manualshive.com logo in svg

Brocade Communications Systems ICX 7250 series, Configuration Manual

Share
Download
Brocade Communications Systems ICX 7250 series Configuration Manual Download Page 253

For IPsec, the system generates two types of databases. The Security Association Database (SAD) contains a security association for
each interface or one global database for a virtual link. Even if IPsec is configured for an area, each interface that uses the area's IPsec still
has its own security association in the SAD. Each SA in the SAD is a generated entry that is based on your specifications of an
authentication protocol (for example, ESP), destination address, and a security parameter index (SPI). The SPI number is user-specified
according to the network plan. Consideration for the SPI values to specify must apply to the whole network.

The system-generated security policy databases (SPDs) contain the security policies against which the system checks the for-us packets.
For each for-us packet that has an ESP header, the applicable security policy in the security policy database (SPD) is checked to see if
this packet complies with the policy. The IPsec task drops the non-compliant packets. Compliant packets continue on to the OSPFv3
task.

IPsec for OSPFv3 configuration

IPsec authentication can be enabled on both default and nondefault VRFs. IPsec authentication is disabled by default.

The following IPsec parameters are configurable:

ESP protocol

Authentication

Hashed Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA-1) authentication algorithm

Security parameter index (SPI)

A 40-character key using hexadecimal characters

An option for not encrypting the keyword when it appears in 

show

 command output

Key rollover timer

Specifying the key add remove timer

IPsec for OSPFv3 considerations

IPsec generates security associations and security policies based on certain user-specified parameters. Refer to the 

FastIron Command

Reference

 for more information on user-specified parameters.

The system creates a security association for each interface or virtual link based on the values specified by the user.

The system creates a security policy database for each interface or virtual link based on the values specified by the user.

You can configure the same SPI and key on multiple interfaces and areas, but they still have unique IPsec configurations
because the SA and policies are added to each separate security policy database (SPD) that is associated with a particular
interface. If you configure an SA with the same SPI in multiple places, the rest of the parameters associated with the SA—such
as key, cryptographic algorithm, security protocol, and so on—must match. If the system detects a mismatch, it displays an error
message.

IPsec authentication for OSPFv3 requires the use of multiple SPDs, one for each interface. A virtual link has a separate, global
SPD. The authentication configuration on a virtual link must be different from the authentication configuration for an area or
interface, as required by RFC 4552. The interface number is used to generate a non-zero security policy database identifier
(SPDID), but for the global SPD for a virtual link, the system-generated SPDID is always zero. As a hypothetical example, the
SPD for interface eth 1/1/1 might have the system-generated SPDID of 1, and so on.

If you change an existing key, you must also specify a different SPI value. For example, in an interface context where you intend
to change a key, you must enter a different SPI value—which occurs before the key parameter on the command line—before
you enter the new key.

IPsec for OSPFv3

Brocade FastIron Layer 3 Routing Configuration Guide

53-1003903-04

253

Summary of Contents for ICX 7250 series

Page 1: ...Supporting FastIron Software Release 8 0 40a CONFIGURATION GUIDE Brocade FastIron Layer 3 Routing Configuration Guide 53 1003903 04 20 December 2016...

Page 2: ...Brocade FastIron Layer 3 Routing Configuration Guide 2 53 1003903 04...

Page 3: ...28 Ingress ARP packet priority 28 Displaying the ARP table 29 Reverse Address Resolution Protocol configuration 29 How RARP Differs from BootP and DHCP 29 Disabling RARP 30 Creating static RARP entrie...

Page 4: ...onfiguring UDP broadcast and IP helper parameters 78 Configuring IP parameters Layer 2 switches 80 Configuring the management IP address and specifying the default gateway 80 Configuring Domain Name S...

Page 5: ...connectivity on a Layer 3 switch 132 Enabling IPv6 routing 132 IPv6 configuration on each router interface 132 Configuring IPv4 and IPv6 protocol stacks 135 IPv6 over IPv4 tunnels 136 IPv6 over IPv4 t...

Page 6: ...hanging the IPv6 MTU 157 Static neighbor entries configuration 157 Limiting the number of hops an IPv6 packet can traverse 158 IPv6 source routing security enhancements 158 TCAM space configuration 15...

Page 7: ...s 194 Changing the route loop prevention method 195 Suppressing RIP route advertisement on a VRRP or VRRPE backup interface 196 Configuring RIP route filters using prefix lists and route maps 196 Sett...

Page 8: ...hronization limitations 226 Interface synchronization 226 Standby module operations 226 Neighbor database 227 LSA database 227 OSPFv2 distribute list 227 Configuring an OSPFv2 distribution list using...

