How Does IPv6 Work with BGP?

Border Gateway Protocol (BGP) is the routing protocol that powers the internet, enabling autonomous systems (AS) to exchange routing information and determine the best paths for traffic. When IPv6 was introduced, BGP needed significant extensions to support the new address family while maintaining backward compatibility with IPv4. Understanding how IPv6 works with BGP is essential for network engineers, ISP operators, and anyone managing multi-homed networks or internet-facing infrastructure.

Understanding Multiprotocol BGP (MP-BGP)

The original BGP-4 specification (RFC 4271) was designed exclusively for IPv4 routing. To support IPv6 and other network layer protocols, the Internet Engineering Task Force (IETF) developed Multiprotocol Extensions for BGP-4, commonly known as MP-BGP or MBGP (RFC 4760).

What MP-BGP Provides

MP-BGP extends BGP to carry routing information for multiple address families, where an address family represents a specific combination of network layer protocol and routing information type. This architectural change allows a single BGP session to exchange routes for:

• IPv4 unicast
• IPv6 unicast
• IPv4 multicast
• IPv6 multicast
• VPNv4 (MPLS L3VPN)
• VPNv6
• And many other address families

The key innovation is that MP-BGP maintains separate routing tables for each address family. This means:

• IPv4 and IPv6 routes are stored independently
• Different routing policies can be applied to each address family
• IPv4 and IPv6 can use different next-hop addresses
• Each address family can have unique import/export rules

Address Family Identifiers (AFI) and Subsequent AFI (SAFI)

MP-BGP uses two key identifiers to distinguish between different types of routing information:

Address Family Identifier (AFI):

• AFI 1: IPv4
• AFI 2: IPv6
• AFI 25: L2VPN
• And others for various protocols

Subsequent Address Family Identifier (SAFI):

• SAFI 1: Unicast (standard forwarding)
• SAFI 2: Multicast (multicast routing)
• SAFI 4: MPLS labeled unicast
• SAFI 128: MPLS L3VPN
• And others for specialized routing

When discussing IPv6 unicast routing, you're working with AFI 2, SAFI 1. This combination tells BGP that you're exchanging IPv6 addresses intended for standard unicast forwarding. Understanding the IPv6 address structure is crucial for proper route filtering and policy implementation.

How MP-BGP Differs from BGP-4

The fundamental difference lies in how routing information is carried:

BGP-4 (IPv4 only):

• Uses NLRI (Network Layer Reachability Information) field in UPDATE messages
• Next-hop is always an IPv4 address
• Only one routing table maintained

MP-BGP (Multi-protocol):

• Uses MP_REACH_NLRI and MP_UNREACH_NLRI path attributes
• Next-hop can be IPv4, IPv6, or other address formats
• Multiple independent routing tables (one per address family)
• Backward compatible with BGP-4

This extension allows routers to carry IPv6 routing information over IPv4 BGP sessions or vice versa, providing flexibility during network transitions.

Configuring IPv6 BGP Peering

Setting up IPv6 BGP peering requires configuring both the neighbor relationships and the IPv6 address family. Here's how to configure IPv6 BGP on major router platforms.

Cisco IOS/IOS-XE Configuration

! Configure BGP process and router ID
router bgp 65001
 bgp router-id 192.0.2.1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast

 ! Configure IPv6 neighbor using link-local or global address
 neighbor 2001:DB8:1::2 remote-as 65002
 neighbor 2001:DB8:1::2 description ISP-A-IPv6-Peer
 neighbor 2001:DB8:1::2 password bgp_secret_password

 ! Activate IPv6 unicast address family
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 activate
  neighbor 2001:DB8:1::2 route-map ISP-A-IN in
  neighbor 2001:DB8:1::2 route-map ISP-A-OUT out
  network 2001:DB8:100::/48
  maximum-paths 4
  no synchronization
 exit-address-family

Key configuration points:

• no bgp default ipv4-unicast: Disables automatic IPv4 neighbor activation (best practice)
• bgp router-id: Must be configured even on IPv6-only routers (uses IPv4 dotted-decimal format)
• neighbor ... remote-as: Establishes BGP relationship using IPv6 address
• address-family ipv6 unicast: Enters IPv6-specific configuration mode
• neighbor ... activate: Explicitly enables IPv6 route exchange for this neighbor
• network: Advertises IPv6 prefix into BGP

