Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Inter-AS 6VPE tunnel breaks when ASBRs have a combination of Cisco and Juniper

0

0

Article ID: KB36929 KB Last Updated: 16 Oct 2021Version: 1.0
Summary:

Implementation of 6VPE with inter-AS option B is broken when ASBRs are a combination of Juniper and Cisco.

Symptoms:

Problem #1:

IPv6 routes go into hidden state on the Juniper side of ASBR. Since the 6VPE route incoming to the device has a mapped address ffff:<ipv4 address>, the Juniper device is unable to resolve this IP.

show route received protocol bgp *.*.191.50 hidden extensive
bgp.l3vpn-inet6.0: 5019 destinations, 9723 routes (4704 active, 0 holddown, 315 hidden)
  Prefix      Nexthop              MED     Lclpref    AS path
  25135:XXXXXXXX:*:*:fd01::/48
                          ::ffff:*.*.191.50                    3209 25135 65199 I
 
show route table inet6 extensive
bgp.l3vpn-inet6.0: 5019 destinations, 9723 routes (4704 active, 0 holddown, 315 hidden)
25135:XXXXXXXX:*:*:fd01::/48 (1 entry, 0 announced)
         BGP    Preference: 170/-101
    Route Distinguisher: 25135:XXXXXXXX
                Next hop type: Unusable, Next hop index: 0
< . . .>
                        Protocol next hop: ::ffff:*.*.191.50
                        Label operation: Push 291975
                        Label TTL action: prop-ttl
                        Load balance label: Label 291975: None;

Problem #2:

Once the above routes are resolved (by allowing mapped addresses on the interAS interface), the control plane gets setup correctly. However, E2E packet loss between PEs are observed. This is because by default, IPv6 neighbor discovery for nexthop mapped address ffff:<ipv4 address> fails in an interop scenario with Cisco.

show ipv6 neighbors | match ffff:<ipv4 address> is either blank or unreachable
Cause:

Problem #1 occurred because the Juniper device is unable to resolve the mapped address given in the nexthop. By default, it does not assign the address for inter-AS links.

Problem # 2 occurred because once a mapped address is assigned on the interAS link, IPv6 neighbor discovery remains broken.

Solution:

For Problem #1:

Configure mapped address manually on the ASBR-ASBR link. This allows the device to resolve the next-hop sent from remote ASBR on the Juniper device.

set interfaces ge-0/1/6 unit 0 family inet6 address ::ffff:*.*.191.50/126

Note: A similar address must be configured on the remote end as well.
 

For Problem #2:

IPv6 ND is broken for mapped addresses. Refer to the technical document on Configure IPv6 Features.

By default, the Junos OS disables the processing of IPv4-mapped IPv6 packets to protect against malicious packets from entering the network. To enable the processing of IPv4-mapped IPv6 packets, use the following:

allow-v4mapped-packets


 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search