Page 9: ...marization 251 OSPFv3 over VRF 251 OSPFv3 graceful restart helper 251 OSPFv3 non stop routing 252 IPsec for OSPFv3 252 IPsec for OSPFv3 configuration 253 IPsec for OSPFv3 considerations 253 Configurin...

Page 10: ...s 286 Memory configuration options obsoleted by dynamic memory 286 Basic configuration tasks required for BGP4 286 Enabling BGP4 on the device 286 Changing the device ID 287 Setting the local AS numbe...

Page 11: ...ribute errors 344 Error logs 344 Configuring route flap dampening 344 Globally configuring route flap dampening 345 Using a route map to configure route flap dampening for a specific neighbor 346 Remo...

Page 12: ...he IP route table 395 Clearing traffic counters 395 Clearing diagnostic buffers 396 BGP4 397 BGP4 overview 397 BGP global mode 397 IPv6 unicast address family 398 BGP4 neighbors 399 BGP4 peer groups 3...

Page 13: ...rfaces 435 Configuring MD5 authentication on VRRP interfaces 436 Abdicating VRRP master device status 437 Tracked ports and track priority with VRRP and VRRP E 439 Tracking ports and setting the VRRP...

Page 14: ...3 statistics 465 Clearing VRRPv3 statistics 466 VRRP Ev3 Overview 466 Enabling an IPv6 VRRP Ev3 device 467 Displaying and clearing VRRP Ev3 statistics 468 Multi VRF 471 Multi VRF overview 471 FastIron...

Page 15: ...describes features that may not be currently available Contact a Brocade sales office for information on feature and product availability Export of technical data contained in this document may requir...

Page 16: ...Brocade FastIron Layer 3 Routing Configuration Guide 16 53 1003903 04...

Page 17: ...fies CLI output Identifies command syntax examples Command syntax conventions Bold and italic text identify command syntax components Delimiters and operators define groupings of parameters and their...

Page 18: ...software or data DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you Safety labels are also attached directly to products to warn...

Page 19: ...tact your OEM Solution Provider for all of your product support needs OEM Solution Providers are trained and certified by Brocade to support Brocade products Brocade provides backline support for issu...

Page 20: ...Brocade FastIron Layer 3 Routing Configuration Guide 20 53 1003903 04...

Page 21: ...ing allows you to automatically deploy devices with management IP addresses and file upgrades DHCP auto provisioning in the Brocade FastIron DHCP Configuration Guide DHCP client link layer option You...

Page 22: ...tandalone command reference for the FastIron platforms In the Brocade FastIron Command Reference the command pages are in alphabetical order and follow a standard format to present syntax parameters m...

Page 23: ...op router toward its destination or to a default route or default network route if the IP route table does not contain a route to the packet destination In each case the Layer 3 switch must encapsulat...

Page 24: ...e IP address of Device B is not sufficient the MAC address is also required ARP supplies the MAC address Rate limiting ARP packets You can limit the number of ARP packets the Brocade device accepts du...

Page 25: ...ro aging is disabled and entries do not age out NOTE Host devices connected to an ICX 7750 that also have a valid IP address and reply periodically to the arp request are not timed out even if no traf...

Page 26: ...config interface ethernet 5 device config if e1000 5 ip proxy arp enable To again disable IP proxy ARP on an interface enter the following command device config interface ethernet 5 device config if...

Page 27: ...E You must save the configuration to the startup config file and reload the software after changing the static ARP table size to place the change into effect Syntax system max ip static arp num The nu...

Page 28: ...eader and the sender hardware address in the ARP body must be the same This validation is performed for the ARP request and response packets When the source MAC validation is enabled the packets with...

Page 29: ...will use the Layer 3 switch for booting A RARP entry consists of the following information The entry number The entry sequence number in the RARP table The MAC address of the boot client The IP addre...

Page 30: ...such as the following device config rarp 1 0000 0054 2348 10 53 4 2 This command creates a RARP entry for a client with MAC address 0000 0054 2348 When the Layer 3 switch receives a RARP request from...

Page 31: ...an reply to an ARP request with its own MAC address thereby causing other hosts on the same subnet to store this information in their ARP tables or replace the existing ARP entry Furthermore a host ca...

Page 32: ...collected from snooping DHCP packets when DHCP snooping is enabled on VLANs DHCP snooping entries are stored in a different table and are not part of the ARP table The status of an ARP entry is either...

Page 33: ...nspection is disabled by default and the trust setting for ports is by default untrusted Configuring an inspection ARP entry Static ARP and static inspection ARP entries must be configured for hosts o...

Page 34: ...You can deploy multiple VRFs on a Brocade Ethernet switch Each VLAN having a Virtual Ethernet VE interface is assigned to a VRF You can enable DAI on individual VLANs and assign any interface as the A...

