Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On Fri Feb 01, 2008 at 01:02:51PM +1030, Tom Storey wrote: > Did you turn on "ipv6 unicast-routing"? Though one would expect for a > connected subnet this should not matter. Yes - that's turned on (otherwise you don't get an IPv6 routing table at all). > "ipv6 cef" might also be available. It is on my 2620 (non XM). I didn't find it. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain & Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
Simon Lockhart wrote: > Noticed that 12.2(44)SE was recently released for the Cat3550 switch, and > feature navigator lists a whole load of IPv6 support. Yay! > > However, it doesn't seem to work very well... > > interface Loopback0 > no ip address > ipv6 address 2001:4B10::100/128 > ipv6 enable > end > > lab-sw.rbsov#ping 2001:4b10::100 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2001:4B10::100, timeout is 2 seconds: > ! > Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms > > However, if I try to do IPv6 over an ethernet port, it's less successful... > > interface Vlan515 > no ip address > ipv6 address 2001:4B10:0:2::2/64 > ipv6 enable > end > > lab-sw.rbsov#ping 2001:4b10:0:2::1 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2001:4B10:0:2::1, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > > Running "debug ipv6 packet" on both ends of the link shows packets being > sent by lab-sw, and replies being sent by the upstream switch (a 3560), but > the 3550 never learns any neighbours, and pings don't work... > > lab-sw.rbsov#show ipv6 nei > lab-sw.rbsov# > > Have I missed something needed to make this work, or is it just a work in > progress, released prematurely? > > Simon Can you do a tcp dump/wireshark for ether proto 0x86dd and see whether neigh discoveries are happening? Atleast in my network, when I ping 3750 with unicast routing enabled and ipv6 nd enabled, from within a VLAN I see neigh solicitation and neighbor discovery happening followed by echo req and echo reply. When you do show ipv6 nei and nothing is happening, I believe neighbor discovery has not happened for some unknown reason The following may be relevant to you or may not be, but this is what I am seeing command(s) used: sudo tcpdump -ennNSXxv -s 1518 -i pcn0 ether proto 0x86dd $ ping6 fdc2:c2cd:d343:39a6:21c:fff:fea6:6348 PING6(56=40+8+8 bytes) fdc2:c2cd:d343:39a6:20c:29ff:fe20:b1ff --> fdc2:c2cd:d343:39a6:21c:fff:fea6:6348 16 bytes from fdc2:c2cd:d343:39a6:21c:fff:fea6:6348, icmp_seq=0 hlim=64 time=3.565 ms 16 bytes from fdc2:c2cd:d343:39a6:21c:fff:fea6:6348, icmp_seq=1 hlim=64 time=1.056 ms ^C --- fdc2:c2cd:d343:39a6:21c:fff:fea6:6348 ping6 statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.056/2.310/3.565/1.255 ms 10:14:10.752467 00:0c:29:20:b1:ff 33:33:ff:a6:63:48 86dd 86: fdc2:c2cd:d343:39a6:20c:29ff:fe20:b1ff > ff02::1:ffa6:6348: icmp6: neighbor sol: who has fdc2:c2cd:d343:39a6:21c:fff:fea6:6348(src lladdr: 00:0c:29:20:b1:ff) (len 32, hlim 255) : 6000 0020 3aff fdc2 c2cd d343 39a6 ` :ÿýÂÂÍÓC9¦ 0010: 020c 29ff fe20 b1ff ff02 ..)ÿþ ±ÿÿ... 0020: 0001 ffa6 6348 8700 4f59 ÿ¦cH..OY 0030: fdc2 c2cd d343 39a6 021c 0fff fea6 6348 ýÂÂÍÓC9¦...ÿþ¦cH 0040: 0101 000c 2920 b1ff ) ±ÿ 10:14:10.752504 00:1c:0f:a6:63:48 00:0c:29:20:b1:ff 86dd 86: fdc2:c2cd:d343:39a6:21c:fff:fea6:6348 > fdc2:c2cd:d343:39a6:20c:29ff:fe20:b1ff: icmp6: neighbor adv: tgt is fdc2:c2cd:d343:39a6:21c:fff:fea6:6348(RSO)(tgt lladdr: 00:1c:0f:a6:63:48) [class 0xe0] (len 32, hlim 255) : 6e00 0020 3aff fdc2 c2cd d343 39a6 n :ÿýÂÂÍÓC9¦ 0010: 021c 0fff fea6 6348 fdc2 c2cd d343 39a6 ...ÿþ¦cHýÂÂÍÓC9¦ 0020: 020c 29ff fe20 b1ff 8800 f5e7 e000 ..)ÿþ ±ÿ..õçà... 0030: fdc2 c2cd d343 39a6 021c 0fff fea6 6348 ýÂÂÍÓC9¦...ÿþ¦cH 0040: 0201 001c 0fa6 6348 .