HECTORCHIMAL
27/09/2022, 08:33
TOPOLOGÍA INICIAL
Se tiene la siguiente topología
2165
1
Configuración de la interfaz WAN
Creamos una VLAN para este propósito.
vlan 66
name Vlan66_UpstreamProviderIPv6
Asignamos la IP que corresponde a nuestra interface VLAN
interface Vlanif66
description "Upstream Provider IPv6"
ipv6 enable
ipv6 address 2001:1248:5B3F:F004:BF8F:931A:B287:2001/119
ipv6 address auto link-local
Configuramos el puerto que nos conecta con el router de nuestro proveedor
interface XGigabitEthernet0/0/1
description "Upstream Provider IPv6"
port link-type trunk
port trunk pvid vlan 66
port trunk allow-pass vlan 66
stp bpdu-filter enable
undo ndp enable
2
Configuración de la ruta por defecto
ipv6 route-static :: 0 2001:1248:5B3F:F004:BF8F:931A:B287:217F preference 10
3
Configurar la sesión BGP
bgp 270159
router-id 10.33.33.1
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD as-number 11172
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD description "Upstream Provider IPv6"
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD ebgp-max-hop 4
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
network 2806:3E6:: 32
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD enable
4
Configuración de las interfaces LAN
Usaremos una vlan para este propósito
vlan 2
name Core-Netwok-IPv6
Asignamos una IPv6 a la interface VLAN
interface Vlanif2
description Core-Network-Megabit-IPv6
ipv6 enable
ipv6 address 2806:3E6:FFF::ABCD:1/48
ipv6 address auto link-local
Configuramos el puerto en donde esta conectado el router MikroTik
interface XGigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
stp bpdu-filter enable
undo ndp enable
5
Enrutamiento estático de las rutas LAN del router Mikrotik
Conociendo las rutas y la IP que usará de WAN el router Mikrotik podemos enrutar de la siguiente manera.
ipv6 route-static 2806:3E6:310:: 48 2806:3E6:FFF::ABCD:9999
ipv6 route-static 2806:3E6:320:: 48 2806:3E6:FFF::ABCD:9999
ipv6 route-static 2806:3E6:330:: 48 2806:3E6:FFF::ABCD:9999
6
Añadiendo un router Mikrotik a la topología
Creamos la VLAN en el Mikrotik
2160
7
Asignación de direcciones IPv6 en las interfaces VLAN del MikroTik
2161
8
Configuración de la ruta por defecto en el router MikroTik
Apuntaremos todo el tráfico hacia la IPv6 configurada en nuestro switch Huawei. Esa IPv6 de Switch Huawei la configuramos en el paso 4.
2162
9
Pruebas de conectividad
Usaremos un traceroute para comprobar que si estamos saliendo a Internet con nuestro pool de IPv6
2163
10
AGREGAR FILTROS DE ENTRADA Y SALIDA LOS ANUNCIOS BGP
10.1
Creamos ip-prefix v4
ip ip-prefix bogonsv4 index 100 permit 127.0.0.0 8 greater-equal 8 less-equal 32ip ip-prefix bogonsv4 index 101 permit 10.0.0.0 8 greater-equal 8 less-equal 32
ip ip-prefix bogonsv4 index 102 permit 192.168.0.0 16 greater-equal 16 less-equal 32
ip ip-prefix bogonsv4 index 103 permit 172.16.0.0 12 greater-equal 12 less-equal 32
ip ip-prefix bogonsv4 index 104 permit 224.0.0.0 4 greater-equal 4 less-equal 32
ip ip-prefix bogonsv4 index 105 permit 224.0.0.0 5 greater-equal 5 less-equal 32
ip ip-prefix bogonsv4 index 107 permit 169.254.0.0 16 greater-equal 16 less-equal 32
ip ip-prefix bogonsv4 index 108 permit 192.88.99.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 109 permit 192.88.99.2 32 greater-equal 32 less-equal 32
ip ip-prefix bogonsv4 index 110 permit 192.88.99.1 32 greater-equal 32 less-equal 32
ip ip-prefix bogonsv4 index 111 permit 192.18.0.0 15 greater-equal 15 less-equal 32