Page 35: ...vrf vrf name Displaying ARP inspection status and ports To display the ARP inspection status for a VLAN and the trusted or untrusted port enter the following command device show ip arp inspection vlan...

Page 36: ...Brocade FastIron Layer 3 Routing Configuration Guide 36 53 1003903 04...

Page 37: ...rrently throughout the world IPv4 uses a 32 bit addressing system and is represented in a 4 byte dotted decimal format x x x x IP configuration overview Brocade Layer 2 switches and Layer 3 switches s...

Page 38: ...faces GRE tunnels Each IP address on a Layer 3 switch must be in a different subnet You can have only one interface that is in a given subnet For example you can configure IP addresses 192 168 1 1 24...

Page 39: ...ving interface 1 If a deny filter on the interface denies the packet the Layer 3 switch discards the packet and performs no further processing except generating a Syslog entry and SNMP message if logg...

Page 40: ...entry to forward subsequent packets from the same source to the same destination If the running config does not contain an IP access policy for the packet the software creates a new entry in the forwa...

Page 41: ...h to a destination When the software receives paths from more than one of the sources listed above the software compares the administrative distance of each path and selects the path with the lowest a...

Page 42: ...nation is reached is also listed as well as the VLAN and Layer 4 QoS priority associated with the destination if applicable NOTE You cannot add static entries to the IP forwarding cache although you c...

Page 43: ...Virtual Router Redundancy Protocol VRRP A standard router redundancy protocol based on RFC 2338 You can use VRRP to configure Brocade Layer 3 switches and third party routers to back up IP interfaces...

Page 44: ...file To save configuration changes to the startup config file enter the write memory command from the Privileged EXEC level of any configuration level of the CLI To save the configuration changes usi...

Page 45: ...device receives more ARP packets than you specify the device drops additional ARP packets for the remainder of the one second interval Disabled ARP age The amount of time the device keeps a MAC addre...

Page 46: ...ts router interfaces to directly attached hosts You can enable or disable the protocol and change the following protocol parameters Forwarding method broadcast or multicast Hold time Maximum advertise...

Page 47: ...d Maximum IP load sharing paths The maximum number of equal cost paths across which the Layer 3 switch is allowed to distribute traffic Four Origination of default routes You can enable a router to or...

Page 48: ...into the non forwarding state the device waits for the configured time before notifying the Layer 3 protocols of the VE down event NOTE Available on the VE interface only Delay time is not configured...

Page 49: ...IP helper addresses allow the router to forward requests for certain UDP applications from a client on one subnet to a server on another subnet None configured Basic IP parameters and defaults Layer...

Page 50: ...t can pass before being discarded Each router decreases a packet TTL by 1 before forwarding the packet If decreasing the TTL causes the TTL to be 0 the router drops the packet instead of forwarding it...

Page 51: ...er to Configuring IP addresses to add IP addresses then enable and configure the route exchange protocols as described in other chapters of this guide If you are configuring a Layer 2 switch refer to...

Page 52: ...dress 10 45 6 1 255 255 255 0 You also can enter the IP address and mask in CIDR format as follows device config if 1 1 1 ip address 10 45 6 1 24 Syntax no ip address ip addr ip mask ospf ignore ospf...

Page 53: ...ecify from 1 to the maximum number of virtual interfaces supported on the device To display the maximum number of virtual interfaces supported on the device enter the show default values command The m...

Page 54: ...w on a virtual routing interface When configuring IP Follow the primary virtual routing interface should not have ACL or DoS Protection configured It is recommended that you create a dummy virtual rou...

Page 55: ...an IPV4 broadcast scheme the following subnets can be configured 10 10 10 1 Subnet for directed broadcast Network number 1 10 10 10 0 Subnet for network address Network number 0 In a point to point li...

Page 56: ...rnet 1 3 1 RouterB config if e1000 1 3 1 ip address 10 2 2 1 24 Router C RouterC config interface ethernet 1 3 1 RouterC config if e1000 1 3 1 ip address 10 2 2 2 24 Displaying information for a 31 bi...

Page 57: ...s sent to the first DNS server If the host name is not resolved it is sent to the second DNS server If a match is found a response is sent back to the client with the host IP address If no match is fo...

Page 58: ...1 newyork com domain is already defined on the Layer 3 switch you need to enter only the host name NYC02 as noted in the following example device traceroute nyc02 Syntax traceroute vrf vrf host ip add...

Page 59: ...on In this case the destination device is directly connected to the Layer 3 switch The MAC address of the next hop gateway toward the packet destination An Ethernet broadcast address The entire IP pac...

Page 60: ...cted to a server that uses jumbo frames and two other ports connected to clients that can support the jumbo frames increase the MTU only on those three ports Leave the MTU size on the other ports at t...

