Router software is facing a new era with IPv6. Some of the methods, which worked perfectly well for v4, were not updated for v6 and they silently ignore the new IP protocol. Ignorance might be a bliss, but not in routing software.

Apply this policy on your Cisco gear to all IPv4 prefixes present in the BGP routing table for IPv4 (show bgp ipv4 unicast route-map IgnoranceIsBliss):

ipv6 prefix-list MatchSomeV6 permit 2001:678:4::/48
!
route-map IgnoranceIsBliss permit 10
 match ipv6 address prefix-list MatchSomeV6
 set community 2107:12345
route-map IgnoranceIsBliss deny 20

… or this one on your Juniper router (test policy IgnoranceIsBliss 0/0 will do the job):

[edit policy-options]
prefix-list MatchSomeV6 {
    2001:678:4::/48;
}
community Test12345 members 2107:12345;
policy-statement IgnoranceIsBliss {
    term Match6 {
        from {
            prefix-list MatchSomeV6;
        }
        then {
            community set Test12345;
            accept;
        }
    }
    term DenyOther {
        then reject;
    }
}

The policy is telling you: “set community for some IPv6 prefixes that match certain criteria and don’t mess with others”. One would expect that all IPv4 prefixes will be ignored by that policy, since they do not match the criteria in any of the terms. Not true on a Cisco router (I’ve verified this on 6500, 3560/3750 and 7200 running some decently up-to-date IOS) – match ipv6 address prefix-list catched all IPv4 prefixes and the community was set for them according to the route-map. JUNOS, however, passed the test – none of the IPv4 prefixes matched the IPv6 criteria.


As always, do not trust the damn machines!

Advertisements