6VPE is similar to 6PE as both are service provider solutions for tunneling IPv6 traffic over an IPv4 MPLS backbone without requiring a backbone upgrade. However, 6VPE provides the added advantage of isolating customers using VRFs, enabling the use of overlapping IPv6 address spaces. This section focuses on Cisco 6VPE configuration example.
Table of Contents
6VPE Fundamental
This topology represents an IPv4 MPLS service provider network with two PE routers and one P router. The network serves two IPv6 customers, A and B, each having two sites: one connected to PE1 and the other to PE2.
To demonstrate the overlapping address feature of 6VPE, I have intentionally used the same IPv6 address space for both customer A and customer B. While this scenario highlights 6VPE’s capability, it is unlikely to occur in a real-world network, given the vast availability of IPv6 address space.
In the service provider network, IPv4 addressing is used, with OSPF for routing within the network and LDP protocol enabling label distribution for MPLS forwarding.
To understand how 6VPE works, it operates similarly to MPLS VPN. Assuming you are already familiar with MPLS VPN concepts, I will not delve into the details of MPLS VPN and, by extension, 6VPE.
On each PE router, we configure two VRFs: VRF A and VRF B. Interfaces connected to customer A are assigned to VRF A, while interfaces connected to customer B are assigned to VRF B.
Between PE routers, BGP is configured to advertise VPNv6 routes, which include:
Customer IPv6 routes
Route Distinguisher (RD): Ensures uniqueness for overlapping customer IPv6 addresses. RD is already configured for each VRF in PE routers.
VPN label: Allows the destination PE router to identify which customer the traffic belongs to as it is received through MPLS network.
In the data plane, each packet is forwarded through the MPLS network using two labels:
LDP Label (outer label): Directs the traffic to the destination PE router.
VPN Label (inner label): Identifies the specific customer and ensures the traffic is delivered to the appropriate VRF on the destination PE router.
Cisco 6VPE Configuration Example
To better understand how 6VPE works, I have prepared and configured this topology.
In the first step, the IPv4 MPLS service provider network is set up, including IPv4 addressing, OSPF for routing, and LDP for label distribution. You can verify connectivity and MPLS forwarding by performing a traceroute between the loopback interfaces of PE1 and PE2.
PE1# ip cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.10.1 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.1.2 255.255.255.0 mpls ip ! router ospf 1 router-id 10.10.10.1 network 10.0.0.0 0.255.255.255 area 0 ! mpls ldp router-id Loopback0
PE2# ip cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.10.2 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.2.2 255.255.255.0 mpls ip ! router ospf 1 router-id 10.10.10.2 network 10.0.0.0 0.255.255.255 area 0 ! mpls ldp router-id Loopback0
P# ip cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.1.2.1 255.255.255.0 mpls ip ! router ospf 1 router-id 10.10.10.10 network 10.0.0.0 0.255.255.255 area 0 ! mpls ldp router-id Loopback0
PE1#traceroute 10.10.10.2 source 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.2 VRF info: (vrf in name/id, vrf out name/id) 1 10.1.1.1 [MPLS: Label 18 Exp 0] 5 msec 4 msec 5 msec 2 10.1.2.2 5 msec 5 msec 5 msec
in the second step, we configure two VRF for customer A and customer B which will be assigned to interface to the corresponding customer.
PE1# vrf definition A rd 1:100 ! address-family ipv6 route-target export 1:500 route-target import 1:500 exit-address-family ! vrf definition B rd 1:200 ! address-family ipv6 route-target export 1:600 route-target import 1:600 exit-address-family ! ipv6 unicast-routing ipv6 cef ! interface Ethernet0/1 vrf forwarding A ipv6 address 2001:BEBE:1:1::1/64 ! interface Ethernet0/2 vrf forwarding B ipv6 address 2001:BEBE:1:1::1/64
PE2# vrf definition A rd 1:100 ! address-family ipv6 route-target export 1:500 route-target import 1:500 exit-address-family ! vrf definition B rd 1:200 ! address-family ipv6 route-target export 1:600 route-target import 1:600 exit-address-family ! ipv6 unicast-routing ipv6 cef ! interface Ethernet0/1 vrf forwarding A ipv6 address 2001:BEBE:1:2::1/64 ! interface Ethernet0/2 vrf forwarding B ipv6 address 2001:BEBE:1:2::1/64
PE1#show vrf brief Name Default RD Protocols Interfaces A 1:100 ipv6 Et0/1 B 1:200 ipv6 Et0/2
In the third step, we configure BGP with the VPNv6 address family between the loopback interfaces of the PE routers. Additionally, we redistribute routes from VRF A and VRF B into BGP so they can be advertised between the PE routers.