Page 61: ...ip mtu 1000 device config if 1 1 5 write memory device config if 1 1 5 end device reload Syntax no ip mtu num The num variable specifies the MTU Ethernet II packets can hold IP packets from 576 throu...

Page 62: ...ck interfaces the default router ID is the lowest numbered IP interface configured on the device If you prefer you can explicitly set the router ID to any valid IP address The IP address cannot be in...

Page 63: ...following sections show the syntax for specifying a single source IP address for specific packet types Telnet packets To specify the lowest numbered IP address configured on a virtual interface as the...

Page 64: ...ice config ip tftp source interface ve 1 The commands in this example configure virtual interface 1 assign IP address 10 0 0 3 24 to the interface then designate the interface s address as the source...

Page 65: ...pback num venum Configuring delay time for notifying VE down event When all the ports in the VLAN go into an inactive state for example the non forwarding state the device notifies the Layer 3 protoco...

Page 66: ...hops an IP packet originated by the Layer 3 switch can travel through Each device capable of forwarding IP that receives the packet decrements decreases the packet TTL by one If a device receives a p...

Page 67: ...o pass through only the listed routers If the Layer 3 switch receives a strict source routed packet but cannot reach the next hop interface specified by the packet the Layer 3 switch discards the pack...

Page 68: ...ation and reload the software to place this configuration change into effect Syntax no ip broadcast zero Disabling ICMP messages Brocade devices are enabled to reply to ICMP echo messages and send ICM...

Page 69: ...s not change the Brocade device ability to forward packets Disabling ICMP Unreachable messages prevents the device from generating or forwarding the Unreachable messages To disable all ICMP Unreachabl...

Page 70: ...an use the default network route as a default route instead When the software uses the default network route it also uses the default network route s next hop gateway as the gateway of last resort Thi...

Page 71: ...e route table enter the following command at any level of the CLI device show ip route Total number of IP routes 2 Start index 1 B BGP D Connected R RIP S Static O OSPF Candidate default Destination N...

Page 72: ...t paths to the same destination from different sources such as between static IP routes OSPF and BGP4 The value of the administrative distance is determined by the source of the route The Layer 3 swit...

Page 73: ...he IP route table the cost can increase during the redistribution due to settings in redistribution filters Static route OSPF and BGP4 load sharing IP load sharing and load sharing for BGP4 routes are...

Page 74: ...aring paths enter a command such as the following device config ip load sharing 6 Syntax no ip load sharing num The num variable specifies the number of paths and can be from 2 through 8 depending on...

Page 75: ...next header The software selects a path based on a calculation involving the maximum number of load sharing paths allowed and the actual number of paths to the destination network This is the default...

Page 76: ...f ECMP paths and the value range can be from 8 through 32 This command is supported only on the Brocade ICX 7750 You must save the configuration and reload the device for the maximum ECMP value change...

Page 77: ...interface is independent of the interval on other IRDP enabled interfaces The default maximum message interval is 600 seconds The default minimum message interval is 450 seconds Hold time Each Router...

Page 78: ...f the maxadvertinterval parameter The preference number parameter specifies the IRDP preference level of this Layer 3 switch If a host receives Router Advertisements from multiple routers the host sel...

Page 79: ...connected to the clients for the application The Layer 3 switch cannot forward the requests unless you configure the helper address To enable the forwarding of NTP broadcasts enter the following comma...

Page 80: ...t forward client broadcast request to a server within the network To forward a client broadcast request when the client and server are on the same network configure an IP helper with unicast option on...

Page 81: ...config ip default gateway 10 45 6 1 Syntax ip default gateway ip addr NOTE When configuring an IP address on a Layer 2 switch that has multiple VLANs make sure the configuration includes a designated...

Page 82: ...t to trace the route from a Brocade Layer 2 switch to a remote server identified as NYC02 on domain newyork com Because the newyork com domain is already defined on the Layer 2 switch you need to ente...

Page 83: ...ves the packet decrements decreases the packet TTL by one If a router receives a packet with a TTL of 1 and reduces the TTL to zero the router drops the packet The default TTL is 64 You can change the...

Page 84: ...ides a way to encapsulate arbitrary packets payload packet inside of a transport protocol and transmit them from one tunnel endpoint to another The payload is encapsulated in a GRE packet The resultin...

Page 85: ...191 describes a method for dynamically discovering the maximum transmission unit MTU of an arbitrary internet path When a FastIron device receives an IP packet that has its Do not Fragment DF bit set...

Page 86: ...ted on VLANs that do not have VE ports Whenever multiple IP addresses are configured on a tunnel source the primary address of the tunnel is always used for forming the tunnel connections Therefore ca...

Page 87: ...nterface Not assigned Optional tasks Change the maximum transmission unit MTU value for the tunnel interface 1476 bytes or 9192 bytes jumbo mode Change the number of GRE tunnels supported on the devic...