¦cH 10:14:10.753431 00:0c:29:20:b1:ff 00:1c:0f:a6:63:48 86dd 70: fdc2:c2cd:d343:39a6:20c:29ff:fe20:b1ff > fdc2:c2cd:d343:39a6:21c:fff:fea6:6348: icmp6: echo request (len 16, hlim 64) : 6000 0010 3a40 fdc2 c2cd d343 39a6 `.:@ýÂÂÍÓC9¦ 0010: 020c 29ff fe20 b1ff fdc2 c2cd d343 39a6 ..)ÿþ ±ÿýÂÂÍÓC9¦ 0020: 021c 0fff fea6 6348 8000 5833 1e9c ...ÿþ¦cH..X3 0030: 47a3 6172 000b 7499 G£ar..t. 10:14:10.753926 00:1c:0f:a6:63:48 00:0c:29:20:b1:ff 86dd 70: fdc2:c2cd:d343:39a6:21c:fff:fea6:6348 > fdc2:c2cd:d343:39a6:20c:29ff:fe20:b1ff: icmp6: echo reply (len 16, hlim 64) : 6000 0010 3a40 fdc2 c2cd d343 39a6 `.:@ýÂÂÍÓC9¦ 0010: 021c 0fff fea6 6348 fdc2 c2cd d343 39a6 ...ÿþ¦cHýÂÂÍÓC9¦ 0020: 020c 29ff fe20 b1ff 8100 5733 1e9c ..)ÿþ ±ÿ..W3 0030: 47a3 6172 000b 7499 G£ar..t. 10:14:11.088588 00:1c:0f:a6:63:48 33:33:00:00:00:05 86dd 90: fe80::21c:fff:fea6:6348 > ff02::5: OSPFv3-hello 36: rtrid 10.57.127.2 backbone V6/E/R ifid 0.0.8.186 pri 1 int 10 dead 40 dr 10.57.127.2 nbrs [class 0xe0] [hlim 1] (len 36) : 6e00 0024 5901 fe80 n$Y.þ... 0010: 021c 0fff fea6 6348 ff02 ...ÿþ¦cHÿ... 0020: 0005 0301 0024 0a39 7f02 ...$.9.. 0030: 6e54 08ba 0100 0013 nT.º 0040: 000a 0028 0a39 7f02 00
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
Actually you might be pleasantly surprised with an IPv6 attack on a 3550 - I suspect the IPv4 traffic would just keep on truckin', less any routing updates that might arrive during the event. I had a customer with about 14k public IP addresses passing through a 3550. The machine was crazy stressed and the management engine was crashing several times a day - management would report it down for the duration of a reboot, but traffic otherwise kept moving. The processor seems to instruct the ASICs to forward as needed, then it sits quietly ... On Feb 1, 2008 3:07 AM, Richard A Steenbergen <[EMAIL PROTECTED]> wrote: > On Fri, Feb 01, 2008 at 08:00:41AM +, Simon Lockhart wrote: > > On Fri Feb 01, 2008 at 08:56:59AM +0100, [EMAIL PROTECTED] wrote: > > > And what's the point, anyway? As far as I know the 3550 *hardware* > > > can't do IPv6 routing. As long as you're talking about *software* > > > IPv6 routing, a suitable 2800 router would probably give you better > > > performance... > > > > The point is that I've got a whole load of 3550's providing > customer-edge > > for colo'd servers, and customers are starting to ask for IPv6. Given > the > > volume of IPv6 traffic I'll see in the short term, I'm happy enough with > > process switched. > > Yes but I wonder how much the v4 customers on that switch will appreciate > it the day someone gets a DoS or even tries to do an FTP over IPv6. :) > FastE is more than enough to do in a 3550 CPU. > > Then again it's a lot easier than moving the v6 requesters to 3560s, and > besides doing dual-stack on 3560s does bad things to your available v4 > TCAM. Some things you just can't win. > > -- > Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- mailto:[EMAIL PROTECTED] // GoogleTalk: [EMAIL PROTECTED] IM: nealrauhauser ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On (2008-02-01 14:40 +0100), Mohacsi Janos wrote: > Alternaively you could choose 3560 or 3750 series (not ME) that is > capable for IPv6 routing in a limited way. No BGP IPv6 support... When I > asked about the IPv6 BGP support plan - no plan currently. This is very > bad :( Yes, I've been running IPv6 in them since day 1. However, replacing working 3550 to 3560 just to get IPv6 MGMT typically isn't viable option. Knowing that lot of people still happily use XL switches, we'll probably see 3550's as pure switches in many years to come, when perhaps majority of your network has been migrated to IPv6. I fear we're going to have 'telnet/ssh issue' all over again, replacing fully functioning boxes just to comply with mgmt requirements. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
