manualshive.com logo in svg

Brocade Communications Systems FastIron SX 1600, Configuration Manual, Page: 342 / 593

Share
Download
Brocade Communications Systems FastIron SX 1600 Configuration Manual Download Page 342

use    in  OSPF  FE80::/10:any

                 ::/0:any

  SA: 1:e1/1/1       in ESP    302        FE80::

use    out OSPF  FE80::/10:any

                 ::/0:any

  SA: 1:e1/1/1       out ESP   302        ::

use    in  OSPF  2001:db8:1:1::1/128:any

                 2001:db8:1:1::2/128:any

  SA: 1:ALL         in  ESP   512        2001:db8:1:1::2

use    out OSPF  2001:db8:1:1::2/128:any

                 2001:db8:1:1::1/128:any

  SA: 1:e1/1/1        out ESP   512        2001:db8:1:1::1

use    in  OSPF  35:1:1::1/128:any

                 10:1:1::2/128:any

  SA: 2:ALL         in  ESP   512        10:1:1::2

Syntax:

 

show ipsec policy

TABLE 85 

show ipsec policy output descriptions 

This field

Displays

PType

This field contains the policy type. Of the existing policy types, only the
"use" policy type is supported, so each entry can have only "use."

Dir

The direction of traffic flow to which the IPsec policy is applied. Each
direction has its own entry.

Proto

The only possible routing protocol for the security policy in the current
release is OSPFv3.

Source

The source address consists of the IPv6 prefix and the TCP or UDP port
identifier.

Destination

The destination address consists of the IPv6 prefix. Certain logical
elements have a bearing on the meaning of the destination address and its
format, as follows:

For IPsec on an interface or area, the destination address is shown as a
prefix of 0xFE80 (link local). The solitary "::" (no prefix) indicates a "do not-
care" situation because the connection is multicast. In this case, the
security policy is enforced without regard for the destination address.

For a virtual link (SPDID = 0), the address is required.

TABLE 86 

SA used by the policy 

This field

Displays

SA

This heading points at the SA-related headings for information used by
the security policy. Thereafter, on each line of this part of the IPsec entry
(which alternates with lines of policy information, "SA:" points at the fields
under those SA-related headings. The remainder of this table describes
each of the SA-related items.

SPDID

The security policy database identifier (SPDID) consists of two parts; the
first part is an VRF id and the second part is an interface ID. The SPDID
0/ALL is a global database for the default VRF that applies to all
interfaces.

Dir

The Dir field is either ‘in" for inbound or "out" for outbound.

Encap

The type of encapsulation in the current release is ESP.

SPI

Security parameter index.

Destination

The IPv6 address of the destination endpoint. From the standpoint of the
near interface and the area, the destination is not relevant and therefore
appears as ::/0:any.

Displaying OSPFv3 information

FastIron Ethernet Switch Layer 3 Routing

342

53-1003627-04

Summary of Contents for FastIron SX 1600

Page 1: ...Supporting FastIron Software Release 08 0 30b CONFIGURATION GUIDE FastIron Ethernet Switch Layer 3 Routing 53 1003627 04 20 December 2016 ...

Page 2: ...FastIron Ethernet Switch Layer 3 Routing 2 53 1003627 04 ...

Page 3: ...rameters and defaults Layer 3 switches 30 When parameter changes take effect 30 IP global parameters Layer 3 switches 30 IP interface parameters Layer 3 switches 34 Basic IP parameters and defaults Layer 2 switches 35 IP global parameters Layer 2 switches 35 Interface IP parameters Layer 2 switches 37 Configuring IP parameters Layer 3 switches 37 Configuring IP addresses 37 Configuring 31 bit subn...

Page 4: ...RE tunnels 108 Example point to point GRE tunnel configuration 115 Displaying GRE tunneling information 117 Clearing GRE statistics 121 Bandwidth for IP interfaces 121 Limitations and pre requisites 122 OSPF cost calculation with interface bandwidth 122 Setting the bandwidth value for an Ethernet interface 123 Setting the bandwidth value for a VE interface 123 Setting the bandwidth value for a tun...

Page 5: ...ying an IPv6 SNMP trap receiver 162 Configuring SNMP V3 over IPv6 162 Secure Shell SCP and IPv6 163 IPv6 Telnet 163 IPv6 traceroute 163 IPv6 Web management using HTTP and HTTPS 164 Restricting Web management access 164 Restricting Web management access by specifying an IPv6 ACL 164 Restricting Web management access to an IPv6 host 165 Configuring name to IPv6 address resolution using IPv6 DNS reso...

Page 6: ...6 Displaying IPv6 traffic statistics 188 DHCP relay agent for IPv6 191 Configuring DHCP for IPv6 relay agent 191 Enabling the interface ID on the DHCPv6 relay agent messages 192 Displaying DHCPv6 relay agent information 192 Displaying the DHCPv6 Relay configured destinations 192 Displaying the DHCPv6 Relay information for an interface 193 DHCPv6 Relay Agent Prefix Delegation Notification 193 DHCPv...

Page 7: ... reduction 229 Support for OSPF RFC 2328 Appendix E 229 OSPF graceful restart 230 OSPF stub router advertisement 230 OSPF Shortest Path First throttling 231 IETF RFC and internet draft support 231 Dynamic OSPF activation and configuration 231 Configuring OSPF 232 Configuration rules 232 OSPF parameters 232 Enable OSPF on the device 233 Assign OSPF areas 234 Assign a totally stubby area 235 Assigni...

Page 8: ...type 266 Configuring OSPF Graceful Restart 267 Configuring OSPF router advertisement 269 Configuring OSPF shortest path first throttling 270 Displaying OSPF information 271 Displaying general OSPF configuration information 271 Displaying OSPF area information 273 Displaying OSPF neighbor information 274 Displaying OSPF interface information 276 Displaying OSPF interface brief information 278 Displ...

Page 9: ... OSPFv3 Graceful Restart Helper mode 318 Configuring OSPFv3 Non stop routing NSR 319 Displaying OSPFv3 information 319 General OSPFv3 configuration information 320 Displaying OSPFv3 area information 320 Displaying OSPFv3 database information 321 Displaying IPv6 interface information 325 Displaying IPv6 OSPFv3 interface information 326 Displaying OSPFv3 memory usage 330 Displaying OSPFv3 neighbor i...

Page 10: ...on tasks 377 Changing the Keep Alive Time and Hold Time 377 Changing the BGP4 next hop update timer 377 Enabling fast external fallover 378 Changing the maximum number of paths for BGP4 Multipath load sharing 378 Customizing BGP4 Multipath load sharing 380 Specifying a list of networks to advertise 380 Changing the default local preference 381 Using the IP default route as a valid next hop for a B...

Page 11: ... BGP4 428 Configuring BGP4 428 Entering and exiting the address family configuration level 429 BGP route reflector 430 Configuring BGP route reflector 430 Specifying a maximum AS path length 432 Setting a global maximum AS path limit 433 Setting a maximum AS path limit for a peer group or neighbor 433 BGP4 max as error messages 434 Maximum AS path limit error 434 Memory limit error 434 Originating...

Page 12: ...481 BGP4 multipath 481 Route maps 482 BGP4 outbound route filtering 482 BGP4 confederations 482 BGP4 extended community 483 BGP4 graceful restart 483 Configuring BGP4 483 Configuring BGP4 neighbors using global IPv6 addresses 484 Configuring BGP4 neighbors using link local addresses 484 Configuring BGP4 peer groups 485 Configuring a peer group with IPv4 and IPv6 peers 486 Importing routes into BGP...

Page 13: ...Pv4 session 525 Enabling accept mode in VRRP non Owner Master router 525 Configuration considerations for IPv6 VRRP and IPv6 VRRP E support on Brocade devices 526 Basic VRRP E parameter configuration 526 Configuration rules for VRRP E 526 Configuring IPv4 VRRP E 527 Configuring IPv6 VRRP E 527 Additional VRRP and VRRP E parameter configuration 528 VRRP and VRRP E authentication types 529 VRRP rout...

Page 14: ...configuration 568 Configuring static ARP for Multi VRF 569 Configuring additional ARP features for Multi VRF 569 Multi Chassis Trunking 571 Layer 3 behavior with MCT 571 Layer 3 unicast forwarding over MCT 572 VRRP or VRRP E over an MCT enabled network 573 VRRP E short path forwarding and revertible option 574 OSPF and BGP over an MCT enabled network 574 Layer 3 with MCT configuration consideratio...

Page 15: ...ormational document describes features that may not be currently available Contact a Brocade sales office for information on feature and product availability Export of technical data contained in this document may require an export license from the United States government The authors and Brocade Communications Systems Inc assume no liability or responsibility to any person or entity with respect ...

Page 16: ...FastIron Ethernet Switch Layer 3 Routing 16 53 1003627 04 ...

Page 17: ... Identifies CLI output Identifies command syntax examples Command syntax conventions Bold and italic text identify command syntax components Delimiters and operators define groupings of parameters and their logical relationships Convention Description bold text Identifies command names keywords and command options italic text Identifies a variable value In Fibre Channel products a fixed value prov...

Page 18: ...rmware software or data DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you Safety labels are also attached directly to products to warn of these conditions or situations Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources You can download additional publi...

Page 19: ...der contact your OEM Solution Provider for all of your product support needs OEM Solution Providers are trained and certified by Brocade to support Brocade products Brocade provides backline support for issues that cannot be resolved by the OEM Solution Provider Brocade Supplemental Support augments your existing OEM support contract providing direct access to Brocade expertise For more informatio...

Page 20: ...FastIron Ethernet Switch Layer 3 Routing 20 53 1003627 04 ...

Page 21: ...r information about the specific models and modules supported in a product family refer to the hardware installation guide for that product family NOTE The Brocade ICX 6430 C switch supports the same feature set as the Brocade ICX 6430 switch unless otherwise noted NOTE The Brocade ICX 6450 C12 PD switch supports the same feature set as the Brocade ICX 6450 switch unless otherwise noted What s new...

Page 22: ... content supported in FastIron Release 08 0 20 and later the CLI is documented in separate command pages included in the FastIron Command Reference Command pages are compiled in alphabetical order and follow a standard format to present syntax parameters usage guidelines examples and command history NOTE Many commands from previous FastIron releases are also included in the command reference Legac...

Page 23: ...apters of this guide If you are configuring a Layer 2 switch refer to Configuring the management IP address and specifying the default gateway on page 95 to add an IP address for management access through the network and to specify the default gateway The rest of this chapter describes IP and how to configure it in more detail Use the information in this chapter if you need to change some of the I...

Page 24: ...hes Brocade Layer 3 switches allow you to configure IP addresses on the following types of interfaces Ethernet ports Virtual routing interfaces used by VLANs to route among one another Loopback interfaces GRE tunnels Each IP address on a Layer 3 switch must be in a different subnet You can have only one interface that is in a given subnet For example you can configure IP addresses 192 168 1 1 24 a...

Page 25: ...e receiving interface 1 If a deny filter on the interface denies the packet the Layer 3 switch discards the packet and performs no further processing except generating a Syslog entry and SNMP message if logging is enabled for the filter 1 The filter can be an Access Control List ACL or an IP access policy IP configuration overview FastIron Ethernet Switch Layer 3 Routing 53 1003627 04 25 ...

Page 26: ... table entry to forward subsequent packets from the same source to the same destination If the running config does not contain an IP access policy for the packet the software creates a new entry in the forwarding cache The Layer 3 switch uses the new cache entry to forward subsequent packets to the same destination The following sections describe the IP tables and caches ARP cache and static ARP t...

Page 27: ... a destination When the software receives paths from more than one of the sources listed above the software compares the administrative distance of each path and selects the path with the lowest administrative distance The administrative distance is a protocol independent value from 1 through 255 When the software receives two or more best paths from the same source and the paths have the same met...

Page 28: ...hed is also listed as well as the VLAN and Layer 4 QoS priority associated with the destination if applicable NOTE You cannot add static entries to the IP forwarding cache although you can increase the number of entries the cache can contain Refer to the section Displaying and modifying system parameter default settings in the FastIron Ethernet Switch Platform and Layer 2 Switching Configuration G...

Page 29: ... protocols Virtual Router Redundancy Protocol VRRP A standard router redundancy protocol based on RFC 2338 You can use VRRP to configure Brocade Layer 3 switches and third party routers to back up IP interfaces on other Brocade Layer 3 switches or third party routers Virtual Router Redundancy Protocol Extended VRRP E A Brocade extension to standard VRRP that adds additional features and overcomes ...

Page 30: ... config file To save configuration changes to the startup config file enter the write memory command from the Privileged EXEC level of any configuration level of the CLI To save the configuration changes using the Web Management Interface select the Save link at the bottom of the dialog Select Yes when prompted to save the configuration change to the startup config file on the device flash memory ...

Page 31: ... If the device receives more ARP packets than you specify the device drops additional ARP packets for the remainder of the one second interval Disabled ARP age The amount of time the device keeps a MAC address learned through ARP in the device ARP cache The device resets the timer to zero each time the ARP entry is refreshed and removes the entry if the timer reaches the ARP age NOTE You also can ...

Page 32: ...es of its router interfaces to directly attached hosts You can enable or disable the protocol and change the following protocol parameters Forwarding method broadcast or multicast Hold time Maximum advertisement interval Minimum advertisement interval Router preference level NOTE You also can enable or disable IRDP and configure the parameters on an individual interface basis Disabled Reverse ARP ...

Page 33: ... Enabled Maximum IP load sharing paths The maximum number of equal cost paths across which the Layer 3 switch is allowed to distribute traffic Four Origination of default routes You can enable a router to originate default routes for the following route exchange protocols on an individual protocol basis OSPF BGP4 Disabled Default network route The router uses the default network route if the IP ro...

Page 34: ...VLAN go into the non forwarding state the device waits for the configured time before notifying the Layer 3 protocols of the VE down event NOTE Available on the VE interface only Delay time is not configured ARP age Locally overrides the global setting Ten minutes Directed broadcast forwarding Locally overrides the global setting Disabled ICMP Router Discovery Protocol IRDP Locally overrides the g...

Page 35: ...ess IP helper addresses allow the router to forward requests for certain UDP applications from a client on one subnet to a server on another subnet None configured Basic IP parameters and defaults Layer 2 switches IP is enabled by default The following tables list the Layer 2 switch IP parameters their default values and where to find configuration information NOTE Brocade Layer 2 switches also pr...

Page 36: ...a packet can pass before being discarded Each router decreases a packet TTL by 1 before forwarding the packet If decreasing the TTL causes the TTL to be 0 the router drops the packet instead of forwarding it 64 hops Domain name for Domain Name Server DNS resolver A domain name example brocade router com you can use in place of an IP address for certain operations such as IP pings trace routes and ...

Page 37: ...net port Virtual routing interface also called a Virtual Ethernet or VE Loopback interface GRE tunnels By default you can configure up to 24 IP addresses on each interface You can increase this amount to up to 128 IP subnet addresses per port by increasing the size of the ip subnet port table Refer to the section Displaying system parameter default values in the FastIron Ethernet Switch Platform a...

Page 38: ...et is completely ignored by OSPF NOTE The ospf passive option disables adjacency formation but does not disable advertisement of the interface into OSPF To disable advertisement in addition to disabling adjacency formation you must use the ospf ignore option Use the secondary parameter if you have already configured an IP address within the same subnet on the interface NOTE When you configure more...

Page 39: ...rface parameters also apply to virtual interfaces NOTE The Layer 3 switch uses the lowest MAC address on the device the MAC address of port 1 or 1 1 1 as the MAC address for all ports within all virtual interfaces you configure on the device To add a virtual interface to a VLAN and configure an IP address on the interface enter commands such as the following device config vlan 2 name IP Subnet_10 ...

Page 40: ...ng device config vlan 2 name IP Subnet_10 1 2 0 24 device config vlan 2 untag ethernet 1 to 4 device config vlan 2 router interface ve 1 device config vlan 2 interface ve 1 device config vif 1 ip address 10 10 2 1 24 device config vif 1 interface ve 2 device config vif 2 ip follow ve 1 device config vif 2 interface ve 3 device config vif 3 ip follow ve 1 Syntax no ip follow ve number For number en...

Page 41: ...point link with a 31 bit subnet mask the previous two addresses are interpreted as host addresses and packets are not rebroadcast Configuring an IPv4 address with a 31 bit subnet mask To configure an IPv4 address with a 31 bit subnet mask enter the following commands You can configure an IPv4 address with a 31 bit subnet mask on any interface for example Ethernet loopback VE or tunnel interfaces d...

Page 42: ...face ethernet 1 3 1 RouterB config if e1000 1 3 1 ip address 10 2 2 1 24 Router C RouterC config interface ethernet 1 3 1 RouterC config if e1000 1 3 1 ip address 10 2 2 2 24 Displaying information for a 31 bit subnet mask Use the following commands to display information for the 31 bit subnet mask show run interface show ip route show ip cache Configuring DNS resolver The Domain Name System DNS r...

Page 43: ... unknown host message is returned FIGURE 3 DNS resolution with one domain name Configuring DNS server addresses in a Brocade device You can configure the Brocade device to recognize up to four DNS servers The first entry serves as the primary default address If a query to the primary address fails to be resolved after three attempts the next DNS address is queried also up to three times This proce...

Page 44: ...f the route After you enter the traceroute command a message indicating that the DNS query is in process and the current gateway address IP address of the domain name server being queried appear on the screen When traceroute fails an error occurs as shown in the last two lines in the following example Type Control c to abort Sending DNS Query to 10 157 22 199 Tracing Route to IP node 10 157 22 80 ...

Page 45: ...of IP packet that a Layer 2 packet can contain IP packets that are longer than the MTU are fragmented and sent in multiple Layer 2 packets You can change the MTU globally or an individual ports Global MTU The default MTU value depends on the encapsulation type on a port and is 1500 bytes for Ethernet II encapsulation and 1492 bytes for SNAP encapsulation Port MTU A port default MTU depends on the ...

Page 46: ...arding of Layer 2 jumbo frames only ICMP unreachable message if a frame is too large to be forwarded If a jumbo packet has the Do not Fragment DF bit set and the outbound interface does not support the packet MTU size the Brocade device sends an ICMP unreachable message to the device that sent the packet NOTE These enhancements apply only to transit traffic forwarded through the Brocade device Con...

Page 47: ... the IP packet reassembles the fragments into the original packet You can increase the MTU size to accommodate jumbo packet sizes up to 10 200 bytes To globally enable jumbo support on all ports of a FastIron device enter commands such as the following device config jumbo device config write memory device config end device reload Syntax no jumbo NOTE You must save the configuration change and then...

Page 48: ...of the outbound interface then the Brocade device returns an ICMP Destination Unreachable message to the source of the packet with the Code indicating fragmentation needed and DF set The ICMP Destination Unreachable message includes the MTU of the outbound interface The source host can use this information to help determine the maximum MTU of a path to a destination RFC 1191 is supported on all in...

Page 49: ...ches When the Layer 3 switch originates a packet of one of the following types the source address of the packet is the lowest numbered IP address on the interface that sends the packet Telnet TACACS TACACS TFTP RADIUS Syslog SNTP SNMP traps You can configure the Layer 3 switch to always use the lowest numbered IP address on a specific Ethernet loopback or virtual interface as the source addresses ...

Page 50: ...ce ethernet unit slot port loopback num management num venum TACACS TACACS packets To specify the lowest numbered IP address configured on a virtual interface as the device source for all TACACS TACACS packets enter commands such as the following device config interface ve 1 device config vif 1 ip address 10 0 0 3 24 device config vif 1 exit device config ip tacacs source interface ve 1 The comman...

Page 51: ...the interface s address as the source address for all Syslog packets Syntax no ip syslog source interface ethernet unit slot port loopback num management num venum The default is the lowest numbered IP or IPv6 address configured on the port through which the packet is sent The address therefore changes by default depending on the port SNTP packets To specify the lowest numbered IP address configur...

Page 52: ...state before the delay notification timer expiry then the device cancels the timer and a fresh timer is started during port down event Incase of continuous flaps where flap time is less than delay notification timer the flaps can be detected by other methods like port statistics or drop in traffic or by the convergence logs of layer2 loop detection protocols Suppressing the link status notificatio...

Page 53: ...g a datagram the Layer 3 switch first looks in the ARP cache not the static ARP table for an entry that lists the MAC address for the IP address The ARP cache maps IP addresses to MAC addresses The cache also lists the port attached to the device and if the entry is dynamic the age of the entry A dynamic ARP entry enters the cache when the Layer 3 switch receives an ARP reply or receives an ARP re...

Page 54: ...ed by ARP packets in a busy network you can restrict the number of ARP packets the device will accept each second When you configure an ARP rate limit the device accepts up to the maximum number of packets you specify but drops additional ARP packets received during the one second interval When a new one second interval starts the counter restarts at zero so the device again accepts up to the maxi...

Page 55: ... is disabled To override the globally configured IP ARP age on an individual interface enter the ip arp age command followed by the new value at the interface configuration level device config if e1000 1 1 1 ip arp age 30 Enabling proxy ARP Proxy ARP allows a Layer 3 switch to answer ARP requests from devices on one network on behalf of devices in another network Because ARP requests are MAC layer...

Page 56: ...seful in cases where you want to pre configure an entry for a device that is not connected to the Layer 3 switch or you want to prevent a particular entry from aging out The software removes a dynamic entry from the ARP cache if the ARP aging interval expires before the entry is refreshed Static entries do not age out regardless of whether the Brocade device receives an ARP request from the device...

Page 57: ...n the software version running on the device TABLE 6 Static ARP entry support Default maximum Configurable minimum Configurable maximum FastIron X Series and Brocade FCX Series devices 512 512 6000 ICX 6430 and ICX 6450 devices 256 64 1024 ICX 6610 512 512 6000 Enabling learning gratuitous ARP Learning gratuitous ARP enables Brocade Layer 3 devices to learn ARP entries from incoming gratuitous ARP...

Page 58: ...different MAC addresses are classified as invalid and are dropped ip Each ARP packet has a sender IP address and target IP address The target IP address cannot be invalid or an unexpected IP address in the ARP response packet The sender IP address cannot be an invalid or an unexpected IP address in the ARP request and response packets Addresses include 0 0 0 0 255 255 255 255 and all IP multicast ...

Page 59: ...es within a single directly attached network or subnet A net directed broadcast goes to all devices on a given network A subnet directed broadcast goes to all devices within a given subnet NOTE A less common type the all subnets broadcast goes to all directly attached subnets Forwarding for this broadcast type also is supported but most networks use IP multicasting instead of all subnet broadcasti...

Page 60: ...s enter the no ip source route command device configure terminal device config no ip source route Syntax no ip source route To re enable forwarding of source routed packets enter the ip source route command device configure terminal device config ip source route Enabling support for zero based IP subnet broadcasts By default the Layer 3 switch treats IP packets with all ones in the host portion of...

Page 61: ...Syntax no ip icmp echo broadcast request If you need to re enable response to ping requests enter the following command device config ip icmp echo broadcast request Disabling ICMP destination unreachable messages By default when a Brocade device receives an IP packet that the device cannot deliver the device sends an ICMP Unreachable message back to the host that sent the packet You can selectivel...

Page 62: ...needed parameter disables ICMP Fragmentation Needed But Do not Fragment Bit Set messages The port parameter disables ICMP Port Unreachable messages The source route fail parameter disables ICMP Unreachable caused by Source Route Failure messages To disable ICMP Host Unreachable messages but leave the other types of ICMP Unreachable messages enabled enter the following commands instead of the comma...

Page 63: ... to the IP route table Static route types You can configure the following types of static IP routes Standard The static route consists of the destination network address and network mask and the IP address of the next hop gateway You can configure multiple standard static routes with the same metric for load sharing or with different metrics to provide a primary route and backup routes Interface b...

Page 64: ...to the same destination if the first route becomes unavailable Static route states follow port states IP static routes remain in the IP route table only so long as the port or virtual interface used by the route is available If the port or virtual routing interface becomes unavailable the software removes the static route from the IP route table If the port or virtual routing interface becomes ava...

Page 65: ...ask For example you can enter 10 0 0 0 255 255 255 0 as 10 0 0 0 24 The next hop ip addr variable is the IP address of the next hop router gateway for the route If you do not want to specify a next hop IP address you can instead specify a port or interface number The num variable is a virtual interface number You can instead specify an Ethernet port In this case a Layer 3 switch forwards packets d...

Page 66: ...er 10 157 22 0 24 instead of 10 157 22 0 255 255 255 0 The null0 variable indicates that this is a null route You must specify this parameter to make this a null route The metric variable adds a cost to the route You can specify from 1 through 16 The default is 1 The distance num variable configures the administrative distance for the route You can specify a value from 1 through 255 The default is...

Page 67: ...xyz is set as the new name of the static IP route Deleting the name of a static IP route To delete the name of a static IP route use the no command See the example below Static IP route with the name xyz device config ip route 10 22 22 22 255 255 255 255 10 1 1 1 name xyz To remove the name xyz from the static IP route specify both name and the string in this case xyz device config no ip route 10 ...

Page 68: ...o the same destination You can configure a null0 or interface based static route to a destination and also configure a normal static route to the same destination so long as the route metrics are different When the Layer 3 switch has multiple routes to the same destination the Layer 3 switch always prefers the route with the lowest metric Generally when you configure a static route to a destinatio...

Page 69: ...he interface based static route has a lower metric than the standard static route As a result the Layer 3 switch always prefers the interface based route when the route is available However if the interface based route becomes unavailable the Layer 3 switch still forwards the traffic toward the destination using an alternate route through gateway 192 168 8 11 24 Configuring IP parameters Layer 3 s...

Page 70: ...null route The metric for the null route is 3 which is higher than the metric for the standard static route If the standard static route is unavailable the software uses the null route To configure a standard static route and an interface based route to the same destination enter commands such as the following device config ip route 192 168 6 0 24 ethernet 1 1 1 1 device config ip route 192 168 6 ...

