Author: TheLegs

Before you skip this with a tl;dr, here’s the long story short:

1. If you want to make your life easy, just use /64 subnets for everything, nuff said;
2. If you really want to make things exact, in the original old-school “save-precious-IP-addresses” way that you have continuously experienced while using IPv4, then use /112 subnets when working on point-to-point links between two routers, and not /126 or /127, as this interferes with some logic internal to IPv6. However, generally speaking, this hardcore approach is not advisable.

Quick review of IPv6 addressing.

If you’re really reading this article, then it probably means that you hardly need to understand how IPv6 addressing is different than IPv4. However, I’ll try to make it as simple as possible.

All the fuss about IPv6 goes around the fact that 30 years ago nobody would have probably ever imagined that 4.3 billion (yes, billion) IP addresses would have been really used completely at some point. There were few computers, the Internet was almost nothing, and it looked like it was going to be like that for a very long time. The reason why soon we moved from classful IP networks to CIDR was that whole Class A networks (now known as /8 subnets) were given to institutions like MIT and Stanford University just like offering peanuts: do you really need 16 million (yes, million) unique IP addresses, especially since NAT and VPN tunnelling can make 1 IP address quite enough for a quite reasonable number of users?

IPv6 was a radical solution: free unique global addresses for everyone, no more frustrations configuring NAT! When you read that a 128-bit IP address can offer a staggering number of unique combinations (think about 3 followed by 38 zeros), this is really a dream coming true.

An IPv6 address doesn’t even consider classful IP routing, doesn’t have subnet-zero issues, doesn’t need NAT (even if it still exists), makes configuration pretty easy with some mechanisms that assign unique IP addresses and get most of the info a host normally needs just automagically (kinda).

One of the most useful mechanisms is certainly EUI-64. How does it work? In short, it takes the MAC address, adds and changes bits here and there and – voilà! – you get 64 bits that are pretty guaranteed to be unique inside your subnet. Think about it as an evolution of the APIPA algorithm, the one that works as a failover for DHCP (or, more simply, the one that generates a hideous 169.254.0.0/16 address when you less expect it).

EUI-64 on P2P links.

Let’s calculate a little bit what we got exactly:

1. IANA assigned only 2000::/3 to be used for unicast. This lowers the number from the original 2¹²⁸ down to 2¹²⁵ (which is still a lot, a number 37 zeros);
2. At the moment what is being really used is 2001::/16, which brings the total down to 2¹¹² (still awesome, 33 zeros);

Now here we got the tricky part. It seems that the main advice on implementing an IPv6 network, regardless of its size, is to get a /48 network (which can give you 2⁶⁴ networks, which is 2 followed by just 19 zeros) and split it in /64 networks (65536 networks), regardless of how big is the subnet.

Yes, this means that even a point-to-point network, with just 2 routers, will actually lay into an address space that could host an incredible number of more hosts. Why this? It’s because of EUI-64. Thanks to this, a configuration gets pretty easier: you just need to write something like ipv6 address 2001:db8:0:0:x::/64 eui-64, and just care about assigning a unique x for each subnet.

Adieu to the IPv4 mindset?

Now, is this a waste or an advantage? My first thought when I’ve seen half IP address wasted in automatic addressing was, obviously, the MIT & Standford effect, i.e.: what if we’re giving out IPv6 addresses too easily and one day we’ll run out of them too?

But then I’ve realized this. While point-to-point links really need a global IP address (because a local IP address wouldn’t show up in a traceroute and make troubleshooting even more problematic), it’s quite hard that even the largest company would have more than 65536 subnets, counting both P2P links and LANs; even in that case, they can still request an additional /48, which wouldn’t hurt considered how many /48 are available in the address space (2⁶⁴).