Yeah, that's what I was thinking too. We use these for layer 2 everywhere. Being a US govt network, we're required to have IPv6 support on those as well. V6 management is all we really need on 3550. Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Saku Ytti Sent: Friday, February 01, 2008 8:15 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE) On (2008-02-01 08:56 +0100), [EMAIL PROTECTED] wrote: > And what's the point, anyway? As far as I know the 3550 *hardware* > can't do IPv6 routing. As long as you're talking about *software* > IPv6 routing, a suitable 2800 router would probably give you better > performance... I'd never plan to route IPv6 in 3550, MGMT via IPv6 on the other hand might be interesting in foreseeable future. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On Fri, 1 Feb 2008, Saku Ytti wrote: > On (2008-02-01 08:56 +0100), [EMAIL PROTECTED] wrote: > >> And what's the point, anyway? As far as I know the 3550 *hardware* >> can't do IPv6 routing. As long as you're talking about *software* >> IPv6 routing, a suitable 2800 router would probably give you better >> performance... > > I'd never plan to route IPv6 in 3550, MGMT via IPv6 on the other > hand might be interesting in foreseeable future. Alternaively you could choose 3560 or 3750 series (not ME) that is capable for IPv6 routing in a limited way. No BGP IPv6 support... When I asked about the IPv6 BGP support plan - no plan currently. This is very bad :( Regards, Janos ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On (2008-02-01 08:56 +0100), [EMAIL PROTECTED] wrote: > And what's the point, anyway? As far as I know the 3550 *hardware* > can't do IPv6 routing. As long as you're talking about *software* > IPv6 routing, a suitable 2800 router would probably give you better > performance... I'd never plan to route IPv6 in 3550, MGMT via IPv6 on the other hand might be interesting in foreseeable future. -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On Fri, Feb 01, 2008 at 08:00:41AM +, Simon Lockhart wrote: > On Fri Feb 01, 2008 at 08:56:59AM +0100, [EMAIL PROTECTED] wrote: > > And what's the point, anyway? As far as I know the 3550 *hardware* > > can't do IPv6 routing. As long as you're talking about *software* > > IPv6 routing, a suitable 2800 router would probably give you better > > performance... > > The point is that I've got a whole load of 3550's providing customer-edge > for colo'd servers, and customers are starting to ask for IPv6. Given the > volume of IPv6 traffic I'll see in the short term, I'm happy enough with > process switched. Yes but I wonder how much the v4 customers on that switch will appreciate it the day someone gets a DoS or even tries to do an FTP over IPv6. :) FastE is more than enough to do in a 3550 CPU. Then again it's a lot easier than moving the v6 requesters to 3560s, and besides doing dual-stack on 3560s does bad things to your available v4 TCAM. Some things you just can't win. -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On Fri Feb 01, 2008 at 08:56:59AM +0100, [EMAIL PROTECTED] wrote: > And what's the point, anyway? As far as I know the 3550 *hardware* > can't do IPv6 routing. As long as you're talking about *software* > IPv6 routing, a suitable 2800 router would probably give you better > performance... The point is that I've got a whole load of 3550's providing customer-edge for colo'd servers, and customers are starting to ask for IPv6. Given the volume of IPv6 traffic I'll see in the short term, I'm happy enough with process switched. Simon -- Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * Director|* Domain & Web Hosting * Internet Consultancy * Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
