Configuring IPv6 Reachability Check

Before sending the VXLAN encapsulated packets to the OPBNOS switch, the peer node can check the IPv6 reachability to the switch using the ping command. Here, we can configure multiple vlan and SVI configurations with multiple IPv6 to each vlan. Each IPv6 would be reachable(ping check) from the peer node. It ensures proper handling of VXLAN and ICMP packets through flow-based rules.

This feature is supported only on the Nvidia platforms

Configuration steps on the OPB switch

1. Create VLAN

pbnoscli# configure terminal 
pbnoscli(config)# vlan <vlan-id>
pbnoscli(config)# end
pbnoscli# save

2. SVI Configuration (Configure IPv6 to Switched Virtual Interface with VLAN)

pbnoscli# configure terminal
pbnoscli(config)# interface vlan <vlan-id> //associated with one VLAN only
pbnoscli(config-if)# ip add <ipv6-address/64>
pbnoscli(config-if)# ip add <ipv6-address/64>
..
..
pbnoscli(config-if)# end
pbnoscli#save

3. VLAN Membership (Static)

pbnoscli# configure terminal
pbnoscli(config-if)# interface ethernet <Ethernet Name>
pbnoscli(config-if)# switchport vlan <vlan-id>
pbnoscli(config-if)# end
pbnoscli# save

4. VXLAN Encapsulation and Packet Handling

When the peer device checks for OPBNOS reachability, certain types of packets, including ARP, ICMP, and ICMPv6, need to be processed along with the VXLAN packet that needs to be forwarded. But to achieve this PING related packets are lifted to the CPU.

There are two types of traffic discussed:

  1. ICMP/ICMPv6 Traffic for Reachability: The CPU should always process this traffic.

  2. VXLAN Data Traffic from the Peer: This traffic should always be handled in the data path or hardware.

However, when a flow is configured to match all IP traffic, ICMP/ICMPv6 packets are also matched and forwarded to tool ports, which causes the ping to fail. To address this, we added a flow provision to send only ICMP/ICMPv6 packets to the CPU for ping handling, while the rest of the data traffic is handled and forwarded by the hardware.

Example

pbnoscli# configure terminal
pbnoscli(config)# flow flow1
pbnoscli(config-flow-flow1)# network-ports Ethernet2/1
pbnoscli(config-flow-flow1)# tool-ports Ethernet32/1 
pbnoscli(config-flow-flow1)# rule 10 permit ethertype 0x0806 counters enable 
pbnoscli(config-flow-flow1)# rule 10 action override-to cpu 
pbnoscli(config-flow-flow1)# rule 20 permit protocol 1 counters enable 
pbnoscli(config-flow-flow1)# rule 20 action override-to cpu 
pbnoscli(config-flow-flow1)# rule 30 permit protocol 58 counters enable 
pbnoscli(config-flow-flow1)# rule 30 action override-to cpu 
pbnoscli(config-flow-flow1)# rule 40 permit match-all ipv6 counters enable
pbnoscli(config-flow-flow1)# end
pbnoscli# save

If the vxlan packet is not destined to OPBNOS, add another rule and set dest-mac from the tunnel Source MAC

Example

rule 50 action overwrite dest-mac 1c:34:da:24:de:00 dest-port 4789

EtherType and Protocol Numbers to Distinguish ARP, ICMP, and ICMPv6:

  • ARP: EtherType 0x0806

  • IPv4 Ping (ICMP): Protocol Number 1

  • IPv6 Ping (ICMPv6): Protocol Number 58

Configuration and ping check on the Peer Node

1. Configure IPv6 on interfaces(not associated with VLAN)

// sonic command
sudo config interface ip add <Ethernet Name> <ipv6-address/64>

2. Ping to the IPv6 address configured on the OPBNOS switch

ping <ipv6-address>
PreviousConfiguring GTP FlowNextConfiguring VXLAN Flow

Last updated

Was this helpful?