Juniper Junos Configuration

# Configure BGP group and neighbor
set protocols bgp group ipv6-peers type external
set protocols bgp group ipv6-peers family inet6 unicast
set protocols bgp group ipv6-peers peer-as 65002
set protocols bgp group ipv6-peers neighbor 2001:DB8:1::2
set protocols bgp group ipv6-peers neighbor 2001:DB8:1::2 description "ISP-A IPv6 Peer"
set protocols bgp group ipv6-peers neighbor 2001:DB8:1::2 authentication-key "bgp_secret_password"

# Import/export policies
set protocols bgp group ipv6-peers import ISP-A-IMPORT
set protocols bgp group ipv6-peers export ISP-A-EXPORT

# Advertise local IPv6 prefix
set policy-options policy-statement ISP-A-EXPORT term local-prefix from protocol static
set policy-options policy-statement ISP-A-EXPORT term local-prefix from route-filter 2001:DB8:100::/48 exact
set policy-options policy-statement ISP-A-EXPORT term local-prefix then accept

# Router ID configuration
set routing-options router-id 192.0.2.1

Arista EOS Configuration

! Configure BGP for IPv6
router bgp 65001
   router-id 192.0.2.1
   no bgp default ipv4-unicast
   maximum-paths 4 ecmp 4

   neighbor 2001:DB8:1::2 remote-as 65002
   neighbor 2001:DB8:1::2 description ISP-A-IPv6-Peer
   neighbor 2001:DB8:1::2 password 7 <encrypted-password>

   address-family ipv6
      neighbor 2001:DB8:1::2 activate
      neighbor 2001:DB8:1::2 route-map ISP-A-IN in
      neighbor 2001:DB8:1::2 route-map ISP-A-OUT out
      network 2001:DB8:100::/48

Key Configuration Considerations

Router ID Requirement: Even on IPv6-only routers, BGP requires a 32-bit router ID in IPv4 dotted-decimal notation (e.g., 192.0.2.1). This identifier doesn't need to be a reachable IPv4 address - it's purely used for BGP neighbor identification and loop prevention. Best practices include:

• Using the router's loopback IPv4 address if available
• Using a consistent format (e.g., 10.AS_NUMBER.ROUTER_ID.1)
• Ensuring uniqueness across your BGP domain

Neighbor Addressing: You can establish IPv6 BGP sessions using:

• Global unicast addresses (IPv6): Standard approach for internet peering
• Link-local addresses: Common for point-to-point links (requires specifying interface)
• Unique local addresses (ULA): For private peering

Example using link-local addressing (Cisco):

router bgp 65001
 neighbor FE80::1%GigabitEthernet0/0 remote-as 65002
 address-family ipv6 unicast
  neighbor FE80::1%GigabitEthernet0/0 activate

IPv6 Route Advertisement and Network Statements

Once BGP peering is established, you need to advertise your IPv6 prefixes to neighbors. There are several methods to inject routes into BGP. For a comprehensive guide on announcing IPv6 prefixes in BGP, see How to Announce IPv6 Prefixes in BGP.

Static Network Statements

The most common method is using the network command:

router bgp 65001
 address-family ipv6 unicast
  network 2001:DB8:100::/48
  network 2001:DB8:200::/48

Important: The prefix must exist in the IPv6 routing table for BGP to advertise it. You typically accomplish this by:

• Configuring a static route to Null0: ipv6 route 2001:DB8:100::/48 Null0
• Having an active interface within the prefix range
• Using redistribution from another routing protocol

Redistribution into BGP

Redistribute routes from other sources:

router bgp 65001
 address-family ipv6 unicast
  redistribute connected route-map REDISTRIBUTE-CONNECTED
  redistribute static route-map REDISTRIBUTE-STATIC
  redistribute ospf 1 route-map REDISTRIBUTE-OSPF

Warning: Redistribution requires careful filtering to avoid advertising:

• Default routes unintentionally
• Internal infrastructure prefixes
• Reserved or special-use IPv6 addresses

Aggregate Advertisement

Summarize multiple prefixes into a larger aggregate:

router bgp 65001
 address-family ipv6 unicast
  aggregate-address 2001:DB8::/32 summary-only

The summary-only keyword suppresses advertisement of more-specific component routes, advertising only the aggregate.

