Cisco Router : RIPng

RIP is a IPv4 Routing Protocol and RIPng is an extension of RIP developed to support IPv6. RIP and RIPng are known as Distance Vector Protocols. They use HOP counts as their metric for determining the best path. Here is some basic information for RIP and RIPng

FEATURE RIP RIPng
Advertised Routes IPv4 IPv6
Transport Protocol UDP 520 UDP 521
Multicast Address 224.0.0.9 FF02::9
VLSM Support Yes Yes
Metric Hop Count (Max 15) Hop Count (Max 15)
Administrative Distance 120 120
Routing Updates Every 30 Seconds and with each topology change Every 30 Seconds and with each topology change
Supports Authentication Yes Yes

RIPng is part of the CCNP Route exam, and even although I have not see it used in production, I have however heard of it being used in UNIX environments. It tends not to be used because it is super chatty, its not very scaleable and is based on the Bellman-Ford algorithms which is prone to routing loops and count to infinity issues.

Here is an overview of the basic topology we will be using:

The Steps to configure RIPng:
1. Enable IPv6 Routing
2. Create RIPng Routing Process
3. Enable IPv6 on the interface
4. Enable RIPng on the interface

Here is the configuration steps to enabling RIPng on R1

TPW-R1# conf t
TPW-R1 (config)# ipv6 unicast routing
TPW-R1 (config)# ipv6 router rip TPW_RIP

Complete the steps on R2

TPW-R2# conf t
TPW-R2 (config)# ipv6 unicast routing
TPW-R2 (config)# ipv6 router rip TPW_RIP

You can see the RIPng Routing Protocol is running 

TPW-R1#show ipv6 protocols 
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "rip TPW_RIP"
  Interfaces:
    None
TPW-R2#show ipv6 protocols 
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "rip TPW_RIP"
  Interfaces:
    None

Although the you can see RIPng is not enabled on any interfaces.

To enable it on the interfaces complete the following commands

TPW-R1#conf t
TPW-R1(config)#int fa0/0
TPW-R1(config-if)#ipv6 rip TPW_RIP enable
TPW-R1(config-if)#int loopback 1        
TPW-R1(config-if)#ipv6 rip TPW_RIP enable

Complete on the 2nd Router

TPW-R2#conf t
TPW-R2(config)#int fa0/0
TPW-R2(config-if)#ipv6 rip TPW_RIP enable
TPW-R2(config-if)#int loopback 1        
TPW-R2(config-if)#ipv6 rip TPW_RIP enable

You can now see the interfaces are running RIPng

TPW-R1#show ipv6 protocols 
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "rip TPW_RIP"
  Interfaces:
    Loopback1
    FastEthernet0/0

TPW-R2#show ipv6 protocols 
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "rip TPW_RIP"
  Interfaces:
    Loopback1
    FastEthernet0/0

Verify all the routes are in the routing table

TPW-R1#show ipv6 route
IPv6 Routing Table - 7 entries
Codes:
C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1,OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

C   1111::/64 [0/0]    
via ::, FastEthernet0/0
L   1111::1/128 [0/0]
via ::, FastEthernet0/0
C   2222::/64 [0/0]
     via ::, Loopback1
L   2222::1/128 [0/0]
     via ::, Loopback1
R   3333::/64 [120/2]
     via FE80::C602:52FF:FE37:0, FastEthernet0/0

Verify on the second Router

TPW-R2#show ipv6 route
IPv6 Routing Table - 7 entries

Codes:
C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

C   1111::/64 [0/0]
     via ::, FastEthernet0/0
L   1111::2/128 [0/0]
     via ::, FastEthernet0/0
R   2222::/64 [120/2]
     via FE80::C601:52FF:FE34:0, FastEthernet0/0
C   3333::/64 [0/0]
     via ::, Loopback1
L   3333::1/128 [0/0]
     via ::, Loopback1

We need to verify connectivity TPW-R1

TPW-R1#ping ipv6 1111::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1111::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

TPW-R1#ping ipv6 1111::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1111::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms

TPW-R1#ping ipv6 2222::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2222::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms

TPW-R1#ping ipv6 3333::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3333::1, timeout is 2 seconds:
!!!!!

Finally, We need to verify connectivity TPW-R2

TPW-R2#ping ipv6 1111::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1111::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/4 ms

TPW-R2#ping ipv6 1111::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1111::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms

TPW-R2#ping ipv6 2222::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2222::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms

TPW-R2#ping ipv6 3333::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3333::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/23/28 ms

RIPng is fully configured and working.

Note that using FE80::1 link-local and FE80:2 link-local – for point to point its a lot easier to ping – unique link local on every router and interface, I just wanted to make it a bit easier to see by using 1111::1 and 2, 2222 and 3333

Palo Alto : Enable IPv6 and Create Default Route

To Enable IPv6 on the Firewall

Web GUI

IPv6 firewalling is enabled under Device > Setup > Session:

*** You may have to restart your Firewall for IPv6 to be enabled.

On the CLI

> configure

# set deviceconfig setting session ipv6-firewalling [yes|no]

# commit

Here is the interface configuration I used:

Don’t forget to add a rule in your security policy that allows Your new IPv6 interface to talk to your Gateway.

Add Default Route

You will also have to add a default route under Network > Virtual Routers > Default > Static Routes > IPv6

The default route for IPv6 is ::/0 the next hop is the default gateway address