Page 71: ...nistrative distances are equal Are the routes from different routing protocols RIP OSPF or BGP4 If so use the route with the lowest IP address If the routes are from the same routing protocol use the route with the best metric The meaning of best metric depends on the routing protocol RIP The metric is the number of hops additional routers to the destination The best route is the route with the fe...

Page 72: ...tiple equal cost paths enter the IP route table IP load sharing applies to equal cost paths in the IP route table Routes that are eligible for load sharing can enter the routing table from any of the following routing protocols IP static routes Routes learned through OSPF Routes learned through BGP4 Administrative distance for each IP route The administrative distance is a unique value associated ...

Page 73: ...of the lowest cost paths The source of a path cost value depends on the source of the path IP static route The value you assign to the metric parameter when you configure the route The default metric is 1 OSPF The Path Cost associated with the path The paths can come from any combination of inter area intra area and external Link State Advertisements LSAs BGP4 The path Multi Exit Discriminator MED...

Page 74: ...e ICX 7750 the value range for the maximum number of load sharing paths is from 2 through 32 TABLE 8 Maximum number of ECMP load sharing paths per device FSX 800 FSX 1600 FCX ICX 6450 ICX 6610 ICX 6650 ICX 7250 ICX 7450 ICX 7750 6 8 8 32 For optimal results set the maximum number of paths to a value at least as high as the maximum number of equal cost paths your network typically contains For exam...

Page 75: ...ble contains multiple equal cost paths to that route the device checks the IPv6 neighbor for each next hop Every next hop where the link layer address has been resolved will be stored in hardware The device will initiate neighbor discovery for the next hops whose link layer addresses are not resolved The hardware will hash the packet and choose one of the paths The number of paths would be updated...

Page 76: ...are configuring On the Brocade ICX 7750 the value of the num variable can be from 2 through 32 The configuration of the maximum number of IP load sharing paths to a value more than 8 is determined by the maximum number of ECMP paths defined at the system level using the system max max ecmp command You cannot configure the maximum number of IP load sharing paths higher than the value defined at the...

Page 77: ...bling the feature globally you can configure these parameters on an individual port basis Packet type The Layer 3 switch can send Router Advertisement messages as IP broadcasts or as IP multicasts addressed to IP multicast group 224 0 0 1 The packet type is IP broadcast Maximum message interval and minimum message interval When IRDP is enabled the Layer 3 switch sends the Router Advertisement mess...

Page 78: ...ement concluding that the router interface that sent the advertisement is no longer available The value must be greater than the value of the maxadvertinterval parameter and cannot be greater than 9000 The default is three times the value of the maxadvertinterval parameter The maxadvertinterval parameter specifies the maximum amount of time the Layer 3 switch waits between sending Router Advertise...

Page 79: ...e configured in the RARP table The Layer 3 switch forwards BootP and DHCP requests to a third party BootP DHCP server that contains the IP addresses and other host configuration information Connection of host to boot source Layer 3 switch or BootP DHCP server RARP requires the IP host to be directly attached to the Layer 3 switch An IP host and the BootP DHCP server can be on different networks an...

Page 80: ...ease the maximum number of RARP entries you can use a procedure in the same section to do so NOTE You must save the configuration to the startup config file and reload the software after changing the RARP cache size to place the change into effect Configuring UDP broadcast and IP helper parameters Some applications rely on client requests sent as limited IP broadcasts addressed to the UDP applicat...

Page 81: ...ons that the Layer 3 switch does not forward by default you can enable forwarding support for the port To enable forwarding support for a UDP application use the following method You also can disable forwarding for an application using this method NOTE You also must configure a helper address on the interface that is connected to the clients for the application The Layer 3 switch cannot forward th...

Page 82: ...efault IP helper does not forward client broadcast request to a server within the network To forward a client broadcast request when the client and server are on the same network configure an IP helper with unicast option on the interface connected to the client To configure an IP helper unicast option on unit 1 slot 1 port 2 enter the following commands device config interface 1 1 2 device config...

Page 83: ...orwarded BootP DHCP request instead of forwarding the request if the hop count is greater than the maximum number of BootP DHCP hops allows by the router By default a Brocade Layer 3 switch forwards a BootP DHCP request if its hop count is four or less but discards the request if the hop count is greater than four You can change the maximum number of hops the Layer 3 switch will allow to a value f...

Page 84: ... have traversed 11 hops before reaching the switch are dropped Since the hop count value initializes at zero the hop count value of an ingressing DHCP Request packet is the number of Layer 3 routers that the packet has already traversed Syntax bootp relay max hops max hops The max hops parameter value can be 1 through 15 DHCP server All FastIron devices can be configured to function as DHCP server...

Page 85: ...tes Brocade devices do not support DHCP packets with an MTU larger than 1500 bytes DHCP option 82 support The DHCP relay agent information option DHCP option 82 enables a DHCP relay agent to include information about itself when forwarding client originated DHCP packets to a DHCP server The DHCP server uses this information to implement IP address or other parameter assignment policies In a metrop...

Page 86: ... configuration flow chart Configuring DHCP server on a device Perform the following steps to configure the DHCP server feature on your FastIron device 1 Enable DHCP server by entering a command similar to the following device config ip dhcp server enable 2 Create a DHCP server address pool by entering a command similar to the following device config ip dhcp server pool cabo Configuring IP paramete...

Page 87: ...near DHCP server CLI commands TABLE 10 DHCP server optional parameters Command options Description domain name Specifies the domain name for the DHCP clients domain name servers Specifies the Domain Name System DNS IP servers that are available to the DHCP clients merit dump Specifies the path name of a file into which the client s core image should be placed in the event that the client crashes t...

Page 88: ...d in flash memory show ip dhcp server summary Displays a summary of active leases deployed address pools undeployed address pools and server uptime bootfile Specifies a boot image to be used by the client deploy Deploys an address pool configuration to the server dhcp default router Specifies the IP address of the default router or routers for a client dns server Specifies the IP addresses of a DN...

Page 89: ...ver mgmt command device config ip dhcp server mgmt Syntax no ip dhcp server mgmt Setting the wait time for ARP ping response At startup the server reconciles the lease binding database by sending an ARP ping packet out to every client If there is no response to the ARP ping packet within a set amount of time set in seconds the server deletes the client from the lease binding database The minimum s...

Page 90: ...iguring the IP address of the DHCP server The ip dhcp server command specifies the IP address of the selected DHCP server as shown in this example device config ip dhcp server 10 1 1 144 Syntax ip dhcp server server identifier server identifier The IP address of the DHCP server This command assigns an IP address to the selected DHCP server Configuring the boot image The bootfile command specifies ...

Page 91: ... minutes Specifying addresses to exclude from the address pool The excluded address command specifies either a single address or a range of addresses that are to be excluded from the address pool device config dhcp cabo excluded address 10 2 3 44 Syntax excluded address address address low address high address Specifies a single address address low address high Specifies a range of addresses Confi...

Page 92: ...t device config dhcp cabo vendor class ascii waikiki Syntax vendor class ascii ip hex value Configuring X Window System Display Manager IP addresses Option 49 Option 49 specifies a list of IP addresses of systems that are running the X Window System Display Manager and are available to the client Option 49 is described in RFC 2132 The X Window client is a DHCP client in a network that solicits con...

Page 93: ...r this address only TABLE 12 show ip dhcp server binding output descriptions Field Description IP address The IP addresses currently in the binding database Client ID Hardware address The hardware address for the client Lease expiration The time when this lease will expire Type The type of lease Displaying address pool information This show ip dhcp server address pool command displays information ...

Page 94: ...The identifier for the lease netbios name server The address of the netbios name server network The address of the network next bootstrap server The address of the next bootstrap server tftp server The address of the TFTP server Displaying lease binding information in flash memory The show ip dhcp server flash command displays the lease binding database that is stored in flash memory device show i...

Page 95: ...a Layer 2 switch using Telnet or Secure Shell SSH CLI connections or the Web Management Interface you must configure an IP address for the Layer 2 switch Optionally you also can specify the default gateway Brocade devices support both classical IP network masks Class A B and C subnet masks and so on and Classless Interdomain Routing CIDR network prefix masks To enter a classical network mask enter...

Page 96: ...either of the following commands to initiate the ping device ping nyc01 device ping nyc01 newyork com Defining a DNS entry You can define up to four DNS servers for each DNS entry The first entry serves as the primary default address If a query to the primary address fails to be resolved after three attempts the next gateway address is queried also up to three times This process continues for each...

Page 97: ...acing Route to IP node 10 157 22 80 To ABORT Trace Route Please use stop traceroute command Traced route to target IP node 10 157 22 80 IP Address Round Trip Time1 Round Trip Time2 10 95 6 30 93 msec 121 msec NOTE In the previous example 10 157 22 199 is the IP address of the domain name server default DNS gateway address and 10 157 22 80 represents the IP address of the NYC02 host FIGURE 9 Queryi...

Page 98: ...ing multi netting on its interfaces as part of its DHCP relay function DHCP Assist ensures that a DHCP server that manages multiple IP subnets can readily recognize the requester IP subnet even when that server is not on the client local LAN segment The Brocade Layer 2 switch does so by stamping each request with its IP gateway address in the DHCP discovery packet NOTE Brocade Layer 2 switches pro...

Page 99: ...he primary address is the gateway for all ports on the Layer 2 switch and stamps the request with that address When the DHCP request is received at the server it assigns all IP addresses within that range only With DHCP Assist enabled on a Brocade Layer 2 switch correct assignments are made because the Layer 2 switch provides the stamping service How DHCP Assist works Upon initiation of a DHCP ses...

Page 100: ...rwarded back to the workstation that originated the request NOTE When DHCP Assist is enabled on any port Layer 2 broadcast packets are forwarded by the CPU Unknown unicast and multicast packets are still forwarded in hardware although selective packets such as IGMP are sent to the CPU for analysis When DHCP Assist is not enabled Layer 2 broadcast packets are forwarded in hardware NOTE The DHCP rel...

Page 101: ...ded in hardware Configuring DHCP Assist You can associate a gateway list with a port You must configure a gateway list when DHCP Assist is enabled on a Brocade Layer 2 switch The gateway list contains a gateway address for each subnet that will be requesting addresses from a DHCP server The list allows the stamping process to occur Each gateway address defined on the Layer 2 switch corresponds to ...

Page 102: ...es only This section describes support for point to point Generic Routing Encapsulation GRE tunnels and how to configure them on a Brocade device GRE tunnels support includes the following IPv4 over GRE tunnels IPv6 over GRE tunnels is not supported Static and dynamic unicast routing over GRE tunnels Multicast routing over GRE tunnels Hardware forwarding of IP data traffic across a GRE tunnel Path...

Page 103: ...itted packets This field is assumed to be zero in this version Ver 3 bits The GRE protocol version This field must be set to zero in this version Protocol Type 16 bits The Ethernet protocol type of the packet as defined in RFC 1700 Checksum optional 16 bits This field is optional It contains the IP checksum of the GRE header and the payload packet Reserved optional 16 bits This field is optional I...

Page 104: ... MTU values has already been configured in the system When a new PMTUD value is discovered and the maximum number of different MTU values for the system is already configured the new value will search for the nearest but smallest MTU value relative to its own value in the system For example in a FCX system the new PMTUD value is 800 and the eight different MTU values configured in the system are 6...

Page 105: ...the direction of its receivers and control packets may be consumed This creates a PIM enabled virtual or logical link between the two GRE tunnel endpoints Strict RPF check for multicast protocols IronWare software enforces strict Reverse Path Forwarding RPF check rules on an s g entry on a GRE tunnel interface The s g entry uses the GRE tunnel as an RPF interface During unicast routing transit GRE...

Page 106: ...to the tunnel ingress port then the delivery header outer header would be classified or filtered before the tunnel is terminated NOTE Restrictions for using ACLs in conjunction with GRE are noted in the section Configuration considerations for GRE IP tunnels on page 106 PBR can be configured on tunnel loopback ports for tunnel interfaces with no restrictions PBR with GRE tunnel is not supported on...

Page 107: ...evel for QoS by adding an ACL that maps DSCP 46 to priority 5 Otherwise loss of loopback packets may flap the tunnel interface By default when you create a tunnel loopback port for a GRE tunnel on a port that is part of the default VLAN the port will stay in the default VLAN Before configuring a port as a tunnel loopback port for a GRE tunnel if the port is in the default VLAN VLAN 1 first create ...

Page 108: ...TU value for the tunnel interface 1476 bytes or 9192 bytes jumbo mode Change the number of GRE tunnels supported on the device Support for 32 GRE tunnels Enable and configure GRE link keepalive on the tunnel interface Disabled Change the Path MTU Discovery PMTUD configuration on the GRE tunnel interface Enabled Enable support for IPv4 multicast routing Disabled The following features are also supp...

Page 109: ... be one of the router IP addresses configured on a physical loopback or VE interface through which the other end of the tunnel is reachable To configure the source address for a specific tunnel interface enter commands such as the following device config interface tunnel 1 device config tnif 1 tunnel source 10 0 8 108 The source interface should be the port number of the interface configured on a ...

Page 110: ...rface of the device on the other end of the tunnel To configure the destination address for a specific tunnel interface enter commands such as the following device config interface tunnel 1 device config tnif 1 tunnel destination 131 108 5 2 Syntax no tunnel destination ip address The ip address variable is the destination IP address being configured for the specified tunnel NOTE Ensure a route to...

Page 111: ...P 48 port 10 100 1000 Mbps Ethernet POE interface module enter commands such as the following Applying a PBR policy to a tunnel interface device config interface tunnel 1 device config tnif 1 tunnel mode gre ip device config tnif 1 tunnel loopback 3 device config tnif 1 interface ethernet 3 device config if e1000 3 ip policy route map test route Applying an ACL policy to a tunnel interface device ...

Page 112: ...value for a tunnel interface For important configuration considerations regarding this feature refer to GRE MTU configuration considerations on page 107 You can set an MTU value for packets entering the tunnel Packets that exceed either the default MTU value of 1476 9192 bytes for jumbo case or the value that you set using this command are fragmented and encapsulated with IP GRE headers for transi...

Page 113: ... not deployed over the GRE tunnel a configured tunnel does not have the ability to bring down the line protocol of either tunnel endpoint if the far end becomes unreachable Traffic sent on the tunnel cannot follow alternate paths because the tunnel is always UP To avoid this scenario enable GRE link keepalive which will maintain or place the tunnel in an UP or DOWN state based upon the periodic se...

Page 114: ...o disable it enter the following command device config tnif 1 tunnel path mtu discovery disable To re enable PMTUD after it has been disabled enter the following command device config tnif 1 no tunnel path mtu discovery disable Syntax no tunnel path mtu discovery disable Changing the age timer for PMTUD By default when PMTUD is enabled on a tunnel interface the path MTU is reset to its original va...

Page 115: ...nicast traffic only For unicast traffic multiple GRE tunnels can use the same tunnel loopback port for traffic Enabling PIM SM on a GRE tunnel To enable PIM SM on a GRE tunnel interface enter commands such as the following device config interface tunnel 10 device config tnif 10 ip pim sparse Syntax no ip pim sparse Use the no form of the command to disable PIM SM on the tunnel interface Enabling P...

Page 116: ...nfig tnif 1 tunnel destination 131 108 5 2 device config tnif 1 tunnel mode gre ip device config tnif 1 tunnel loopback 4 1 device config tnif 1 ip address 10 10 3 1 24 device config tnif 1 exit device config ip route 131 108 5 0 24 10 0 8 1 device config ip route 10 10 2 0 24 tunnel 1 Configuring point to point GRE tunnel for FastIron B device config interface ethernet 5 1 device config if e1000 ...

Page 117: ...s refer to Displaying IP interface information on page 127 Syntax show ip interface The show ip route command displays routes that are pointing to a GRE tunnel as shown in the following example device show ip route Total number of IP routes 3 avail 79996 out of max 80000 B BGP D Connected R RIP S Static O OSPF Candidate default Destination NetMask Gateway Port Cost Type 1 10 1 1 0 255 255 255 0 0 ...

Page 118: ... tunnel mode The gre specifies that the tunnel will use GRE encapsulation IP protocol 47 Port name The port name if applicable Internet address The internet address MTU The configured path maximum transmission unit encapsulation GRE GRE encapsulation is enabled on the port Keepalive Indicates whether or not GRE link keepalive is enabled Path MTU Discovery Indicates whether or not PMTUD is enabled ...

Page 119: ... up Down Down The tunnel and line protocol are down Packet Received The number of packets received on the tunnel since it was last cleared by the administrator Packet Sent The number of packets sent on the tunnel since it was last cleared by the administrator KA recv The number of keepalive packets received on the tunnel since it was last cleared by the administrator KA sent The number of keepaliv...

Page 120: ...ache ip address The following shows an example output of the show ip pim flow command device show ip pim flow 230 1 1 1 Multicast flow 10 10 10 1 230 1 1 1 Vidx for source vlan forwarding 8191 Blackhole no L2 clients Hardware MC Entry hit on devices 0 1 2 3 MC Entry 0x0c008040 00014001 000022ee 0ffc0001 00000000 MLL contents read from Device 0 MLL Data 0x018c0010 0021ff8d 00000083 00000000 0000000...

Page 121: ... tunnel statistics for tunnel ID 3 enter a command such as the following device config clear statistics tunnel 3 Syntax clear statistics tunnel tunnel ID The tunnel ID variable specifies the tunnel ID number Bandwidth for IP interfaces The bandwidth for an IP interface can be specified so that higher level protocols such as OSPFv2 and OSPFv3 can use this setting to influence the routing cost for r...

Page 122: ...ise it reverts to the default behavior NOTE If the interface bandwidth configuration of the primary port is different to any of the secondary ports then the LAG is not deployed When the LAG is undeployed the interface bandwidth value for all secondary ports is reset to the port speed The configured value is exposed in SNMP via ifSpeed in ifTable and ifHighSpeed in ifXTable objects NOTE GRE or IPv6...

Page 123: ...nal device config interface ethernet 1 1 1 device config if e1000 1 1 1 bandwidth 2000 The bandwidth specified in this example results in the following OSPF cost assuming the auto cost is 100 OSPF cost is equal to 100 1000 2000 1 2000 50 Setting the bandwidth value for a VE interface The current bandwidth value for a VE interface can be set and communicated to higher level protocols such as OSPF 1...

Page 124: ...de device configure terminal 2 Enter the interface tunnel command and specify a value to configure a tunnel interface device config interface tunnel 2 3 Enter the tunnel mode gre ip command to enable GRE IP encapsulation on the tunnel interface device config tnif 2 tunnel mode gre ip 4 Enter the tunnel source command and specify an IP address to configure the source address for the tunnel interfac...

Page 125: ...ing the network mask display to prefix format By default the CLI displays network masks in classical IP address format example 255 255 255 0 You can change the displays to prefix format example 18 on a Layer 3 switch or Layer 2 switch using the following CLI method NOTE This option does not affect how information is displayed in the Web Management Interface To enable CIDR format for displaying net...

Page 126: ...her than the value specified in this field the Brocade router drops the packet arp age The ARP aging period This parameter specifies how many minutes an inactive ARP entry remains in the ARP cache before the router ages out the entry bootp relay max hops The maximum number of hops away a BootP server can be located from the Brocade router and still be used by the router clients for network booting...

Page 127: ...the well known name For example TCP port 80 can be displayed as HTTP NOTE T his field applies only if the IP protocol is TCP or UDP Operator The comparison operator for TCP or UDP port names or numbers NOTE This field applies only if the IP protocol is TCP or UDP Displaying IP interface information To display IP interface information enter the following command at any CLI level device show ip inte...

Page 128: ...ace ve 1 Interface Ve 1 members ethe 1 1 4 to 1 1 24 ethe 1 1 27 to 1 1 48 ethe 1 2 1 to 1 2 2 ethe 2 1 1 to 2 1 2 ethe 2 1 4 to 2 1 12 ethe 2 1 15 to 2 1 24 ethe 2 2 1 to 2 2 2 ethe 3 1 1 to 3 1 2 ethe 3 1 4 to 3 1 12 ethe 3 1 14 to 3 1 24 ethe 3 2 3 to 3 2 4 ethe 4 1 1 to 4 1 12 ethe 4 1 15 to 4 1 24 ethe 4 2 3 to 4 2 4 ethe 5 1 1 to 5 1 12 ethe 5 1 14 to 5 1 24 ethe 5 2 3 active ethe 4 2 4 port...

Page 129: ...ic MAC address The MAC mask parameter lets you specify a mask for the mac address xxxx xxxx xxxx parameter to display entries for multiple MAC addresses Specify the MAC address mask as f s and 0 s where f s are significant bits NOTE The ip mask parameter and mask parameter perform different operations The ip mask parameter specifies the network mask for a specific IP address whereas the mask param...

Page 130: ... 0000 003b d211 1 1 1 This example shows two static entries Note that because you specify an entry index number when you create the entry it is possible for the range of index numbers to have gaps as shown in this example NOTE The entry number you assign to a static ARP entry is not related to the entry numbers in the ARP cache Syntax show ip static arp ip addr ip mask num entries to skip ethernet...

Page 131: ... 255 255 255 255 DIRECT 0000 0000 0000 PU n a 0 Syntax show ip cache ip addr num The ip addr parameter displays the cache entry for the specified IP address The num parameter displays the cache beginning with the row following the number you enter For example to begin displaying the cache at row 10 enter the following command device show ip cache 9 The show ip cache command displays the following ...

Page 132: ...ip route ip addr ip mask longer none bgp num bgp direct ospf rip static The ip addr parameter displays the route to the specified IP address The ip mask parameter lets you specify a network mask or if you prefer CIDR format the number of bits in the network mask If you use CIDR format enter a forward slash immediately after the IP address then enter the number of mask bits for example 10 157 22 0 ...

Page 133: ...1 1 1 1 S 56 10 159 42 0 255 255 255 0 10 95 6 101 1 1 1 1 S 57 10 159 43 0 255 255 255 0 10 95 6 101 1 1 1 1 S 58 10 159 44 0 255 255 255 0 10 95 6 101 1 1 1 1 S 59 10 159 45 0 255 255 255 0 10 95 6 101 1 1 1 1 S 60 10 159 46 0 255 255 255 0 10 95 6 101 1 1 1 1 S This example shows all the routes for networks beginning with 10 159 The mask value and longer parameter specify the range of network a...

Page 134: ...owing command device clear ip route To clear route 10 157 22 0 24 from the IP routing table enter the clear ip route command device clear ip route 10 157 22 0 24 Syntax clear ip route ip addr ip mask or Syntax clear ip route ip addr mask bits Displaying IP traffic statistics To display IP traffic statistics enter the show ip traffic command at any CLI level device show ip traffic IP Statistics 139...

Page 135: ...he device because the value in the Protocol field of the packet header is unrecognized by this device no buffer This information is used by Brocade customer support other errors The number of packets dropped due to error types other than those listed above ICMP statistics The ICMP statistics are derived from RFC 792 Internet Control Message Protocol RFC 950 Internet Standard Subnetting Procedure a...

Page 136: ...the device at the other end of the connection sent a TCP RESET message input errors This information is used by Brocade customer support in segments The number of TCP segments received by the device out segments The number of TCP segments sent by the device retransmission The number of segments that this device retransmitted because the retransmission timer for the segment had expired before the d...

Page 137: ...lt router address 192 168 1 1 TFTP server address None Configuration filename None Image filename None Syntax show ip This display shows the following information TABLE 26 CLI display of global IP configuration information Layer 2 switch Field Description IP configuration Switch IP address The management IP address configured on the Layer 2 switch Specify this address for Telnet access or Web mana...

Page 138: ...he cache VlanId The VLAN the port that learned the entry is in NOTE If the MAC address is all zeros this field shows a random VLAN ID since the Layer 2 switch does not yet know which port the device for this entry is attached to Displaying IP traffic statistics To display IP traffic statistics on a Layer 2 switch enter the show ip traffic command at any CLI level device show ip traffic IP Statisti...

Page 139: ...erived from RFC 792 Internet Control Message Protocol RFC 950 Internet Standard Subnetting Procedure and RFC 1256 ICMP Router Discovery Messages Statistics are organized into Sent and Received The field descriptions below apply to each total The total number of ICMP messages sent or received by the device errors This information is used by Brocade customer support unreachable The number of Destina...

Page 140: ...e other end of the connection passive resets The number of TCP connections this device reset because the device at the other end of the connection sent a TCP RESET message input errors This information is used by Brocade customer support in segments The number of TCP segments received by the device out segments The number of TCP segments sent by the device retransmission The number of segments tha...

Page 141: ...able ip header check set for ports ethe 13 to 24 To clear disable hardware ip checksum check on for example port range 13 24 enter the following command device no disable hw ip checksum check ethernet 13 disable hw ip checksum check cleared for ports the 13 to 24 NOTE The port range could be any consecutive range it may not necessarily be a decimal number Syntax no disable hw ip checksum check eth...

Page 142: ...FastIron Ethernet Switch Layer 3 Routing 142 53 1003627 04 ...

Page 143: ...ernet unit slot port ve num metric tag num distance num name string NOTE Using the no form of the command only removes the name if configured Another no command must be issued to remove the actual Static Route The dest ip addr is the route s destination The dest mask is the network mask for the route s destination IP address Alternatively you can specify the network mask information by entering fo...

Page 144: ...ts null0 metric tag num distance num To display the maximum value for your device enter the show default values command The maximum number of static IP routes the system can hold is listed in the ip static route row in the System Parameters section of the display To change the maximum value use the system max ip static route command at the global CONFIG level The ip addr parameter specifies the ne...

Page 145: ...p route next hop recursion 5 Syntax no ip route next hop recursion level The level available specifies the numbers of level of recursion allowed Acceptable values are 1 10 The default value is 3 NOTE This command can be independently applied on a per VRF basis Static route resolve by default route This feature enables the Brocade device to use the default route 0 0 0 0 0 to resolve a static route ...

Page 146: ... the device that has the MAC address of the entry Specify the port variable in one of the following formats The clear arp command clears learned ARP entries but does not remove any static ARP entries Modifying and displaying Layer 3 system parameter limits This section shows how to view and configure some of the Layer 3 system parameter limits Layer 3 configuration notes Changing the system parame...