Page 88: ...ace The tunnel source address should be one of the router IP addresses configured on a physical loopback or VE interface through which the other end of the tunnel is reachable To configure the source...

Page 89: ...llowing device config interface tunnel 1 device config tnif 1 tunnel destination 131 108 5 2 Syntax no tunnel destination ip address The ip address variable is the destination IP address being configu...

Page 90: ...erface device config ip route 131 108 5 0 24 10 0 8 1 device config ip route 10 10 2 0 24 tunnel 1 Syntax no ip route ip address tunnel tunnel ID The ip address variable is the IP address of the tunne...

Page 91: ...that is supported for an interface tunnel For example if the system max value is reduced it is possible that the configured interfaces may be rejected after a system reload Configuring GRE link keepa...

Page 92: ...ng and re enabling PMTUD PMTUD is enabled by default To disable it enter the following command device config tnif 1 tunnel path mtu discovery disable To re enable PMTUD after it has been disabled ente...

Page 93: ...SM on a GRE tunnel interface enter commands such as the following device config interface tunnel 10 device config tnif 10 ip pim sparse Syntax no ip pim sparse Use the no form of the command to disabl...

Page 94: ...0 24 tunnel 1 Configuring point to point GRE tunnel for Router B device config interface ethernet 1 5 1 device config if e1000 1 5 1 ip address 131 108 5 2 24 device config exit device config interfac...

Page 95: ...ns refer to FastIron Command Reference Syntax show ip route The show ip interface tunnel command displays the link status and IP address configuration for an IP tunnel interface as shown in the follow...

Page 96: ...th MTU will expire Indicates the time after which the learned PMTU expires This line is displayed only when a PMTU is dynamically learned The show ip tunnel traffic command displays the link status of...

Page 97: ...w ip pim interface show ip pim nbr show ip pim mcache show ip pim flow show statistics show ip mtu NOTE All other show commands that are supported currently for Ethernet VE and IP loopback interfaces...

Page 98: ...point on port e 2 egresses and re ingresses as native multicast traffic on the loopback port e 4 and is then forwarded to the outbound interface e 1 device show statistics Port In Packets Out Packets...

Page 99: ...el interface The bandwidth for IP interfaces feature can be used to Query the bandwidth for an interface Help OSPF avoid generating numerous LSAs while updating the cost value for a VE interface due t...

Page 100: ...he fixed port bandwidth as outlined in the Changing the reference bandwidth for the cost on OSPFv2 interfaces on page 232 section When the interface bandwidth feature is enabled OSPF calculates the co...

Page 101: ...10 tagged ethernet 1 1 1 4 Enter the router interface ve command and specify a value to create a virtual interface as the routing interface for the VLAN device config vlan 10 router interface ve 10 Cr...

Page 102: ...specific tunnel interface device configure terminal device config interface tunnel 2 device config tnif 2 tunnel mode gre ip device config tnif 2 tunnel source 10 0 0 1 device config tnif 2 tunnel des...

Page 103: ...VE interface must be unique within the same VLAN There is a maximum number of IP interfaces 248 on which an IP MAC address can be configured and the number of VRRP virtual interfaces that can be supp...

Page 104: ...le and then reload the software to place the change into effect The Layer 3 system parameter limits for FastIron IPv6 models are automatically adjusted by the system and cannot be manually modified Di...

Page 105: ...r disabling routing protocols This section describes how to enable or disable routing protocols For complete configuration information about the routing protocols refer to the respective chapters in t...

Page 106: ...evice write memory device reload To re enable Layer 2 switching on a Layer 3 switch enter the following commands device config no route only device config exit device write memory device reload Syntax...

Page 107: ...CPU and if the checksum is correct it forwards the packet To set disable hardware ip checksum check for all ports enter the following command device disable hw ip checksum check disable ip header che...

Page 108: ...s not affect how information is displayed in the Web Management Interface To enable CIDR format for displaying network masks entering the following command at the global CONFIG level of the CLI device...

Page 109: ...router id The 32 bit number that uniquely identifies the Brocade router By default the router ID is the numerically lowest IP interface configured on the router enabled The IP related protocols that...

Page 110: ...K Method Status Protocol Ethernet 1 1 1 10 95 6 173 YES NVRAM up up Ethernet 1 1 2 10 3 3 3 YES manual up up Loopback 1 10 2 3 4 YES NVRAM down down Syntax show ip interface ethernet unit slot port lo...

Page 111: ...ICMP redirect enabled proxy arp disabled ip arp age 10 minutes No Helper Addresses are configured No inbound ip access list is set No outgoing ip access list is set Displaying ARP entries You can disp...

