EIGRP IPv6 map-leak

! hostname R1 ! ipv6 unicast-routing ! interface Loopback1 ipv6 address 2001:A:B:1000::1/64 ipv6 enable ! interface FastEthernet0/0 ipv6 address 2001:A:B::2/127 ipv6 enable ! interface FastEthernet1/0 ipv6 address 2001:A:A:1000::2/127 ipv6 enable ! router eigrp CONFIG-IF ! address-family ipv6 unicast autonomous-system 65000 ! af-interface default passive-interface exit-af-interface ! af-interface FastEthernet0/0 no passive-interface exit-af-interface ! af-interface FastEthernet1/0 summary-address... Continue Reading →

Advertisements

Raspberry Pi NAT64/DNS64 router

I am currently experimenting running an IPv6 only WLAN at work, so thought I'd try experimenting at home. Whereas at work we have a CSR1000v to perform the NAT64 and a separate Linux VM for DNS64, the config below details combining both functions on a Raspberry Pi (RPi). The topology looks like this: apt-get install... Continue Reading →

IPv6 conntrack and munin

Argh, my beloved linux IPv6 firewall was suffering, too many connections, munin graphs not updating; this needed looking at... Firstly I noticed multiple entries of the following in kern.log: nf_conntrack: table full, dropping packet After checking the existing table size: # /sbin/sysctl net.netfilter.nf_conntrack_count net.netfilter.nf_conntrack_count = 76768 ...it seemed sensible to double it: # cat /proc/sys/net/nf_conntrack_max... Continue Reading →

IPv6 on NX-OS

So you thought you'd enable IPv6 on your new Nexus chassis and get ready for the future of the internet? Create some IPv6 SVIs and away you'd go? Wrong! Out of the box the Nexus is configured such that Neighbor Discrovery will not work. A bit of googling will eventually lead you to this command:... Continue Reading →

Munin IPv6 neighbor state graphs

A recent issue with a Linux IPv6 firewall which saw on-link hosts appear to be flapping according to monitoring tools, highlighting a IPv6 ND table overflow problem. The short version of the solution required: net.ipv6.neigh.default.gc_thresh1 = 256 net.ipv6.neigh.default.gc_thresh2 = 1024 net.ipv6.neigh.default.gc_thresh3 = 2048 To keep an eye on the neighbor table I created a series... Continue Reading →

Cisco 7206VXR FA-GE= port adapter performance

Cisco 7206VXR FA-GE= port adapter performance High CPU utilization is not uncommon, especially when a router is struggling to process a packet and punts it between switching processes. The graphs below show the output from a production Cisco 7206VXR (NPE-G1, PA-GE=, PA-2FE-TX) router which is the primary for an IPv6 HSRP pair. Whenever the primary... Continue Reading →

IPv6 tunnel

IPv6 tunnel This scenario details how to connect an IPv6 enabled site which has no native IPv6 internet service to connect to a remote IPv6 routing service to facilitate end to end IPv6 transport, thus avoiding the need for NAT64. Hurricane Electirc (http://ipv6.he.net/) offers an excellent free service which allows for the use of global... Continue Reading →

Blog at WordPress.com.

Up ↑