Conditional Advertisement

Advertise routes only when certain conditions are met:

route-map CONDITIONAL-ADVERTISE permit 10
 match ipv6 address prefix-list PRIMARY-PATH
 set as-path prepend 65001 65001

ip prefix-list PRIMARY-PATH permit 2001:DB8:100::/48

router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 advertise-map CONDITIONAL-ADVERTISE exist-map PRIMARY-PATH

This allows implementing backup paths that advertise only when primary paths fail.

BGP Route Filtering and Policies

Proper filtering is critical for IPv6 BGP to prevent route leaks, protect against misconfigurations, and implement routing policies. See also IPv6 routing policies for additional guidance.

Prefix Filtering with Prefix Lists

IPv6 prefix lists filter routes based on prefix and length:

! Accept only customer's allocated prefix
ipv6 prefix-list CUSTOMER-IN permit 2001:DB8:100::/48 le 48

! Deny reserved/special-use prefixes
ipv6 prefix-list RESERVED deny ::/8 le 128
ipv6 prefix-list RESERVED deny 0100::/8 le 128
ipv6 prefix-list RESERVED deny 0200::/7 le 128
ipv6 prefix-list RESERVED deny 0400::/6 le 128
ipv6 prefix-list RESERVED deny 0800::/5 le 128
ipv6 prefix-list RESERVED deny 1000::/4 le 128
ipv6 prefix-list RESERVED deny 4000::/3 le 128
ipv6 prefix-list RESERVED deny 6000::/3 le 128
ipv6 prefix-list RESERVED deny 8000::/3 le 128
ipv6 prefix-list RESERVED deny A000::/3 le 128
ipv6 prefix-list RESERVED deny C000::/3 le 128
ipv6 prefix-list RESERVED deny E000::/4 le 128
ipv6 prefix-list RESERVED deny F000::/5 le 128
ipv6 prefix-list RESERVED deny F800::/6 le 128
ipv6 prefix-list RESERVED deny FC00::/7 le 128
ipv6 prefix-list RESERVED deny FE00::/9 le 128
ipv6 prefix-list RESERVED deny FE80::/10 le 128
ipv6 prefix-list RESERVED deny FEC0::/10 le 128
ipv6 prefix-list RESERVED deny FF00::/8 le 128
ipv6 prefix-list RESERVED permit 2000::/3 le 48

Key reserved prefixes to filter:

• ::/128 - Unspecified address
• ::1/128 - Loopback
• FF00::/8 - Multicast
• FE80::/10 - Link-local
• FC00::/7 - Unique local addresses (ULA)
• 2001:DB8::/32 - Documentation prefix
• Prefixes longer than /48 (typically filtered by ISPs)

Route Maps for Complex Policies

Route maps provide advanced filtering and manipulation:

! Inbound route map - filter and set preferences
route-map ISP-A-IN permit 10
 match ipv6 address prefix-list ISP-A-PREFIXES
 set local-preference 150
 set community 65001:100

route-map ISP-A-IN deny 20

! Outbound route map - advertise only specific prefixes
route-map ISP-A-OUT permit 10
 match ipv6 address prefix-list MY-PREFIXES
 set as-path prepend 65001
 set community 65001:200

route-map ISP-A-OUT deny 20

! Apply route maps to neighbors
router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 route-map ISP-A-IN in
  neighbor 2001:DB8:1::2 route-map ISP-A-OUT out

AS Path Filtering

Use AS path access lists to filter based on AS path attributes:

! Block routes traversing specific AS
ip as-path access-list 10 deny _64512_
ip as-path access-list 10 permit .*

! Accept only routes originating from specific AS
ip as-path access-list 20 permit ^65002$

route-map ISP-FILTER permit 10
 match as-path 20

router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 route-map ISP-FILTER in

Community-Based Filtering

BGP communities enable flexible policy implementation:

! Define community lists
ip community-list 100 permit 65001:100
ip community-list 200 permit 65001:200

! Set communities on advertised routes
route-map SET-COMMUNITY permit 10
 match ipv6 address prefix-list PRIMARY-PREFIXES
 set community 65001:100

! Filter based on communities
route-map FILTER-COMMUNITY permit 10
 match community 100
 set local-preference 150

router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 send-community
  neighbor 2001:DB8:1::2 route-map FILTER-COMMUNITY in

Dual-Stack BGP Considerations

Most networks run dual-stack configurations supporting both IPv4 and IPv6. This introduces several important considerations.