Page 147: ...ec ospf hello 10 sec ospf retrans 5 sec ospf transit delay 1 sec System Parameters Default Maximum Current ip arp 4000 64000 4000 ip static arp 512 1024 512 some lines omitted for brevity hw traffic condition 50 1024 50 The following example shows output on a FastIron X Series with third generation modules device show default value sys log buffers 50 mac age time 300 sec telnet sessions 5 ip arp a...

Page 148: ...he version of software your device is running NOTE Consult your reseller or Brocade to understand the risks involved before disabling all Layer 2 switching operations Configuration notes and feature limitations for Layer 2 switching Enabling or disabling Layer 2 switching is supported in Layer 3 software images only FastIron X Series Brocade FCX Series and ICX devices support disabling Layer 3 swi...

Page 149: ... command to enter the interface configuration mode of the primary port of the LAG Brocade config interface ethernet 4 1 4 2 Run the route only command to disable switching and enable routing on the LAG Brocade config if e1000 4 1 4 route only 3 Run the ip address command to assign an IP address for the LAG Brocade config if e1000 4 1 4 ip address 25 0 0 2 24 The following example shows the creatio...

Page 150: ...FastIron Ethernet Switch Layer 3 Routing 150 53 1003627 04 ...

Page 151: ...ting security enhancements 177 TCAM space on FCX device configuration 177 Clearing global IPv6 information 178 Displaying global IPv6 information 180 DHCP relay agent for IPv6 191 DHCPv6 Relay Agent Prefix Delegation Notification 193 Full Layer 3 IPv6 feature support The following IPv6 Layer 3 features are supported only with the IPv6 Layer 3 PROM Software based Licensing IPv6 series hardware and ...

Page 152: ...001 200 2D D0FF FE48 4672 When specifying an IPv6 address in a command syntax keep the following in mind You can use the two colons only once in the address to represent the longest successive hexadecimal fields of zeros The hexadecimal letters in IPv6 addresses are not case sensitive As shown in Figure 16 the IPv6 network prefix is composed of the left most bits of the address As with an IPv4 add...

Page 153: ...fix of FE80 10 1111 1110 10 and a 64 bit interface ID IPv4 compatible address An address used in IPv6 transition mechanisms that tunnel IPv6 packets dynamically over IPv4 infrastructures The address embeds an IPv4 address in the low order 32 bits and the high order 96 bits are zeros The address structure is as follows 0 0 0 0 0 0 A B C D Loopback address An address 0 0 0 0 0 0 0 1 or 1 that a swit...

Page 154: ...nk and the default route to all nodes on the link When a host on the link receives the message it takes the local link prefix from the message and appends a 64 bit interface ID thereby automatically configuring its interface The 64 bit interface ID is derived from the MAC address of the host s NIC The 128 bit IPv6 address is then subjected to duplicate address detection to ensure that the address ...

Page 155: ...6 management traffic X X ipv6 access list Configures an IPv6 access control list for IPv6 access control X X ipv6 address Configures an IPv6 address on an interface router or globally switch X X ipv6 debug Enables IPv6 debugging X X ipv6 dns domain name Configures an IPv6 domain name X X ipv6 dns server address Configures an IPv6 DNS server address X X ipv6 enable Enables IPv6 on an interface X X ...

Page 156: ...ighbor table X X show ipv6 ospf Displays information about OSPF V3 X show ipv6 prefix lists Displays the configured IPv6 prefix lists X show ipv6 rip Displays information about RIPng X show ipv6 route Displays IPv6 routes X show ipv6 router Displays IPv6 local routers X show ipv6 tcp Displays information about IPv6 TCP sessions X X show ipv6 traffic Displays IPv6 packet counters X X show ipv6 tunn...

Page 157: ...r site local IPv6 address with a manually configured interface ID To configure a global or site local IPv6 address with a manually configured interface ID such as a system wide address for a switch enter a command similar to the following at the Global CONFIG level device config ipv6 address 2001 DB8 12D 1300 240 D0FF FE48 4000 1 64 Syntax ipv6 address ipv6 prefix prefix length You must specify th...

Page 158: ...and device config ipv6 unicast routing Syntax no ipv6 unicast routing To disable the forwarding of IPv6 traffic globally on the Brocade device enter the no form of this command IPv6 configuration on each router interface To forward IPv6 traffic on a router interface the interface must have an IPv6 address or IPv6 must be explicitly enabled By default an IPv6 address is not configured on a router i...

Page 159: ...d interface ID for an interface enter commands such as the following device config interface ethernet 1 3 1 device config if e1000 1 3 1 ipv6 address 2001 DB8 12D 1300 240 D0FF FE48 4672 64 These commands configure the global prefix 2001 DB8 12d 1300 64 and the interface ID 240 D0FF FE48 4672 and enable IPv6 on Ethernet interface 1 3 1 Syntax ipv6 address ipv6 prefix prefix length You must specify...

Page 160: ...link local address Syntax no ipv6 enable NOTE When configuring VLANs that share a common tagged interface with a physical or Virtual Ethernet VE interface Brocade recommends that you override the automatically computed link local address with a manually configured unique address for the interface If the interface uses the automatically computed address which in the case of physical and VE interfac...

Page 161: ... 12d 1300 64 eui 64 These commands globally enable IPv6 routing and configure an IPv4 address and an IPv6 address for Ethernet interface 1 3 1 Syntax no ipv6 unicast routing To disable IPv6 traffic globally on the router enter the no form of this command Syntax ip address ip address sub net mask secondary You must specify the ip address parameter using 8 bit values in dotted decimal notation You c...

Page 162: ...share the same name Restricting SNMP access to an IPv6 node You can restrict SNMP access to the device to the IPv6 host whose IP address you specify To do so enter a command such as the following device config snmp client ipv6 2001 DB8 89 23 Syntax snmp client ipv6 ipv6 address The ipv6 address you specify must be in hexadecimal format using 16 bit values between colons as documented in RFC 2373 S...

Page 163: ... port number outgoing interface ethernet port ve number The ipv6 address parameter specifies the address of a remote host You must specify this address in hexadecimal using 16 bit values between colons as documented in RFC 2373 The port number parameter specifies the port number on which the Brocade device establishes the Telnet connection You can specify a value between 1 65535 If you do not spec...

Page 164: ...re brackets in order for the Web browser to work Restricting Web management access You can restrict Web management access to include only management functions on a Brocade device that is acting as an IPv6 host or restrict access so that the Brocade host can be reached by a specified IPv6 device Restricting Web management access by specifying an IPv6 ACL You can specify an IPv6 ACL that restricts W...

Page 165: ...ping ipv6 nyc01 newyork com Defining an IPv6 DNS entry IPv6 defines new DNS record types to resolve queries for domain names to IPv6 addresses as well as IPv6 addresses to domain names Brocade devices running IPv6 software support AAAA DNS records which are defined in RFC 1886 AAAA DNS records are analogous to the A DNS records used with IPv4 They store a complete IPv6 address in each record AAAA ...

Page 166: ...does not include the header You can specify from 0 10000 The default is 16 The no fragment keyword turns on the do not fragment bit in the IPv6 header of the ping packet This option is disabled by default The quiet keyword hides informational messages such as a summary of the ping parameters sent to the device and instead only displays messages indicating the success or failure of the ping This op...

Page 167: ... DB8 200 162 3 10 147 202 100 162 4 2001 DB8 200 162 Disabling router advertisement and solicitation messages Router advertisement and solicitation messages enable a node on a link to discover the routers on the same link By default router advertisement and solicitation messages are permitted on the device To disable these messages configure an IPv6 access control list that denies them The followi...

Page 168: ...okens error messages cannot be sent until a new token is placed in the bucket You can adjust the following elements related to the token bucket algorithm The interval at which tokens are added to the bucket The default is 100 milliseconds The maximum number of tokens in the bucket The default is 10 tokens For example to adjust the interval to 1000 milliseconds and the number of tokens to 100 token...

Page 169: ...bled on a particular interface IPv6 neighbor discovery configuration The neighbor discovery feature for IPv6 uses IPv6 ICMP messages to do the following tasks Determine the link layer address of a neighbor on the same link Verify that a neighbor is reachable Track neighbor routers An IPv6 host is required to listen for and recognize the following addresses that identify itself Link local address A...

Page 170: ...he neighbor solicitation message contains the following information Source address IPv6 address of the node 2 interface that sends the message Destination address IPv6 address of node 1 Link layer address of node 2 After node 1 receives the neighbor advertisement message from node 2 nodes 1 and 2 can now exchange packets on the link After the link layer address of node 2 is determined node 1 can s...

Page 171: ...e by the stateless auto configuration feature Duplicate address detection verifies that a unicast IPv6 address is unique If duplicate address detection identifies a duplicate unicast IPv6 address the address is not used If the duplicate address is the link local address of the host interface the interface stops processing IPv6 packets NOTE Duplicate Address Detection DAD is not currently supported...

Page 172: ... advertised as a default router For example to adjust the interval of router advertisements to 300 seconds and the router lifetime value to 1900 seconds on Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e1000 1 3 1 ipv6 nd ra interval 300 device config if e1000 1 3 1 ipv6 nd ra lifetime 1900 device config if e1000 1 3 1 ipv6 nd ra hop ...

Page 173: ...erred Onlink flag Optional If this flag is set the specified prefix is assigned to the link upon which it is advertised Nodes sending traffic to addresses that contain the specified prefix consider the destination to be reachable on the local link Autoconfiguration flag Optional If this flag is set the stateless auto configuration feature can use the specified prefix in the automatic configuration...

Page 174: ...or example to set these flags in router advertisement messages sent from Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e1000 1 3 1 ipv6 nd managed config flag device config if e1000 1 3 1 ipv6 nd other config flag Syntax no ipv6 nd managed config flag Syntax no ipv6 nd other config flag To remove either flag from router advertisement ...

Page 175: ...formation at a greater frequency For example to configure the reachable time of 40 seconds for Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e1000 1 3 1 ipv6 nd reachable time 40 Syntax no ipv6 nd reachable time seconds For the seconds variable specify a number from 0 through 3600 seconds To restore the default time use the no form of...

Page 176: ...bor discovery A static entry in the IPv6 neighbor discovery cache functions like a static ARP entry in IPv4 NOTE A port that has a statically assigned IPv6 entry cannot be added to a VLAN NOTE Static neighbor configurations will be cleared on secondary ports when a LAG is formed For example to add a static entry for a neighbor with the IPv6 address 2001 DB8 2678 47b and link layer address 0000 002...

Page 177: ...r Error code 0 message to the packet s source address pointing to the unrecognized routing type To disable these ICMP error messages enter the following command device config no ipv6 icmp source route Syntax no ipv6 icmp source route Use the ipv6 icmp source route form of the command to enable the ICMP error messages TCAM space on FCX device configuration FCX devices store routing information for ...

Page 178: ...Allocating TCAM space for GRE tunnel information For example to allocate space for 64 GRE tunnels enter the following command at the Privileged EXEC level device system max gre tunnels 64 Syntax system max gre tunnels tunnels The tunnels parameter specifies the number of GRE tunnels to allocate Clearing global IPv6 information You can clear the following global IPv6 information Entries from the IP...

Page 179: ...ecify the prefix length parameter as a decimal value A slash mark must follow the ipv6 prefix parameter and precede the prefix length parameter You must specify the ipv6 address parameter in hexadecimal using 16 bit values between colons as documented in RFC 2373 The ethernet ve vrf parameter specifies the interfaces for which you can remove cache entries If you specify an Ethernet interface also ...

Page 180: ...e 1 3 2 6 2001 DB8 ffff ffff feff ffff LOCAL loopback 2 7 2001 DB8 c0a8 46a LOCAL tunnel 2 8 2001 DB8 c0a8 46a LOCAL tunnel 6 9 2001 DB8 1 LOCAL loopback 2 10 2001 DB8 2e0 52ff fe99 9700 LOCAL ethe 1 3 1 Syntax show ipv6 cache index number ipv6 prefix prefix length ipv6 address ethernet unit slot port venumber tunnel number The index number parameter restricts the display to the entry for the spec...

Page 181: ...Loopback 2 up up 2005 303 303 128 Loopback 3 up up Syntax show ipv6 interface interface unit slot port number The interface parameter displays detailed information for a specified interface For the interface you can specify the Ethernet loopback tunnel or VE keywords If you specify an Ethernet interface also specify unit slot port If you specify a loopback tunnel or VE interface also specify the n...

Page 182: ...tting of the maximum transmission unit MTU configured for the IPv6 interface The MTU is the maximum length an IPv6 packet can have to be transmitted on the interface If an IPv6 packet is longer than an MTU the host that originated the packet fragments the packet and transmits its contents in multiple packets that are shorter than the configured MTU ICMP The setting of the ICMP redirect parameter f...

Page 183: ...ry is being performed REACH The static forward path to the neighbor is functioning properly REACH The forward path to the neighbor is functioning properly STALE This entry has remained unused for the maximum interval While stale no action takes place until a packet is sent DELAY This entry has remained unused for the maximum interval and a packet was sent before another interval elapsed PROBE Neig...

Page 184: ...6 routes The summary keyword displays a summary of the prefixes and different route types The following table lists the information displayed by the show ipv6 route command TABLE 36 IPv6 route table fields Field Description Number of entries The number of entries in the IPv6 route table Type The route type which can be one of the following C The destination is directly connected to the router S Th...

Page 185: ...ollowing information TABLE 38 IPv6 local router information fields Field Description Router ipv6 address on interface port The IPv6 address for a particular router interface Last update The amount of elapsed time in minutes between the current and previous updates received from a router Hops The default value that should be included in the Hop Count field of the IPv6 header for outgoing IPv6 packe...

Page 186: ...t number of the local router interface over which the TCP connection occurs Remote IP address port The IPv4 or IPv6 address and port number of the remote router interface over which the TCP connection occurs TCP state The state of the TCP connection Possible states include the following LISTEN Waiting for a connection request SYN SENT Waiting for a matching connection request after having sent a c...

Page 187: ...ngestion window 1459 Syntax show ipv6 tcp status local ip address local port number remote ip address remote port number The local ip address parameter can be the IPv4 or IPv6 address of the local interface over which the TCP connection is taking place The local port number parameter is the local port number over which a TCP connection is taking place The remote ip address parameter can be the IPv...

Page 188: ...ofragments 0 can not frag 0 too short 0 too small 11 not member 0 no buffer 66819 allocated 21769 freed 0 forward cache hit 46 forward cache miss ICMP6 Statistics Received 0 dest unreach 0 pkt too big 0 time exceeded 0 param prob 2 echo req 1 echo reply 0 mem query 0 mem report 0 mem red 0 router soli 2393 router adv 106 nei soli 3700 nei adv 0 redirect 0 bad code 0 too short 0 bad checksum 0 bad ...

Page 189: ...mented by the router to accommodate the MTU of this router or of another device ofragments The number of output fragments generated by the router can not frag The number of IPv6 packets the router could not fragment too short The number of IPv6 packets dropped because they are too short too small The number of IPv6 packets dropped because they do not have enough data not member The number of IPv6 ...

Page 190: ...ived by the router Applies to sent only error The number of Error messages sent by the router can not send error The number of times the node encountered errors in ICMP error messages too freq The number of times the node has exceeded the frequency of sending error messages Applies to sent errors only unreach no route The number of Unreachable No Route errors sent by the router admin The number of...

Page 191: ...d scalability are concerns you can allow a DHCPv6 client to send a message to a DHCP server using a DHCPv6 relay agent A DHCPv6 relay agent which may reside on the client link but is transparent to the client relays messages between the client and the server Multiple DHCPv6 relay agents can exist between the client and server DHCPv6 relay agents can also receive relay forward messages from other r...

Page 192: ...ackets Received 0 Transmitted 0 Received DHCPv6 Packets RELEASE 0 RELAY_FORWARD 0 RELAY_REPLY 0 OtherServertoClient 0 OtherClinettoServer 0 Syntax show ipv6 dhcp relay Displaying the DHCPv6 Relay configured destinations Enter the show ipv6 dhcp relay destinations command to display information about the dhcpv6 relay agent configured destinations device show ipv6 dhcp relay destinations DHCPv6 Rela...

Page 193: ...ion for the specific interface Destination The configured destination IPv6 address OutgoingInterface The interface on which the packet will be relayed if the destination relay address is a link local or multicast address Options The current information about the DHCPv6 relay options for the interface Interface Id The interface ID option indicating if the option is used or not DHCPv6 Relay Agent Pr...

Page 194: ...on limitations The following limitations apply to the DHCPv6 Relay Agent Prefix Delegation Notification The PD notification fails when the DHCPv6 messages between a DHCPv6 server and a DHCPv6 client containing the PD option are not relayed via the DHCPv6 relay agent If the delegated prefix is released or renewed by the client at the time when the DHCPv6 relay agent is down or rebooting then this r...

Page 195: ...gated prefixes 500 The value parameter is used to limit the maximum number of prefixes that can be learned at the global level The range is from 0 to 512 The default value is 500 Syntax no ipv6 dhcp relay maximum delegated prefixes value The value parameter is used to limit the maximum number of prefixes that can be learned at the global level The range is from 0 to 512 The default value is 500 Us...

Page 196: ...lay delegated prefixes vrf vrf name X X X X M client id client ipv6 address interface interface id The vrf vrf name parameter is used to display the DHCPv6 delegated prefixes for a specific VRF The X X X X M parameter is used to display the specified delegated prefix information The client idclient ipv6 address parameter is used to display the delegated prefix for the specific client The interface...

Page 197: ...the show ipv6 dhcp relay options command Field Description Interface The interface name Interface Id The interface ID option Yes or No indicates if the option is used or not Remote Id The remote ID option Yes or No indicates if the option is used or not Displaying the DHCPv6 Relay prefix delegation information Enter the show ipv6 dhcp relay prefix delegation information command to display addition...

Page 198: ... the show ipv6 dhcp relay interface command Field Description Destinations The DHCPv6 relay destination configured on the interface Destination The configured destination IPv6 address OutgoingInterface The interface on which packet will be relayed if the destination relay address is link local or multicast Options The current information about DHCPv6 relay options for the interface Interface Id Th...

Page 199: ...s used to clear all the delegated prefixes and remove the corresponding routes permanently from the router for the VRF The interfaceinterface id parameter is used to clear all the delegated prefixes and remove the corresponding routes permanently from the router for the specified outgoing interface Clearing the DHCPv6 packet counters To clear all DHCPv6 packet counters use the clear ipv6 dhcp rela...

Page 200: ...FastIron Ethernet Switch Layer 3 Routing 200 53 1003627 04 ...

Page 201: ...e the older route is replaced with the newer one The new path is then included in the updates sent to other RIP routers including Brocade devices RIP routers including Brocade devices also can modify a route cost generally by adding to it to bias the selection of a route for a given destination In this case the actual number of router hops may be the same but the route has an administratively high...

Page 202: ... a router learns through another protocol and then distributes into RIP Disabled Redistribution metric RIP assigns a RIP metric cost to each external route redistributed from another routing protocol into RIP An external route is a route with at least one hop packets must travel through at least one other router to reach the destination This parameter applies to routes that are redistributed from ...

Page 203: ... learned the route Poison reverse The device assigns a cost of 16 infinite or unreachable to a route before advertising it on the same interface as the one on which the device learned the route NOTE Enabling poison reverse disables split horizon on the interface Split horizon Advertising and learning specific routes You can control the routes that a device learns or advertises The device learns an...

Page 204: ...n prevent the device from using a specific port for routes learned though that port by setting its metric to 16 The in keyword applies to routes the port learns from RIP neighbors The out keyword applies to routes the port advertises to its RIP neighbors Changing the administrative distance By default the Brocade device assigns the default RIP administrative distance 120 to RIP routes When compari...

Page 205: ...f a match is found the Brocade device stops evaluating the route against the route map instances Route maps can contain match statements and set statements Each route map contains a permit or deny action for routes that match the match statements If the route map contains a permit action a route that matches a match statement is permitted otherwise the route is denied If the route map contains a d...

Page 206: ...route learning and advertising parameters By default a Brocade device learns routes from all its RIP neighbors and advertises RIP routes to those neighbors You can configure the following learning and advertising parameters Update interval The update interval specifies how often the device sends RIP route advertisements to its neighbors You can change the interval to a value from 3 through 65535 s...

Page 207: ... routes from all neighbors except the ones you explicitly permit Thus to deny learning from a specific neighbor but allow all other neighbors you must add a filter that allows learning from all neighbors Make sure you add the filter to permit all neighbors as the last filter the one with the highest filter number Otherwise the software can match on the permit all filter before a filter that denies...

Page 208: ...cked up interface in RIP advertisements As a result other routers receive multiple paths for the backed up interface and might sometimes unsuccessfully use the path to the Backup rather than the path to the Master You can prevent the backups from advertising route information for the backed up interface by enabling suppression of the advertisements To suppress RIP advertisements for the backed up ...

Page 209: ...pplies the prefix list to routes the Brocade device learns from its neighbor on the interface Out is for Outbound filtering It applies the prefix list to routes the Brocade device advertises to its neighbor on the interface The commands apply RIP list2 route filters to all routes learned from the RIP neighbor on the port and applies the lists to all routes advertised on the port To configure a rou...

Page 210: ...m 0 65535 The default is 120 seconds Displaying RIP Information To display RIP filters enter the following command at any CLI level device show ip rip RIP Summary Default port 520 Administrative distance is 120 Updates every 30 seconds expire after 180 Holddown lasts 180 seconds garbage collect after 120 Last broadcast 29 Next Update 27 Need trigger update 0 Next trigger broadcast 1 Minimum update...

Page 211: ...orizon is on poison reverse is off Default routes not accepted Metric offset Inbound 1 Metric offset Outbound 0 Prefix List Inbound Not set Prefix List Outbound Not set Route map Inbound Not set Route map Outbound Not set RIP Sent Receive packet statistics Sent Request 2 Response 34047 Received Total 123473 Request 1 Response 123472 UnRecognised 0 RIP Error packet statistics Rejected 0 Version 0 R...

Page 212: ... 20 enter the following command device show running config interface ve 20 interface ve 20 ip ospf area 1 ip rip v1 only ip rip poison reverse ip address 10 2 0 1 24 Displaying CPU utilization statistics You can display CPU utilization statistics for RIP and other IP protocols To display CPU utilization statistics for RIP enter the show cpu utilization tasks command at any level of the CLI device ...

Page 213: ...ion tasks The command lists the usage statistics for the previous five second one minute five minute and fifteen minute intervals Displaying CPU utilization statistics FastIron Ethernet Switch Layer 3 Routing 53 1003627 04 213 ...

Page 214: ...FastIron Ethernet Switch Layer 3 Routing 214 53 1003627 04 ...

Page 215: ... devices support up to 10 000 RIPng routes ICX 6650 IPv6 devices support up to 2000 RIPng routes Configuring RIPng To configure RIPng you must enable RIPng globally on the Brocade device and on individual device interfaces The following configuration tasks are optional Change the default settings of RIPng timers Configure how the Brocade device learns and advertises routes Configure which routes a...

Page 216: ...n Amount of time in seconds after which a route is removed from the routing table 120 seconds You can adjust these timers for RIPng Before doing so keep the following caveats in mind If you adjust these RIPng timers Brocade strongly recommends setting the same timer values for all routers and access servers in the network Setting the update timer to a shorter interval can cause the devices to spen...

Page 217: ...es in updates sent from Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e100 1 3 1 ipv6 rip default information only To originate IPv6 default routes and include all other routes in updates sent from Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e100 1 3 1 ipv6 rip default ...

Page 218: ...to change the metric offset for incoming routes learned by Ethernet interface 1 3 1 to one and the metric offset for outgoing routes advertised by the interface to three enter the following commands device config interface ethernet 1 3 1 device config if e100 1 3 1 ipv6 rip metric offset 2 device config if e100 1 3 1 ipv6 rip metric offset out 3 In this example if Ethernet interface 1 3 1 learns a...

Page 219: ...e config ipv6 router rip device config ripng router distribute list prefix list 2001routes in Syntax no distribute list prefix list name in out The name parameter indicates the name of the prefix list generated using the ipv6 prefix list command The in keyword indicates that the prefix list is applied to incoming routing updates on the specified interface The out keyword indicates that the prefix ...

Page 220: ...ration RIPng routing table Displaying RIPng configuration To display RIPng configuration information enter the show ipv6 rip command at any CLI level device show ipv6 rip IPv6 rip enabled port 521 Administrative distance is 120 Updates every 30 seconds expire after 180 Holddown lasts 180 seconds garbage collect after 120 Split horizon is on poison reverse is off Default routes are not generated Pe...

Page 221: ...8ff fe94 2da e 2 1 23 RIP metric 2 tag 0 timers aging 50 Syntax show ipv6 rip route ipv6 prefix prefix length ipv6 address The ipv6 prefix prefix length parameters restrict the display to the entries for the specified IPv6 prefix You must specify the ipv6 prefix parameter in hexadecimal using 16 bit values between colons as documented in RFC 2373 You must specify the prefix length parameter as a d...

Page 222: ...into RIPng OSPF OSPFv3 routes are redistributed into RIPng Metric number The cost of the route The number parameter indicates the number of hops to the destination Tag number The tag value of the route Timers Indicates if the hold down timer or the garbage collection timer is set Displaying RIPng information FastIron Ethernet Switch Layer 3 Routing 222 53 1003627 04 ...

Page 223: ...eighboring router The Brocade device supports the following types of LSAs which are described in RFC 2328 and 3101 Router link Network link Summary link Autonomous system AS summary link AS external link Not So Stubby Area NSSA external link Grace LSAs OSPF is built upon a hierarchy of network components The highest level of the hierarchy is the Autonomous System AS An autonomous system is defined...

Page 224: ...ve identical topological databases The ABR is responsible for forwarding routing information or changes between its border areas An Autonomous System Boundary Router ASBR is a router that is running multiple protocols and serves as a gateway to routers outside an area and those operating with different protocols The ASBR is able to import and translate different protocol routes into OSPF through a...

