IPv6 Configuration Guide, Cisco IOS Release 15.2S

Hi,

I have been reading “IPv6 Configuration Guide, Cisco IOS Release 15.2S”, downloaded the PDF from http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/15-2s/ipv6-15-2s-book.html

Here is some feedback you may like to forward to the documentation team.

– pg. 43. “Addresses with a prefix of 2000::/3 (001) through E000::/3 (111) are required to have 64-bit interface identifiers in the extended universal identifier (EUI)-64 format.”

This is not the case. The interface part of the address can be manually assigned, or assigned via DHCP, and both of these cases it does not have to match the EUI-64 format, which is a very specific auto-configuration format. One possible alternative:

“Addresses with a prefix of 2000::/3 (001) through E000::/3 (111) are globally routable addresses. They often have 64-bit interface identifiers in the extended universal identifier (EUI)-64 format.”

– pg. 45. “IPv4-Compatible IPv6 Address”.

These are deprecated. Probably remove the section, or at least add “IPv4-Compatible IPv6 Addresses are now deprecated.”

– pg 68. It says “4. Do one of the following: • ipv6 address ipv6-prefix/prefix-length eui-64 • ipv6 address ipv6-prefix/prefix-length link-local • ipv6 address ipv6-prefix/prefix-length anycast • ipv6 enable”

Yet, the most common case might very well be the command

“ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }”

and this is entirely missing from the list. Would be good to add it.

– pg 68. “ipv6 address ipv6-prefix/prefix-length link-local”

Should be “ipv6 address ipv6-address/prefix-length link-local”.

– pg 68. “ipv6 address ipv6-prefix/prefix-length anycast”

Should be “ipv6 address ipv6-address/prefix-length anycast”.

– pg 68. “Do one of the following:”

Should be “Do one or more of the following:”, since you are able to assign multiple addresses to an interface.

– pg 69. in the table, it often says “or”

This should be replaced with “and/or”, since you are able to assign multiple addresses to an interface.

– pg 74. An example “Example: Device(config-if) ipv6 address my-prefix 2001:DB8:0:7272::/64”

This is a tricky example. Here are some comments, you may or may not choose to include them. Either way.
So, “eui-64” is not included in the command, and the interface part of the address isn’t being specified, and so you would get a resulting address of 2001:DB8:0:7272:0:0:0:0, which means the interface part is completely blank. Unusual compared to ipv4, but allowed.
Next, you are specifying the network part of the address twice, both as “my-prefix”, and as “2001:DB8:0:7272”. Which takes precedence? The my-prefix does.
The example from the Command Reference guide is clearer by avoiding both of those questions. “ipv6 address my-prefix 0:0:0:7272::72/64”

– pg 161, Step 4, “Example: Device(config-router)# neighbor 2001:DB8:0:cc00::1 remote-as 64600” and “Purpose: Adds the link-local IPv6 address of the neighbor..” , however the Example isn’t link-local, it is global, beginning with 2001:. So, to make it link local, perhaps it could be changed to something like this:

“Example: Device(config-router)# neighbor FE80:0:cc00::1 remote-as 64600”

– pg 161, Step 6, same thing.

– pg 201, Step 11, Example, “Router(config-if)# ipv6 address dhcp server rapidcommit”.

Should not say “address” there.

– pg 226. “ipv6 address FEC0:240:104:2001::139/64”

FEC0 is a site-local prefix. This is deprecated, and has been for a long time. Search the whole document for FEC0 and replace with FD00 which is a unique local address.

– pg 226. I may be wrong with the next suggestion: So, you are delegating prefixes with “ipv6 local pool client-prefix-pool1 2001:DB8:1200::/40 48”. That’s the information you are sending to the clients, right? And then, in the same example, we see info about the clients “show ipv6 dhcp binding”, and it doesn’t resemble that info whatsoever. Shouldn’t the clients have picked up the info you delegated to them? i.e. 2001:DB8:1200::/40

– pg 248. “Step 10 ipv6 nhrp nhs ipv6-nhs-address”. And then in the example it shows “Router(config-if)# ipv6 nhrp nhs 2001:0DB8:3333:4::5 2001:0DB8::/64”, which appears to be an address, and then… a whole network prefix. Should it rather be:
“Router(config-if)# ipv6 nhrp nhs 2001:0DB8:3333:4::5” or
“Router(config-if)# ipv6 nhrp nhs 2001:0DB8:3333:4::5 2001:0DB8::1”

– pg 283, Step 2, “Example: Device# clear ipv6 eigrp neighbor 3FEE:12E1:2AC1:EA32”