Independent Address Families

IPv4 and IPv6 are completely independent address families in BGP:

• Separate routing tables: Routes don't influence each other
• Independent policies: Apply different filters to each address family
• Different next-hops: IPv4 routes use IPv4 next-hops, IPv6 routes use IPv6 next-hops
• Autonomous operation: IPv6 BGP can function without IPv4 BGP and vice versa

For more details on dual-stack configurations, see dual-stack networking and setup dual-stack mode.

Single Session vs. Dual Session Approaches

Single BGP Session (MP-BGP over single transport):

Advantage: Exchange both IPv4 and IPv6 routes over one TCP session

! Using IPv6 transport for both address families
router bgp 65001
 neighbor 2001:DB8:1::2 remote-as 65002

 address-family ipv4 unicast
  neighbor 2001:DB8:1::2 activate
 exit-address-family

 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 activate
 exit-address-family

Dual Sessions (Separate IPv4 and IPv6 sessions):

Advantage: Complete independence, easier troubleshooting, separate failure domains

router bgp 65001
 ! IPv4 session
 neighbor 192.0.2.2 remote-as 65002
 address-family ipv4 unicast
  neighbor 192.0.2.2 activate
 exit-address-family

 ! IPv6 session
 neighbor 2001:DB8:1::2 remote-as 65002
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 activate
 exit-address-family

Best practice: Use dual sessions for production networks. This provides:

• Isolation of failures (IPv4 issues don't affect IPv6)
• Easier troubleshooting
• Clear separation of policies
• Better operational visibility

Next-Hop Handling in Dual-Stack

IPv6 routes must have IPv6 next-hops, and IPv4 routes must have IPv4 next-hops. This is crucial when receiving routes:

! For eBGP, next-hop is automatically set to neighbor's address
! For iBGP, preserve next-hop or set explicitly

router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:100::1 next-hop-self
 exit-address-family

Testing Dual-Stack BGP Connectivity

After configuring dual-stack BGP, validate that both address families work correctly:

! Verify BGP neighbors
show bgp ipv6 unicast summary
show bgp ipv4 unicast summary

! Check received routes
show bgp ipv6 unicast neighbors 2001:DB8:1::2 routes
show bgp ipv4 unicast neighbors 192.0.2.2 routes

! Verify advertised routes
show bgp ipv6 unicast neighbors 2001:DB8:1::2 advertised-routes
show bgp ipv4 unicast neighbors 192.0.2.2 advertised-routes

For end-to-end connectivity validation, use online testing tools like test-ipv6.run, which performs comprehensive dual-stack connectivity testing and helps identify if your BGP configuration properly enables both protocols. For more detailed IPv6 routing performance analysis, consider specialized routing tests.

Best Practices for IPv6 BGP

1. Always Filter BGP Advertisements

Implement strict prefix filtering on all BGP sessions:

Inbound filtering:

• Accept only expected prefixes from peers
• Filter reserved and special-use addresses
• Limit prefix lengths (typically /48 minimum, /32 maximum for aggregates)
• Validate prefixes against IRR databases or RPKI
• For more on RPKI, see IPv6 routing policies

Outbound filtering:

• Advertise only your allocated prefixes
• Never advertise customer prefixes to other customers
• Implement anti-spoofing filters
• Use prefix limits to prevent misconfigurations

2. Use BGP Maximum Prefix Limits

Protect against route table overflow and misconfiguration:

router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 maximum-prefix 100 90 restart 30

This limits the neighbor to 100 prefixes, warns at 90%, and automatically restarts the session after 30 minutes if exceeded.