Page 225: ...ti access networks In a network that has multiple routers attached OSPF elects one router to serve as the designated router DR and another router on the segment to act as the backup designated router BDR This arrangement minimizes the amount of repetitive information that is forwarded on the network by forwarding all messages to the designated router and backup designated routers responsible for f...

Page 226: ...t numbered loopback interface If the device does not have a loopback interface the default router ID is the lowest numbered IP address configured on the device When multiple routers on the same network are declaring themselves as DRs then both priority and router ID are used to select the designated router and backup designated routers When only one router on the network claims the DR role despite...

Page 227: ...nside stub networks within the local OSPF Autonomous System AS In some cases multiple ASBRs in an AS can originate equivalent LSAs The LSAs are equivalent when they have the same cost the same next hop and the same destination The device optimizes OSPF by eliminating duplicate AS External LSAs in this case The device with the lower router ID flushes the duplicate External LSAs from its database an...

Page 228: ...ternal domain into the OSPF AS while the other ASBRs flush the equivalent AS External LSAs from their databases As a result the overall volume of route advertisement traffic within the AS is reduced and the devices that flush the duplicate AS External LSAs have more memory for other OSPF data Because Router D has a higher router ID than Router E Router D floods the AS External LSAs for Router F to...

Page 229: ...t for OSPF RFC 2328 Appendix E Brocade devices support Appendix E in OSPF RFC 2328 Appendix E describes a method to ensure that an OSPF router generates unique link state IDs for type 5 External link state advertisements LSAs in cases where two networks have the same network address but different network masks NOTE Support for Appendix E of RFC 2328 is enabled automatically and cannot be disabled ...

Page 230: ...ontinues to use its existing OSPF routes as if nothing has occurred In the background the router re acquires its neighbors prior to the restart and recalculates its OSPF routes and replaces them with new routes as necessary Once the grace period has passed the adjacent routers return to normal operation NOTE By default graceful restart is enabled NOTE If a Brocade ICX 6650 device is configured for...

Page 231: ...until the hold time expires without a topology change event occurring At any time that a hold time expires without a topology change event occurring the router reverts to the initial hold value and begins the process all over again For example if you set the initial delay timer to 100 milliseconds the hold timer to 300 and the maximum hold timer to 2000 milliseconds the following would occur If a ...

Page 232: ... if desired 6 Modify default global and port parameters as required 7 Modify OSPF standard compliance if desired Configuration rules The configuration rules are as follows Brocade ICX 6650 devices support a maximum of 676 OSPF interfaces If a router is to operate as an ASBR you must enable the ASBR capability at the system level Redistribution must be enabled on routers configured to operate as AS...

Page 233: ...fy MD5 authentication key parameters Modify the priority of the interface Modify the retransmit interval for the interface Modify the transit delay of the interface NOTE You set global level parameters at the OSPF CONFIG Level of the CLI To reach that level enter router ospf at the global CONFIG Level Interface parameters for OSPF are set at the interface CONFIG Level using the CLI command ip ospf...

Page 234: ...ter port Each port on a router can support one area An area can be normal a stub or a Not So Stubby Area NSSA Normal OSPF routers within a normal area can send and receive External Link State Advertisements LSAs Stub OSPF routers within a stub area cannot send or receive External LSAs In addition OSPF routers in a stub area must use a default route to the area s Area Border Router ABR or Autonomou...

Page 235: ... ospf router area 40 stub 99 no summary Syntax no area num ip addr stub cost no summary The num and ip addr parameters specify the area number which can be a number or in IP address format If you specify a number the number can be from 0 2 147 483 647 The stub cost parameter specifies an additional cost for using a route to or from this area and can be from 1 16777215 There is no default Normal ar...

Page 236: ...SAs into an aggregate LSA before flooding the Type 5 LSAs into the backbone Since the NSSA is partially stubby the ABR does not flood external LSAs from the backbone into the NSSA To provide access to the rest of the Autonomous System AS the ABR generates a default Type 7 LSA into the NSSA Configuring an NSSA To configure OSPF area 1 1 1 1 as an NSSA enter the following commands device config rout...

Page 237: ...nslator Syntax no nssa translator Configuring an address range for the NSSA If you want the ABR that connects the NSSA to other areas to summarize the routes in the NSSA before translating them into Type 5 LSAs and flooding them into the other areas configure an address range The ABR creates an aggregate value based on the address range The aggregate value becomes the address that the ABR advertis...

Page 238: ...ndary use the area range cost command in router configuration mode If the cost parameter is specified it will be used overriding the computed cost to generate the summary LSA If the cost parameter is not specified then the existing range metric computation max or min cost of routes falling under this range will be used to generate summary LSA NOTE The area should be already configured before using...

Page 239: ...ise Neither the individual intra area routes falling under range nor the ranged prefix is advertised as summary LSA The cost cost value parameter specifies the cost value to be used while generating type 3 summary LSA If the cost value is configured then configured cost is used while generating the summary LSA If the cost value is not configured then computed range cost will be used The cost value...

Page 240: ...ers to implement the change and thus prevent disruption to neighbor adjacencies During the authentication change interval both the old and new authentication information is supported The default authentication change interval is 300 seconds 5 minutes You change the interval to a value from 0 14400 seconds authentication key string By default the authentication key is encrypted If you want the auth...

Page 241: ...on packet is rejected if the interface MTU specified in the DBD packet is greater than the MTU of the interface shared between the neighbors To disable the mismatch condition set mtu ignore By default the mismatch detection is enabled passive When you configure an OSPF interface to be passive that interface does not send or receive OSPF route updates By default all OSPF interfaces are active and t...

Page 242: ...old authentication to send packets during the remainder of the current authentication change interval After this the software uses the new authentication for sending packets Inbound OSPF packets The software accepts packets containing the new authentication and continues to accept packets containing the older authentication for two authentication change intervals After the second interval ends the...

Page 243: ...mmand in this example blocks all outbound LSAs on the OSPF interface configured on port 1 1 1 Syntax no ip ospf database filter all all external allow default allow default and type4 all summary external allow default allow default and type4 out The all parameter directs the router to block all outbound LSAs on the OSPF interface The all external option directs the router to allow the following LS...

Page 244: ... backbone when assigned from the router interface requiring a logical connection When assigning the parameters from the router with the physical connection the router ID is the IP address of the router requiring a logical connection to the backbone NOTE By default the Brocade device s router ID is the IP address configured on the lowest numbered loopback interface If the device does not have a loo...

Page 245: ...can modify for physical interfaces You can modify default values for virtual links using the following CLI command at the OSPF router level of the CLI as shown in the following syntax Syntax no area ip addr num virtual link router id dead interval num hello interval num retransmit interval num transmit delay num authentication key string md5 authentication key key string md5 authentication key act...

Page 246: ... ospf router area 1 virtual link 10 0 0 1 md 5 authentication key id 5 key evening The software adds a prefix to the authentication key string in the configuration For example the following portion of the code has the encrypted code 2 device config ospf router area 1 virtual link 12 12 12 25 md 5 authentication key id 5 key 2 on o The prefix can be one of the following 0 the key string is not encr...

Page 247: ...nce bandwidth and always have the same cost regardless of the reference bandwidth in use The cost of a loopback interface is always 1 The cost of a virtual link is calculated using the Shortest Path First SPF algorithm and is not affected by the auto cost feature The bandwidth for tunnel interfaces is 9 Kbps and is also subject to the auto cost reference bandwidth setting Changing the reference ba...

Page 248: ...Define redistribution filters Route redistribution imports and translates different protocol routes into a specified protocol type On the device redistribution is supported for static routes OSPF RIP and BGP4 OSPF redistribution supports the import of static RIP and BGP4 routes into OSPF routes NOTE The device advertises the default route into OSPF even if redistribution is not enabled and even if...

Page 249: ...ax no redistribute bgp connected rip static route map map name NOTE Prior to software release 04 1 00 the redistribution command is used instead of redistribute For example to enable redistribution of RIP and static IP routes into OSPF enter the following commands device config router ospf device config ospf router redistribute rip device config ospf router redistribute static device config ospf r...

Page 250: ...g ip route 1 1 0 0 255 255 0 0 10 95 7 30 device config ip route 1 2 0 0 255 255 0 0 10 95 7 30 device config ip route 1 3 0 0 255 255 0 0 10 95 7 30 device config ip route 4 1 0 0 255 255 0 0 10 95 6 30 device config ip route 4 2 0 0 255 255 0 0 10 95 6 30 device config ip route 4 3 0 0 255 255 0 0 10 95 6 30 device config ip route 4 4 0 0 255 255 0 0 10 95 6 30 5 device config route map abc perm...

Page 251: ...considered a successful match The following set parameters are valid for OSPF redistribution set ip next hop ip addr set metric num none set metric type type 1 type 1 type 2 set tag tag value NOTE You must configure the route map before you configure a redistribution that uses the route map NOTE When you use a route map for route redistribution the software disregards the permit or deny action of ...

Page 252: ...s example If the costs are the same the router now has four equal cost paths to R1 To allow the router to load share among the equal cost routes enable IP load sharing The software supports four equal cost OSPF paths by default when you enable load sharing NOTE The device is not source routing in these examples The device is concerned only with the paths to the next hop routers not the entire path...

Page 253: ...exits the external LSDB overflow condition all the imported routes are summarized according to the configured address ranges NOTE If you use redistribution filters in addition to address ranges the device applies the redistribution filters to routes first then applies them to the address ranges NOTE If you disable redistribution all the aggregate routes are flushed along with other imported routes...

Page 254: ...te a default external route into an OSPF routing domain This feature is called default route origination or default information origination By default the device does not advertise the default route into the OSPF domain If you want the device to advertise the OSPF default route you must explicitly enable default route origination When you enable OSPF default route origination the device advertises...

Page 255: ...rnal route type2 Type 2 external route If you do not use this option the default redistribution metric type is used for the route type The route map parameter overrides other options If set commands for metric and metric type are specified in the route map the command line values of metric and metric type if specified are ignored for clarification The route map rmap parameter specifies the route m...

Page 256: ... of critical OSPF elements All types of LSAs and the neighbor information are synchronized to the standby module using the NSR synchronization library and IPC mechanism to transmit and receive packets Link state database synchronization When the active management module fails the standby management module takes over from the active management module with the identical OSPF link state database it h...

Page 257: ...ddress Destination router or backup destination router information Neighbor state 2WAY or FULL MD5 information Neighbor priority Limitations If a neighbor router is inactive for 30 seconds and if the standby module takes over in another 10 seconds the neighbor router cannot be dropped The inactivity timer starts again and takes another 40 seconds to drop the neighbor router In standby module the v...

Page 258: ...the LSAs to the standby module based on the message the standby module deletes or updates its link state database with the latest information LSA acknowledging or flooding are not done on the standby module When the LSA synchronization update arrives from the active module it will be directly installed into the LSDB Enabling and disabling NSR To enable NSR for OSPF enter the following commands dev...

Page 259: ...spf router no default information originate always device config ospf router no default information originate always route map test device config ospf router no default information originate always route map test metric 200 device config ospf router no default information originate always route map test metric 200 metric type type1 In the following example the parameters of the default information...

Page 260: ... list using ACLs To configure an OSPF distribution list using ACLs Configure an ACL that identifies the routes you want to deny Using a standard ACL lets you deny routes based on the destination network but does not filter based on the network mask To also filter based on the destination network s network mask use an extended ACL Configure an OSPF distribution list that uses the ACL as input Examp...

Page 261: ...t You can also use other options available within the route maps and ACLs to further control the contents of the routes that OSPF provides to the IP route table This section describes an example of an OSPF distribution list using a route map to specify an OSPF administrative distance for routes identified by an IP prefix list To configure an OSPF distribution list using route maps Configure a rout...

Page 262: ...ist command is applied to all OSPF LSAs on the router where it is executed NOTE A route map used with the distribute list command can use either the ip prefix list command as shown in the example or an ACL to define the routes The set distance command is used in association with a route map configuration Modify SPF timers The device uses the following timers when calculating the shortest path for ...

Page 263: ...BGP4 RIP and OSPF Consequently the routes to a network may differ depending on the protocol from which the routes were learned The default administrative distance for OSPF routes is 110 The router selects one route over another based on the source of the route information To do so the router can use the administrative distances assigned to the sources You can bias the decision the device makes by ...

Page 264: ... each time an individual LSA refresh timer expires The accumulated LSAs constitute a group which the device refreshes and sends out together in one or more packets The pacing interval which is the interval at which the device refreshes an accumulated group of LSAs is configurable to a range from 10 1800 seconds 30 minutes The default is 240 seconds four minutes Thus every four minutes the device r...

Page 265: ...cket trap MIB object ospfVirtIfRxBadPacket The following traps are disabled by default interface retransmit packet trap MIB object ospfTxRetransmit virtual interface retransmit packet trap MIB object ospfVirtIfTxRetransmit originate lsa trap MIB object ospfOriginateLsa originate maxage lsa trap MIB object ospfMaxAgeLsa link state database overflow trap MIB object ospfLsdbOverflow link state databa...

Page 266: ...DR NOTE For interfaces where the designated router state is not applicable such as point to point and virtual links OSPF neighbor state changes will always be logged irrespective of the setting of the dr only sub option NOTE A limitation with the dr only sub option is that when a DR BDR election is underway OSPF neighbor state changes pertaining to non DR BDR routers are not logged Logging resumes...

Page 267: ...ork non broadcast The following commands specify 10 1 20 1 as an OSPF neighbor address The address specified must be in the same sub net as the non broadcast interface device config router ospf device config ospf router neighbor 10 1 20 1 For example to configure the feature in a network with three routers connected by a hub or switch each router must have the linking interface configured as a non...

Page 268: ...mand disables OSPF Graceful Restart helper mode The default behavior is to help the restarting neighbors Configuring OSPF Graceful Restart per VRF The following sections describe how to enable the OSPF Graceful Restart feature on a specified VRF Use the following command to enable the graceful restart feature on a specified VRF device config router ospf vrf blue device config ospf router graceful ...

Page 269: ...LSA will be advertised with the metric set to a maximum value of 0xFFFF Optional values for time are 5 to 86400 seconds There is no default value for time The wait for bgp option for the on startup parameter directs OSPF to wait for either 600 seconds or until BGP has finished route table convergence whichever event happens first before advertising the links with the normal metric Using the link p...

Page 270: ...ric router lsa summary lsa 16777214 link all The following command turns off the advertisement of special metric values in all Router Summary and External LSAs device config router ospf device config ospf router no max metric router lsa Configuring OSPF shortest path first throttling To set OSPF shortest path first throttling to the values in the previous example use the following command device c...

Page 271: ...Restart Enabled timer 120 Graceful Restart Helper Enabled O 35m5s Displaying OSPF information You can use CLI commands and Web management options to display the following OSPF information Trap area and interface information CPU utilization statistics Area information Neighbor information Interface information Route information External link state information Database Information Link state informa...

Page 272: ... Area ID Area Type Cost 0 normal 0 OSPF Interfaces currently defined Ethernet Interface 1 3 1 1 3 2 ip ospf md5 authentication key activation wait time 300 ip ospf cost 0 ip ospf area 0 Ethernet Interface v1 ip ospf md5 authentication key activation wait time 300 ip ospf cost 0 ip ospf area 0 Syntax show ip ospf config The information related to the OSPF interface state is shown in bold text in th...

Page 273: ...Packet Trap Interface Retransmit Packet Trap Virtual Interface Retransmit Packet Trap Originate LSA Trap Originate MaxAge LSA Trap Link State Database Overflow Trap Link State Database Approaching Overflow Trap Area ID Shows the area ID of the interface Area Type Shows the area type which can be one of the following nssa normal stub Cost Shows the cost of the area Ethernet Interface Shows the OSPF...

Page 274: ...1 1 FULL DR 10 1 11 2 10 65 12 1 5 2 0 v12 10 1 12 1 1 FULL DR 10 1 12 2 10 65 12 1 5 2 0 v13 10 1 13 1 1 FULL DR 10 1 13 2 10 65 12 1 5 2 0 v14 10 1 14 1 1 FULL DR 10 1 14 2 10 65 12 1 5 2 0 Syntax show ip ospf neighbor router id ip addr num extensive The router id ip addr parameter displays only the neighbor entries for the specified router The num parameter displays only the entry in the specif...

Page 275: ...ate or greater are called adjacencies Exchange The router is describing its entire link state database by sending Database Description packets to the neighbor Each Database Description packet has a DD sequence number and is explicitly acknowledged Only one Database Description packet can be outstanding at any time In this state Link State Request packets can also be sent asking for the neighbor s ...

Page 276: ...s For example when displaying OSPF interface information on ethernet 1 1 1 only one port can displayed at a given time Syntax show ip ospf vrf vrf name interface ip addr brief ethernet unit slot port loopback number tunnel number ve number The vrf vrf name parameter displays information for VRF or a specific vrf name The ip addr parameter displays the OSPF interface information for the specified I...

Page 277: ...her The interface is a broadcast or NBMA network on which another router is selected to be the DR Active The interface sends or receives all the OSPFv2 control packets and forms the adjacency default Shows whether or not the default passive state is set Pri The interface priority Cost The configured output cost for the interface Options OSPF Options Bit7 Bit0 unused 1 opaque 1 summary 1 dont_propa...

Page 278: ...networks It indicates that no recent information has been received from the neighbor Init A Hello packet has recently been seen from the neighbor However bidirectional communication has not yet been established with the neighbor The router itself did not appear in the neighbor s Hello packet All neighbors in this state or higher are listed in the Hello packets sent from the associated interface 2 ...

Page 279: ...PF 21 01 4 v10 10 1 10 2 OSPF 00 00 OSPF Area 0x00000041 ASBR Routes 1 Destination Mask Path_Cost Type2_Cost Path_Type 10 65 12 1 255 255 255 255 1 0 Intra Adv_Router Link_State Dest_Type State Tag Flags 10 65 12 1 10 65 12 1 Asbr Valid 0 6000 Paths Out_Port Next_Hop Type State 1 v204 10 65 5 251 OSPF 21 01 2 v201 10 65 2 251 OSPF 20 d1 3 v202 10 65 3 251 OSPF 20 cd 4 v205 10 65 6 251 OSPF 00 00 O...

Page 280: ...d Valid This information is used by Brocade technical support Tag The external route tag Flags State information for the route entry This information is used by Brocade technical support Paths The number of paths to the destination Out_Port The router port through which the device reaches the next hop for this route path Next_Hop The IP address of the next hop router for this path Type The route t...

Page 281: ...oute Adv Rtr ID of the advertised route Seq Hex The sequence number of the LSA The OSPF neighbor that sent the LSA stamps the LSA with a sequence number This number enables the device and other OSPF routers to determine which LSA for a given route is the most recent Age The age of the LSA in seconds Chksum The checksum for the LSA packet The checksum is based on all the fields in the packet except...

Page 282: ... 63 show ip ospf database external link state output descriptions This field Displays Index ID of the entry Age The age of the LSA in seconds LS ID The ID of the link state advertisement Router The router IP address Netmask The subnet mask of the network Metric The cost value of the route Flag State information for the route entry This information is used by Brocade technical support Displaying OS...

Page 283: ...087 0xffb4 Done 17 0 Net 10 1 23 2 10 65 12 1 8000008c 1088 0xca1c Done 18 0 Net 10 1 126 2 10 65 12 1 8000008c 1087 0x5926 Done Syntax show ip ospf vrf vrf name database link state advertise num asbr ip addr adv router ip addr extensive link state id ip addr network ip addr adv router ip addr nssa ip addr adv router ip addr router ip addr adv router ip addr router id ip addr self originate I sequ...

Page 284: ...rs 192 168 98 111 router ID router type next hop router outgoing interface Area 192 168 98 111 ABR 193 213 111 111 4 3 1 8 3 1 0 Syntax show ip ospf border routers ip addr The ip addrip addr parameter displays the ABR and ASBR entries for the specified IP address device show ip ospf border routers router ID router type next hop router outgoing interface Area 1 10 65 12 1 ABR 10 1 49 2 v49 0 1 10 6...

Page 285: ...e command to display OSPF point to point information Enter the following command at any CLI level device show ip ospf interface 192 168 1 1 Ethernet 1 2 1 OSPF enabled IP Address 192 168 1 1 Area 0 OSPF state ptr2ptr Pri 1 Cost 1 Options 2 Type pt 2 pt Events 1 Timers sec Transit 1 Retrans 5 Hello 10 Dead 40 DR Router ID 0 0 0 0 Interface Address 0 0 0 0 BDR Router ID 0 0 0 0 Interface Address 0 0...

Page 286: ...ighbor Count The number of adjacent neighbor routers Neighbor The IP address of the neighbor Displaying OSPF virtual neighbor and link information You can display OSPF virtual neighbor and virtual link information show run Current configuration ver V2 2 1T143 module 1 rx bi 1g 24 port fiber module 2 rx bi 10g 4 port module 6 rx bi 10g 4 port module 7 rx bi 1g 24 port copper no spanning tree vlan 1...

Page 287: ... device show ip ospf virtual neighbor Indx Transit Area Router ID Neighbor address options 1 1 131 1 1 10 135 14 1 10 2 Port Address state events count 6 2 3 27 11 1 27 FULL 5 0 Syntax show ip ospf virtual neighbor num The num parameter displays the table beginning at the specified entry number Displaying OSPF information FastIron Ethernet Switch Layer 3 Routing 53 1003627 04 287 ...

Page 288: ...hbors Port Address Pri State Neigh Address Neigh ID Ev Opt Cnt 2 7 50 50 50 10 0 FULL OTHER 50 50 50 1 10 10 10 30 21 66 0 in graceful restart state helping 1 timer 60 sec Use the following command to display Type 9 Graceful LSAs on a router device show ip ospf database grace link state Graceful Link States Area Interface Adv Rtr Age Seq Hex Prd Rsn Nbr Intf IP 0 eth 1 1 2 2 2 2 2 7 80000001 60 SW...

Page 289: ...how ip ospf OSPF Version Version 2 Router Id 10 10 10 10 ASBR Status No ABR Status No 0 Redistribute Ext Routes from External LSA Counter 5 External LSA Checksum Sum 0002460e Originate New LSA Counter 5 Rx New LSA Counter 8 External LSA Limit 14447047 Database Overflow Interval 0 Database Overflow State NOT OVERFLOWED RFC 1583 Compatibility Enabled Originating router LSAs with maximum metric Condi...

Page 290: ...OSPF neighbor Disabling and re enabling the OSPF process You can use the following command to disable and re enable the OSPF process on a router device clear ip ospf all Syntax clear ip ospf vrf vrf name all This command resets the OSPF process and brings it back up after releasing all memory used while retaining all configurations Clearing OSPF routes You can use the following command to clear al...

Page 291: ...In general you can configure several IPv6 addresses on a router interface but OSPFv3 forms one adjacency per interface only using the interface associated link local address as the source for OSPF protocol packets On virtual links OSPFv3 uses the global IP address as the source OSPFv3 imports all or none of the address prefixes configured on a router interface You cannot select the addresses to im...

Page 292: ...device checks on the elimination of the database overflow condition Modify the external link state database limit Modify the default values of OSPFv3 parameters for device interfaces Disable or re enable OSPFv3 event logging Set all the OSPFv3 interfaces to the passive state Enabling OSPFv3 Before enabling the device to run OSPFv3 you must perform the following steps Enable the forwarding of IPv6 ...

Page 293: ...uration to the startup config file and reloaded the software the configuration information is gone If you are testing an OSPF configuration and are likely to disable and re enable the protocol you should make a backup copy of the startup config file containing the protocol configuration information This way if you remove the configuration information by saving the configuration after disabling the...

Page 294: ... the stub area or later after you have configured the area This feature disables origination of summary LSAs into a stub area but the device still accepts summary LSAs from OSPF neighbors and floods them to other areas The device can form adjacencies with other routers regardless of whether summarization is enabled or disabled for areas on each router When you disable the summary LSAs the change t...

Page 295: ...device config ospf6 router area 100 nssa The following example modifies the NSSA area 100 wherein type 7 NSSA external LSA will not be originated into NSSA area But the type 3 summary LSAs will still be originated into NSSA area device config ospf6 router area 100 nssa no redistribution The following example modifies the NSSA area 100 wherein origination of type 3 summary LSAs apart from type 3 de...

Page 296: ...which an elected NSSA translator continues to perform its duties even after its NSSA translator role has been disposed by another router By default the stability interval is 40 seconds and its range will be 10 to 60 seconds Configuring an address range for the NSSA If you want the ABR that connects the NSSA to other areas to summarize the routes in the NSSA before translating them into Type 5 LSAs...

Page 297: ...s range status to advertise and assign cost for this area range to 10 device config ipv6 router ospf device config ospf6 router area 10 range 2001 db8 1 64 advertise cost 10 Modifies the address range status to not advertise and cost from 10 to 5 device config ipv6 router ospf device config ospf6 router area 10 range 2001 db8 1 64 not advertise cost 5 Removes the cost from the area range The area ...

Page 298: ...a 10 5 0 0 enter the following commands device config interface Ethernet 1 3 1 device config if e100 1 3 1 ipv6 ospf area 10 5 0 0 Syntax no ipv6 ospf area number ipv4 address The number and ipv4 address parameters specify the area number which can be a number or in IPv4 address format If you specify a number the number can be from 0 through 2 147 483 647 To remove the interface from the specified...

Page 299: ... router area 1 virtual link 10 157 22 1 To define the virtual link on ABR2 enter the following command on ABR2 device config ospf6 router area 1 virtual link 10 0 0 1 Syntax no area number ipv4 address virtual link router id The number and ipv4 address parameters specify the transit area ID area number which can be a number or in IPv4 address format If you specify a number the number can be from 0...

Page 300: ...default OSPF cost of an interface is based on the port speed of the interface The software uses the following formula to calculate the cost Cost reference bandwidth interface speed By default the reference bandwidth is 100 Mbps If the resulting cost is less than 1 the software rounds the cost up to 1 The default reference bandwidth results in the following costs 10 Mbps port cost 100 10 10 100 Mbp...