The problem is that eigrp neighbors may use link-local addresses, while this example shows the neighbor with a global unicast address. Many cisco docs do use the example above.
Here are some quotes from a google search on the topic.
“This is the show ipv6 eigrp neighbor command. As you notice, the link-local address is used to identify neighboring ipv6 EIGRP routers.”
or
“The IPv6 EIGRP processes don’t even see the neighboring router’s global unicast address”
In other words, there is evidence out there, that EIGRP uses link-local addresses…

So, should be
“Example: Device# clear ipv6 eigrp neighbor FE80::7”

– pg 312, Example “ipv6 address 2001:DB8:0001:0001:/64” is not completely well-formed, should be
“ipv6 address 2001:DB8:0001:0001::4/64”

– pg 313, the same problem mentioned for pg. 312

– pg 313, “and the virtual IPv6 address of 2001:DB8:0002:0002:/64 is specified for GLBP group 10” does not correspond to the example which follows, and should say “and the virtual IPv6 address of FE80::60:3E47:AC8:8 is specified for GLBP group 10”

– pg 321, “unwanted or rogue router advertisement (RA) guard messages” should say “unwanted or rogue router advertisement (RA) messages”

– pg 323, missing diagrams in the PDF

– pg 334, “to configure a node to a router.”

should be “to configure a node as a router.”

– pg 343, “Example: Router(config-if)# ipv6 address fe80::link-local cga”

should be “Example: Router(config-if)# ipv6 address fe80:: link-local cga”.
Perhaps also a more specific address than merely fe80::

– pg 348,353 “Example: Router(ca-trustpoint)# ip-extension unicast prefix 2001:100:1://48”

should be “Example: Router(ca-trustpoint)# ip-extension unicast prefix 2001:100:1::/48”

– pg 372, it says “IPsec functionality is similar in both IPv6 and IPv4; however, site-to-site tunnel mode only is supported in IPv6.”.

should be

“IPsec functionality is similar in both IPv6 and IPv4; however, only site-to-site tunnel mode is supported in IPv6.”.

– pg 377, Step 12 “Example: Router (config-keyring)# pre-shared-key ipv6 3FFE: 2002::A8BB:CCFF:FE01:2C02/128”

should be this, to add the required key parameter to the example.

“Example: Router (config-keyring)# pre-shared-key ipv6 3FFE:2002::A8BB:CCFF:FE01:2C02/128 key passwordxyz”

– pg 421, Step 7 “Example: Device(config)# ipv6 access-list hostlist”

should be
“ipv6 access-class hostlist in”

– pg 424, Step 4 “Example: Device(config)# snmp-server engineID remote 3ffe:b00:c18:1::3/127 remotev6”

should be
“Example: Device(config)# snmp-server engineID remote 3ffe:b00:c18:1::3 abcdabcd”
thus, remove the /127, and the engine-id may need to be hexadecimal.

– pg 429 “Device(config)# snmp-server host 3ffe:b00:c18:1::3/127 public”

should be “Device(config)# snmp-server host 3ffe:b00:c18:1::3 public”

– pg 443, “Step 4 binding access access-list-name | auth-option | seconds | maximum | refresh”

should be
“binding [ access access-list-name | auth-option | seconds | maximum | refresh ]”

btw, how would you distinguish between seconds and maximum, for example? Let’s say I typed “binding 30”. Is that 30 seconds, or 30 maximum?

– pg 481, “for each RPA on every link”

The acronym RPA is never clarified. Perhaps say “RPA (Rendezvous Point Address).”

– pg 450, Step 4, says the word “Example:” an extra 5 times. remove text.

– pg 454, “Step 6 address {ipv6-address | autoconfig Example: Router(config-ha)# address baba 2001:DB8:1”

should probably be:
“Step 6 address {ipv6-address | autoconfig } Example: Router(config-ha)# address 2001:DB8::1”

This fixes the closing bracket, removes the extra address baba.

– pg 454, “Step 7 nai realm | user | macaddress] {user @ realm| @ realm Example: Router(config-ha)# nai @cisco.com”

should probably just be:
“Step 7 nai [ user | macaddress ] @realm Example: Router(config-ha)# nai @cisco.com”

to clear up the extra parenthesis. Also, the command reference guide shows it as only “nai[user]@realm”

– pg 470, “Figure 32 IPv6 multicast address format”.

The fields in Figure 32 are not quite right, they should be changed to “prefix flags scope group ID” , rather than the fields shows of 0 and interface ID.

pg 487, Step 5 “Example: Router(config-if)# ipv6 access-list acc-grp-1”

Should be
“Example: Router(config-if)# ipv6 mld access-group acc-grp-1”

– pg 518, “Step 4 address-family ipv6 [vrf vrf-name] [unicast | multicast | vpnv6] Example: Device(config-router)# address-family ipv6”

This is the section on multicast, so it perhaps it should say in the example “address-family ipv6 multicast”, although I am not 100% certain.

