Stay organized with collections Save and categorize content based on your preferences.

Enable or disable IPv6 prefix exchange in BGP IPv4 sessions

Cloud Router allows you to enable and disable IPv6 prefix exchange in individual Border Gateway Protocol (BGP) sessions by using Multiprotocol BGP (MP-BGP). Enabling IPv6 prefix exchange allows you to exchange IPv6 routes between your IPv6-enabled Virtual Private Cloud (VPC) network and the IPv6-addressed hosts in your on-premises network. The prefix exchange occurs over an IPv4-based BGP session. IPv6-only BGP sessions are not supported.

To exchange IPv6 traffic between Google Cloud and your on-premises networks, you must enable the IPv4 and IPv6 (dual-stack) stack type in your network connectivity product, such as HA VPN. You then enable IPv6 prefix exchange in the BGP IPv4 session used by the connection.

You can disable IPv6 prefix exchange in a specific BGP session by modifying the configuration of the BGP peer. Disabling IPv6 prefix exchange is useful if you need to troubleshoot IPv6-related network issues. Another reason might be that you want to disable IPv6 traffic temporarily in an HA VPN tunnel without deleting the tunnel and gateway.

If you disable IPv6 prefix exchange in a BGP session and then later re-enable it, IPv6 next hop addresses that were previously assigned are not relinquished. You can reuse those IPv6 next hop addresses if IPv6 is enabled in the BGP session again.

Before you begin

To use the command-line examples in this guide, do the following:

  1. Install or update to the latest version of the Google Cloud CLI.
  2. Set a default region and zone.

To use the API examples in this guide, set up API access.

Enable IPv6 prefix exchange

This procedure assumes that you are modifying BGP IPv4 sessions that have already been created for HA VPN tunnels.

It also assumes that you have configured the associated HA VPN gateway to use the IPv4 and IPv6 dual stack as described in the following procedures:

To enable IPv6 prefix exchange in an existing BGP IPv4 session, perform the following steps.

Console

  1. In the Google Cloud console, go to the Cloud VPN tunnels page.

    Go to Cloud VPN tunnels

  2. Select the Cloud VPN tunnel that contains the BGP session to update.

  3. On the VPN tunnel details page, click Edit BGP session.

  4. To turn on IPv6 traffic, click the Enable IPv6 traffic toggle.

  5. Optional: You can allocate the IPv6 next hop addresses for HA VPN tunnels manually or automatically.

    • To allocate the addresses automatically, select Automatically.
    • To allocate the addresses manually:
      1. Select Manually.
      2. Enter the IPv6 address for the Cloud Router IPv6 next hop. This address is the next hop address for IPv6 routes that are advertised by the Cloud Router. The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.
      3. Enter the IPv6 address for the Peer IPv6 next hop. This address is the next hop address for IPv6 routes received by the Cloud Router from the BGP peer. The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.
  6. Click Save and continue.

gcloud

Run the update-bgp-peer command. Use the --enable-ipv6 flag to allow the BGP session to exchange IPv6 prefixes, as shown in the following example:

gcloud compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME
    --enable-ipv6

Optionally, when you enable IPv6 traffic for a BGP session used in an HA VPN tunnel, you can specify IPv6 next hop addresses:

gcloud compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME \
    --enable-ipv6
    --ipv6-nexthop-address=IPV6_NEXTHOP_ADDRESS \
    --peer-ipv6-nexthop-address=PEER_IPV6_NEXTHOP_ADDRESS

Replace the following:

  • IPV6_NEXTHOP_ADDRESS: the next hop address for IPv6 routes that are advertised by Cloud Router. The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.
  • PEER_IPV6_NEXTHOP_ADDRESS: the next hop address for IPv6 routes received by the Cloud Router from the BGP peer. The address must be in the range 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64.

If you do not specify the next hop addresses, Google Cloud automatically assigns unused addresses from the 2600:2d00:0:2::/64 or 2600:2d00:0:3::/64 range for you.