3. Implement Prefix Length Filtering

ISPs typically filter based on prefix length to prevent deaggregation:

! Only accept aggregatable prefixes
ipv6 prefix-list ISP-IN permit 2000::/3 ge 32 le 48

Common filtering:

• Minimum: /48 (end-site allocation)
• Maximum: /32 (ISP allocation)
• Some networks use /56 minimum for special cases

4. Enable BGP Authentication

Secure BGP sessions with MD5 authentication:

router bgp 65001
 neighbor 2001:DB8:1::2 password 7 encrypted_password

While MD5 is considered weak cryptographically, it provides protection against:

• Accidental BGP session establishment with wrong peers
• Basic spoofing attacks
• Configuration errors

Future deployments should consider TCP-AO (RFC 5925) for stronger security.

5. Configure Graceful Restart

Enable graceful restart to minimize disruption during router restarts:

router bgp 65001
 bgp graceful-restart
 bgp graceful-restart restart-time 120
 bgp graceful-restart stalepath-time 360

This allows routes to remain in the forwarding table during control plane restarts.

6. Implement Bidirectional Forwarding Detection (BFD)

Enable fast failure detection:

router bgp 65001
 address-family ipv6 unicast
  neighbor 2001:DB8:1::2 fall-over bfd

BFD detects link failures in milliseconds versus BGP's default hold time (typically 180 seconds).

7. Use Consistent Policy Across Address Families

Apply similar security policies to both IPv4 and IPv6:

• Same filtering strictness
• Consistent community assignments
• Parallel route maps
• Similar authentication requirements

8. Monitor BGP Route Tables

Regularly monitor for anomalies:

! Check route table size
show bgp ipv6 unicast summary | include routes

! Monitor for sudden changes
show bgp ipv6 unicast neighbors 2001:DB8:1::2 | include prefixes

! Log BGP changes
router bgp 65001
 bgp log-neighbor-changes

Set up alerts for:

• Neighbor state changes
• Route table size changes >10%
• Maximum prefix warnings
• AS path anomalies

9. Implement RPKI Validation

Use Resource Public Key Infrastructure to validate route origins:

router bgp 65001
 bgp rpki server tcp 192.0.2.100 port 8282 refresh 600
 address-family ipv6 unicast
  bgp bestpath prefix-validate allow-invalid

RPKI helps prevent route hijacks by cryptographically validating prefix ownership.

10. Document Your BGP Configuration

Maintain comprehensive documentation:

• AS numbers and relationships
• Prefix allocations
• Routing policies
• Community meanings
• Contact information for peers
• Emergency procedures

Common Configuration Examples

Example 1: Enterprise Multi-Homed to Two ISPs

! Dual-homed enterprise with IPv6
router bgp 65001
 bgp router-id 10.0.0.1
 no bgp default ipv4-unicast

 ! ISP A connection
 neighbor 2001:DB8:1::2 remote-as 65100
 neighbor 2001:DB8:1::2 description ISP-A-Primary

 ! ISP B connection
 neighbor 2001:DB8:2::2 remote-as 65200
 neighbor 2001:DB8:2::2 description ISP-B-Backup

 address-family ipv6 unicast
  ! Activate neighbors
  neighbor 2001:DB8:1::2 activate
  neighbor 2001:DB8:2::2 activate

  ! Advertise our prefix to both ISPs
  network 2001:DB8:100::/48

  ! Prefer ISP A by setting higher local preference
  neighbor 2001:DB8:1::2 route-map ISP-A-IN in
  neighbor 2001:DB8:2::2 route-map ISP-B-IN in

  ! Control outbound traffic with AS path prepending
  neighbor 2001:DB8:1::2 route-map ISP-A-OUT out
  neighbor 2001:DB8:2::2 route-map ISP-B-OUT out
 exit-address-family

! Prefer ISP A for inbound traffic
route-map ISP-A-IN permit 10
 set local-preference 150

route-map ISP-B-IN permit 10
 set local-preference 100

! Make ISP B less attractive for inbound traffic (prepend to ISP B)
route-map ISP-A-OUT permit 10
 match ipv6 address prefix-list MY-PREFIXES

route-map ISP-B-OUT permit 10
 match ipv6 address prefix-list MY-PREFIXES
 set as-path prepend 65001 65001 65001

ipv6 prefix-list MY-PREFIXES permit 2001:DB8:100::/48

Example 2: ISP Providing IPv6 Transit

! ISP configuration
router bgp 65100
 bgp router-id 10.0.0.1
 no bgp default ipv4-unicast