To verify the configuration, ensure that the customer routes and their corresponding labels are correctly advertised between the PE routers.
PE1# router bgp 1 bgp log-neighbor-changes neighbor 10.10.10.2 remote-as 1 neighbor 10.10.10.2 update-source Loopback0 ! address-family ipv4 neighbor 10.10.10.2 activate neighbor 10.10.10.2 next-hop-self exit-address-family ! address-family vpnv6 neighbor 10.10.10.2 activate neighbor 10.10.10.2 send-community both exit-address-family ! address-family ipv6 vrf A redistribute connected exit-address-family ! address-family ipv6 vrf B redistribute connected exit-address-family
PE2# router bgp 1 bgp router-id 10.10.10.2 bgp log-neighbor-changes neighbor 10.10.10.1 remote-as 1 neighbor 10.10.10.1 update-source Loopback0 ! address-family ipv4 neighbor 10.10.10.1 activate neighbor 10.10.10.1 next-hop-self exit-address-family ! address-family vpnv6 neighbor 10.10.10.1 activate neighbor 10.10.10.1 send-community both exit-address-family ! address-family ipv6 vrf A redistribute connected exit-address-family ! address-family ipv6 vrf B redistribute connected exit-address-family
PE1#show bgp vpnv6 unicast vrf A
BGP table version is 19, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:100 (default for vrf A)
*> 2001:BEBE:1:1::/64
:: 0 32768 ?
*>i 2001:BEBE:1:2::/64
::FFFF:10.10.10.2
0 100 0 ?
PE1#show bgp vpnv6 unicast vrf B
BGP table version is 19, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:200 (default for vrf B)
*> 2001:BEBE:1:1::/64
:: 0 32768 ?
*>i 2001:BEBE:1:2::/64
::FFFF:10.10.10.2
0 100 0 ?
PE1#show bgp vpnv6 unicast vrf A labels
Network Next Hop In label/Out label
Route Distinguisher: 1:100 (A)
2001:BEBE:1:1::/64
:: 20/nolabel(A)
2001:BEBE:1:2::/64
::FFFF:10.10.10.2
nolabel/16
PE1#
PE1#show bgp vpnv6 unicast vrf B labels
Network Next Hop In label/Out label
Route Distinguisher: 1:200 (B)
2001:BEBE:1:1::/64
:: 22/nolabel(B)
2001:BEBE:1:2::/64
::FFFF:10.10.10.2
nolabel/20
In the final step, we configure the customer sites. We have two customers, each with two sites sharing identical addresses. Additionally, we configure an IPv6 default route to forward all IPv6 traffic through the PE routers.
To verify connectivity, we perform ping and traceroute tests between the customer sites to confirm how traffic is forwarded between them.