Page 301: ...ference bandwidth Costs for higher speed interfaces remain the same Syntax no auto cost reference bandwidth number The number parameter specifies the reference bandwidth in the range from 1 through 4294967 The default is 100 To restore the reference bandwidth to its default value and thus restore the default costs of the interfaces to their default values enter the no form of this command Redistri...

Page 302: ...nfigure some static IPv6 routes and a route map and use the route map for redistributing the static IPv6 routes into OSPFv3 The ipv6 route commands configure the static IPv6 routes The route map command begins configuration of a route map called abc The number indicates the route map entry called the instance you are configuring A route map can contain multiple entries The software compares packet...

Page 303: ...outes redistributed from the various routing protocols will have the metric value of the protocol from which they are redistributed NOTE You also can define the cost on individual interfaces The interface cost overrides the default cost To assign a default metric of 4 to all routes imported into OSPFv3 enter the following command device config ospf6 router default metric 4 Syntax no default metric...

Page 304: ...th other external routes When the device exits the external LSDB overflow condition all the imported routes are summarized according to the configured address ranges NOTE If you use redistribution filters in addition to address ranges the Brocade device applies the redistribution filters to routes first then applies them to the address ranges NOTE If you disable redistribution all the aggregate ro...

Page 305: ...52ff fe00 10 ve 10 Configuring an OSPFv3 distribution list using an IPv6 prefix list as input The following example illustrates how to use an IPv6 prefix list to filter OSPFv3 routes To specify an IPv6 prefix list called filterOspfRoutes that denies route 2001 db8 2 64 enter the following commands device config ipv6 prefix list filterOspfRoutes seq 5 deny 2001 db8 2 64 device config ipv6 prefix li...

Page 306: ...10 0 ve 11 E2 2001 db8 5 64 0 0 0 0 10 0 fe80 2e0 52ff fe00 10 ve 10 Configuring an OSPFv3 distribution list using a route map as input The following commands configure a route map that matches internal routes device config route map allowInternalRoutes permit 10 device config routemap allowInternalRoutes match route type internal The following commands configure a distribution list that applies t...

Page 307: ...nfiguring default route origination When the Brocade device is an OSPFv3 Autonomous System Boundary Router ASBR you can configure it to automatically generate a default external route into an OSPFv3 routing domain This feature is called default route origination or default information origination By default the Brocade device does not advertise the default route into the OSPFv3 domain If you want ...

Page 308: ...diately begins the SPF calculation after receiving a topology change SPF hold time The device waits a specific amount of time between consecutive SPF calculations By default it waits 10 seconds You can configure the SPF hold time to a value from 0 through 65535 seconds If you set the SPF hold time to 0 seconds the software does not wait between consecutive SPF calculations You can set the SPF dela...

Page 309: ...ferred over an OSPF inter area route even if the intra area route s distance is greater than the inter area route s distance For example to change the default administrative distances for intra area routes to 80 inter area routes to 90 and external routes to 100 enter the following commands device config ospf6 router distance intra area 80 device config ospf6 router distance inter area 90 device c...

Page 310: ...ospf6 router database overflow interval 60 Syntax database overflow interval seconds The seconds parameter can be a value from 0 through 86400 seconds 24 hours To reset the exit overflow interval to its system default enter the no form of this command Modifying external link state database limit By default the link state database can hold a maximum of 2000 entries for external type 5 LSAs You can ...

Page 311: ... you configure an OSPF interface to be passive that interface does not send or receive OSPF route updates This option affects all IPv6 subnets configured on the interface The command syntax is ipv6 ospf passive By default all OSPF interfaces are active and thus can send and receive OSPF route information Since a passive interface does not send or receive route information the interface is in effec...

Page 312: ...terfaces and areas can overlap The interface IPsec configuration takes precedence over the area IPsec configuration when an area and an interface within that area use IPsec Therefore if you configure IPsec for an interface and an area configuration also exists that includes this interface the interface s IPsec configuration is used by that interface However if you disable IPsec on an interface IPs...

Page 313: ... destination addresses and security protocol the system creates a security policy database for each interface or virtual link You can configure the same SPI and key on multiple interfaces and areas but they still have unique IPsec configurations because the SA and policies are added to each separate security policy database SPD that is associated with a particular interface If you configure an SA ...

Page 314: ...bsections that follow describe Specifying the key rollover timer Configuration changes for authentication takes effect in a controlled manner through the key rollover procedure as specified in RFC 4552 Section 10 1 The key rollover timer controls the timing of the existing configuration changeover The key rollover timer can be configured in the IPv6 router OSPF context as the following example ill...

Page 315: ...interface applies to the inbound and outbound directions Also the same authentication parameters must be used by all devices on the network to which the interface is connected as described in section 7 of RFC 4552 device config if e10000 1 1 2 ipv6 ospf auth ipsec spi 429496795 esp sha1 abcdef12345678900987654321fedcba12345678 Syntax no ipv6 ospf authentication ipsec spi spi num esp sha1 no encryp...

Page 316: ...area id authentication ipsec spi spi num esp sha1 no encrypt key The no form of this command deletes IPsec from the area The area command and the area id variable specify the area for this IPsec configuration The area id can be an integer in the range 0 through 2 147 483 647 or have the format of an IP address The authentication keyword specifies that the function to specify for the area is packet...

Page 317: ...ntication header as the protocol to provide packet level security In the current release this parameter can be esp only The sha1 keyword specifies the HMAC SHA1 96 authentication algorithm This mandatory parameter can be only the sha1 keyword in the current release Including the optional no encrypt keyword means that the 40 character key is not encrypted in show command displays If no encrypt is n...

Page 318: ...spCurrentInboundSAs 1 ipsecEspTotalInboundSAs 2 secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs 2 IPSecurity Packet Statistics secEspTotalInPkts 20 ipsecEspTotalInPktsDrop 0 secEspTotalOutPkts 84 IPSecurity Error Statistics secAuthenticationErrors 0 secReplayErrors 0 ipsecPolicyErrors 13 secOtherReceiveErrors 0 ipsecSendErrors 0 secUnknownSpiErrors 0 To clear the statistics enter the clear ipse...

Page 319: ...arting neighbors need to help build the routing information during the failover but the graceful restart helper may not be supported by all devices in a network Hence to eliminate this dependency the non stop routing NSR feature is supported on Brocade devices NSR does not require support from neighboring devices to perform hitless failover NSR does not support IPv6 over IPv4 tunnel and vitual lin...

Page 320: ...s ASBR If the device is not operating as ASBR then there is no information about redistribution in the output Displaying OSPFv3 area information To display global OSPFv3 area information for the device enter the following command at any CLI level device show ipv6 ospf area 400 Area 400 Authentication Not Configured Active interface s attached to this area None Inactive interface s attached to this...

Page 321: ...k 2052 192 168 98 213 80000004 799 5b06 64 Yes 0 0 0 200 Rtr 0 192 168 98 111 800002ea 823 cb7b 56 Yes 0 0 0 200 Rtr 0 192 168 98 213 800001c7 799 8402 56 Yes 0 0 0 200 Net 1156 192 168 98 111 80000004 823 b2d2 32 Yes 0 0 0 200 Net 136 192 168 98 111 80000008 823 aed2 32 Yes N A Extn 0000021d 10 223 223 223 800000a8 1319 441e 32 Yes Syntax show ipv6 ospf database advrtr ipv4 address as external ad...

Page 322: ...put enter the following command at any CLI level device show ipv6 ospf database advr 192 168 98 111 LSA Key Rtr Router Net Network Inap InterPrefix Inar InterRouter Extn ASExternal Grp GroupMembership Typ7 Type7 Link Link Iap IntraPrefix Grc Grace Area ID Type LSID Adv Rtr Seq Hex Age Cksum Len Sync 0 0 0 200 Link 136 192 168 98 111 80000007 634 fb0b 64 Yes Router Priority 1 Options V6E R LinkLoca...

Page 323: ...sum Len Sync 0 0 0 200 Link 136 192 168 98 111 80000007 737 fb0b 64 Yes Router Priority 1 Options V6E R LinkLocal Address fe80 768e f8ff fe3e 1800 More next page Space next line Return key quit Control c NOTE Portions of this display are truncated for brevity The purpose of this display is to show all possible fields that might display rather than to show complete output The fields that display de...

Page 324: ...The device should be included in IPv6 routing calculations E The device floods AS external LSAs as described in RFC 2740 MC The device forwards multicast packets as described in RFC 1586 N The device handles type 7 LSAs as described in RFC 1584 R The originator is an active router DC The device handles demand circuits Attached Router The address of the neighboring router that advertised the route ...

Page 325: ... area prefixes are readvertised at the NSSA area border Prefix The IPv6 prefix included in the LSA Intra Area Prefix LSAs Type 9 Iap Fields Number of Prefix The number of prefixes included in the LSA Referenced LS Type Referenced LS ID Identifies the router LSA or network LSA with which the IPv6 address prefixes are associated Referenced Advertising Router The address of the neighboring router tha...

Page 326: ...Mode Displaying IPv6 OSPFv3 Interface Information in Full Mode Displaying IPv6 OSPFv3 interface information in brief mode You can use the following command to display a summary of IPv6 Interface information device show ipv6 ospf interface brief Interface Area Status Type Cost State Nbrs F C eth 1 1 1 0 up BCST 1 DROther 1 1 loopback 1 0 up BCST 1 Loopback 0 0 Syntax show ipv6 ospf interface brief ...

Page 327: ...all adjacent neighbor routers Displaying IPv6 OSPFv3 interface information in full mode You can display detailed information about all OSPFv3 interfaces by using the show ipv6 ospf interface command as the following truncated example illustrates device show ipv6 ospf interface e 2 3 1 admin down oper down IPv6 enabled IPv6 Address Area ID 0 0 0 200 Cost 1 Type BROADCAST MTU 10178 State DOWN Transm...

Page 328: ...e ethernet loopback tunnel and ve parameter specify the interface for which to display information If you specify an Ethernet interface also specify the port number associated with the interface If you specify a loopback tunnel or VE interface also specify the number associated with the interface TABLE 75 show ipv6 ospf interface output descriptions This field Displays Interface status The status ...

Page 329: ...nterval timers DR The router ID IPv4 address of the DR BDR The router ID IPv4 address of the BDR Number of I F scoped LSAs The number of interface LSAs scoped for a specified area AS or link DR Election The number of times the DR election occurred Delayed LSA Ack The number of the times the interface sent a delayed LSA acknowledgement Neighbor Count The number of neighbors to which the interface i...

Page 330: ...64 0 MTYPE_OSPF6_SPFTREE 44 1 2 0 MTYPE_OSPF6_NEXTHOP 28 2 256 0 MTYPE_OSPF6_EXTERNAL_INFO 40 0 4096 0 MTYPE_THREAD 32 5 1024 0 MTYPE_OSPF6_LINK_LIST 20 3098 20480 0 MTYPE_OSPF6_LINK_NODE 12 19 20480 0 MTYPE_OSPF6_LSA_RETRANSMI 6 3 8192 0 global memory pool for all instances Memory Type Size Allocated Max alloc Alloc Fails MTYPE_OSPF6_TOP 61475 1 1 0 MTYPE_OSPF6_LSA_HDR 56 3 4 0 MTYPE_OSPF6_RMAP_C...

Page 331: ... The OSPFv3 priority of the neighbor The priority is used during election of the DR and BDR State The state between the device and the neighbor The state can be one of the following Down Attempt Init 2 Way ExStart Exchange Loading Full DR The router ID IPv4 address of the DR BDR The router ID IPv4 address of the BDR Interface State The interface through which the router is connected to the neighbo...

Page 332: ...r Ifindex of this router 1156 Nbr DRDecision DR 192 168 98 111 BDR 192 168 98 213 Last received DbDesc opt xxx ifmtu 0 bit s seqnum 0 Number of LSAs in DbDesc retransmitting 0 Number of LSAs in SummaryList 0 Number of LSAs in RequestList 0 Number of LSAs in RetransList 0 SeqnumMismatch 0 times BadLSReq 0 times OnewayReceived 0 times InactivityTimer 0 times DbDescRetrans 0 times LSReqRetrans 0 time...

Page 333: ... LSA from which the neighbor learned of the router DR Decision The router ID IPv4 address of the neighbor s elected DR and BDR Last Received Db Desc The content of the last database description received from the specified neighbor Number of LSAs in Db Desc retransmitting The number of LSAs that need to be retransmitted to the specified neighbor Number of LSAs in Summary List The number of LSAs in ...

Page 334: ...ute output descriptions This field Displays ID An ID for the redistributed route Prefix The IPv6 routes redistributed into OSPFv3 Protocol The protocol from which the route is redistributed into OSPFv3 Redistributed protocols can be the following BGP BGP4 RIP RIPng Static IPv6 static route table Connected A directly connected network Metric Type The metric type used for routes redistributed into O...

Page 335: ...e 4 3 1 192 168 98 111 fe80 768e f8ff fe3e 1800 ve 17 192 168 98 111 TABLE 80 OSPFv3 route information This field Displays Current Route Count Displays with the entire OSPFv3 route table only The number of route entries currently in the OSPFv3 route table Intra Inter External Type1 Type2 Displays with the entire OSPFv3 route table only The breakdown of the current route entries into the following ...

Page 336: ...ent nodes child nodes SPF node for Area 0 0 0 0 SPF node 192 168 98 213 cost 0 hops 0 nexthops to node parent nodes child nodes 192 168 98 111 0 SPF node 192 168 98 111 0 cost 1 hops 1 nexthops to node 5100 192 113 111 111 VLink 1 parent nodes 192 168 98 213 child nodes 192 168 98 61 5 192 168 98 190 1551 192 168 98 112 643 SPF node 192 168 98 61 5 cost 2 hops 2 nexthops to node 5100 192 113 111 1...

Page 337: ...s an SPF node at a lower level of the SPF tree which is identified by its router ID and interface on which the node can be reached For example to display the SPF table for area 0 enter the following command at any level of the CLI device show ipv6 ospf spf table area 0 SPF table for Area 0 0 0 200 Destination Bits Options Cost Nexthop Interface R 192 168 98 111 V B V6E R 1 fe80 768e f8ff fe3e 1800...

Page 338: ... handles type 7 LSAs as described in RFC 1584 R The originator is an active router DC The router handles demand circuits Cost The cost of traversing the SPF node to reach the destination Next hop The IPv6 address of the next hop router Interface The router interface through which to access the next hop router For example to display the SPF tree for area 0 enter the following command at any level o...

Page 339: ...cksum is 0 External LSA Limit is 250000 Database Overflow Interval is 10 Database Overflow State is NOT OVERFLOWED Route calculation executed 0 times Pending outgoing LSA count 0 Authentication key rollover interval 300 seconds Number of areas in this router is 0 High Priority Message Queue Full count 0 Graceful restart helper is enabled strict lsa checking is disabled Nonstop routing is ENABLED D...

Page 340: ... 14 14 14 2001 db8 44 44 4 Full tunnel 256 Option 00 00 00 QCount 0 Timer 43 Syntax show ipv6 ospf virtual neighbor brief The brief option results in an output that omits the Option QCount and Timer fields TABLE 84 show ipv6 ospf virtual neighbor output descriptions This field Displays Index An index number associated with the virtual neighbor Router ID IPv4 address of the virtual neighbor Address...

Page 341: ... 1 2 out ESP 512 2001 db8 1 2 sha1 Null Syntax show ipsec sa Showing IPsec policy The show ipsec policy command displays the database for the IPsec security policies The fields for this show command output appear in the screen output example that follows However you should understand the layout and column headings for the display before trying to interpret the information in the example screen Eac...

Page 342: ...destination address is shown as a prefix of 0xFE80 link local The solitary no prefix indicates a do not care situation because the connection is multicast In this case the security policy is enforced without regard for the destination address For a virtual link SPDID 0 the address is required TABLE 86 SA used by the policy This field Displays SA This heading points at the SA related headings for i...

Page 343: ...IPsec for one area or all areas In the following example the IPsec information is in bold IPsec is enabled in the first area area 0 in this example but not in area 3 Note that in area 3 the IPsec key was specified as not encrypted device config ospf6 router show ipv6 ospf area Authentication Configured KeyRolloverTime sec Configured 25 Current 20 KeyRolloverState Active Phase1 Current None New SPI...

Page 344: ...se the show ipv6 ospf interface command as in the following example IPsec information appears in bold device show ipv6 ospf interface eth 1 1 3 is down type BROADCAST Interface is disabled eth 1 1 8 is up type BROADCAST IPv6 Address 2001 db8 18 18 18 1 64 2001 db8 18 18 64 Instance ID 255 Router ID 10 1 1 1 Area ID 1 Cost 1 State BDR Transmit Delay 1 sec Priority 1 Timer intervals Hello 10 Hello J...

Page 345: ...laying IPsec for a virtual link To display IPsec for a virtual link run the show ipv6 ospf virtual link brief or show ipv6 ospf virtual link command as the following examples illustrate device show ipv6 ospf virtual link brief Index Transit Area ID Router ID Interface Address State 1 1 10 14 14 14 2001 db8 1 1 1 1 P2P device show ipv6 ospf virtual link Transit Area ID Router ID Interface Address S...

Page 346: ...areas in this router is 4 High Priority Message Queue Full count 0 Graceful restart helper is enabled strict lsa checking is disabled Nonstop Routing is enabled Syntax show ipv6 ospf vrf vrf name area area id virtual links The vrf name parameter specifies the VRF that you want the OSPF area information for The area id parameter shows information for the specified area The virtual link parameter di...

Page 347: ... to display the currently selected neighbor for use by the Virtual Links in each transit area device show ipv6 ospf vrf red neighbor Total number of neighbors in all states 1 Number of neighbors in state Full 1 Type tx rx tx byte rx byte Unknown 0 0 0 0 Hello 32 32 1276 1280 DbDesc 2 2 116 116 LSReq 1 1 52 52 LSUpdate 2 2 184 200 LSAck 2 2 112 112 OSPF messages dropped no authentication 0 Neighbor...

Page 348: ...v6 ospf neighbor command to delete and relearn OSPF neighbors as shown in the following Clearing all OSPF Neighbors Clearing OSPF Neighbors Attached to a Specified Interface Clearing all OSPF neighbors You can use the clear ipv6 ospf neighbor all command to delete and relearn all OSPF neighbors as shown in the following device clear ipv6 ospf neighbor all Syntax clear ipv6 ospf neighborall Clearin...

Page 349: ... device clear ipv6 ospf counts neighbor 10 10 10 1 Syntax clear ipv6 ospf counts neighbor nbr id The nbr id variable specifies the neighbor ID of the OSPF neighbor whose counters you want to clear Clearing OSPFv3 counters for a specified interface You can clear all OSPFv3 counters for a specified interface using the clear ipv6 counts neighbor interface command as shown in the following device clea...

Page 350: ...FastIron Ethernet Switch Layer 3 Routing 350 53 1003627 04 ...

Page 351: ...tems AS and to maintain loop free routing An AS is a collection of networks that share the same routing and administration characteristics For example a corporate Intranet consisting of several networks under common administrative control might be considered an AS The networks in an AS can but do not need to run the same routing protocol to be in the same AS nor do they need to be geographically c...

Page 352: ...o a destination A BGP4 route consists of the following information Network number prefix A value made up of the network mask bits and an IP address for example 10 215 129 0 18 indicates a network mask of 18 bits applied to the IP address 10 215 129 0 When a BGP4 device advertises a route to one of its neighbors it uses this format AS path A list of the other autonomous systems through which a rout...

Page 353: ...skipped if BGP4 as path ignore is configured 6 If the AS path lengths are the same prefer the path with the lowest origin type From low to high route origin types are valued as follows IGP is lowest EGP is higher than IGP but lower than INCOMPLETE INCOMPLETE is highest 7 If the paths have the same origin type prefer the path with the lowest MED If the routes were learned from the same neighboring ...

Page 354: ...dicates the following BGP4 version Indicates the version of the protocol that is in use on the device BGP4 version 4 supports Classless Interdomain Routing CIDR and is the version most widely used in the Internet Version 4 also is the only version supported on devices AS number An autonomous system number ASN identifies the AS to which the BGP4 device belongs The number can be up to four bytes Hol...

Page 355: ... example if a device configured to perform BGP4 routing has already sent the latest route information to peers in UPDATE messages the device does not send more UPDATE messages Instead BGP4 devices send KEEPALIVE messages to maintain BGP4 sessions KEEPALIVE messages are 19 bytes long and consist only of a message header They do not contain routing data BGP4 devices send KEEPALIVE messages at a regu...

Page 356: ...ic forwarding diminishes route flapping and provides continuous service during a system restart switchover failover or hitless OS upgrade During such events routes remain available between devices BGP4 restart operates between a device and its peers and must be configured on each participating device Under normal operation when a BGP4 device is restarted the network is automatically reconfigured R...

Page 357: ...e newly active management module and the BGP4 peers The handling of TCP packets with an MD5 digest prevents the silent dropping of TCP packets without triggering a RESET packet The BGP4 peer notification process operates effectively when implemented for the following processes that involve the intentional switching of the active status from one management module to another System Reload When a dev...

Page 358: ...nt module failover or system reload if an incoming TCP packet contains an MD5 digest and no matching TCP session is found the device attempts to find a matching BGP4 peer based on the IP address If a BGP4 peer configuration can be found the device looks up the MD5 password configured for the peer and uses it to send a RESET packet BGP4 neighbor local AS This feature allows you to configure a devic...

Page 359: ...The AS associated with ISP B changes to AS 100 If Customer C cannot or does not want to change their configuration or peering relationship with ISP B a peer with Local AS configured with the value 200 can be established on ISP B BGP4 restart FastIron Ethernet Switch Layer 3 Routing 53 1003627 04 359 ...

Page 360: ...uration and activation for BGP4 BGP4 is disabled by default Follow the steps below to enable BGP4 1 Enable the BGP4 protocol 2 Set the local AS number NOTE You must specify the local AS number for BGP4 to become functional 3 Add each BGP4 neighbor peer BGP4 device and identify the AS the neighbor is in Basic configuration and activation for BGP4 FastIron Ethernet Switch Layer 3 Routing 360 53 1003...

Page 361: ...d the BGP4 configuration from the startup configuration When you save the startup configuration file after disabling the protocol all of the BGP4 configuration information for the disabled protocol is removed from the startup configuration file The CLI displays a warning message such as the following device config bgp router no router bgp router bgp mode now disabled and runtime configuration is e...

Page 362: ...r C Optional Aggregate routes in the BGP4 route table into CIDR blocks Optional Configure the device as a BGP4 route reflector Optional Configure the device as a member of a BGP4 confederation Optional Change the default metric for routes that BGP4 redistributes into RIP or OSPF Optional Change the parameters for RIP OSPF or static routes redistributed into BGP4 Optional Change the number of paths...

Page 363: ...onfigure confederation parameters Disable or re enable load sharing Change the maximum number of load sharing paths Change other load sharing parameters Define route flap dampening parameters Add change or negate redistribution parameters except changing the default MED as described in Changing the default MED Metric used for route redistribution on page 382 Add change or negate route maps when us...

Page 364: ... and received from neighbors use the most BGP4 memory Generally the actual limit to the number of neighbors routes or route attribute entries the device can accommodate depends on how many routes the device sends to and receives from the neighbors In some cases where most of the neighbors do not send or receive a full BGP route table about 80 000 routes the memory can support a larger number of BG...

Page 365: ...2 10 4 4 4 24 Loopback interface 3 10 1 1 1 24 If the device does not have any loopback interfaces the default device ID is the lowest numbered IP interface address configured on the device NOTE Brocade devices use the same device ID for both OSPF and BGP4 If the device is already configured for OSPF you may want to use the device ID already assigned to the device rather than set a new one To disp...

Page 366: ...isplayed in the show running config and show ip bgp config command output Enter the show ip bgp config command device show ip bgp config Current BGP configuration router bgp local as 100 neighbor 10 10 10 10 remote as 200 address family ipv4 unicast exit address family address family ipv6 unicast exit address family address family ipv4 unicast vrf vrf_a local as 300 neighbor 10 111 111 111 remote ...

Page 367: ...onfig bgp router neighbor 10 157 22 26 remote as 100 The neighbor ip addr must be a valid IP address The neighbor command has additional parameters as shown in the following syntax Syntax no neighbor ip addr peer group name activate advertisement interval seconds allowas in num capability as4 enable disable capability orf prefixlist send receive default originate route map map name description str...

Page 368: ...p description string specifies a name for the neighbor You can enter an alphanumeric text string up to 80 characters long distribute list in out num num specifies a distribute list to be applied to updates to or from the specified neighbor The in and out keywords specify whether the list is applied on updates received from the neighbor or sent to the neighbor The num num parameter specifies the li...

Page 369: ... specifies the maximum number The range is 0 through 4294967295 The default is 0 unlimited The threshold parameter specifies the percentage of the value you specified for the maximum prefix num at which you want the software to generate a Syslog message You can specify a value from 1 one percent to 100 100 percent The default is 100 The teardown parameter tears down the neighbor session if the max...

Page 370: ...ve AS numbers 64512 through 65535 the well known BGP4 private AS numbers from the AS path attribute in update messages the device sends to the neighbor This option is disabled by default route map in out map name specifies a route map the device will apply to updates sent to or received from the specified neighbor The in and out keywords specify whether the list is applied on updates received from...

Page 371: ...e device from advertising more specific routes contained within the aggregate route Entering a show ip bgp route command for the aggregate address 10 1 0 0 16 shows that the more specific routes aggregated into 10 1 0 0 16 have been suppressed In this case the route to 10 1 44 0 24 has been suppressed If you enter this command the display shows that the route is not being advertised to the BGP4 ne...

Page 372: ...LI regardless of the access level you are using When you save the configuration to the startup configuration file the file contains the new BGP4 command syntax and encrypted passwords or strings NOTE Brocade recommends that you save a copy of the startup configuration file for each device you plan to upgrade Encryption example The following commands configure a BGP4 neighbor and a peer group and s...