> > Noticed that 12.2(44)SE was recently released for the Cat3550 switch, and > > feature navigator lists a whole load of IPv6 support. Yay! > > It works unidirectionally, it can send IPv6 packets, but it can't > receive them. > I have no clue if the hardware is even capable of punting them > to software, instead of just dropping., And what's the point, anyway? As far as I know the 3550 *hardware* can't do IPv6 routing. As long as you're talking about *software* IPv6 routing, a suitable 2800 router would probably give you better performance... Steinar Haug, Nethelp consulting, [EMAIL PROTECTED] ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
On (2008-02-01 00:54 +), Simon Lockhart wrote: > Noticed that 12.2(44)SE was recently released for the Cat3550 switch, and > feature navigator lists a whole load of IPv6 support. Yay! It works unidirectionally, it can send IPv6 packets, but it can't receive them. I have no clue if the hardware is even capable of punting them to software, instead of just dropping., -- ++ytti ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
Check ipv6 unicast-routing on global config a. rahman isnaini r.sutan Simon Lockhart wrote: > Noticed that 12.2(44)SE was recently released for the Cat3550 switch, and > feature navigator lists a whole load of IPv6 support. Yay! > > However, it doesn't seem to work very well... > > interface Loopback0 > no ip address > ipv6 address 2001:4B10::100/128 > ipv6 enable > end > > lab-sw.rbsov#ping 2001:4b10::100 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2001:4B10::100, timeout is 2 seconds: > ! > Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms > > However, if I try to do IPv6 over an ethernet port, it's less successful... > > interface Vlan515 > no ip address > ipv6 address 2001:4B10:0:2::2/64 > ipv6 enable > end > > lab-sw.rbsov#ping 2001:4b10:0:2::1 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2001:4B10:0:2::1, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > > Running "debug ipv6 packet" on both ends of the link shows packets being > sent by lab-sw, and replies being sent by the upstream switch (a 3560), but > the 3550 never learns any neighbours, and pings don't work... > > lab-sw.rbsov#show ipv6 nei > lab-sw.rbsov# > > Have I missed something needed to make this work, or is it just a work in > progress, released prematurely? > > Simon ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] IPv6 on C3550, finally? (12.2(44)SE)
> Noticed that 12.2(44)SE was recently released for the Cat3550 switch, and > feature navigator lists a whole load of IPv6 support. Yay! > > However, it doesn't seem to work very well... > > interface Loopback0 > no ip address > ipv6 address 2001:4B10::100/128 > ipv6 enable > end > > lab-sw.rbsov#ping 2001:4b10::100 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2001:4B10::100, timeout is 2 seconds: > ! > Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms > > However, if I try to do IPv6 over an ethernet port, it's less > successful... > > interface Vlan515 > no ip address > ipv6 address 2001:4B10:0:2::2/64 > ipv6 enable > end > > lab-sw.rbsov#ping 2001:4b10:0:2::1 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2001:4B10:0:2::1, timeout is 2 seconds: > . > Success rate is 0 percent (0/5) > > Running "debug ipv6 packet" on both ends of the link shows packets being > sent by lab-sw, and replies being sent by the upstream switch (a 3560), > but > the 3550 never learns any neighbours, and pings don't work... > > lab-sw.rbsov#show ipv6 nei > lab-sw.rbsov# > > Have I missed something needed to make this work, or is it just a work in > progress, released prematurely? > > Simon > -- > Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration * >Director|* Domain & Web Hosting * Internet Consultancy * > Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] * Did you turn on "ipv6 unicast-routing"? Though one would expect for a connected subnet this should not matter. "ipv6 cef" might also be available. It is on my 2620 (non XM). ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