 ! Upstream provider
 neighbor 2001:DB8:1000::1 remote-as 65000
 neighbor 2001:DB8:1000::1 description Upstream-Transit-Provider

 ! Customer connection
 neighbor 2001:DB8:2000::2 remote-as 65001
 neighbor 2001:DB8:2000::2 description Customer-AS65001

 address-family ipv6 unicast
  neighbor 2001:DB8:1000::1 activate
  neighbor 2001:DB8:2000::2 activate

  ! Accept default route from upstream
  neighbor 2001:DB8:1000::1 route-map UPSTREAM-IN in

  ! Send customer routes to upstream
  neighbor 2001:DB8:1000::1 route-map UPSTREAM-OUT out

  ! Accept only customer's allocated prefix
  neighbor 2001:DB8:2000::2 route-map CUSTOMER-IN in
  neighbor 2001:DB8:2000::2 maximum-prefix 10 90

  ! Send default route to customer
  neighbor 2001:DB8:2000::2 route-map CUSTOMER-OUT out
  neighbor 2001:DB8:2000::2 default-originate
 exit-address-family

! Upstream filtering
route-map UPSTREAM-IN permit 10
 match ipv6 address prefix-list DEFAULT-ONLY
 set local-preference 100

ipv6 prefix-list DEFAULT-ONLY permit ::/0

route-map UPSTREAM-OUT permit 10
 match ipv6 address prefix-list CUSTOMER-PREFIXES

ipv6 prefix-list CUSTOMER-PREFIXES permit 2001:DB8:100::/48

! Customer filtering
route-map CUSTOMER-IN permit 10
 match ipv6 address prefix-list CUSTOMER-ALLOCATION
 set community 65100:100

ipv6 prefix-list CUSTOMER-ALLOCATION permit 2001:DB8:100::/48 le 48

route-map CUSTOMER-OUT permit 10
 match ipv6 address prefix-list DEFAULT-ONLY

Example 3: Internet Exchange Point (IXP) Peering

! IXP peering configuration
router bgp 65001
 bgp router-id 10.0.0.1
 no bgp default ipv4-unicast

 ! IXP route server
 neighbor 2001:DB8:IX::1 remote-as 65999
 neighbor 2001:DB8:IX::1 description IXP-Route-Server

 ! Direct bilateral peer
 neighbor 2001:DB8:IX::100 remote-as 65200
 neighbor 2001:DB8:IX::100 description Direct-Peer-AS65200

 address-family ipv6 unicast
  neighbor 2001:DB8:IX::1 activate
  neighbor 2001:DB8:IX::100 activate

  ! Advertise our prefixes
  network 2001:DB8:100::/48

  ! Apply IXP policies
  neighbor 2001:DB8:IX::1 route-map IXP-RS-IN in
  neighbor 2001:DB8:IX::1 route-map IXP-RS-OUT out
  neighbor 2001:DB8:IX::100 route-map IXP-PEER-IN in
  neighbor 2001:DB8:IX::100 route-map IXP-PEER-OUT out

  ! Set preferences (prefer bilateral over route server)
  neighbor 2001:DB8:IX::1 route-map SET-LP-100 in
  neighbor 2001:DB8:IX::100 route-map SET-LP-150 in
 exit-address-family

! Set local preferences
route-map SET-LP-100 permit 10
 set local-preference 100

route-map SET-LP-150 permit 10
 set local-preference 150

! IXP route server policies
route-map IXP-RS-IN permit 10
 match ipv6 address prefix-list IXP-PREFIXES
 set community 65001:500

route-map IXP-RS-OUT permit 10
 match ipv6 address prefix-list MY-PREFIXES

ipv6 prefix-list IXP-PREFIXES permit 2000::/3 ge 32 le 48
ipv6 prefix-list MY-PREFIXES permit 2001:DB8:100::/48

Troubleshooting IPv6 BGP

Verify BGP Neighbor Status

! Check neighbor state
show bgp ipv6 unicast summary
show bgp ipv6 unicast neighbors 2001:DB8:1::2

! Check for common issues
show bgp ipv6 unicast neighbors 2001:DB8:1::2 | include state

Common states:

• Idle: Not attempting connection (configuration issue)
• Connect: Attempting TCP connection
• Active: TCP connection failed, retrying
• OpenSent/OpenConfirm: Negotiating BGP parameters
• Established: Fully operational