Page 373: ...assword and uses it to secure sessions between the device and the neighbors To display the configuration the system uses a 2 way encoding scheme to retrieve the original password By default password is encrypted If you want the password to be in clear text insert a 0 between password and string device config bgp neighbor 10 157 22 26 password admin Displaying the authentication string To display t...

Page 374: ...t routes for a neighbor The routes parameter displays routes learned from neighbor The routes summary parameter displays routes summary for a neighbor Clearing IPv6 route information To clear IPv6 unicast route information with respect to IPv4 neighbors enter the clear ip bgp ipv6 neighbor command Syntax clear ip bgp ipv6 neighbor as number ipaddress peer group name all The dampening parameter cle...

Page 375: ... not lose connectivity to the device You can override neighbor parameters that do not affect outbound policy on an individual neighbor basis If you do not specify a parameter for an individual neighbor the neighbor uses the value in the peer group If you set the parameter for the individual neighbor that value overrides the value you set in the peer group If you add a parameter to a peer group tha...

Page 376: ...ighbors Applying a peer group to a neighbor After you configure a peer group you can add neighbors to the group When you add a neighbor to a peer group you are applying all the neighbor attributes specified in the peer group to the neighbor To add neighbors to a peer group enter commands such as the following device config bgp router neighbor 192 168 1 12 peer group PeerGroup1 device config bgp ro...

Page 377: ...e device will send KEEPALIVE messages to its BGP4 neighbors The Hold Time specifies how long the device will wait for a KEEPALIVE or UPDATE message from a neighbor before concluding that the neighbor is dead When the device concludes that a BGP4 neighbor is dead the device ends the BGP4 session and closes the TCP connection to the neighbor The default Keep Alive time is 60 seconds The default Hold...

Page 378: ...or directly attached neighbors the device immediately senses loss of a connection to the neighbor from a change of state of the port or interface that connects the device to the neighbor For directly attached EBGP neighbors the device uses this information to immediately close the BGP4 session and TCP connection to locally attached neighbors that become non operational NOTE The fast external failo...

Page 379: ...s not the entire paths to the destination hosts A BGP4 destination can be learned from multiple BGP4 neighbors leading to multiple BGP4 paths to reach the same destination Each of the paths may be reachable through multiple IGP paths multiple OSPF or RIP paths In this case the software installs all the multiple equal cost paths in the BGP4 route table up to the maximum number of BGP4 equal cost pa...

Page 380: ...rom different neighboring autonomous systems Enhancements to BGP4 Multipath load sharing Enhancements to BGP4 Multipath load sharing allows support for load sharing of BGP4 routes in IP ECMP even if the BGP4 Multipath load sharing feature is not enabled through the use load sharing option to the maximum paths command Using the following commands you can also set separate values for IBGP and EBGP m...

Page 381: ...enter commands such as the following device config route map set_net permit 1 device config routemap set_net set community no export device config routemap set_net exit device config router bgp device config bgp network 10 100 1 0 24 route map set_net The first two commands in this example create a route map named set_net that sets the community attribute for routes that use the route map to NO_EX...

Page 382: ... all routes by default when they are redistributed into BGP4 When routes are selected lower metric values are preferred over higher metric values The default BGP4 MED value is 0 and can be assigned a value from 0 through 4294967295 NOTE RIP and OSPF also have default metric parameters The parameters are set independently for each protocol and have different ranges To change the default metric to 4...

Page 383: ...ecursive next hop lookups enter the following command at the BGP4 configuration level of the CLI device config bgp router next hop recursion Syntax no next hop recursion Example when recursive route lookups are disabled The output here shows the results of an unsuccessful next hop lookup for a BGP4 route In this case next hop recursive lookups are disabled This example is for the BGP4 route to net...

Page 384: ...TH 65001 4355 701 The first lookup results in an IBGP route to network 10 0 0 0 24 device show ip route 10 0 0 1 Total number of IP routes 38 Network Address NetMask Gateway Port Cost Type 10 0 0 0 255 255 255 0 10 0 0 1 1 1 1 B AS_PATH 65001 4355 1 Since the route to 10 0 0 1 24 is not an IGP route the device cannot reach the next hop through IP and so cannot use the BGP4 route In this case since...

Page 385: ...nistrative distance for each route If the administrative distance of the paths is lower than the administrative distance of paths from other sources such as static IP routes RIP or OSPF the BGP4 paths are installed in the IP route table The default administrative distances on the device are Directly connected 0 this value is not configurable Static 1 is the default and applies to all static routes...

Page 386: ...orce first as To enable this feature for a specific neighbor enter the following command at the BGP4 configuration level device config bgp neighbor 10 1 1 1 enforce first as enable Syntax no neighbor ip address enforce first as enable disable The ip address value is the IP address of the neighbor When the first as requirement is enabled its status appears in the output of the show running configur...

Page 387: ...mum paths 1 the instructions in this section selects the path that came from the neighbor with the lower device ID If BGP4 load sharing is enabled the device load shares among the remaining paths In this case the device ID is not used to select a path NOTE Device ID comparison is disabled by default To enable device ID comparison enter the compare routerid command at the BGP4 configuration level o...

Page 388: ...t MED comparison results in the device favoring the route paths that are missing their MEDs To change this behavior so that the device favors a route that has a MED over a route that is missing its MED enter the following command at the BGP4 configuration level of the CLI device config bgp router med missing as worst Syntax no med missing as worst NOTE This command affects route selection only whe...

Page 389: ...the device that is the route reflector not on the client The client itself requires no additional configuration In fact the client does not know that it is a route reflector client The client just knows that it receives updates from its neighbors and does not know whether one or more of those neighbors are route reflectors NOTE Route reflection applies only among IBGP devices within the same AS Yo...

Page 390: ...NATOR_ID attribute value that is the same as the ID of the device the device discards the route and does not advertise it By discarding the route the device prevents a routing loop The first time a route is reflected by a device configured as a route reflector the route reflector adds the CLUSTER_LIST attribute to the route Other route reflectors that receive the route from an IBGP neighbor add th...

Page 391: ...flection is not required between clients If you need to disable route reflection between clients enter the no client to client reflection command When this feature is disabled route reflection does not occur between clients does still occur between clients and non clients device config bgp router no client to client reflection Enter the following command to re enable the feature device config bgp ...

Page 392: ... 64512 through 65535 These are private autonomous system numbers and BGP4 devices do not propagate these AS numbers to the Internet FIGURE 32 Example BGP4 confederation In this example four devices are configured into two sub autonomous systems each containing two of the devices The sub autonomous systems are members of confederation 10 Devices within a sub AS must be fully meshed and communicate ...

Page 393: ...identifier 10 deviceA config bgp router confederation peers 64512 64513 deviceA config bgp router write memory Syntax no local as num The num parameter with the local as command indicates the AS number for the BGP4 devices within the sub AS You can specify a number in the range 1 4294967295 I Brocade recommends that you use a number within the range of well known private autonomous systems 64512 t...

Page 394: ... 24 and 10 157 24 0 24 enter the following command device config bgp aggregate address 10 157 0 0 255 255 0 0 Syntax no aggregate address ip addr ip mask as set summary only suppress map map name advertise map map name attribute map map name The ip addr and ip mask parameters specify the aggregate value for the networks Specify 0 for the host portion and for the network portion that differs among ...

Page 395: ...4u vrf graceful restart Syntax no graceful restart Configuring timers for BGP4 Restart optional You can optionally configure the following timers to change their values from the default values Restart Timer Stale Routes Timer Purge Timer The seconds variable sets the maximum restart wait time advertised to neighbors Possible values are 1 3600 seconds The default value is 120 seconds Configuring th...

Page 396: ... purge time 900 Syntax no graceful restart purge time seconds The seconds variable sets the maximum time before a restarting device cleans up stale routes Possible values are 1 3600 seconds The default value is 600 seconds BGP4 null0 routing BGP4 considers the null0 route in the routing table for example static route as a valid route and can use the null0 route to resolve the next hop If the next ...

Page 397: ...ext hop address to an unused network address 10 199 1 1 3 Set the local preference to a value higher than any possible internal or external local preference 50 4 Complete the route map by setting origin to IGP 5 On device 6 redistribute the static routes into BGP4 using route map route map name redistribute static route map block user 6 To configure a route map perform the following step On device...

Page 398: ...remote as 100 device config bgp router redistribute static route map blockuser device config bgp router exit The following configuration defines the specific next hop address and sets the local preference to preferred device config route map blockuser permit 10 device config routemap blockuser match tag 50 device config routemap blockuser set ip next hop 10 199 1 1 device config routemap blockuser...

Page 399: ...way Port Cost Type 1 10 0 0 40 29 DIRECT eth 1 3 7 1 1 S 2 10 0 0 192 27 DIRECT eth 1 3 7 1 1 S 3 10 0 14 0 23 DIRECT eth 1 3 7 1 1 S device Device 1 and 2 Show ip route static output for device 1 and device 2 device show ip route static Type Codes B BGP D Connected S Static R RIP O OSPF Cost Dist Metric Destination Gateway Port Cost Type 1 10 199 1 1 32 DIRECT drop 1 1 S device Device 6 The follo...

Page 400: ...can configure the device to redistribute OSPF routes RIP routes directly connected routes or static routes into BGP4 To enable redistribution of all OSPF routes and directly attached routes into BGP4 enter the following commands device config router bgp device config bgp router redistribute ospf device config bgp router redistribute connected device config bgp router write memory Syntax no redistr...

Page 401: ...4294967295 The default is not assigned The route map map name parameter specifies a route map to be consulted before adding the RIP route to the BGP4 route table NOTE The route map you specify must already be configured on the device Redistributing OSPF external routes To configure the device to redistribute OSPF external type 1 routes enter the following command device config bgp router redistrib...

Page 402: ...to the BGP4 route table NOTE The route map you specify must already be configured on the device Redistributing IBGP routes By default the device does not allow redistribute IBGP routes from BGP4 into RIP or OSPF This behavior helps eliminate routing loops In non default VRF instances by default the device does allow redistribution IBGP routes from BGP4 into RIP OSPF To enable the device to redistr...

Page 403: ...neighbor 10 10 10 1 In this example the only routes the device permits from neighbor 10 10 10 1 are those whose AS paths contain AS path number 100 The string parameter specifies the ACL name If you enter a number the CLI interprets the number as a text string The seqseq value parameter is optional and specifies the sequence number for the AS path list If you do not specify a sequence number the s...

Page 404: ...or example the following regular expression matches for aa ab ac and so on but not just a a The asterisk matches on zero or more sequences of a pattern For example the following regular expression matches on an AS path that contains the string 1111 followed by any value 1111 The plus sign matches on one or more sequences of a pattern For example the following regular expression matches on an AS pa...

Page 405: ...efer to the following row for more information about parentheses Parentheses allow you to create complex expressions For example the following complex expression matches on abc abcabc or abcabcabcdefg but not on abcdefgdefg abc defg To filter for a special character instead of using the special character as described in Using regular expressions enter backslash in front of the character For exampl...

Page 406: ... standard community ACL The seq seq value parameter is optional and specifies the sequence number for the community list You can configure up to 199 entries in a community list If you do not specify a sequence number the software numbers the entries in increments of 5 beginning with number 5 The software interprets the entries in a community list in numerical order beginning with the lowest sequen...

Page 407: ...ware numbers the entries in increments of 5 beginning with prefix list entry 5 The software interprets the prefix list entries in numerical order beginning with the lowest sequence number The deny and permit parameters specify the action the software takes if a neighbor route is in this prefix list The network addr and mask bits parameters specify the network number and the number of bits in the n...

Page 408: ...hen a match is found the device stops evaluating the route Route maps can contain match clauses and set statements Each route map contains a permit or deny action for routes that match the match clauses If the route map contains a permit action a route that matches a match statement is permitted otherwise the route is denied If the route map contains a deny action a route that matches a match stat...

Page 409: ... add instance 1 of a route map named GET_ONE with a permit action enter the following command device config route map GET_ONE permit 1 device config routemap GET_ONE Syntax no route map map name permit deny num As shown in this example the command prompt changes to the route map level You can enter the match and set clauses at this level The map name is a string of characters that names the map Ma...

Page 410: ...nfigure an IP prefix list use the ip prefix list command The ip route sourceacl and prefixname parameters match based on the source of a route the IP address of the neighbor from which the device learned the route The metricnum parameter compares the route MED metric to the specified value The next hop address filter list parameter compares the IP address of the route next hop to the specified IP ...

Page 411: ...esults of an IP ACL or an IP prefix list as the match condition To construct a route map that matches based on the next hop device enter commands such as the following device config route map HopMap permit 1 device config routemap HopMap match ip next hop 2 Syntax no match ip next hop string Syntax no match ip next hop prefix list name The string parameter with the first command specifies an IP AC...

Page 412: ... and 57 68 Route map bgp3 compares each BGP4 route against the sets of communities in ACLs std_1 and std_2 A BGP4 route that contains either but not both sets of communities matches the route map For example a route containing communities 23 45 and 57 68 matches However a route containing communities 23 45 57 68 and 12 34 or communities 23 45 57 68 12 34 and no export does not match To match the r...

Page 413: ... each route that matches the corresponding match statement device config routemap GET_ONE set as path prepend 65535 Syntax no set as path prepend as num as num automatic tag comm list acl delete community num num num additive local as no advertise no export dampening half life reuse suppress max suppress time ip next hop ip addr ip next hop peer address local preference num metric num none metric ...

Page 414: ... BGP4 route to an EBGP neighbor The next hop ip addr parameter sets the IP address of the route next hop device The origin igp incomplete parameter sets the route origin to IGP or INCOMPLETE The tagtag value parameter sets the route tag You can specify a tag value from 0 through 4294967295 NOTE This parameter applies only to routes redistributed into OSPF NOTE You also can set the tag value using ...

Page 415: ... set comm list std_3 delete The first command configures a community ACL containing community numbers 12 99 and 12 86 The remaining commands configure a route map that matches on routes whose destination network is specified in ACL 1 and deletes communities 12 99 and 12 86 from those routes The route does not need to contain all the specified communities in order for them to be deleted For example...

Page 416: ... Open message to the neighbor when initiating the neighbor session The Open message also indicates whether the device is configured to send filters receive filters or both and the types of filters it can send or receive The device sends the filters as Outbound Route Filters ORFs in route refresh messages To configure cooperative filtering perform the following tasks on the device and on the BGP4 n...

Page 417: ...for filters configured using IP prefix lists Sending and receiving ORFs Cooperative filtering affects neighbor sessions that start after the filtering is enabled but do not affect sessions that are already established To activate cooperative filtering reset the session with the neighbor This is required because the cooperative filtering information is exchanged in Open messages during the start of...

Page 418: ... 460 SendNext 571 TotUnAck 0 TotSent 111 ReTrans 0 UnAckSeq 571 IRcvSeq 7349 RcvNext 7460 SendWnd 16384 TotalRcv 111 DupliRcv 0 RcvWnd 16384 SendQue 0 RcvQue 0 CngstWnd 5325 Syntax show ip bgp neighbor ip addr To display the ORFs received from a neighbor enter a command such as the following device show ip bgp neighbor 10 10 10 1 received prefix filter ip prefix list 10 10 10 1 4 entries seq 5 per...

Page 419: ...is enabled for AS4s Normally AS4s are sent only to a device peer group or neighbor that is similarly configured for AS4s If a AS4 is configured for a local autonomous systemS the system signals this configuration by sending AS_TRANS in the My Autonomous System field of the OPEN message However if the AS4 capability for a neighbor is disabled the local device does not send the four byte Autonomous ...

Page 420: ...command with the capability and as4 keywords deletes the neighbor enable for AS4s The consequences of using the enable or disable keywords are reflected in the output of the show running configuration command However if the neighbor configuration omits an explicit AS4 argument the show running configuration output will not contain AS4 information To disable AS4s on a particular neighbor within a p...

Page 421: ...eter specifies all neighbors The ip addr parameter specifies a neighbor by its IP interface with the device The peer group name specifies all neighbors in a specific peer group The as num parameter specifies all neighbors within the specified AS After choosing one mandatory parameter you can choose an optional parameter The soft in and soft out parameters determine whether to refresh the routes re...

Page 422: ...the asdot notation ASN 65526 is represented as the string 65526 and ASN 65546 is represented as the string 1 10 NOTE You can enter autonomous system numbers in any format However if you want the asdot or the asdot format to appear in the output of a show command you must specify these in the CLI NOTE Remember that autonomous system path matching that uses regular expression is based on the configu...

Page 423: ...rrors in AS4_PATH and AS4_AGGREGATOR NOTE Logging of errors is rate limited to not more than one message for every two minutes Some errors may be lost due to this rate limiting Sample log messages for various attribute errors are shown here Attribute length error ignore the AS4_PATH SYSLOG Sep 9 19 02 03 11 mu2 BGP From Peer 192 168 1 1 received invalid AS4_PATH attribute length 3 entire AS4_PATH ...

Page 424: ...ute has been assigned a penalty the penalty decreases exponentially and decreases by half after the half life period The default half life period is 15 minutes The software reduces route penalties every five seconds For example if a route has a penalty of 2000 and does not receive any more penalties during the half life the penalty is reduced to 1000 after the half life expires You can configure t...

Page 425: ...OTE To change any of the parameters you must specify all the parameters with the command To want to leave any parameters unchanged enter their default values Using a route map to configure route flap dampening for a specific neighbor You can use a route map to configure route flap dampening for a specific neighbor by performing the following tasks Configure an empty route map with no match or set ...

Page 426: ...e device allows you to un suppress all routes at once or un suppress individual routes To un suppress all the suppressed routes enter the following command at the Privileged EXEC level of the CLI device clear ip bgp dampening Syntax clear ip bgp dampening ip addr ip mask The ip addr parameter specifies a particular network The ip mask parameter specifies the network mask To un suppress a specific ...

Page 427: ...can be one of the following This is the best route among those in the BGP4 route table to the route destination d This route is currently dampened and unusable h The route has a history of flapping and is unreachable now The route has a history of flapping but is currently usable Network The destination network of the route From The neighbor that sent the route to the device Flaps The number of fl...

Page 428: ...address family command at the device BGP4 level The command requires you to specify the IPv4 or IPv6 network protocol The address family command also requires you to select a sub address family which is the type of routes for the configuration Specify unicast routes TABLE 92 IPv4 BGP4 commands for different configuration levels Command Global iPv4 and IPv6 IPv4 address family unicast address famil...

Page 429: ...st address family configuration level enter the following command device config bgp address family ipv4 unicast device config bgp NOTE The CLI prompt for the global BGP4 level and the BGP4 address family IPv4 unicast level is the same Syntax no address family ipv4 unicast vrf vrf name The default is the IPv4 unicast address family level The vrf option allows you to configure a unicast instance for...

Page 430: ...agate command enables a device to mark a preferred BGP4 route not installed in the RTM as the best route and advertise the route to other BGP4 neighbors The same process for outbound route policy continues to apply to all best BGP4 routes The rib route limit command limits the number of BGP4 Routing Information Base RIB routes that can be installed in the RTM The RTM must be able to reserve enough...

Page 431: ...t the same number of preferred BGP4 routes will be reinstalled in the RTM 4 Perform the following step to exit the BGP4 unicast family configuration device config bgp ipv4u exit address family Syntax exit address family When you enter the exit address family command at the address family configuration level you return to the BGP4 unicast address family configuration level the default BGP4 level Di...

Page 432: ...e command the BGP4 route is now considered the best BGP4 route even though the route is not installed in the RTM Because the rib route limit command was configured to allow for only 300 000 routes in the RTM some preferred BGP4 routes are not installed in the RTM and are not advertised to other BGP4 neighbors By enabling the always propagate command the device is now able to advertise those prefer...

Page 433: ...check for and if configured apply maxas limit in in the following order 1 Neighbor value 2 Peer group value 3 Global value In a case where a neighbor has no maximum AS limit a peer group has a value of 3 configured and the system has a value of 9 configured all of the devices in the peer group will only use the peer group value the global value will never be used Setting a global maximum AS path l...

Page 434: ... Long AS_PAT H AS_CONFED_SET 4 1 2 3 AS_CONFED_SEQUENCE 3 4 AS_SET 1 5 6 7 AS_SEQ 2 8 9 attribute length 9 Exceeded internal memory limit NOTE The device generates a log message one time every two minutes Because of this rate limit it is possible that some errors might not appear in the log In this case you can use the debug ip bgp events command to view errors pertaining to the maxas limit value ...

Page 435: ...The BGP4 network route and the BGP4 static network route are mutually exclusive They cannot be configured with the same prefix and mask When you configure a route using the static network command BGP4 automatically generates a local route in BGP4 RIB IN and installs a NULL0 route in the RTM if there is no other valid route with the same prefix mask learned from any peer Otherwise the learned BGP4 ...

Page 436: ...r a peer group If you specify a neighbor IP address you are configuring that individual neighbor If you specify a peer group name you are configuring a peer group Dynamic route filter update Routing protocols use various route filters to control the distribution of routes Route filters are used to filter routes received from and advertised to other devices Protocols also use route map policies to ...

Page 437: ...s update delay command applies remove only to changes of filters that are already used or referenced by applications If the content of a filter is changed the new filter action takes effect after filter changes update delay for existing routes The notification delay also applies to situations where the usage or reference of a filter is changed in BGP For example the following BGP neighbor command ...

Page 438: ...g bgp router neighbor 192 168 9 210 ebgp btsh Syntax no neighbor ip addr peer group name ebgp btsh NOTE For GTSM protection to work properly it must be enabled on both the device and the neighbor Displaying BGP4 information You can display the following configuration information and statistics for BGP4 protocol Summary BGP4 configuration information for the device Active BGP4 configuration informa...

Page 439: ...number of the confederation in which the device resides Confederation Peers The numbers of the local autonomous systems contained in the confederation This list matches the confederation peer list you configure on the device Maximum Number of Paths Supported for Load Sharing The maximum number of route paths across which the device can balance traffic to the same destination The feature is enabled...

Page 440: ...g the show ip bgp neighborip addr command the TCP receiver queue value will be greater than 0 indicates that the session has gone down and the software is clearing or removing routes indicates that the inbound or outbound policy is being updated for the peer s indicates that the peer has negotiated restart and the session is in a stale state r indicates that the peer is restarting the BGP4 connect...

Page 441: ...ebgp multihop neighbor 10 102 1 1 update source loopback 1 neighbor 192 168 2 1 remote as 100 neighbor 10 200 2 2 remote as 400 neighbor 2001 db8 1 1 remote as 200 neighbor 2001 db8 1 2 remote as 400 neighbor 2001 db8 1 remote as 300 address family ipv4 unicast no neighbor 2001 db8 1 1 activate no neighbor 2001 db8 1 2 activate no neighbor 2001 db8 1 activate exit address family address family ipv...

Page 442: ... the device accepted and installed in the BGP4 route table Filtered or Kept Number of routes that were filtered out but were retained in memory for use by the soft reconfiguration feature Filtered Number of received routes filtered out Routes Selected as BEST Routes The number of routes that the device selected as the best routes to their destinations BEST Routes not Installed in IP Forwarding Tab...

Page 443: ... Count for Statistics for the times the device has run out of BGP4 memory for the neighbor during the current BGP4 session Receiving Update Messages The number of times UPDATE messages were discarded because there was no memory for attribute entries Accepting Routes NLRI The number of NLRIs discarded because there was no memory for NLRI entries This count is not included in the Receiving Update Me...

Page 444: ... and the neighbor These fields are described in detail in section 3 2 of RFC 793 Transmission Control Protocol Functional Specification Syntax show ip bgp neighbors ip addr advertised routes detail ip add mask bits attribute entries detail flap statistics last packet with error received prefix filter received routes routes best detail best not installed best unreachable rib out routes ip addr mask...

Page 445: ...figured IP Address The IP address of the neighbor AS The AS the neighbor is in EBGP or IBGP Whether the neighbor session is an IBGP session an EBGP session or a confederation EBGP session EBGP The neighbor is in another AS EBGP_Confed The neighbor is a member of another sub AS in the same confederation IBGP The neighbor is in the same AS RouterID The neighbor device ID Description The description ...

Page 446: ...GP4 neighbor before deciding that the neighbor is not operational PeerGroup The name of the peer group the neighbor is in if applicable Multihop EBGP Whether this option is enabled for the neighbor RouteReflectorClient Whether this option is enabled for the neighbor SendCommunity Whether this option is enabled for the neighbor NextHopSelf Whether this option is enabled for the neighbor DefaultOrig...

Page 447: ...ad BGP4 Identifier Unsupported Optional Parameter Authentication Failure Unacceptable Hold Time Unsupported Capability UPDATE Message Error Malformed Attribute List Unrecognized Well known Attribute Missing Well known Attribute Attribute Flags Error Attribute Length Error Invalid ORIGIN Attribute Invalid NEXT_HOP Attribute Optional Attribute Error Invalid Network Field Malformed AS_PATH Hold Timer...

Page 448: ...lid Network Field Malformed AS Path Unspecified Hold Timer Expired Finite State Machine Error Cease Unspecified Notification Received Refer to details for the field Notification Sent TCP Connection state The state of the connection with the neighbor The connection can have one of the following states LISTEN Waiting for a connection request SYN SENT Waiting for a matching connection request after h...

Page 449: ...bers that the device retransmitted because they were not acknowledged UnAckSeq The current acknowledged sequence number IRcvSeq The initial receive sequence number for the session RcvNext The next sequence number expected from the neighbor SendWnd The size of the send window TotalRcv The number of sequence numbers received from the neighbor DupliRcv The number of duplicate sequence numbers receive...

Page 450: ...p addr prefix For information about the fields in this display refer to Displaying summary route information on page 451 The fields in this display also appear in the show ip bgp display Displaying the best routes To display the routes received from a specific neighbor that are the best routes to their destinations enter a command such as the following at any level of the CLI device show ip bgp ne...