A1# interface Ethernet0/0 no ip address ipv6 address 2001:BEBE:1:1::2/64 ! ipv6 route ::/0 2001:BEBE:1:1::1
B1# interface Ethernet0/0 no ip address ipv6 address 2001:BEBE:1:1::2/64 ! ipv6 route ::/0 2001:BEBE:1:1::1
A1#ping 2001:BEBE:1:2::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:BEBE:1:2::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/12/49 ms
A1#traceroute 2001:BEBE:1:2::2 Type escape sequence to abort. Tracing the route to 2001:BEBE:1:2::2 1 2001:BEBE:1:1::1 1 msec 5 msec 5 msec 2 ::FFFF:10.1.1.1 [MPLS: Labels 18/16 Exp 0] 1 msec 1 msec 1 msec 3 2001:BEBE:1:2::1 0 msec 1 msec 0 msec 4 2001:BEBE:1:2::2 1 msec 0 msec 0 msec
B1(config)#do ping 2001:BEBE:1:2::2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:BEBE:1:2::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/13/50 ms
B1(config)#do traceroute 2001:BEBE:1:2::2 Type escape sequence to abort. Tracing the route to 2001:BEBE:1:2::2 1 2001:BEBE:1:1::1 2 msec 5 msec 5 msec 2 ::FFFF:10.1.1.1 [MPLS: Labels 18/20 Exp 0] 2 msec 1 msec 1 msec 3 2001:BEBE:1:2::1 6 msec 5 msec 4 msec 4 2001:BEBE:1:2::2 4 msec 4 msec 5 msec
In the traceroute output, you can observe both LDP and VPN labels, illustrating how IPv6 traffic is forwarded through the IPv4 MPLS backbone.
Here is the full configuration for the PE and P routers.
PE1# vrf definition A rd 1:100 ! address-family ipv6 route-target export 1:500 route-target import 1:500 exit-address-family ! vrf definition B rd 1:200 ! address-family ipv6 route-target export 1:600 route-target import 1:600 exit-address-family ! ! ip cef ipv6 unicast-routing ipv6 cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.10.1 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.1.2 255.255.255.0 mpls ip ! interface Ethernet0/1 vrf forwarding A no ip address ipv6 address 2001:BEBE:1:1::1/64 ! interface Ethernet0/2 vrf forwarding B no ip address ipv6 address 2001:BEBE:1:1::1/64 ! router ospf 1 router-id 10.10.10.1 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 bgp log-neighbor-changes neighbor 10.10.10.2 remote-as 1 neighbor 10.10.10.2 update-source Loopback0 ! address-family ipv4 neighbor 10.10.10.2 activate neighbor 10.10.10.2 next-hop-self exit-address-family ! address-family vpnv6 neighbor 10.10.10.2 activate neighbor 10.10.10.2 send-community both exit-address-family ! address-family ipv6 vrf A redistribute connected exit-address-family ! address-family ipv6 vrf B redistribute connected exit-address-family ! mpls ldp router-id Loopback0
PE2# vrf definition A rd 1:100 ! address-family ipv6 route-target export 1:500 route-target import 1:500 exit-address-family ! vrf definition B rd 1:200 ! address-family ipv6 route-target export 1:600 route-target import 1:600 exit-address-family ! ip cef ipv6 unicast-routing ipv6 cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.10.2 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.2.2 255.255.255.0 mpls ip ! interface Ethernet0/1 vrf forwarding A no ip address ipv6 address 2001:BEBE:1:2::1/64 ! interface Ethernet0/2 vrf forwarding B no ip address ipv6 address 2001:BEBE:1:2::1/64 ! router ospf 1 router-id 10.10.10.2 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 bgp router-id 10.10.10.2 bgp log-neighbor-changes neighbor 10.10.10.1 remote-as 1 neighbor 10.10.10.1 update-source Loopback0 ! address-family ipv4 neighbor 10.10.10.1 activate neighbor 10.10.10.1 next-hop-self exit-address-family ! address-family vpnv6 neighbor 10.10.10.1 activate neighbor 10.10.10.1 send-community both exit-address-family ! address-family ipv6 vrf A redistribute connected exit-address-family ! address-family ipv6 vrf B redistribute connected exit-address-family ! mpls ldp router-id Loopback0
P# ip cef ipv6 unicast-routing ipv6 cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 ipv6 address 2001:BEBE:101::2/64 mpls ip ! interface Ethernet0/1 ip address 10.1.2.1 255.255.255.0 mpls ip ! router ospf 1 router-id 10.10.10.10 network 10.0.0.0 0.255.255.255 area 0 ! mpls ldp router-id Loopback0