API

Use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to enable IPv6 in the BGP session, set bgpPeers[].enableIpv6 to TRUE.

    PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
    {
      "bgpPeers": [
        BGP_PEERS
      ]
    }
    

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example enables IPv6 in the session for the first BGP peer:

        {
          "name": "peer-1",
          "interfaceName": "if-peer-1",
          "ipAddress": "169.254.10.1",
          "peerIpAddress": "169.254.10.2",
          "peerAsn": 64512,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT",
          "advertisedGroups": [],
          "advertisedIpRanges": [],
          "enable": TRUE
          "enableIpv6": TRUE
        },
        {
          "name": "peer-2",
          "interfaceName": "if-peer-2",
          "ipAddress": "169.254.20.1",
          "peerIpAddress": "169.254.20.2",
          "peerAsn": 64513,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT",
          "advertisedGroups": [],
          "advertisedIpRanges": [],
          "enable": TRUE
          "enableIpv6": FALSE
          "
        }
     

    Additionally, if you are enabling IPv6 traffic for a BGP session used in an HA VPN tunnel, you can specify IPv6 next hop addresses:

        {
          "name": "peer-1",
          "interfaceName": "if-peer-1",
          "ipAddress": "169.254.10.1",
          "peerIpAddress": "169.254.10.2",
          "peerAsn": 64512,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT",
          "advertisedGroups": [],
          "advertisedIpRanges": [],
          "enable": TRUE,
          "enableIpv6": TRUE,
          "ipv6NexthopAddress": "2600:2d00:0:0:0:0:1:5",
          "peerIpv6NexthopAddress": "2600:2d00:0:0:0:0:1:6"
        },
        {
          "name": "peer-2",
          "interfaceName": "if-peer-2",
          "ipAddress": "169.254.20.1",
          "peerIpAddress": "169.254.20.2",
          "peerAsn": 64513,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT",
          "advertisedGroups": [],
          "advertisedIpRanges": [],
          "enable": TRUE,
          "enableIpv6": FALSE
        }

Disable IPv6 prefix exchange

This procedure assumes that you are modifying existing BGP IPv4 sessions that previously enabled IPv6.

Console

  1. In the Google Cloud console, go to the Cloud VPN tunnels page.

    Go to Cloud VPN tunnels

  2. Select the Cloud VPN tunnel that contains the BGP session to update.

  3. On the Router details page, select the BGP session to update.

  4. On the BGP session details page, click Edit.

  5. To turn off IPv6 traffic, click the Enable IPv6 traffic toggle.

  6. Click Save and continue.

gcloud

Run the update-bgp-peer command. Use the --no-enable-ipv6 flag to prevent the BGP session from exchanging IPv6 prefixes, as shown in the following example:

gcloud compute routers update-bgp-peer ROUTER_NAME \
--peer-name=PEER_NAME \
--no-enable-ipv6

API

Use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to disable IPv6 in the BGP session, set bgpPeers[].enableIpv6 to FALSE.

    PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
    {
      "bgpPeers": [
        BGP_PEERS
      ]
    }
    

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example enables IPv6 in the session for the first BGP peer:

        {
          "name": "peer-1",
          "interfaceName": "if-peer-1",
          "ipAddress": "169.254.10.1",
          "peerIpAddress": "169.254.10.2",
          "peerAsn": 64512,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT",
          "advertisedGroups": [],
          "advertisedIpRanges": [],
          "enable": TRUE
          "enableIpv6": FALSE
        },
        {
          "name": "peer-2",
          "interfaceName": "if-peer-2",
          "ipAddress": "169.254.20.1",
          "peerIpAddress": "169.254.20.2",
          "peerAsn": 64513,
          "advertisedRoutePriority": 100,
          "advertiseMode": "DEFAULT",
          "advertisedGroups": [],
          "advertisedIpRanges": [],
          "enable": TRUE
          "enableIpv6": FALSE
        }
    

What's next