regional route policy at NIXI). 

 

So now big question here – which datacenter is that? 

I doubt it would be Tata or Reliance since they are core competitiors and run datacenters pretty much on their own networks with almost zero carrier neutral options (few exceptions are there). My strong guess is that it’s Netmagic’s datacenter in Mumbai and Chennai with direct upstream links (bypassing Netmagic’s network). Just my guess. Cannot verify it from record of AS16509 on peeringdb.net – http://www.peeringdb.com/view.php?asn=16509

 

With that being said here’s a trace to cdn.anuragbhatia.com (which I use via Amazon Cloudfront):

Anurags-MacBook-Pro:~ anurag$ traceroute -a cdn.anuragbhatia.com
traceroute: Warning: cdn.anuragbhatia.com has multiple addresses; using 54.230.189.204
traceroute to ddlfp4nmkhyfr.cloudfront.net (54.230.189.204), 64 hops max, 52 byte packets
1 [AS1] 10.0.0.1 (10.0.0.1) 1.152 ms 0.765 ms 0.627 ms
2 [AS10223] 192.168.1.1 (192.168.1.1) 1.460 ms 2.906 ms 1.569 ms
3 [AS9829] 117.218.197.1 (117.218.197.1) 16.339 ms 17.905 ms 15.704 ms
4 [AS9829] 218.248.169.118 (218.248.169.118) 94.835 ms 29.628 ms 118.135 ms
5 [AS4755] 115.114.89.21.static-mumbai.vsnl.net.in (115.114.89.21) 60.472 ms 61.304 ms 59.103 ms
6 [AS0] 172.31.19.245 (172.31.19.245) 84.706 ms 87.201 ms 85.640 ms
7 [AS4755] 115.114.130.126.static-chennai.vsnl.net.in (115.114.130.126) 82.327 ms 83.276 ms 81.583 ms
8 [AS16509] server-54-230-189-204.maa3.r.cloudfront.net (54.230.189.204) 85.261 ms 85.185 ms 84.269 ms
Anurags-MacBook-Pro:~ anurag$

 

Always nice to maa in all these nodes at Chennai. Basically most of companies (including Google) use 3 digit airport code in name of node (in rDNS PTR record of router’s WAN IP). For Chennai (which used to be known as Madras) airport code is still MAA and this is why you will see maa in Chennai nodes and BOM on Mumbai based nodes. 🙂

 

Time to get back to work. Have a good week ahead! 🙂