ip ip-prefix bogonsv4 index 112 permit 192.0.0.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 113 permit 192.0.2.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 114 permit 198.51.100.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 115 permit 255.255.255.255 32
ip ip-prefix dgwv4 index 100 permit 0.0.0.0 0
ip ip-prefix morethan24 index 100 permit 0.0.0.0 0 greater-equal 25 less-equal 32
ip ip-prefix allv4 index 100 permit 0.0.0.0 0 less-equal 32
ip ip-prefix fullbgpav4 index 100 permit 0.0.0.0 0 less-equal 24
ip ip-prefix fullbgpbv4 index 100 permit 0.0.0.0 8 greater-equal 8 less-equal 24
10.2
Creamos ip-prefix v6
ip ipv6-prefix bogonsv6 index 110 permit ::1 128
ip ipv6-prefix bogonsv6 index 120 permit 64:FF9B:: 96 greater-equal 96 less-equal 128
ip ipv6-prefix bogonsv6 index 130 permit 2001:DB8:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix bogonsv6 index 140 permit :: 96 greater-equal 96 less-equal 128
ip ipv6-prefix bogonsv6 index 150 permit 64:FF9B:1:: 48 greater-equal 48 less-equal 128
ip ipv6-prefix bogonsv6 index 160 permit 100:: 64 greater-equal 64 less-equal 128
ip ipv6-prefix bogonsv6 index 170 permit FC00:: 7 greater-equal 7 less-equal 128
ip ipv6-prefix bogonsv6 index 180 permit FC00:: 8 greater-equal 8 less-equal 128
ip ipv6-prefix bogonsv6 index 190 permit FD00:: 8 greater-equal 8 less-equal 128
ip ipv6-prefix bogonsv6 index 200 permit FE80:: 10 greater-equal 10 less-equal 128
ip ipv6-prefix bogonsv6 index 210 permit FF00:: 8 greater-equal 8 less-equal 128
ip ipv6-prefix bogonsv6 index 220 permit 2001:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix bogonsv6 index 230 permit 2002:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix allv6 index 110 permit :: 0 less-equal 128
ip ipv6-prefix morethan48 index 110 permit :: 0 greater-equal 49 less-equal 128
ip ipv6-prefix myprefixv6 index 110 permit 2806:3E6:: 32 greater-equal 32 less-equal 48
ip ipv6-prefix fullbgpv6 index 110 permit 2000:: 3 greater-equal 3 less-equal 48
ip ipv6-prefix dgwv6 index 110 permit :: 0
ip ipv6-prefix dgwv6 index 120 permit 2000:: 3
ip ipv6-prefix morethan64 index 110 permit :: 0 greater-equal 65 less-equal 128
10.3
CREAMOS LOS ROUTE POLICY
route-policy uspv6in deny node 10
if-match ipv6 address prefix-list bogonsv6
#
route-policy uspv6in deny node 20
if-match ipv6 address prefix-list morethan48
#
route-policy uspv6in deny node 30
if-match ipv6 address prefix-list morethan64
#
route-policy uspv6in deny node 40
if-match ipv6 address prefix-list myprefixv6
#
route-policy uspv6in permit node 200
if-match ipv6 address prefix-list dgwv6
#
route-policy uspv6in deny node 300
if-match ipv6 address prefix-list allv6
#
route-policy uspv6out deny node 10
if-match ipv6 address prefix-list bogonsv6
#
route-policy uspv6out deny node 20
if-match ipv6 address prefix-list morethan48
#
route-policy uspv6out deny node 30
if-match ipv6 address prefix-list morethan64
#
route-policy uspv6out deny node 40
if-match ipv6 address prefix-list dgwv6
#
route-policy uspv6out permit node 200
if-match ipv6 address prefix-list myprefixv6
#
route-policy uspv6out deny node 300
if-match ipv6 address prefix-list allv6
#
10.4
Aplicar los filtros a la sesion BGP
bgp 270159
ipv6-family unicast
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD route-policy uspv6in import
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD route-policy uspv6out export
Se tiene la siguiente topología
2165
1
Configuración de la interfaz WAN
Creamos una VLAN para este propósito.
