Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] IPv6 BGP route could be advertised with unexpected next-hop in IPv4-mapped IPv6 address setup

0

0

Article ID: KB34707 KB Last Updated: 16 Jul 2019Version: 1.0
Summary:

When IPv6 global-unicast addresses are unavailable in a network and there is a need to pass IPv6 traffic, typically, IPv4-mapped IPv6 addresses are assigned based on the existing IPv4 address assignments. However, this could cause a difference in the IPv4 and IPv6 next-hop information, and result in unexpected exclave of the IPv6 subnet.

This article describes a pitfall in developing networks by using IPv4-mapped IPv6 addresses and suggests possible solutions.

 

Symptoms:

A customer migrates the IPv4 network to IPv4/v6 dual stack network by using an IPv4-mapped IPv6 address.

An example topology is as follows:


+----------------------+      point-to-point      +---------------+     ::ffff:203.0.113.0/120    +---------------+
|          R1          |gr-0/0/0.0      gr-0/0/0.0|       R2      |.20      203.0.113.16/28    .21|      R3       |
|                      +--------------------------+               +-------------------------------+               |
|        203.0.113.251 |ge-0/0/1          ge-0/0/1| 203.0.113.252 |ge-0/0/0               ge-0/0/0| 203.0.113.253 |
| ::ffff:203.0.113.251 |                          |               |                               |               |
+----------------------+                          +---------------+                               +---------------+
      aggregate ::/0               MP-BGP                                       MP-BGP
                        <-----------iBGP--------->                 <-------------eBGP------------>
                                    ===>                                         ===>
                               advertise ::/0                               advertise ::/0

The router R2 learns IPv6 routes from R1 and advertises them but unlike the IPv4 route, R2's next-hops indicate the loopback address of R1 instead of its own address.

lab@R2> show route advertising-protocol bgp 203.0.113.21
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               Self                                    I
* 100.0.0.0/8             Self                                    I


inet6.0: 12 destinations, 14 routes (12 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    ::ffff:203.0.113.251                    I
* 1000::/8                ::ffff:203.0.113.251                    I

Since R2 advertises IPv6 routes as shown above, R3 learns the routes with the next-hop being set to R1's loopback address.

Note: R2 does not have a routing policy to modify the next-hop to "self."

lab@R3> show route receive-protocol bgp 203.0.113.20
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               203.0.113.20                            65001 I
* 100.0.0.0/8             203.0.113.20                            65001 I


inet6.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    ::ffff:203.0.113.251                    65001 I
* 1000::/8                ::ffff:203.0.113.251                    65001 I


lab@R3> ping 1000::1 source 3333::3 rapid               
PING6(56=40+8+8 bytes) 3333::3 --> 1000::1
.....
--- 1000::1 ping6 statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

 

Cause:

In this scenario, the IPv6 routes in question are carried over the external IPv4 MP-BGP session between R2 and R3. However, the gotcha is that the address ::ffff:203.0.113.251 that is showing up as the next-hop is lying under the IPv6 subnet ::ffff:203.0.113.0/120 between R2 and R3.

When R2 sees the next-hop address of IPv6 routes from R1, R2 thinks that the next-hop address belongs to the IPv6 subnet toward R3. Therefore, R2 throws ::/0 with the next-hop address ::ffff:203.0.113.251 towards R3 due to which you will see R1's loopback address as the next-hop of ::/0 in R3.

This process is not for R2's RIB resolution, but R2's route advertising calculation perspective.

This behavior is by design and expected. The problem arises when R1's IPv4-mapped loopback address becomes an exclave of R2's directly connected network.