Page 112: ...The num entries to skipparameter lets you display the table beginning with a specific entry number NOTE The entry numbers in the ARP cache are not related to the entry numbers for static ARP table ent...

Page 113: ...rs let you restrict the display to entries for a specific IP address and network mask Specify the IP address masks in standard decimal mask format for example 255 255 0 0 The mac addressxxxx xxxx xxxx...

Page 114: ...xample to begin displaying the cache at row 10 enter the following command device show ip cache 9 The show ip cache command displays the following information TABLE 17 CLI display of IP forwarding cac...

Page 115: ...he Type field indicating the route is to a directly connected device Here is an example of how to use the static option To display only the static IP routes enter the following command device show ip...

Page 116: ...is Layer 3 switch R The route was learned from RIP S The route is a static route The route and next hop gateway are resolved through the ip default network setting O The route is an OSPF route Unless...

Page 117: ...0 unrecognized 0 bad version 0 bad addr family 0 bad req format 0 bad metrics 0 bad resp format 0 resp not from rip port 0 resp from loopback 0 packets rejected The show ip traffic command displays th...

Page 118: ...ages sent or received by the device addr mask reply The number of Address Mask Replies messages sent or received by the device irdp advertisement The number of ICMP Router Discovery Protocol IRDP Adve...

Page 119: ...IP version was either invalid or is not supported by this device bad addr family The number of RIP packets dropped because the value in the Address Family Identifier field of the packet header was inv...

Page 120: ...t TFTP access Displaying ARP entries To display the entries the Layer 2 switch has placed in its ARP cache enter the show arp command from any level of the CLI This command shows the total number of A...

Page 121: ...1 current active tcbs 4 tcbs allocated 0 tcbs freed 0 tcbs protected 0 active opens 0 passive opens 0 failed attempts 0 active resets 0 passive resets 0 input errors 27 in segments 24 out segments 0...

Page 122: ...essages sent or received by the device addr mask reply The number of Address Mask Replies messages sent or received by the device irdp advertisement The number of ICMP Router Discovery Protocol IRDP A...

Page 123: ...tomer support in segments The number of TCP segments received by the device out segments The number of TCP segments sent by the device retransmission The number of segments that this device retransmit...

Page 124: ...Brocade FastIron Layer 3 Routing Configuration Guide 124 53 1003903 04...

Page 125: ...bits which provides more unique IP addresses to support increasing number of network devices An IPv6 address comprise 8 fields of 16 bit hexadecimal values separated by colons The following figure sho...

Page 126: ...bes global site local and link local addresses and the topologies in which they are used Multicast addresses support a scope field which IPv6 address types describes TABLE 23 IPv6 address types Addres...

Page 127: ...prefix of FE80 10 1111 1110 10 and a 64 bit interface ID The 128 bit IPv6 address is then subjected to duplicate address detection to ensure that the address is unique on the link If desired you can...

Page 128: ...for the host to use the new addresses only you can configure the lifetime parameters appropriately using the ipv6 nd prefix advertisement command During this transition the old prefix is removed from...

Page 129: ...name Configures an IPv6 domain name X X ipv6 dns server address Configures an IPv6 DNS server address X X ipv6 enable Enables IPv6 on an interface X X ipv6 hop limit Sets the IPv6 hop limit X ipv6 icm...

Page 130: ...6 tcp Displays information about IPv6 TCP sessions X X show ipv6 traffic Displays IPv6 packet counters X X show ipv6 tunnel Displays information about IPv6 tunnels X X snmp client ipv6 Restricts SNMP...

Page 131: ...lowing at the Global CONFIG level device config ipv6 address 2001 DB8 12D 1300 240 D0FF FE48 4000 1 64 Syntax ipv6 address ipv6 prefix prefix length You must specify the ipv6 prefix parameter in hexad...

Page 132: ...r the no form of this command IPv6 configuration on each router interface To forward IPv6 traffic on a router interface the interface must have an IPv6 address or IPv6 must be explicitly enabled By de...

Page 133: ...001 DB8 12d 1300 64 and the interface ID 240 D0FF FE48 4672 and enable IPv6 on Ethernet interface 1 3 1 Syntax ipv6 address ipv6 prefix prefix length You must specify the ipv6 prefix parameter in hexa...

Page 134: ...computed address which in the case of physical and VE interfaces is derived from a global MAC address all physical and VE interfaces will have the same MAC address To override a link local address tha...

Page 135: ...outing To disable IPv6 traffic globally on the router enter the no form of this command Syntax ip address ip address sub net mask secondary You must specify the ip address parameter using 8 bit values...

Page 136: ...6 protocol stacks section in the Brocade FastIron Layer 3 Routing Configuration Guide IPv6 over IPv4 tunnel configuration notes The local tunnel configuration must include both source and destination...

