I recently deployed a small IPv6 network to support our developers meeting Apple's IPv6 compatibility requirements (https://developer.apple.com/support/ipv6/). This was a good experience to get my feet wet with IPv6 as we have plans to dual-stack our environment in the coming year. Here are my notes:
Since this is a test/dev network, I decided to get a /48 IPv6 block from my internet provider. They routed the /48 to me via a /126 link to my Cisco ASR. If you are using vrf's on your router, make sure the vrf supports the IPv6 address family:
vrf definition guest ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family
Enable IPv6 forwarding on the ASR:
This automatically enabled IPv6 CEF for me as well (running 15.4(3)S6)
asr-1001x#show ipv6 cef summary IPv6 distributed CEF is enabled and running.
Assign the IPv6 addresses to the ASR interfaces:
interface GigabitEthernet0/0/5 description wan-provider-edge vrf forwarding guest negotiation auto ipv6 address XXX:XXXX:XXXX:XXXX::2/126 ipv6 nd ra suppress all interface GigabitEthernet0/0/4 description wan-internal vrf forwarding guest negotiation auto ipv6 address YYYY:YYYY:YYYY:1::1/64 ipv6 nd ra suppress all
Configure the IPv6 default route going to your WAN provider, and route another /64 block (subnetted from your /48) to your firewall edge:
ipv6 route vrf guest ::/0 XXXX:XXXX:XXXX:XXXX::1 ipv6 route vrf guest YYYY:YYYY:YYYY:2::/64 YYYY:YYYY:YYYY:1::2
Now all your IPv6 routing should be in place. We use Palo Alto firewalls, so I had to configure the firewall internal and external interfaces with IPv6 addresses and add an IPv6 default route. I'll write another blog post on how I setup NAT64 on the Palo Alto and DNS64 on a bind server with RADVD for DNS service advertisement.