 

Solution:

To work around this situation, some options that are available are as follows:

  1. Changing the IPv4-mapped address to a global unicast address (completely altering the network design though)
  2. Changing R1's loopback IPv4-mapped address to out-of-prefix from ::ffff:203.0.113.0/120

  3. Changing the R2--R3 link prefix-length to a much narrower range, so that it does not include ::ffff:203.0.113.251

  4. Or a better way is to simply set the next-hop self in R2, in order to avoid undesirable results.

Each of these options and the possible configuration workarounds are given as follows:

  • Option A

Skipped since it is the obvious solution

 
  • Option B

[R1]

set interfaces lo0 unit 0 family inet address 198.51.100.251/32
set routing-options router-id 198.51.100.251
set protocols bgp group AS65001 local-address 198.51.100.251

[R2]

set routing-options rib inet6.0 static route ::ffff:198.51.100.251/128 next-hop gr-0/0/0.0
set routing-options static route 198.51.100.251/32 next-hop 192.168.100.10
set protocols bgp group AS65001 neighbor 198.51.100.251 peer-as 65001

lab@R2> show route advertising-protocol bgp 203.0.113.21
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               Self                                    I
* 100.0.0.0/8             Self                                    I


inet6.0: 14 destinations, 16 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    Self                                    I
* 1000::/8                Self                                    I


lab@R3> show route receive-protocol bgp 203.0.113.20
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               203.0.113.20                            65001 I
* 100.0.0.0/8             203.0.113.20                            65001 I


inet6.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    ::ffff:203.0.113.20                     65001 I
* 1000::/8                ::ffff:203.0.113.20                     65001 I


lab@R3> ping 1000::1 source 3333::3 rapid                   
PING6(56=40+8+8 bytes) 3333::3 --> 1000::1
!!!!!
--- 1000::1 ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 2.523/26.049/77.999/30.221 ms

  • Option C

[R2]

set interfaces ge-0/0/0 unit 0 family inet6 address ::ffff:203.0.113.20/124

[R3]

set interfaces ge-0/0/0 unit 0 family inet6 address ::ffff:203.0.113.21/124


lab@R2> show route advertising-protocol bgp 203.0.113.21
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               Self                                    I
* 100.0.0.0/8             Self                                    I


inet6.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    Self                                    I
* 1000::/8                Self                                    I


lab@R3> show route receive-protocol bgp 203.0.113.20
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               203.0.113.20                            65001 I
* 100.0.0.0/8             203.0.113.20                            65001 I


inet6.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    ::ffff:203.0.113.20                     65001 I
* 1000::/8                ::ffff:203.0.113.20                     65001 I


lab@R3> ping 1000::1 source 3333::3 rapid   
PING6(56=40+8+8 bytes) 3333::3 --> 1000::1
!!!!!
--- 1000::1 ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 2.725/3.557/6.085/1.280 ms

  • Option D

[R2]

set policy-options policy-statement nhs term 10 from family inet6
set policy-options policy-statement nhs term 10 from protocol bgp
set policy-options policy-statement nhs term 10 then next-hop self
set protocols bgp group AS65002 export nhs

lab@R2> show route advertising-protocol bgp 203.0.113.21
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               Self                                    I
* 100.0.0.0/8             Self                                    I


inet6.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    Self                                    I
* 1000::/8                Self                                    I

lab@R3> show route receive-protocol bgp 203.0.113.20
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               203.0.113.20                            65001 I
* 100.0.0.0/8             203.0.113.20                            65001 I


inet6.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    ::ffff:203.0.113.20                     65001 I
* 1000::/8                ::ffff:203.0.113.20                     65001 I


lab@R3> ping 1000::1 source 3333::3 rapid   
PING6(56=40+8+8 bytes) 3333::3 --> 1000::1
!!!!!
--- 1000::1 ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 2.725/3.557/6.085/1.280 ms

Note that this behavior is not only for IPv6. The R2-R3 link has the /28 subnet mask on ge-0/0/0, which does not contain R1's loopback address. If the network includes R1's loopback address, the same issue happens in IPv4 as shown below:

[R2]

set interfaces ge-0/0/0 unit 0 family inet address 203.0.113.20/24


lab@R2> show route advertising-protocol bgp 203.0.113.21    
inet.0: 14 destinations, 18 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* 0.0.0.0/0               203.0.113.251                           I
* 100.0.0.0/8             203.0.113.251                           I


inet6.0: 14 destinations, 16 routes (14 active, 0 holddown, 1 hidden)
  Prefix          Nexthop           MED     Lclpref    AS path
* ::/0                    ::ffff:203.0.113.251                    I
* 1000::/8                ::ffff:203.0.113.251                    I

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search