– pg 525, “Step 4,” It says “Example” five times, however only one example.

pg 543, it says: “and the periodic join and prune announcement interval”

The example for that is missing. It would be: “Router(config)# ipv6 pim join-prune-interval 75”

– pg 555, “Implementing NAT-PT for IPv6”.

NAT-PT was deprecated by rfc4966. NAT64 is recommended instead. Replace the whole section. 🙂 Or at least say at the beginning that it’s deprecated.

– pg 621, Step 12 “Step 12 summary-prefix prefix [not-advertise | tag tag-value] Example: Device(config-router-af)# summary-prefix FEC0::/24 Configures an IPv6 summary prefix in OSPFv3.”

I am not 100% sure of this one, you may possibly skip it. So, this text is found in a section entitled “Configuring the IPv4 Address Family in OSPFv3”, which is one of the few parts of the whole document dedicated to IPv4. Not IPv6. It seems nonsensical to advertise a IPv6 summary prefix into the IPv4 address family. What would the IPv4 address family do with IPv6 information? It ought to be only IPv4. So, it seems like Step 12 should be omitted.

– pg 622, “Step 5”,

The Example is missing. Could be
“redistribute ospf 1”

– pg 638, “Step 4”

remove the first two extra cases of the word “Example”. Leave the second two cases. This is on step 4.

– pg 674. “ipv6 route 2001:DB8:FFFF::/48 Ethernet0/0 2001:DB8:FFFF::2”
That one line, in pure isolation, may possibly be technically correct.
However, in the context of the full example
that network range is on Serial0/0, not Ethernet0/0
a directly connected network doesn’t need a static route
it may be self-recursive…
probably remove the command.

– pg 684 “Another model is in which all Internet routes are redistributed into the VRF;”

should be
“In another model, all Internet routes are redistributed into the VRF;”

– pg 684 “A customer site that has access public resources over the Internet must be known by a public prefix. ”

either

“A customer site that offers accessible public resources over the Internet must be known by a public prefix.”
or, though a different meaning:
“A customer site that accesses public resources over the Internet must be known by a public prefix.”

– pg 712, In Figure 53, AS100 contains both L1-POP and L2-POP. What does AS200 represent? Perhaps one of those labels (either L1-POP or L2-POP) was actually supposed to be in AS200?

– pg 724 “Step 4 neighbor {ip-address | ipv6-address | peer-group-name} remote-as as-number, Example: Device(config-router)# neighbor 192.168.2.1 remote-as 100”

In Figure 53 on pg 712, this particular neighbor is remote-as 200, not 100, so the command should be: remote-as 200.

– pg 728, “Step 4 neighbor {ip-address | ipv6-address | peer-group-name} remoteas as-number, Example: Device(config-router)# neighbor 192.168.3.1 remote-as 100”

In Figure 53 on pg 712, this particular neighbor is remote-as 200, not 100, so the command should be: remote-as 200.

– pg 731, “the BGP PIC feature allows you to configure BGP PIC feature for all VRFs at once. ”

should be
“the BGP PIC feature allows you to configure all VRFs at once.”

– pg 751, “Step 5”

“Example” is shown multiple times, and is empty.

– pg 752, “ipv6 policy-route-map”

In the example, should be “ipv6 policy route-map”

– pg 755, “ipv6 policy-route-map interactive”

The name of the route map is actually pbr-src-90, not interactive. Shouldn’t the statement be “ipv6 policy route-map pbr-src-90”?

– pg 765, “Step 4 ip address ip-address mask [secondary]”

The words ip-address mask should be in italics, and not bold.

– pg 781. “You must to advertise a route with metric of 15 or less”

Should be “You must advertise a route with a metric of 15 or less”

– pg 782. “Example: Router(config-if)# ipv6 router one enable”

Should be “Example: Router(config-if)# ipv6 rip one enable”

– pg 783. “An interface distribute list always takes precedence. For example, for a route received at an interface, with the interface filter set to deny, and the global filter set to permit, the route is blocked, the interface filter is passed, the global filter is blocked, and the route is passed-”

Should be “An interface distribute list always takes precedence. For example, for a route received at an interface, with the interface filter set to deny, and the global filter set to permit, the route is blocked. Or, if the interface filter is passed, and the global filter is blocked, then the route is passed.”