Plus, while we’re witnessing a moment in which really everything is getting connected to the global network, even imagining a worst case scenario of a future where there will be, say, 10 billion people, and each person will have 50 devices connected to the network between mobile phones, TVs, computers, tablets, routers, switches, and whatever you could think of (intelligent washing machines?), and each device will have its own global unicast IPv6 address, we’re still talking about a demand of billions and billions against an offer of billions of billions.

So, answering the question: yes, I think that we can actually forget about the IPv4 “spacesaving” mindset we got used to and embrace this new hideously wasting way of allocating IP addresses.

Still into the old-skool addressing?

There are reasons for which you might want to ration IP addresses anyway. One of the reasons might be that you’ve been allocated a single /64 addresses. Another one might be that you’re really into static addressing for some reason. Another one can be that just like pain.

Since in IPv4 we got used to /30 links, giving you just 2 usable IP addresses, you might want to do something similar in IPv6 and use /127 as a prefix. Well, there are some caveats in this case. Some have been summed up in RFC 3627, which is bearing a quite explicitly Dijkstra-ish title: Use of /127 Prefix Length Between Routers Considered Harmful. An even easier document is IPv6 address architecture on point-to-point links by M. Yoshinobu (you may want to jump to page 25).

In very short terms, if you really want to do this, better find a compromise and use a /112 instead. There’s still waste of IP addresses, but this would give less routing issues and it’s still easier to configure.

Normally we use our PC to connect to the Console port of a Cisco device. However there’s another thing you can do, which is using the AUX port of a router to connect to the Console port of another router (well, even the same actually, if you really fancy).

There are several reasons why you would learn this. One of this is that there are some devices called Access Servers (such as a Cisco 2509) which can let you connect to up to 8 console ports using so-called Async ports. Alternatively, you can use a network module like NM-16A, which is basically doing the same. Attached to this, you would normally use an octal cable (also called “the octopus” for the naughty ones).

The other reason (my case, coincidentally), is just because your USB-to-Serial dongle works like sh*t.

Step 1: prepare a rollover cable.

You can just buy one, but why? It’s just like an Ethernet cable with a different pinout – which, must say, it’s even easier than T568A/B, as whatever colour order you have chosen on one side, you just need to do exactly the opposite on the other, so that the first coloured wire becomes the last, the second becomes the seventh, the third becomes the sixth and so on.

As far as I know there are no standards on the colour order, so I chose this on the two sides:

1. Orange, White-orange, Green, White-green, Blue, White-blue, Brown, White-brown;
2. White-brown, Brown, White-blue, Blue, White-green, Green, White-orange, Orange.

Step 2: learn Reverse Telnet.

Now: how can we use the AUX port?

Cisco devices have some special ports that can be accessed via Telnet. These ports follow the format 2nnn, where nnn stands for the line number. By telnetting into these ports, you’ll get access to the line you need – in this case the AUX port.

First of all we need to tell the router to accept inbound connections on the AUX line:

R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#line aux 0
R1(config-line)#transport input all
R1(config-line)#end

To get the value for nnn, just issue a show line from the router.
In this case nnn = 065.

R1#show line | include AUX
    65 AUX   9600/9600  -    -      -    -    -      0       0     0/0       -

Then get the IP of any interface that is not down. In this case, just to be sure that this would work anyway, I have created a loopback interface with IP address = 10.1.255.1, and this is what I’m going to use:

R1#show ip interface brief | exclude unassigned|down
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  10.1.0.1        YES NVRAM  up                    up
Ethernet0/1                10.2.0.2        YES NVRAM  up                    up
Loopback0                  10.1.255.1      YES NVRAM  up                    up

And finally, we combine all these info:

R1#telnet 10.1.255.1 2065
Trying 10.1.255.1, 2065 ... Open

Password:
R2#

Here we go. R1 has offered its AUX port to let you log into R2 via its console port.
Let’s try to exit, so that we come back to R1.

R2#exit

R2 con0 is now available
Press RETURN to get started.