vlan 66
name Vlan66_UpstreamProviderIPv6
Asignamos la IP que corresponde a nuestra interface VLAN
interface Vlanif66
description "Upstream Provider IPv6"
ipv6 enable
ipv6 address 2001:1248:5B3F:F004:BF8F:931A:B287:2001/119
ipv6 address auto link-local
Configuramos el puerto que nos conecta con el router de nuestro proveedor
interface XGigabitEthernet0/0/1
description "Upstream Provider IPv6"
port link-type trunk
port trunk pvid vlan 66
port trunk allow-pass vlan 66
stp bpdu-filter enable
undo ndp enable
2
Configuración de la ruta por defecto
ipv6 route-static :: 0 2001:1248:5B3F:F004:BF8F:931A:B287:217F preference 10
3
Configurar la sesión BGP
bgp 270159
router-id 10.33.33.1
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD as-number 11172
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD description "Upstream Provider IPv6"
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD ebgp-max-hop 4
#
ipv4-family unicast
undo synchronization
#
ipv6-family unicast
undo synchronization
network 2806:3E6:: 32
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD enable
4
Configuración de las interfaces LAN
Usaremos una vlan para este propósito
vlan 2
name Core-Netwok-IPv6
Asignamos una IPv6 a la interface VLAN
interface Vlanif2
description Core-Network-Megabit-IPv6
ipv6 enable
ipv6 address 2806:3E6:FFF::ABCD:1/48
ipv6 address auto link-local
Configuramos el puerto en donde esta conectado el router MikroTik
interface XGigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2
stp bpdu-filter enable
undo ndp enable
5
Enrutamiento estático de las rutas LAN del router Mikrotik
Conociendo las rutas y la IP que usará de WAN el router Mikrotik podemos enrutar de la siguiente manera.
ipv6 route-static 2806:3E6:310:: 48 2806:3E6:FFF::ABCD:9999
ipv6 route-static 2806:3E6:320:: 48 2806:3E6:FFF::ABCD:9999
ipv6 route-static 2806:3E6:330:: 48 2806:3E6:FFF::ABCD:9999
6
Añadiendo un router Mikrotik a la topología
Creamos la VLAN en el Mikrotik
2160
7
Asignación de direcciones IPv6 en las interfaces VLAN del MikroTik
2161
8
Configuración de la ruta por defecto en el router MikroTik
Apuntaremos todo el tráfico hacia la IPv6 configurada en nuestro switch Huawei. Esa IPv6 de Switch Huawei la configuramos en el paso 4.
2162
9
Pruebas de conectividad
Usaremos un traceroute para comprobar que si estamos saliendo a Internet con nuestro pool de IPv6
2163
10
AGREGAR FILTROS DE ENTRADA Y SALIDA LOS ANUNCIOS BGP
10.1
Creamos ip-prefix v4
ip ip-prefix bogonsv4 index 100 permit 127.0.0.0 8 greater-equal 8 less-equal 32ip ip-prefix bogonsv4 index 101 permit 10.0.0.0 8 greater-equal 8 less-equal 32
ip ip-prefix bogonsv4 index 102 permit 192.168.0.0 16 greater-equal 16 less-equal 32
ip ip-prefix bogonsv4 index 103 permit 172.16.0.0 12 greater-equal 12 less-equal 32
ip ip-prefix bogonsv4 index 104 permit 224.0.0.0 4 greater-equal 4 less-equal 32
ip ip-prefix bogonsv4 index 105 permit 224.0.0.0 5 greater-equal 5 less-equal 32
ip ip-prefix bogonsv4 index 107 permit 169.254.0.0 16 greater-equal 16 less-equal 32
ip ip-prefix bogonsv4 index 108 permit 192.88.99.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 109 permit 192.88.99.2 32 greater-equal 32 less-equal 32
ip ip-prefix bogonsv4 index 110 permit 192.88.99.1 32 greater-equal 32 less-equal 32
ip ip-prefix bogonsv4 index 111 permit 192.18.0.0 15 greater-equal 15 less-equal 32