Page 451: ...as the following at the Privileged EXEC level of the CLI device show ip bgp peer group STR 1 BGP peer group is STR Address family IPV4 Unicast activate Address family IPV4 Multicast no activate Address family IPV6 Unicast no activate Address family IPV6 Multicast no activate Address family VPNV4 Unicast no activate Address family L2VPN VPLS no activate Members IP Address 10 1 1 1 AS 5 Syntax show ...

Page 452: ...4 route table that are EBGP routes Displaying VRF instance information To display VRF instance information enter a command such as the following at the Privileged EXEC level of the CLI device show ip bgp vrf red Total number of BGP Routes 2 Status codes s suppressed d damped h history valid best i internal S stale Origin codes i IGP e EGP incomplete Network Next Hop RD MED LocPrf Weight Path 10 14...

Page 453: ...num parameter filters the display using the specified community ACL The community list option lets you display routes that match a specific community filter The detail option lets you display more details about the routes You can refine your request by also specifying one of the other display options after the detail keyword The filter list option displays routes that match a specific address filt...

Page 454: ...wing at any level of the CLI device show ip bgp routes not installed best Searching for matching routes use C to quit Status A AGGREGATE B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH m NOT INSTALLED MULTIPATH S SUPPRESSED F FILTERED s STALE Prefix Next Hop Metric LocPrf Weight Status 1 192 168 4 0 24 192 168 4 106 0 100 0 bE AS_PATH 65001 Each of th...

Page 455: ...ULTIPATH S SUPPRESSED F FILTERED s STALE Prefix Next Hop MED LocPrf Weight Status 1 10 3 4 0 24 192 168 4 106 100 0 BE AS_PATH 65001 4355 1 1221 Last update to IP routing table 0h12m1s 1 path s installed Gateway Port 192 168 2 1 1 2 1 Route is advertised to 1 peers 10 20 20 2 65300 TABLE 98 show ip bgp route output descriptions This field Displays Number of BGP4 Routes matching display condition T...

Page 456: ... routes received from the neighbor are the best BGP4 routes to their destinations but were not installed in the IP route table because the device received better routes from other sources such as OSPF RIP or static IP routes C CONFED_EBGP The route was learned from a neighbor in the same confederation and AS but in a different sub AS within the confederation D DAMPED This route has been dampened b...

Page 457: ...Prefix The network prefix and mask length Status The route status which can be one or more of the following A AGGREGATE The route is an aggregate route for multiple networks B BEST BGP4 has determined that this is the optimal route to the destination NOTE If the b is lowercase the software was not able to install the route in the IP route table b NOT INSTALLED BEST The routes received from the nei...

Page 458: ...e best route IGP is preferred over EGP and both are preferred over INCOMPLETE Weight The value this device associates with routes from a specific neighbor For example if the device receives routes to the same destination from two BGP4 neighbors the device prefers the route from the neighbor with the larger weight Atomic Whether network information in this route has been aggregated and this aggrega...

Page 459: ...this BGP4 route table Next Hop The IP address of the next hop device for routes that have this set of attributes Metric The cost of the routes that have this set of attributes Origin The source of the route information The origin can be one of the following EGP The routes with these attributes came to BGP4 through EGP IGP The routes with these attributes came to BGP4 through IGP INCOMPLETE The rou...

Page 460: ...0 0 2 255 0 0 0 192 168 13 2 1 1 1 0 B 10 0 1 1 255 255 128 0 192 168 13 2 1 1 1 0 B 10 1 0 0 255 255 0 0 0 0 0 0 1 1 1 1 D 10 10 11 0 255 255 255 0 0 0 0 0 1 2 24 1 D 10 2 97 0 255 255 255 0 192 168 13 2 1 1 1 0 B 10 3 63 0 255 255 255 0 192 168 13 2 1 1 1 0 B 10 3 123 0 255 255 255 0 192 168 13 2 1 1 1 0 B 10 5 252 0 255 255 254 0 192 168 13 2 1 1 1 0 B 10 6 42 0 255 255 254 0 192 168 13 2 1 1 1...

Page 461: ...is the best route among those in the BGP4 route table to the route destination d This route is currently dampened and thus unusable h The route has a history of flapping and is unreachable now The route has a history of flapping but is currently usable Network The destination network of the route From The neighbor that sent the route to this device Flaps The number of flaps state changes the route...

Page 462: ...y Received GracefulRestartCapability Received Restart Time 120 sec Restart bit 0 afi safi 1 1 Forwarding bit 0 GracefulRestartCapability Sent Restart Time 120 sec Restart bit 0 afi safi 1 1 Forwarding bit 1 Messages Open Update KeepAlive Notification Refresh Req Displaying AS4 details This section describes the use of the following show commands which produce output that includes information about...

Page 463: ...bility As path attribute count 1 Outbound Policy Group ID 1 Use Count 1 TCP Connection state ESTABLISHED flags 00000044 0 0 Maximum segment size 1460 TTL check 0 value 0 rcvd 64 Byte Sent 148 Received 203 Local host 192 168 1 2 Local Port 179 Remote host 192 168 1 1 Remote Port 8041 ISentSeq 1656867 SendNext 1657016 TotUnAck 0 TotSent 149 ReTrans 19 UnAckSeq 1657016 IRcvSeq 1984547 RcvNext 1984751...

Page 464: ... message from the neighbor the state changes to ESTABLISHED If the message is a Notification the state changes to IDLE ESTABLISHED BGP4 is ready to exchange Update messages with the neighbor If there is more BGP data in the TCP receiver queue a plus sign is also displayed Time Shows the amount of time this session has been in its current state KeepAliveTime Shows the keepalive time which specifies...

Page 465: ...bute Length Error Invalid ORIGIN Attribute Invalid NEXT_HOP Attribute Last Connection Reset Reason continued Reasons described in the BGP specifications continued Optional Attribute Error Invalid Network Field Malformed AS_PATH Hold Timer Expired Finite State Machine Error Rcv Notification Reset All Peer Sessions User Reset Peer Session Port State Down Peer Removed Peer Shutdown Peer AS Number Cha...

Page 466: ...4 unicast capability Peer negotiated IPV6 unicast capability Peer configured for IPV4 unicast routes Peer configured for IPV6 unicast routes Neighbor AS4 Capability Negotiation Shows the state of the device s AS4 capability negotiation with the neighbor The states can be one of the following Peer negotiated AS4 capability Peer configured for AS4 capability As path attribute count Shows the count o...

Page 467: ...or the BGP4 TCP session with the neighbor Remote host Shows the IPv4 address of the neighbor Remote port Shows the TCP port the neighbor is using for the BGP4 TCP session with the device ISentSeq Shows the initial send sequence number for the session SendNext Shows the next sequence number to be sent TotUnAck Shows the count of sequence numbers sent by the device that have not been acknowledged by...

Page 468: ...unning configuration AS4s appear in the display of a running configuration as shown device show ip bgp config Current BGP configuration router bgp local as 7701000 confederation identifier 120000 confederation peers 80000 neighbor 192 168 1 2 remote as 80000 Access lists that contain AS4s AS4s that exist in access lists are displayed by the command as shown device show ip as path access lists ip a...

Page 469: ... neighbor You also can clear and reset the BGP4 routes that have been installed in the IP route table Using soft reconfiguration The soft reconfiguration feature applies policy changes without resetting the BGP4 session Soft reconfiguration does not request the neighbor or group to send the entire BGP4 table nor does the feature reset the session with the neighbor or group Instead soft reconfigura...

Page 470: ...he CLI device show ip bgp filtered routes Searching for matching routes use C to quit Status A AGGREGATE B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH m NOT INSTALLED MULTIPATH S SUPPRESSED F FILTERED s STALE Prefix Next Hop MED LocPrf Weight Status 1 10 3 0 0 8 192 168 4 106 100 0 EF AS_PATH 65001 4355 701 80 2 10 4 0 0 8 192 168 4 106 100 0 EF AS_...

Page 471: ...B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH S SUPPRESSED F FILTERED Prefix Next Hop MED LocPrf Weight Status 1 10 3 0 0 8 192 168 4 106 100 0 BE AS_PATH 65001 4355 701 8 2 10 4 0 0 8 192 168 4 106 100 0 BE AS_PATH 65001 4355 1 3 10 60 212 0 22 192 168 4 106 100 0 BE AS_PATH 65001 4355 701 1 189 4 10 6 0 0 8 192 168 4 106 100 0 BE Syntax show ip bg...

Page 472: ...xisting routes affected by the new or changed filters to the neighbor The soft in and soft out parameters specify whether you want to refresh the routes received from the neighbor or sent to the neighbor soft in does one of the following If you enabled soft reconfiguration for the neighbor or peer group soft in updates the routes by comparing the route policies against the route updates that the d...

Page 473: ... rows under Refresh Req indicate how many dynamic refreshes have been sent to and received from the neighbor The statistic is cumulative across sessions device config bgp show ip bgp neighbor 10 4 0 2 1 IP Address 10 4 0 2 AS 5 EBGP RouterID 100 0 0 1 Description neighbor 10 4 0 2 State ESTABLISHED Time 0h1m0s KeepAliveTime 0 HoldTime 0 PeerGroup pg1 Mutihop EBGP yes ttl 1 RouteReflectorClient yes...

Page 474: ... the following command device clear ip bgp neighbor all Syntax clear ip bgp neighbor all ip addr peer group name as num soft outbound soft in out The all ip addr peer group name and as num parameters specify the neighbor The ip addr parameter specifies a neighbor by its IP interface with the device The peer group name specifies all neighbors in a specific peer group The as num parameter specifies ...

Page 475: ...ll neighbors If you clear the buffer containing the first 400 bytes of the last packet that contained errors all the bytes are changed to zeros The Last Connection Reset Reason field of the BGP4 neighbor table also is cleared If you clear the buffer containing the last NOTIFICATION message sent or received the buffer contains no data You can clear the buffers for all neighbors for an individual ne...

Page 476: ...FastIron Ethernet Switch Layer 3 Routing 476 53 1003627 04 ...

Page 477: ... IPv6 addresses NOTE The implementation of BGP4 supports the advertising of routes among different address families However it supports BGP4 unicast routes only it does not currently support BGP4 multicast routes BGP global mode Configurations that are not specific to address family configuration are available in the BGP global configuration mode device config bgp router Possible completions addre...

Page 478: ...nfiguration level provides access to commands that allow you to configure BGP4 unicast routes The commands that you enter at this level apply only to the IPv6 unicast address family BGP4 supports the IPv6 address family configuration level You can generate a configuration for BGP4 unicast routes that is separate and distinct from configurations for IPv4 unicast routes The commands that you can acc...

Page 479: ...bors can also be configured using a global address The global IPv6 address of a neighbor in a remote AS must be added and the neighbor should be activated in the IPv6 address family configuration mode using the neighbor activate command BGP4 peer groups Neighbors having the same attributes and parameters can be grouped together by means of the peer group command You must first create a peer group ...

Page 480: ...t hop gateway If this second lookup results in an IGP path the software considers the BGP4 route to be valid and adds it to the IPv6 route table Otherwise the device performs another lookup on the next hop IPv6 address of the next hop for the next hop gateway and so on until one of the lookups results in an IGP route You must configure a static route or use an IGP to learn the route to the EBGP mu...

Page 481: ...outes are not in the RTM using the always propagate command BGP4 route aggregation A device can be configured to aggregate routes in a range of networks into a single IPv6 prefix By default a device advertises individual BGP4 routes for all the networks The aggregation feature allows you to configure a device to aggregate routes in a range of networks into a single IPv6 prefix For example without ...

Page 482: ...l accept a prefix list from a neighbor and apply the prefix list to locally configured ORFs The local peer exchanges the ORF capability in send mode with a remote peer for a prefix list that is configured as an inbound filter for that peer locally The remote peer only sends the first update once it receives a ROUTEREFRESH request or BGP ORF with IMMEDIATE from the peer The local and remote peers e...

Page 483: ...ng to ensure that no route and topology changes occur in the network for the duration of the restart The GR feature provides a routing device with the capability to inform its neighbors and peers when it is performing a restart When a BGP session is established GR capability for BGP is negotiated by neighbors and peers through the BGP OPEN message If the neighbor also advertises support for GR GR ...

Page 484: ... device config bgp ipv6u neighbor 2001 db8 93e8 cc00 1 activate The following example configures a neighbor using a global IPv6 address device configure terminal device config router bgp device config bgp router local as 1000 device config bgp router neighbor 2001 db8 93e8 cc00 1 remote as 1001 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 2001 db8 93e8 cc00...

Page 485: ... following example configures a neighbor using a link local address and configures a route map to set up a global next hop for packets destined for the neighbor device configure terminal device config router bgp device config bgp router local as 1000 device config bgp router neighbor fe80 4398 ab30 45de 1 remote as 1001 device config bgp router neighbor fe80 4398 ab30 45de 1 update source ethernet...

Page 486: ...ctivates the peer group device configure terminal device config router bgp device config bgp router local as 1000 device config bgp router neighbor mypeergroup1 peer group device config bgp router neighbor mypeergroup1 remote as 11 device config bgp router neighbor 2001 2018 8192 125 peer group mypeergroup1 device config bgp router neighbor 2001 2018 8192 124 peer group mypeergroup1 device config ...

Page 487: ...oup p1 device config bgp router neighbor 10 0 0 1 peer group p1 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor p1 activate Importing routes into BGP4 Routes can be explicitly specified for advertisement by BGP The routes imported into BGP4 must first exist in the IPv6 unicast route table 1 Enter the configure terminal command to access global configuration mo...

Page 488: ...te in the local BGP4 route table device configure terminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u default information originate Advertising the default BGP4 route to a specific neighbor A BGP device can be configured to advertise the default IPv6 route to a specific neighbor 1 Enter the configure terminal command to access global confi...

Page 489: ...to enable BGP routing device config router bgp 3 Enter the address family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode device config bgp router address family ipv6 unicast 4 Enter the next hop enable default command to configure the device to use the default route as a valid next hop device config bgp ipv6u next hop enable default The following ...

Page 490: ...as 1000 4 Enter the cluster id command and specify a value to change the cluster ID of a device from the default device ID device config bgp router cluster id 321 The following example changes the cluster ID of a device from the default device ID to 321 device configure terminal device config router bgp device config bgp router cluster id 321 Configuring a route reflector client A BGP peer can be ...

Page 491: ...ration mode device configure terminal 2 Enter the router bgp command to enable BGP routing device config router bgp 3 Enter the address family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode device config bgp router address family ipv6 unicast 4 Enter the aggregate address command to aggregate the routes from a range of networks into a single netwo...

Page 492: ...nfigure terminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u maximum paths use load sharing Configuring a route map for BGP4 prefixes Route maps can be applied to IPv6 unicast address prefixes either as the inbound or outbound routing policy for neighbors under the specified address family 1 Enter the configure terminal command to access gl...

Page 493: ...list myprefixlist seq 10 permit 2001 db8 32 device config route map myroutemap permit 10 device config route map myroutemap match ipv6 address prefix list myprefixlist device config route map myroutemap exit device config router bgp device config bgp router local as 1000 device config bgp router neighbor fe80 4398 ab30 45de 1 remote as 1001 device config bgp router address family ipv6 unicast devi...

Page 494: ...d and specify the in keyword to filter the incoming route updates from a specified BGP neighbor device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 prefix list myprefixlist in 6 Do one of the following Enter the neighbor capability orf prefixlist command and specify the send keyword to advertise ORF send capabilities device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 capability orf prefixlist...

Page 495: ...outer bgp command to enable BGP routing device config router bgp 3 Enter the local as command to configure the autonomous system number ASN in which your device resides device config bgp router local as 65520 4 Enter the confederation identifier command and specify an ASN to configure a BGP confederation identifier device config bgp router confederation identifier 100 5 Enter the confederation pee...

Page 496: ...igures a BGP community ACL and sets the BGP community attributes in a route map instance device configure terminal device config ip community list extended 1 permit 1 2 23 device config route map ComRmap permit 10 device config route map ComRmap match community 1 device config route map ComRmap set community 323 1 additive device config route map ComRmap exit device config route map sendComRmap pe...

Page 497: ...routes device config bgp ipv6u neighbor fe80 4398 ab30 45de 1 route map in ComRmap 13 Enter the neighbor ipv6 address send community command to enable the sending of standard and extended attributes in updates to the specified BGP neighbor device config bgp ipv6u neighbor fe80 4398 ab30 45de 1 send community The following example applies a BGP extended community filter device configure terminal de...

Page 498: ...nform its neighbors and peers when it is performing a restart 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the router bgp command to enable BGP routing device config router bgp 3 Enter the local as command to configure the autonomous system number ASN in which your device resides device config bgp router local as 1000 4 Enter the neig...

Page 499: ... router bgp device config bgp router local as 1 device config bgp router neighbor 1000 1 remote as 2 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 1000 1 activate device config bgp ipv6u graceful restart purge time 300 The following example re enables the graceful restart feature and sets the restart time to 180 seconds overwriting the default value device c...

Page 500: ...rminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 allowas in 3 Displaying BGP4 statistics Various show ipv6 bgp commands verify information about BGP4 configurations Use one or more of the following commands to verify BGP4 information The commands do not have to be entered in this order 1 Enter the show ipv6 b...

Page 501: ...Num 0 SegmentNum 0 Neighboring As 0 Source As 0 Address 0x1205c7cc Hash 365 0x01000000 Links 0x00000000 0x00000000 Reference Counts 1 0 1 Magic 2 This example shows information about two route attribute entries that are stored in device memory 3 Enter the show ipv6 bgp peer group command device show ipv6 bgp peer group 1 BGP peer group is P1 Remote AS 1 Address family IPV4 Unicast activate Address...

Page 502: ... 5 57 7000 3 22 abc 1 0 8 128 2001 700 122 57 57 100 0 BE AS_PATH 7000 322 6 57 7000 3 22 abc 1 0 a 128 2001 700 122 57 57 100 0 BE AS_PATH 7000 322 This example shows general BGP4 route information 5 Enter the show ipv6 bgp routes command using the summary keyword device show ipv6 bgp routes summary Total number of BGP routes NLRIs Installed 558 Distinct BGP destination networks 428 Filtered bgp ...

Page 503: ...mands do not have to be entered in this order 1 Enter the show ipv6 bgp neighbors command device show ipv6 bgp neighbors Total number of BGP Neighbors 2 IP Address 2001 1 AS 2 EBGP RouterID 192 0 0 1 VRF default vrf State ESTABLISHED Time 0h0m27s KeepAliveTime 30 HoldTime 90 KeepAliveTimer Expire in 3 seconds HoldTimer Expire in 62 seconds Minimal Route Advertisement Interval 0 seconds Messages Op...

Page 504: ... command device show ipv6 bgp neighbor last packet with error Total number of BGP Neighbors 67 1 IP Address 153 2 Last error BGP4 0 bytes hex dump of packet that contains error This example shows information about the last packet that contained an error from any of a device s neighbors 4 Enter the show ipv6 bgp neighbors received routes command device show ipv6 bgp neighbor 2001 db8 10 received ro...

Page 505: ...ned routes The clear ipv6 bgp dampening command is entered to reactivate all suppressed BGP4 routes The show ipv6 bgp dampened paths command is re entered to verify that the suppressed BGP4 routes have been reactivated 1 Enter the exit command until you return to Privileged EXEC mode device config exit 2 Enter the show ipv6 bgp dampened paths command to display all BGP4 dampened routes device show...

Page 506: ...ifies that there are no suppressed routes device config bgp router exit device config exit device show ipv6 bgp dampened paths device clear ipv6 bgp dampening device show ipv6 bgp dampened paths Configuring BGP4 FastIron Ethernet Switch Layer 3 Routing 506 53 1003627 04 ...

Page 507: ...s limitations in the standard protocol The FastIron devices support VRRP E v2 and VRRP E v3 VRRP E v2 supports the IPv4 environment and VRRP E v3 supports the IPv6 environment NOTE VRRP and VRRP E are separate protocols You cannot use them together NOTE You can use a Brocade Layer 3 switch configured for VRRP with another Brocade device or a third party router that is also configured for VRRP Howe...

Page 508: ...ith a different default gateway might not require too much extra administration However consider a more realistic network with dozens or even hundreds of hosts per subnet reconfiguring the default gateways for all the hosts is impractical It is much simpler to configure a VRRP virtual router on Router 1 and Router 2 to provide a redundant path for the hosts The examples show the same sample networ...

Page 509: ...up routers The Master router is the router that owns the IP addresses you associate with the VRID For this reason the Master router is sometimes called the Owner Configure the VRID on the router that owns the default gateway interface The other router in the VRID does not own the IP addresses associated with the VRID but provides the backup path if the Master router becomes unavailable Virtual rou...

Page 510: ...forwards traffic addressed to the VRID MAC address which the host believes is the MAC address of the router interface for its default gateway However the Backup router cannot reply to IP pings sent to the IP addresses associated with the VRID Because the IP addresses are owned by the Owner if the Owner is unavailable the IP addresses are unavailable as packet destinations Master negotiation The ro...

Page 511: ...d of the route path through the router For example in VRRP overview on page 507 interface e1 1 6 on Switch 1 owns the IP address to which Host1 directs route traffic on its default gateway The exit path for this traffic is through the Switch 1 e1 2 4 interface Suppose interface e1 2 4 goes down Even if interface e1 1 6 is still up Host1 is cut off from other networks In conventional VRRP Switch 1 ...

Page 512: ...pendent operation of VRRP alongside RIP OSPF and BGP4 VRRP operation is independent of RIP OSPF and BGP4 therefore RIP OSPF and BGP4 are not affected if VRRP is enabled on one of these interfaces Dynamic VRRP configuration All VRRP global and interface parameters take effect immediately You do not need to reset the system to place VRRP configuration parameters into effect VRRP E overview The most ...

Page 513: ...s down the software reduces the VRID priority again by the amount of the tracked interface track priority VRRP E can use HMAC MD5 96 for authenticating VRRP E packets VRRP can use only simple passwords ARP behavior with VRRP E In the VRRP E implementation the source MAC address of the gratuitous Address Resolution Protocol ARP request sent by the VRRP E Master router is the VRRP E virtual MAC addr...

Page 514: ... backing up VRRP The virtual router IP address is the same as an IP address or virtual interface configured on one of the Layer 3 switches which is the Owner and becomes the default Master VRRP E The virtual router IP address is the gateway address you want to back up but does not need to be an IP interface configured on one of the Layer 3 swicth ports or a virtual interface Master and Backup rout...

Page 515: ...ss The source MAC address in VRRP or VRRP E packets sent from the VRID interface and the destination for packets sent to the VRID VRRP A virtual MAC address defined as 00 00 5E 00 01 vrid for IPv4 VRRP and 00 00 5E 00 02 vrid for VRRP v3 The Master owns the virtual MAC address VRRP E A virtual MAC address defined as 02 E0 52 hash value vrid for IPv4 VRRP E and IPv6 VRRP E where hash value is a two...

Page 516: ...outer that is running RIP normally advertises routes to a backed up VRID even when the router is not currently the active router for the VRID Suppression of these advertisements helps ensure that other routers do not receive invalid route paths for the VRID NOTE Suppression of RIP advertisements is not supported for VRRP v3 and VRRP E v3 Disabled Hello interval The number of seconds or millisecond...

Page 517: ...educed by the amount of the tracked port priority NOTE Track priority is not supported by VRRP v3 VRRP 2 VRRP E 5 Backup preempt mode Prevents a Backup with a higher VRRP priority from taking control of the VRID from another Backup that has a lower priority but has already assumed control of the VRID Enabled Timer scale Adjusts the timers for the Hello interval Dead interval Backup Hello interval ...

Page 518: ...tion information This way if you remove the configuration information by saving the configuration after disabling the protocol you can restore the configuration by copying the backup copy of the startup config file onto the flash memory Basic VRRP parameter configuration To implement a simple VRRP configuration using all the default values enter the commands shown in the following sections Configu...

Page 519: ...y default as the master router FIGURE 36 Basic VRRP topology 1 On the device designated as the owner VRRP device from privileged EXEC mode enter configuration mode by issuing the configure terminal command device configure terminal 2 Globally enable the VRRP protocol device config router vrrp 3 Configure the ethernet interface link for Router 1 device config interface ethernet 1 1 6 4 Configure th...

Page 520: ...rface is activating Enabling an IPv6 VRRPv3 owner device This task is performed on the device that is designated as the owner VRRP device because the IPv6 address of one of its physical interfaces is assigned as the IP address of the virtual router For each VRRP session there are master and backup routers the owner router is elected by default as the master router NOTE When implementing IPv6 VRRPv...

Page 521: ...gure terminal device config ipv6 unicast routing device config ipv6 router vrrp device config ipv6 vrrp router interface ethernet 1 1 5 device conf if e1000 1 1 5 ipv6 address 3013 2 64 device conf if e1000 1 1 5 ipv6 vrrp vrid 2 device conf if e1000 1 1 5 vrid 2 owner device conf if e1000 1 1 5 vrid 2 version 3 device conf if e1000 1 1 5 vrid 2 ipv6 address fe80 768e f8ff fe2a 0099 device conf if...

Page 522: ...ffline The backup device with the highest priority will assume the role of master device 7 Configure the VRRP version device conf if e1000 1 1 5 vrid 1 version 2 8 Configure the number of seconds between hello messages device conf if e1000 1 1 5 vrid 1 hello interval 10 9 By default backup VRRP devices do not send hello messages to advertise themselves to the master Use the following command to en...

Page 523: ...TE When implementing IPv6 VRRPv3 across a network with devices from other vendors be aware of a potential interoperability issue with IPv6 VRRPv3 and other vendor equipment Brocade has implemented IPv6 VRRPv3 functionality to comply with RFC 5798 and will interoperate comfortably with other vendors that support RFC 5798 1 On the device designated as a backup VRRPv3 device from privileged EXEC mode...

Page 524: ...ddress fe80 768e f8ff fe2a 0099 device conf if e1000 1 1 4 vrid 2 ipv6 address 3013 2 device conf if e1000 1 1 4 vrid 2 activate Assigning an auto generated link local IPv6 address for a VRRPv3 cluster The default VRRPv3 implementation allows only the link local address that is configured on a physical interface to be used as the virtual IPv6 address of a VRRPv3 instance This limits configuring a ...