Page 137: ...specify a loopback VE or interface also specify the loopback VE or number respectively Syntax no tunneldestination ipv4 address Specify the ipv4 address parameter using 8 bit values in dotted decimal...

Page 138: ...by a tunnel interface Note that this is the number of packets received by the CPU It does not include the number of packets processed in hardware Packet Sent The number of packets sent by a tunnel int...

Page 139: ...Pv6 addresses on its interfaces but does not have full IPv6 routing enabled on it Configuring IPv6 management ACLs When you enter the ipv6 access list command the Brocade device enters the IPv6 Access...

Page 140: ...device open the SSH client program and specify the IPv6 address of the device For more information about configuring SSH on the Brocade device refer to SSH2 and SCP chapter in the Brocade FastIron Se...

Page 141: ...ived Traceroute requests display all responses of a minimum TTL of 1 second and a maximum TTL of 30 seconds In addition if there are multiple equal cost routes to the destination the Brocade device di...

Page 142: ...Syntax web client ipv6 ipv6 address the ipv6 address you specify must be in hexadecimal format using 16 bit values between colons as documented in RFC 2373 Configuring name to IPv6 address resolution...

Page 143: ...such as an Ethernet interface you must also specify the port number of the interface If you specify a virtual interface such as a VE you must specify the number associated with the VE The source ipv6...

Page 144: ...such as the following device config log host ipv6 2000 2383 e0bb 4 128 Syntax log host ipv6 ipv6 address udp port num The ipv6 address must be in hexadecimal using 16 bit values between colons as doc...

Page 145: ...y Disabling IPv6 on a Layer 2 switch IPv6 is enabled by default in the Layer 2 switch code If desired you can disable IPv6 on a global basis on a device running the switch code To do so enter the foll...

Page 146: ...seconds output from the show run command does not include the setting of the ipv6 icmp error interval command because the setting is the default Also if you configure the interval value to a number th...

Page 147: ...advertisement messages Brocade uses seconds as the unit of measure instead of milliseconds If you add a port to a port based VLAN and the port has IPv6 neighbor discovery configuration the system will...

Page 148: ...v6 address immediately instead of awaiting the next periodic router advertisement message Because a host at system startup typically does not have a unicast IPv6 address the source address in the rout...

Page 149: ...efault value use the no form of this command For the interval between neighbor solicitation messages and the value for the retrans timer in router advertisements specify a number from 0 4294967295 mil...

Page 150: ...e max range value The min range value can be a number between 3 75 x max range value The max range value parameter specifies the maximum number of seconds allowed between sending unsolicited multicast...

Page 151: ...an include the following flags Managed Address Configuration This flag indicates to hosts on a local link if they should use the stateful autoconfiguration feature to get IPv6 addresses for their inte...

Page 152: ...on IPv6 RA and sends it periodically to the IPv6 host or as a response to the router solicitations To configure IPv6 RA preference for the IPv6 router use the ipv6 nd router preference in the interfa...

Page 153: ...all the traffic will be redirected through the invalid host and is vulnerable to man in the middle attacks The ND inspection validates all the IPv6 packets carrying neighbor discovery messages by che...

Page 154: ...discarded ND inspection follows CPU based packet forwarding and thus the neighbor discovery messages in the ND inspection enabled VLAN may get discarded depending on the CPU load The neighbor discover...

Page 155: ...he IPv6 packets that carry neighbor discovery messages on untrusted ports Validates the source IP addresses and the source MAC addresses of the intercepted packets against the IP to MAC address bindin...

Page 156: ...ernet 1 1 1 device config if e1000 1 1 1 ipv6 neighbor inspection trust Syslog message for ND inspection The following table lists the syslog message related to ND inspection TABLE 27 Syslog message r...

Page 157: ...A port that has a statically assigned IPv6 entry cannot be added to a VLAN NOTE Static neighbor configurations will be cleared on secondary ports when a LAG is formed For example to add a static entry...

Page 158: ...es enter the following command device config no ipv6 icmp source route Syntax no ipv6 icmp source route Use the ipv6 icmp source route form of the command to enable the ICMP error messages TCAM space...

Page 159: ...space is allocated automatically for IPv6 routing information TCAM space allocations for IPv4 and IPv6 routes and other entities can be modified by configuring the number of IPv4 route entries Differe...

Page 160: ...M space is allocated automatically for IPv6 routing information TCAM space allocations for GRE tunnels can be modified using manual configuration Different devices have different amounts of TCAM space...

Page 161: ...cache entries 10 IPv6 Address Next Hop Port 1 2001 DB8 2 LOCAL tunnel 2 2 2001 DB8 106 LOCAL ethe 1 3 2 3 2001 DB8 110 DIRECT ethe 1 3 2 4 2001 DB8 46a 1 LOCAL ethe 1 3 2 5 2001 DB8 2e0 52ff fe99 9737...