– pg 786
“2001:DB8::/16, metric 2 tag 4, installed Ethernet0/0/FE80::A8BB:CCFF:FE00:B00, expires in 13 secs 2001:DB8:1::/16, metric 2 tag 4, installed Ethernet0/0/FE80::A8BB:CCFF:FE00:B00, expires in 13 secs 2001:DB8:2::/16, metric 2 tag 4, installed Ethernet0/0/FE80::A8BB:CCFF:FE00:B00, expires in 13 secs”

Consider the meaning of /16. This would designate the 2001 part as the network address. Thus,
2001:DB8::/16
2001:DB8:1::/16
2001:DB8:2::/16
are effectively the same. right? They are all just 2001. This would make more sense:
2001:DB8::/32
2001:DB8:1::/48
2001:DB8:2::/48

– pg 787
“O – OSPF intra, OI – OSPF inter, OE1 – OSPF ext 1, OE2 – OSPF ext 2
R 2001:DB8:1::/32 [120/2] via FE80::A8BB:CCFF:FE00:A00, Ethernet0/0
R 2001:DB8:2::/32 [120/2] via FE80::A8BB:CCFF:FE00:A00, Ethernet0/0
R 2001:DB8:3::/32 [120/2] via FE80::A8BB:CCFF:FE00:A00, Ethernet0/0”

similar to the previous note, should be /48 instead of /32.

– pg 799 “Example: Router(config-ipv6-acl)# permit tcp 2001:DB8:0300:0201::/32 eq telnet any reflect reflectout”

As above, should be “Example: Router(config-ipv6-acl)# permit tcp 2001:DB8:0300:0201::/64 eq telnet any reflect reflectout”

– pg 804 “Step 4 permit icmp auth
Example:
Example:
or
Example:
deny icmp auth
Example:
Router(config-ipv6-acl)# permit icmp auth”

Remove many extra “Example:” texts.

– pg 828 “permit ipv6 host 2001:DB8:0:4::2/32 any”

/prefix-length (in this case /32), should be removed. What would the meaning of prefix-length be regarding a host here.

– pg 837 “B 2001:DB8:3000:0/16 [200/45]”

should be “B 2001:DB8:3000:0/48 [200/45]” . Consider, what is the meaning of prefix-length. /16 only specifies 2001:, not 2001:DB8:3000

– pg 837 “2001:DB8::/32 2001:0BD8:3000:1”

typo, should be “2001:DB8::/32 2001:DB8:3000:1”

– pg 840 “An administrative distance of 200 is configured.”

should be “An administrative distance of 201 is configured.”, based on the example shown.

– pg 842 “Example Example Example”

remove this extra text

– pg 843 “ipv6 route 2001:DB8::/32 2001:DB8:2002:1>>”

should be “ipv6 route 2001:DB8::/32 2001:DB8:2002:1” , probably…

– pg 843 “2001:DB8:4000:0/16, via nexthop 2001:DB8:1:1, distance 1”

should be “2001:DB8:4000:0/48, via nexthop 2001:DB8:1:1, distance 1”

– pg 845

Router(config-if)# ipv6 address 2001:DB8:2:1234/64
should be
“Router(config-if)# ipv6 address 2001:DB8:2::1234/64

Router(config-if)# ipv6 address 2001:DB8:3:1234/64
should be
Router(config-if)# ipv6 address 2001:DB8:3::1234/64

Router(config-if)# ipv6 address 2001:DB8:4:1234/64
should be
Router(config-if)# ipv6 address 2001:DB8:4::1234/64

Router(config-if)# ipv6 address 2001:DB8::1234/64
should be
Router(config-if)# ipv6 address 2001:DB8:5::1234/64

– pg 856 “IPv4-Compatible IPv6 Address”.

These are deprecated. Probably remove the section, or at least add “IPv4-Compatible IPv6 Addresses are now deprecated.”

– pg 856 “Although the ISATAP tunneling mechanism is similar to other automatic tunneling mechanisms, such as IPv6 6to4 tunneling, ISATAP is designed for transporting IPv6 packets within a site, not between sites.”

This sentence is essentially repeated twice on the same page. remove one instances of it.

– pg 858,860,861 “Step 4 ipv6 address ipv6-prefix / prefix-length [eui-64]”

should be “Step 4 ipv6 address ipv6-address/prefix-length [eui-64]

pg 860,870 “Router(config-if)# tunnel destination 2001:DB8:1111:2222::1/64”

should be “Router(config-if)# tunnel destination 2001:DB8:1111:2222::1”

pg 867 “an IPv6 prefix of 2001:DB8:1111:2222::2/64”

should be “an IPv6 address of 2001:DB8:1111:2222::2/64”

Well, that’s it. I did not intend to send editorial feedback when I began reading the configuration guide, just to learn about IPv6. It’s not easy to find clear and concise documentation about IPv6, which is a complex topic. This has been fun, if you have another document that you would like me to comment on let me know.

Best Regards,
Sam