ip ip-prefix bogonsv4 index 112 permit 192.0.0.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 113 permit 192.0.2.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 114 permit 198.51.100.0 24 greater-equal 24 less-equal 32
ip ip-prefix bogonsv4 index 115 permit 255.255.255.255 32
ip ip-prefix dgwv4 index 100 permit 0.0.0.0 0
ip ip-prefix morethan24 index 100 permit 0.0.0.0 0 greater-equal 25 less-equal 32
ip ip-prefix allv4 index 100 permit 0.0.0.0 0 less-equal 32
ip ip-prefix fullbgpav4 index 100 permit 0.0.0.0 0 less-equal 24
ip ip-prefix fullbgpbv4 index 100 permit 0.0.0.0 8 greater-equal 8 less-equal 24
10.2
Creamos ip-prefix v6
ip ipv6-prefix bogonsv6 index 110 permit ::1 128
ip ipv6-prefix bogonsv6 index 120 permit 64:FF9B:: 96 greater-equal 96 less-equal 128
ip ipv6-prefix bogonsv6 index 130 permit 2001:DB8:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix bogonsv6 index 140 permit :: 96 greater-equal 96 less-equal 128
ip ipv6-prefix bogonsv6 index 150 permit 64:FF9B:1:: 48 greater-equal 48 less-equal 128
ip ipv6-prefix bogonsv6 index 160 permit 100:: 64 greater-equal 64 less-equal 128
ip ipv6-prefix bogonsv6 index 170 permit FC00:: 7 greater-equal 7 less-equal 128
ip ipv6-prefix bogonsv6 index 180 permit FC00:: 8 greater-equal 8 less-equal 128
ip ipv6-prefix bogonsv6 index 190 permit FD00:: 8 greater-equal 8 less-equal 128
ip ipv6-prefix bogonsv6 index 200 permit FE80:: 10 greater-equal 10 less-equal 128
ip ipv6-prefix bogonsv6 index 210 permit FF00:: 8 greater-equal 8 less-equal 128
ip ipv6-prefix bogonsv6 index 220 permit 2001:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix bogonsv6 index 230 permit 2002:: 32 greater-equal 32 less-equal 128
ip ipv6-prefix allv6 index 110 permit :: 0 less-equal 128
ip ipv6-prefix morethan48 index 110 permit :: 0 greater-equal 49 less-equal 128
ip ipv6-prefix myprefixv6 index 110 permit 2806:3E6:: 32 greater-equal 32 less-equal 48
ip ipv6-prefix fullbgpv6 index 110 permit 2000:: 3 greater-equal 3 less-equal 48
ip ipv6-prefix dgwv6 index 110 permit :: 0
ip ipv6-prefix dgwv6 index 120 permit 2000:: 3
ip ipv6-prefix morethan64 index 110 permit :: 0 greater-equal 65 less-equal 128
10.3
CREAMOS LOS ROUTE POLICY
route-policy uspv6in deny node 10
if-match ipv6 address prefix-list bogonsv6
#
route-policy uspv6in deny node 20
if-match ipv6 address prefix-list morethan48
#
route-policy uspv6in deny node 30
if-match ipv6 address prefix-list morethan64
#
route-policy uspv6in deny node 40
if-match ipv6 address prefix-list myprefixv6
#
route-policy uspv6in permit node 200
if-match ipv6 address prefix-list dgwv6
#
route-policy uspv6in deny node 300
if-match ipv6 address prefix-list allv6
#
route-policy uspv6out deny node 10
if-match ipv6 address prefix-list bogonsv6
#
route-policy uspv6out deny node 20
if-match ipv6 address prefix-list morethan48
#
route-policy uspv6out deny node 30
if-match ipv6 address prefix-list morethan64
#
route-policy uspv6out deny node 40
if-match ipv6 address prefix-list dgwv6
#
route-policy uspv6out permit node 200
if-match ipv6 address prefix-list myprefixv6
#
route-policy uspv6out deny node 300
if-match ipv6 address prefix-list allv6
#
10.4
Aplicar los filtros a la sesion BGP
bgp 270159
ipv6-family unicast
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD route-policy uspv6in import
peer 2001:1248:2:100F:FF:FF00:C9A3:E1FD route-policy uspv6out export