Page 525: ...3 6 To enable v2 checksum computation method in an IPv4 VRRPv3 session use the use v2 checksum command in the VRRP configuration mode device config if e10000 1 2 4 vrid 14 use v2 checksum 7 Enter the IP address for the interface using the ip address command device config if e10000 1 2 4 vrid 14 ip address 10 14 14 99 8 To activate the interface enter the activate command device config if e10000 1 ...

Page 526: ...uring track ports for an Owner router For IPv6 VRRP only the tracking port configuration is not allowed if the router is configured as the VRRP Owner This conforms to RFC 5798 For the IPv6 VRRP Owner router only the priority configuration is not allowed The Owner router priority is always 255 This conforms to RFC 5798 Interoperability is not supported for a VRID when VRRP routers are configured as...

Page 527: ... priority or track priority The priority value option specifies the IPv4 VRRP E priority for this virtual Backup router You can specify a value from 3 through 254 The default is 100 The track priority value option changes the track port priority of a Backup router You can specify a value from 1 through 254 The default is 5 NOTE You also can use the enable command to activate the configuration This...

Page 528: ...mmand to activate the configuration This command does the same thing as the activate command Additional VRRP and VRRP E parameter configuration You can modify the following VRRP and VRRP E parameters on an individual VRID basis These parameters apply to both protocols Authentication type if the interfaces on which you configure the VRID use authentication Router type Owner or Backup NOTE For VRRP ...

Page 529: ...1 1 6 device Switch1 config if 1 1 6 ip vrrp auth type simple text auth ourpword VRRP syntax Syntax auth type no auth simple text auth auth data The auth type no auth option indicates that the VRID and the interface it is configured on do not use authentication The simple text auth auth data option indicates that the VRID and the interface it is configured on use a simple text password for authent...

Page 530: ...fails the HMAC MD5 96 authentication check For Example SYSLOG 13 Apr 30 14 14 57 ICX6610 VRRP VRRPE authentication failure intf v555 vrid 55 auth_type MD5 authentication SYSLOG 13 Apr 30 14 14 58 ICX6610 VRRP VRRPE authentication failure intf v555 vrid 55 auth_type MD5 authentication SYSLOG 13 Apr 30 14 14 59 ICX6610 VRRP VRRPE authentication failure intf v555 vrid 55 auth_type MD5 authentication ...

Page 531: ... 1 ipv6 address 2002 AB3 1 device Router1 config if e1000 1 1 7 vrid 1 activate Configuring Router 2 as IPv6 VRRP backup for a VRID To configure an IPv6 VRRP interface as a Backup for a VRID and set its backup and track priority enter the following device Router2 config interface ethernet 1 1 7 device Router2 config if e1000 1 1 7 ipv6 address 2002 AB3 2 64 device Router2 config if e1000 1 1 7 ipv...

Page 532: ...ip vrrp vrid 1 device Router1 config if 1 1 6 vrid 1 hello interval 10 Syntax no hello interval seconds The seconds variable specifies the Hello interval value from 1 through 84 seconds for IPv4 VRRP VRRP E and IPv6 VRRP E and 1 through 40 seconds for IPv4 VRRPv3 The default is 1 second To change the Hello interval on the Master to 200 milliseconds for IPv6 VRRP enter the following commands device...

Page 533: ...ster You can enable these messages if desired and also change the message interval To enable a Backup router to send Hello messages to the Master enter the following commands device config router vrrp device config interface ethernet 1 1 6 device config if 1 1 6 ip vrrp vrid 1 device config if 1 1 6 vrid 1 advertise backup Syntax no advertise backup When you enable a Backup to send Hello messages ...

Page 534: ...r for VRRP v2 IPv6 VRRP v3 and for IPv4 VRRP E and IPv6 VRRP E the default track priority is 5 The default track priority for Backup routers is 1 You enter the track priority value with the owner or backup command Syntax owner track priority value Syntax backup priority value track priorityvalue The syntax is the same for VRRP and VRRP E Backup preempt configuration By default a Backup that has a ...

Page 535: ...es TABLE 104 Time scale values Timer Timer scale Timer value Hello interval 1 1 second 2 0 5 seconds Dead interval 1 3 seconds 2 1 5 seconds Backup Hello interval 1 60 seconds 2 30 seconds Hold down interval 1 2 seconds 2 1 second If you configure the device to receive its timer values from the Master the Backup also receives the timer scale value from the Master To change the timer scale enter a ...

Page 536: ... priority of the Backup router is equal to the configured priority on the Backup state router NOTE The VRRP E slow start timer applies only to VRRP E configurations It does not apply to VRRP configurations VRRP E Extension for Server Virtualization VRRP E is enhanced with the VRRP E Extension for Server Virtualization feature so that the Brocade device attempts to bypass the VRRP E Master router a...

Page 537: ...RP E Extension for short path forwarding example Under the VRRP E VRID configuration level there is an option to enable short path forwarding To enable short path forwarding enter the following commands device config router vrrp extended device config interface ve 10 device config vif 10 ip address 10 10 10 25 24 device config vif 10 ip vrrp extended vrid 10 device config vif 10 vrid 10 backup pri...

Page 538: ...e displays information about VRID 1 when only short path forwarding is configured device show ip vrrp e vrid 1 VRID 1 Interface ethernet v100 state backup administrative status enabled priority 110 current priority 90 hello interval 1000 msec dead interval 0 msec current dead interval 3500 msec preempt mode true virtual ip address 10 1 1 3 virtual mac address 0000 0089 7001 advertise backup disabl...

Page 539: ...cate to a Backup router NOTE Forcing a Master router to abdicate to a Backup router is not supported for IPv6 VRRP IPv4 VRRP E and IPv6 VRRP E It is only supported for IPv4 VRRP You can force a VRRP Master to abdicate give away control of a VRID to a Backup router by temporarily changing the Master priority to a value less than that of the Backup router The VRRP Owner always has priority 255 You c...

Page 540: ...he master VRRP device For each VRRP virtual routing instance there is one master device and all other devices are backups Accept mode allows some network management functionality for backup VRRP devices with the ability to respond to ping traceroute and telnet packets By default non owner VRRP devices do not accept packets destined for the IPv4 or IPv6 VRID addresses Troubleshooting of network con...

Page 541: ... Assign this backup device to VRID 1 the same VRID as the VRRP owner device device conf if e1000 1 1 5 ip vrrp vrid 1 NOTE You can assign a VRID number in the range of 1 through 255 6 Designate this router as a backup VRRP device device conf if e1000 1 1 5 vrid 1 backup priority 110 While configuring a backup device you can set a priority that is used when a master VRRP device goes offline The bac...

Page 542: ...d status information VRRP and VRRP E statistics Syntax for IPv4 and IPv6 VRRP Syntax show ip vrrp brief stat statistics vrid num ethernet unit slotnum portnum ve num Syntax show ipv6 vrrp brief stat statistics vrid num ethernet unit slotnum portnum ve num Syntax for IPv4 and IPv6 VRRP E Syntax show ip vrrp extended brief stat statistics vrid num ethernet unit slotnum portnum ve num Syntax show ipv...

Page 543: ...up addr 2001 DB8 212 f2ff fea8 5b00 VIP 2001 DB8 100 The table shows a description of the output for the show ip vrrp brief and show ip vrrp extended brief commands TABLE 105 Output description for VRRP or VRRP E summary information Field Description Total number of VRRP or VRRP Extended routers defined The total number of VRIDs configured on this Layer 3 switch NOTE The total applies only to the ...

Page 544: ...ce ethernet 1 1 3 auth type simple text password VRID 3 state master administrative status enabled version v3 mode owner priority 255 current priority 255 track priority 150 hello interval 1000 msec ip address 172 21 3 1 virtual mac address 0000 5E00 0103 advertise backup disabled next hello sent in 00 00 00 7 backup router 172 21 3 2 expires in 00 02 41 3 track port 1 3 14 up The following exampl...

Page 545: ... status enabled priority 220 current priority 220 hello interval 1000 msec dead interval 0 msec current dead interval 3100 msec preempt mode true virtual ip address 10 201 201 5 virtual mac address 0000 00d7 82c9 advertise backup enabled next hello sent in 00 00 00 1 backup router 10 201 201 4 expires in 00 02 45 2 backup router 10 201 201 3 expires in 00 02 47 6 track port 1 1 25 2 1 24 up To dis...

Page 546: ...nfigured on the other routers and that the routers can communicate with each other NOTE If the state is initialize and the mode is incomplete make sure you have specified the IP address for the VRID backup This Layer 3 switch is a Backup for the VRID master This Layer 3 switch is the Master for the VRID administrative status The administrative status of the VRID The administrative status can be on...

Page 547: ...nterval expires the Backups negotiate compare priorities to select a new Master for the VRID NOTE If the value is 0 then you have not configured this parameter NOTE This field does not apply to VRRP Owners NOTE All timer fields Hello interval dead interval current dead interval and so on are displayed in milliseconds current dead interval The current value of the dead interval This value is equal ...

Page 548: ... 3 switch is the Master and the Backup is configured to send Hello messages the advertise backup option is enabled master router ip addr expires in time The IP address of the Master and the amount of time until the Master dead interval expires If the Backup does not receive a Hello message from the Master by the time the interval expires either the IP address listed for the Master will change to t...

Page 549: ...cription Field Description VRID The specified VRID Interface The interface on which VRRP is configured State The Layer 3 switch VRRP state for the VRID The state can be one of the following Init The VRID is not enabled activated If the state remains Init after you activate the VRID make sure that the VRID is also configured on the other routers and that the routers can communicate with each other ...

Page 550: ...uth error count 0 rxed vrrp auth passwd mismatch error count 0 rxed vrrp vrid not found error count 52 VRID 55 rxed arp packet drop count 0 rxed ip packet drop count 0 rxed vrrp port mismatch count 0 rxed vrrp number of ip address mismatch count 0 rxed vrrp ip address mismatch count 0 rxed vrrp hello interval mismatch count 0 rxed vrrp priority zero from master count 0 rxed vrrp higher priority co...

Page 551: ...ord value that does not match the password used by the interface for authentication rxed vrrp vrid not found error count The number of VRRP or VRRP E packets received by the interface that contained a VRID that is not configured on this interface VRID statistics rxed arp packet drop count The number of ARP packets addressed to the VRID that were dropped rxed ip packet drop count The number of IP p...

Page 552: ...v TX backup adv VR Errors Port Errors v211 0 VR211 0 93542 1559 0 0 v212 0 VR212 0 93542 1559 0 0 v213 0 VR213 1 93543 1559 0 0 v214 0 VR214 0 93542 1559 0 0 v215 0 VR215 0 93542 1559 0 0 v225 0 VR225 0 93542 1559 0 0 v226 0 VR226 0 46772 1559 0 0 v227 0 VR227 0 93542 1559 0 0 v228 0 VR228 0 93542 1559 0 0 v229 0 VR229 1 93543 1559 0 0 v311 0 output truncated To display a summary of the VRRP E sta...

Page 553: ...eived output of the stat option TX backup adv The number of VRRP backup advertisement packets sent by this router for a VRID on a specific interface This is the same as the backup advertisements sent output of the stat option VR Errors This is the sum of these values rxed arp packet drop count rxed ip packet drop count rxed vrrp port mismatch count rxed vrrp number of ip address mismatch count rxe...

Page 554: ... 1 5 vrid 1 activate The backup command specifies that this router is a VRRP Backup for virtual router VRID1 The IP address entered with the ip address command is the same IP address as the one entered when configuring Switch 1 In this case the IP address cannot also exist on Switch 2 but the interface on which you are configuring the VRID Backup must have an IP address in the same subnet By enter...

Page 555: ...ck port ethernet 1 2 4 Switch1 config if 1 1 6 vrid 1 ip address 192 53 5 253 Switch1 config if 1 1 6 vrid 1 activate VRRP Router 2 for this interface is activating NOTE The address you enter with the ip address command cannot be the same as a physical IP address configured on the interface Configuring Switch 2 To configure Switch 2 enter the following commands Switch2 config router vrrp extended ...

Page 556: ...ress associated with the VRID by the Owner However the address cannot be the same The priority parameter establishes the router VRRP E priority in relation to the other VRRP E routers in this virtual router The track priority parameter specifies the new VRRP E priority that the router receives for this VRID if the interface goes down The activate command activates the VRID configuration on this in...

Page 557: ...ter maps an input customer interface to a unique VPN instance The router maintains a different VRF table for each VPN instance on that PE router Multiple input interfaces may also be associated with the same VRF on the router if they connect to sites belonging to the same VPN This input interface can be a physical interface or a virtual Ethernet interface on a port In Multi VRF deployments Two VRF...

Page 558: ...te only to prevent the leaking of switching traffic if two interfaces in the same VLAN are configured with different VRFs Virtual interfaces Loopback interfaces Tunnel interfaces The tunnel can belong to any user defined VRF but the tunnel source and tunnel destination are restricted to the default VRF A Multi VRF instance cannot be configured on any of the following Physical interfaces Management...

Page 559: ...ystem max values at the global level TABLE 110 Commands for configuring system max values Command Description ip vrf Configures maximum VRF instances supported by the software ip route Configures maximum IPv4 routes used to initialize hardware during system init ip6 route Configures maximum IPv6 routes used to initialize hardware during system init ip route default vrf Configures maximum IPv4 rout...

Page 560: ...system max IPv4 routes configuration for default VRF 1024 26214 4 52428 8 1024 12000 15168 1024 5120 7168 256 65536 13107 2 ip route vrf default system max IPv4 routes per non default VRF instances 1024 65536 52428 8 128 1024 15168 128 1024 7168 64 4096 13107 2 ip6 route default vrf system max IPv6 routes configuration for default VRF 1024 32768 65536 64 908 2884 64 580 1348 64 2048 7168 ip6 route...

Page 561: ...ing Please revalidate these values to be valid for your configuration Reload required Please write memory and then reload or power cycle device To allocate 500 routes for IPv6 user VRF device system max ip6 route vrf 500 Reload required Please write memory and then reload or power cycle device end To save the configuration changes device write memory Write startup config done device Flash Memory W...

Page 562: ...at has no VRF related impact ARP rate limiting ARP rate limiting is configured globally and applies to all VRFs ARP age can be configured globally and on a Layer 3 interface An ARP age timer configured on a Layer 3 interface overrides the global configuration for ARP aging The aging timer ensures that the ARP cache does not retain learned entries that are no longer valid Dynamic ARP inspection Dyn...

Page 563: ... VRFs are configured with 512 maximum routes on each VRF The ip route default vrf and ip route vrf values must be modified The write memory and reload commands are required after the modification Once the device has rebooted after the reload enter the show default values command to display the system max settings 1 Verify the default values device config show default values sys log buffers 50 mac ...

Page 564: ... buffers 50 mac age time 300 sec telnet sessions 5 ip arp age 10 min bootp relay max hops 4 ip ttl 64 hops ip addr per intf 24 System Parameters Default Maximum Current Configured ip arp 4000 64000 4000 4000 ip static arp 512 6000 512 512 pim mcache 1024 4096 1024 1024 ip route 12000 15168 12000 12000 ip static route 64 2048 64 64 ip vrf 16 16 16 16 ip route default vrf 12000 15168 10000 10000 ip6...

Page 565: ...TENTION Using the overwrite option while downloading a configuration from a TFTP server to the running config will lead to the loss of all VRF configurations when a VRF is configured on a routing interface 1 Optional Assign a Route Distinguisher RD device config vrf corporate rd 11 11 2 Optional Assign a router ID device config vrf corporate ip router id 1 1 1 1 3 Use the address family unicast VR...

Page 566: ...interface to the VRF you must reconfigure the IP address and interface properties 1 Enter global configuration mode device configure terminal 2 In global configuration mode enter the interface ve command to create a VE interface device config interface ve 10 3 In VE configuration mode enable forwarding for the VRF guest device config vif 10 vrf forwarding guest Warning All IPv4 and IPv6 addresses ...

Page 567: ...p address 10 0 0 1 24 Verifying a Multi VRF configuration The following examples illustrate the use of a variety of show commands that are useful in verifying Multi VRF configurations To verify all configured VRFs in summary mode enter the show vrf command as in the following example device show vrf Total number of VRFs configured 2 Status Codes A active D pending deletion I inactive Name Default ...

Page 568: ...summary Removing a VRF configuration The following examples illustrate a variety of ways by which you can remove a VRF configuration deleting a VRF instance from a port deleting an address family from a VRF and deleting the VRF globally To delete a VRF instance from a specific port use the no form of the vrf command This removes all Layer 3 interface bindings from the VRF and returns the interface...

Page 569: ... 1 7 8 device config vrf customer 1 ipv4 exit address family device config vrf customer 1 exit vrf device config Configuring additional ARP features for Multi VRF This section discusses options for configuring proxy ARP and ARP rate limiting Proxy ARP allows a Layer 3 switch to answer ARP requests from devices on one subnet on behalf of devices in another network Proxy ARP is configured globally a...

Page 570: ...y arp To configure ARP rate limiting globally device config rate limit arp To configure ARP rate limiting on a Layer 3 Ethernet interface for an aging timeout of 20 minutes device config int e1000 1 7 1 device config if e1000 1 7 1 ip arp age 20 Configuring Multi VRF FastIron Ethernet Switch Layer 3 Routing 570 53 1003627 04 ...

Page 571: ...ion VLAN VE address Yes Yes arp age Yes Yes bgp No Yes bootp gateway Yes Yes directed broadcast Yes Yes encapsulation Yes Yes follow No No helper address Yes Yes icmp Yes Yes igmp No No irdp No Yes local proxy arp No Yes metric No Yes mtu Yes Yes multicast boundary No No ospf No Yes pim No No pim sparse No Yes policy No Yes proxy arp No Yes redirect No Yes rip No Yes tcp Yes Yes tunnel No Yes use ...

Page 572: ...nless the local CCEP port is down During this transient time the Layer 3 traffic gets forwarded toward the MCT peer While the ICX 7750 as an MCT peer can successfully forward this traffic to the client SX 800 and SX 1600 devices will experience loss of traffic during this time If the MCT client triggers an ARP request it would do so for its Layer 3 next hop IP address which generally resides on th...

Page 573: ... switched towards the intended next hop Therefore almost 50 percent of traffic being forwarded from MCT clients and as much as 100 percent traffic in the worst case can pass through the ICL This fact should be considered when designing the ICL capacity in the network VRRP or VRRP E over an MCT enabled network To interface a Layer 2 MCT deployment with a Layer 3 network and add redundancy at the La...

Page 574: ...vice config if e1000 vrid 2 short path forwarding revert priority 60 Syntax no short path forwarding revert priority value The revert priority value in the short path forwarding command works in conjunction with the track port command to control forwarding behavior The track port command monitors the status of the outgoing port on the backup Command behavior can cause short path forwarding to be d...

Page 575: ...are supported If a VLAN is already configured with these Layer 3 features it cannot be made the session VLAN To see the list of unsupported features on MCT management interface refer to Layer 3 behavior with MCT on page 571 IPv6 configurations are not supported on VEs of session or member VLANs Route only ports cannot be used as CCEP or ICL ports Global route only configuration and MCT cluster con...

Page 576: ...on show the topology and configuration for a single level MCT deployment VRRP VRRP E over MCT OSPF over MCT and BGP over MCT MCT configuration for a single level MCT deployment The following figure shows a sample configuration for a single level MCT The associated configuration follows FIGURE 41 Sample Configuration for a single level MCT Router A MCT configuration This example presents the MCT co...

Page 577: ...ic id 55 ports ethernet 1 1 1 to 1 1 2 primary port 1 1 1 deploy vlan 110 name Member vlan by port tagged ethernet 1 1 1 ethernet 1 1 2 to 1 1 4 router interface ve 110 vlan 1000 name ICL Session vlan by port tagged ethernet 1 1 1 to 1 1 2 router interface ve 1000 vlan 1001 name MCT Keep Alive by port tagged ethernet 1 1 3 interface ve 1000 ip address 10 0 0 253 255 255 255 252 cluster FI MCT 1750...

Page 578: ...ows a sample MCT configuration with VRRP E The associated configuration follows The configuration for VRRP is similar FIGURE 42 Sample MCT configuration with VRRP E Router A VRRP E configuration This example presents the VRRP E configuration for the Router A cluster device router vrrp extended interface ve 110 port name S1 SW ip address 10 110 0 253 255 255 255 0 ip vrrp extended vrid 110 backup i...

Page 579: ...describe sample MCT configurations with OSPF FIGURE 43 MCT Configuration with OSPF SWRA OSPF configuration This example presents the OSPF configuration for the SWRA cluster device router ospf area 0 interface ve 110 ip address 10 110 0 253 255 255 255 0 ip ospf area 0 SWRB OSPF configuration This example presents the OSPF configuration for the SWRB cluster device router ospf area 0 interface ve 11...

Page 580: ...0 1 255 255 255 0 ip ospf area 0 MCT Configuration with BGP The following examples describe sample MCT configurations with BGP FIGURE 44 MCT Configuration with BGP SWRA BGP configuration This example presents the BGP configuration for the SWRA cluster device interface ve 110 ip address 10 110 0 253 255 255 255 0 router bgp local as 100 neighbor 10 110 0 252 remote as 100 neighbor 10 110 0 1 remote...

Page 581: ...er ICL The nature of the MCT LAG requires this Packets from the MCT client on the CCEP ports are received by only one of the MCT peers Hence the control packets that are received natively on the CCEP ports are sent over ICL to synchronize the states The Join or Prune and Asserts are synchronized to maintain the Outgoing Interface OIF state for the CCEP ports on both peers For CCEP OIFs created by ...

Page 582: ...er control or data packets they reach only one of the peers These control packets hellos joins prunes and others received by one peer are flooded on the MCT VLAN including the ICL port to the other peer Hellos sent by R1 could reach either P1 or P2 due to the above nature of MCT LAG Hellos that reach P2 are sent to P1 natively over ICL That means P1 learns about R1 by searching the source MAC of t...

Page 583: ...fic When the traffic arrives the S G state is created on both the peers but only one of them forwards based on the software hashing algorithm MCT peer as intermediate Downstream router P1 and P2 are the MCT peers and are acting as downstream routers for R1 R1 is the intermediate router P1 P2 and R1 are configured with PIM on the MCT VE interface RP and source are beyond R1 FIGURE 46 MCT peer as im...

Page 584: ... CCEP links have the same capacity and the source and group addresses are evenly distributed That situation avoids the timing synchronization between the MCT peer routers which would be very hard to achieve The sharing is done at a stream not packet level using the following software hash algorithm source address group address 0x00000001 local_bridge_id remote_bridge_id If result is 1 local CCEP f...

Page 585: ... from the core whether the chassis is forwarding this stream to the local CCEP or not This could potentially waste the bandwidth inside the core and on uplink You can configure both MCT peers to do either PIM routing or multicast snooping in MCT VLANs However configuring one MCT peer to do PIM routing and the other to do multicast snooping in the same MCT VLAN is not supported PIM neighbor on CEP ...

Page 586: ... 5 100 rbridge id 4000 icl MCT deploy client client 100 rbridge id 100 client interface ethernet 1 1 11 deploy end vlan 10 name member vlan by port tagged ethe 1 1 1 ethe 1 1 11 ethe 1 1 25 router interface ve 10 spanning tree 802 1w spanning tree 802 1w ethe 1 1 11 disable interface ve 10 ip address 10 10 10 100 255 255 255 0 ip pim sparse ip ospf area 0 Layer 3 behavior with MCT FastIron Etherne...

Page 587: ... 5 5 10 rbridge id 1000 icl MCT deploy client client 100 rbridge id 100 client interface ethernet 2 1 11 deploy end vlan 10 name member vlan by port tagged ethe 2 1 1 ethe 2 1 11 ethe 2 1 27 router interface ve 10 spanning tree 802 1w spanning tree 802 1w ethe 2 1 11 disable interface ve 10 ip address 10 10 10 1 255 255 255 0 ip pim sparse ip ospf area 0 Layer 3 behavior with MCT FastIron Ethernet...

Page 588: ...FastIron Ethernet Switch Layer 3 Routing 588 53 1003627 04 ...

Page 589: ...kets are discarded by default Source IP SIP lookup and the SIP s next hop layer interface information is used in this mode This mode has options to include default route check or exclude default route check Loose mode In this mode each incoming packet s source address is tested against the forwarding information base As long as there is a match for the source IP address in the forwarding informati...

Page 590: ...0 considerations ICX 7750 devices support global mode and interface configuration mode Per interface level configuration is available on VE interfaces and physical ports only IPv4 and IPv6 unicast routed packets are subjected to uRPF check on ICX 7750 devices Scaling numbers are reduced by half for the following system values when uRPF is enabled ip route ip6 route ip route default vrf ip6 route d...

Page 591: ...04 131072 98304 98304 ip6 route 5120 7168 5120 5120 ip route default vrf 65536 131072 65536 65536 ip6 route default vrf 2048 7168 2048 2048 ip route vrf 4096 131072 4096 4096 ip6 route vrf 1024 7168 1024 1024 TABLE 117 ICX 7750 system max values with uRPF configuration after reload System parameter Default Maximum Current Configured ip route 49152 65536 49152 49152 ip6 route 2560 3584 2560 2560 ip...

Page 592: ...nation specified as a next hop are enabled On ICX 7750 devices the uRPF check enables the interface level CLI and hardware settings You should reload the device after enabling reverse path check for this configuration to be captured in the system settings NOTE Refer to the FastIron Command Reference for a complete list of supported commands 1 Enter global configuration mode 2 Enter the reverse pat...

Page 593: ...shows the uRPF strict mode enabled device interface ethernet 1 1 9 device interface ethernet 1 1 9 rpf mode strict Configuring unicast Reverse Path Forwarding modes FastIron Ethernet Switch Layer 3 Routing 53 1003627 04 593 ...

Reviews:

No comments