Debug BGP Sessions

! Enable BGP debugging (use cautiously on production)
debug bgp ipv6 unicast updates
debug bgp ipv6 unicast keepalives

! Check specific neighbor activity
show bgp ipv6 unicast neighbors 2001:DB8:1::2 received-routes
show bgp ipv6 unicast neighbors 2001:DB8:1::2 advertised-routes
show bgp ipv6 unicast neighbors 2001:DB8:1::2 routes

Common Issues and Solutions

Issue: Neighbor stuck in Active state

Cause: TCP connection cannot be established

Solutions:

• Verify IPv6 connectivity: ping 2001:DB8:1::2
• Check firewall rules (TCP port 179)
• Verify neighbor IP address configuration
• Check routing to neighbor address

Issue: Neighbor establishes but no routes received

Cause: Address family not activated or routes filtered

Solutions:

• Verify neighbor activate under IPv6 address family
• Check route maps aren't denying all routes
• Verify peer is actually advertising routes
• Check maximum-prefix limits
• For detailed routing analysis, see test IPv6 routing performance

Issue: Routes received but not installed in routing table

Cause: Better route exists or next-hop unreachable

Solutions:

• Check BGP best path selection: show bgp ipv6 unicast 2001:DB8::/32
• Verify next-hop reachability: show ipv6 route next-hop-address
• Check for route filtering or policy issues
• Verify AS path doesn't contain loops

Issue: Routes installed but traffic not forwarding

Cause: Data plane issues separate from control plane

Solutions:

• Verify routing table: show ipv6 route bgp
• Check CEF/FIB: show ipv6 cef destination-address
• Test connectivity: ping 2001:DB8:100::1
• Verify no firewall blocking traffic
• Use test-ipv6.run to verify end-to-end connectivity and check device IPv6 connectivity for troubleshooting

Analyzing BGP Path Selection

! View all paths for a prefix
show bgp ipv6 unicast 2001:DB8:100::/48

! Examine why a specific path was chosen
show bgp ipv6 unicast 2001:DB8:100::/48 bestpath

! View BGP attributes for detailed analysis
show bgp ipv6 unicast 2001:DB8:100::/48 longer-prefixes

BGP best path selection order (RFC 4271):

1. Highest Weight (Cisco-specific, local only)
2. Highest Local Preference
3. Locally originated routes
4. Shortest AS Path
5. Lowest Origin type (IGP < EGP < Incomplete)
6. Lowest MED (if from same AS)
7. eBGP over iBGP
8. Lowest IGP metric to next-hop
9. Oldest route (for stability)
10. Lowest BGP Router ID
11. Lowest neighbor address

Conclusion

IPv6 BGP leverages Multiprotocol BGP (MP-BGP) extensions to provide complete routing functionality for IPv6 networks while maintaining independence from IPv4. Understanding how to configure IPv6 address families, implement proper filtering policies, manage dual-stack environments, and troubleshoot common issues is essential for modern network operations.

Key takeaways:

• MP-BGP enables IPv6: The multiprotocol extensions allow BGP to carry IPv6 routing information through separate address families
• Independent routing tables: IPv4 and IPv6 maintain completely separate routing tables and policies
• Filtering is critical: Always implement strict prefix filtering to protect against misconfigurations and security threats
• Dual-stack requires careful planning: Manage both address families with consistent policies while recognizing their independence
• Best practices apply equally: Security, monitoring, and operational practices should be applied to both IPv4 and IPv6 BGP

As IPv6 adoption continues to grow globally, properly configured BGP becomes increasingly important for ensuring optimal routing performance and network security. Regular testing using tools like test-ipv6.run helps validate that your BGP configuration correctly enables IPv6 connectivity and that routes are being advertised and received as expected.

Whether you're operating an enterprise network, managing an ISP, or participating in internet exchange peering, understanding IPv6 BGP ensures your network is ready for the continued transition to the next generation of internet protocol. The principles remain the same as IPv4 BGP, but the independent address family structure provides flexibility and control over how each protocol operates in your network.

---

Related Topics:

• Test IPv6 Routing Performance
• Dual-Stack Networking
• Configure IPv6 on Linux
• IPv6 Address Structure