IPv6 Cisco Deployment

April 06, 2017 0 Comments ipv6, cisco

I recently deployed a small IPv6 network to support our developers meeting Apple's IPv6 compatibility requirements (https://developer.apple.com/support/ipv6/). This was a good experience to get my feet wet with IPv6 as we have plans to dual-stack our environment in the coming year. Here are my notes:

Since this is a test/dev network, I decided to get a /48 IPv6 block from my internet provider. They routed the /48 to me via a /126 link to my Cisco ASR. If you are using vrf's on your router, make sure the vrf supports the IPv6 address family:

vrf definition guest
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family

Enable IPv6 forwarding on the ASR:

ipv6 unicast-routing

This automatically enabled IPv6 CEF for me as well (running 15.4(3)S6)

asr-1001x#show ipv6 cef summary
IPv6 distributed CEF is enabled and running.

Assign the IPv6 addresses to the ASR interfaces:

interface GigabitEthernet0/0/5
 description wan-provider-edge
 vrf forwarding guest
 negotiation auto
 ipv6 address XXX:XXXX:XXXX:XXXX::2/126
 ipv6 nd ra suppress all
 
interface GigabitEthernet0/0/4
 description wan-internal
 vrf forwarding guest
 negotiation auto
 ipv6 address YYYY:YYYY:YYYY:1::1/64
 ipv6 nd ra suppress all

Configure the IPv6 default route going to your WAN provider, and route another /64 block (subnetted from your /48) to your firewall edge:

ipv6 route vrf guest ::/0 XXXX:XXXX:XXXX:XXXX::1
ipv6 route vrf guest YYYY:YYYY:YYYY:2::/64 YYYY:YYYY:YYYY:1::2

Now all your IPv6 routing should be in place. We use Palo Alto firewalls, so I had to configure the firewall internal and external interfaces with IPv6 addresses and add an IPv6 default route. I'll write another blog post on how I setup NAT64 on the Palo Alto and DNS64 on a bind server with RADVD for DNS service advertisement.