From a security point of view that does sound like a valid use case.
Here is a configuration that worked for me.
Running IOS15
hostname R1
!
!
no ip domain lookup
ipv6 unicast-routing
ipv6 cef
!
!
interface FastEthernet0/0
vrf forwarding A
ip address 9.9.12.1 255.255.255.0
duplex half
ipv6 address FE80::11 link-local
ipv6 address 2001:10:1:1::1/64
mpls traffic-eng tunnels
mpls ip
!
!
router bgp 1
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf A
no synchronization
exit-address-family
!
address-family ipv6 vrf A
neighbor FE80::22%FastEthernet0/0 remote-as 1
neighbor FE80::22%FastEthernet0/0 activate
exit-address-family
!
hostname R2
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ipv6 address 2001:20::2/128
!
!
interface FastEthernet0/0
ip address 9.9.12.2 255.255.255.0
ip router isis
duplex half
ipv6 address FE80::22 link-local
ipv6 address 2001:10:1:1::2/64
mpls traffic-eng tunnels
mpls ip
!
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor FE80::11%FastEthernet0/0 remote-as 1
no auto-summary
!
address-family ipv6
network 2001:20::2/128
neighbor FE80::11%FastEthernet0/0 activate
exit-address-family
!
-----------------------
R1#sh ip bgp vpnv6 unicast rd 1:1
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf A)
*>i2001:20::2/128 FE80::22 0 100 0 i
R1#
R1#
R1#sh ip bgp vpnv6 unicast rd 1:1 2001:20::2/128
BGP routing table entry for [1:1]2001:20::2/128, version 2
Paths: (1 available, best #1, table A)
Not advertised to any peer
Local
FE80::22 (FE80::22) from FE80::22%FastEthernet0/0 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:1:1
R1#
On Fri, Jan 20, 2012 at 10:44 AM, Daniel Kratz <dkratz_at_gmail.com> wrote:
>
> From a security point of view this is great. One remote DDoS will never
> reach link-local addresses and this traffic will be discard closest to
> source as possible.
>
> In the scope of R&S Lab, on IOS Advanced Enterprise Services 12.4T, you can
> form neighbor relationship using link-local, but you'll need to manually
> seting the next-hop. [1]
>
> In newer IOS you can address your neighbor making reference to output
> interface. (Ex: neighbor FE80::3%Serial1/1 remote-as 100). In this case you
> don't need to set next-hop manually.
>
> []4s
> Kratz
>
>
> [1] - Implementing Multiprotocol BGP for IPv6
> http://www.cisco.com/en/US/docs/ios/ios_xe/ipv6/configuration/guide/ip6-mptcl_bgp_xe.html#wp1043063
>
>
> 2012/1/20 Alberto <albertofsantos_at_gmail.com>
>>
>> I dont see the reason either, but why dont u try to config update src and
>> eBGP mult hop just to see if it will work
>>
>> BR
>> Enviado via iPhone
>>
>>
>> Em 19/01/2012, C s 13:47, marc abel <marcabel_at_gmail.com> escreveu:
>>
>>
-Rich
Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 20 2012 - 11:41:54 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART