On Tue, Nov 6, 2012 at 7:52 PM, Laurent CARON <lca...@unix-scripts.info> wrote:
>
> group "iBGP_VTY_TMM" {
> remote-as 49463
> announce all
> set nexthop self
>
> neighbor 2a02:27d0:100:114::4 {
> descr iv6_gw-001_to_004
> local-address 2a02:27d0:0:112::1
> announce IPv6 unicast
Is there any reason you need to restrict capabilities like this on
iBGP? Have you tried removing the the announce IPv6 unicast lines (so
the announce all inherits from the parent clause) to see what happens?
The announce IPv6 unicast statement will affect the capabilities you
send to the peer, reading the manpage, so that seems suspicious. The
other thing I would check would be the internal routing - I assume you
have appropriate routes between the peers?
Here's some of my IPv6 iBGP config. Note when filtering I also permit
all from the iBGP group (last line). These could probably be tightened
up a bit, but it might be a good place to start.
-Patrick
...
group "iBGP - AS55881" {
remote-as 55881
announce all
set nexthop self
neighbor 202.1.16.86 {
descr "iBGP: atri-edge-001-a IPv4"
}
neighbor 2405:6a00:6:fd::2 {
descr "iBGP: atri-edge-001-a IPv6"
}
...
deny from any
allow from any inet prefixlen 8 - 24
allow from any inet6 prefixlen 8 - 48
# filter bogus networks: IPv4
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
# filter bogus networks: IPv6
deny from any prefix 3ffe::/16 prefixlen >= 16 # 6bone
deny from any prefix 2001:db8::/32 prefixlen >=32 # documentation
deny from any prefix 0000::/8 prefixlen >= 8 # loopback
deny from any prefix fe00::/8 prefixlen >= 8 # multicast (RFC3513)
deny from any prefix ff00::/8 prefixlen >= 8 # multicast (RFC3513)
# Permit anything from our iBGP peers
allow from group "iBGP - AS55881"