Hey, something went wrong here. Guess what? As you have probably experienced already, the console port is always up. This means that when you issue the exit command, this actually closes the session, but not the underlying connection, like telnet would do (remember, you’re telnetting into R1 itself now, not R2).

There’s a keystroke that comes into help: press Ctrl+Shift+6 and then x. This keystroke suspends a telnet session and brings you back to the original prompt:

R2#
R1#

All good then? No. The session is suspended, not closed, and if you will just press Enter you’ll return to R2:

R1#sh users
     Line       User      Host(s)              Idle     Location
  65 aux 0                idle                 00:00:04 R1
* 66 vty 0                10.1.255.1           00:00:15 R3

  Interface    User               Mode         Idle     Peer Address

R1#
R2#

How do we fix this? You need to forcefully shut down the telnet session while being in R1:

R1#clear line 65
[confirm]
 [OK]
R1#show users
     Line       User      Host(s)              Idle     Location
* 66 vty 0                10.1.255.1           00:00:36 R3

  Interface    User               Mode         Idle     Peer Address

R1#
R1#

Note that, after clearing the line, I can press Enter and I’m still in R1.

But also note that the clear command doesn’t really work like a charm, as often you need to issue the command more several times before actually seeing the line disappear from show users. This is important: as long as the line shows active, any further attempt to reverse telnet will stop with a frustrating message saying “Connection refused by remote host”.

Here’s the situation: two routers are connected with two interfaces, one is FastEthernet0/1 and the other one is Dialer1 (which is a bundle of two Serial interfaces).

We’re using RIP to connect these two routers:

ip subnet-zero
ip classless

router rip
 version 2
 network 10.0.0.0
 no auto-summary

Fa0/1 is experiencing some hardware problems, so we want to prefer Di1 instead while we investigate the issue, but still we want to be able to fail over Fa0/1 in the meantime.

Each routing protocol has ways to set “priorities” somehow. Being RIP a vector-distance routing protocol, it makes selections based on how many hops you need, somehow like BGP counting Autonomous Systems in the AS path.

Here’s the solution:

router rip
 offset-list 0 in 1 FastEthernet0/1
 offset-list 0 out 1 FastEthernet0/1

The first command says: “take all the routes received from Fa0/1 and add 1 hop to the count”. The second command does the same when sending other routes to other router over that interface. That 0 in the middle stands for “all routes”, but we can also have the number of an access-list, if you want to alter specific routes instead.

What happens next?
The RIP protocol ends up excluding Fa0/1 at all:

R1#show ip rip database
0.0.0.0/0    auto-summary
10.0.0.0/8    auto-summary
10.2.0.0/30    directly connected, FastEthernet0/0
10.2.0.4/30    directly connected, FastEthernet0/1
10.2.0.8/30    directly connected, Dialer1
10.2.0.10/32    directly connected, Dialer1
10.2.0.12/30
    [1] via 10.2.0.10, 00:00:21, Dialer1
10.2.255.1/32    directly connected, Loopback0
10.2.255.2/32
    [1] via 10.2.0.10, 00:00:21, Dialer1
10.2.255.3/32
    [2] via 10.2.0.10, 00:00:21, Dialer1

But still, when Di1 goes down, failover works:

R1#show ip rip database
0.0.0.0/0    auto-summary
10.0.0.0/8    auto-summary
10.2.0.0/30    directly connected, FastEthernet0/0
10.2.0.4/30    directly connected, FastEthernet0/1
10.2.0.8/30 is possibly down
10.2.0.10/32 is possibly down
10.2.0.12/30
    [2] via 10.2.0.6, 00:00:26, FastEthernet0/1
10.2.255.1/32    directly connected, Loopback0
10.2.255.2/32
    [2] via 10.2.0.6, 00:00:26, FastEthernet0/1
10.2.255.3/32
    [3] via 10.2.0.6, 00:00:26, FastEthernet0/1

Note the two routes showing as “possibly down”, as related to Di1.