Page 162: ...Routing Protocols R RIP O OSPF Interface Status Routing Global Unicast Address Ethernet 1 3 3 down down R Ethernet 1 3 5 down down Ethernet 1 3 17 up up 2017 c017 101 64 Ethernet 1 3 19 up up 2019 c01...

Page 163: ...cast address es if one or more are configured for the interface Joined group address es The multicast address es that a router interface listens for and recognizes MTU The setting of the maximum trans...

Page 164: ...neighbor Possible states are as follows INCOMPLETE Address resolution of the entry is being performed REACH The static forward path to the neighbor is functioning properly REACH The forward path to th...

Page 165: ...route types The following table lists the information displayed by the show ipv6 route command TABLE 35 IPv6 route table fields Field Description Number of entries The number of entries in the IPv6 r...

Page 166: ...between the current and previous updates received from a router Hops The default value that should be included in the Hop Count field of the IPv6 header for outgoing IPv6 packets The hops value appli...

Page 167: ...g for a matching connection request after having sent a connection request SYN RECEIVED Waiting for a confirming connection request acknowledgment after having both received and sent a connection requ...

Page 168: ...taking place The remote port number parameter is the local port number over which a TCP connection is taking place This display shows the following information TABLE 39 Specific IPv6 TCP connection fi...

Page 169: ...xceeded 0 param prob 1 echo req 2 echo reply 0 mem query 0 mem report 0 mem red 0 router soli 2423 router adv 3754 nei soli 102 nei adv 0 redirect 0 error 0 can not send error 0 too freq Sent Errors 0...

Page 170: ...ipient is not a member of a multicast group no buffer The number of IPv6 packets dropped because there is no buffer available forward cache miss The number of IPv6 packets received for which there is...

Page 171: ...router address The number of Address errors sent by the router no port The number of No Port errors sent by the router pkt too big The number of Packet Too Big errors sent by the router time exceed t...

Page 172: ...nterface type For example to remove entries for IPv6 address 2000 e0ff 1 enter the following command at the Privileged EXEC level or any of the Config levels of the CLI device clear ipv6 cache 2000 e0...

Page 173: ...s from the IPv6 route table You can clear all IPv6 routes or only those routes associated with a particular IPv6 prefix from the IPv6 route table and reset the routes For example to clear IPv6 routes...

Page 174: ...Brocade FastIron Layer 3 Routing Configuration Guide 174 53 1003903 04...

Page 175: ...ther default routes to the destination are not available Statically configured route You can add routes directly to the route table When you add a route to the IP route table you are creating a static...

Page 176: ...IP load balancing When you add multiple IP static routes for the same destination to different next hop gateways and the routes each have the same metric and administrative distance the Layer 3 switch...

Page 177: ...next hop ip addr ethernet unit slot port ve num tunnel tunnel id metric distance num name static route name tag tag num or Syntax ip route vrf vrf name dest ip addr mask bits next hop ip addr ethernet...

Page 178: ...e independently applied on a per VRF basis This command causes the resolution of static route next hop using routes learned from one of the following protocols bgp both iBGP and eBGP routes are used t...

Page 179: ...enter the static route as configured Proceed to enter the new name instead of the previous name Refer to the following example Static IP route with the original name abc device config ip route 10 22...

Page 180: ...default route device config ip route next hop enable default Syntax no ip route next hop enable default NOTE This command can be independently applied on a per VRF basis This command works independen...

Page 181: ...re multiple static IP routes to the same destination for the following benefits IP load sharing If you configure more than one static route to the same destination and the routes have different next h...

Page 182: ...itch prefers the static route over other routes to the destination This feature is especially useful for the following configurations These are not the only allowed configurations but they are typical...

Page 183: ...The interface based static route has a lower metric than the standard static route As a result the Layer 3 switch always prefers the interface based route when the route is available However if the in...

Page 184: ...null route The metric for the null route is 3 which is higher than the metric for the standard static route If the standard static route is unavailable the software uses the null route To configure a...

Page 185: ...01 DB8 0 32 and a next hop gateway with the link local address fe80 1 that the Layer 3 switch can access through Ethernet interface 1 3 1 enter the following command device config ipv6 route 2001 DB8...

Page 186: ...Pv6 static route table that have the same destination The metric applies only to routes that the Layer 3 switch has already placed in the IPv6 static route table The administrative distance is a value...

Page 187: ...hop for a static route the tunnel must already be configured if the destination is a non default VRF In contrast a tunnel can be designated as the next hop in the default VRF before it is configured...

Page 188: ...Brocade FastIron Layer 3 Routing Configuration Guide 188 53 1003903 04...

Page 189: ...lder route is replaced with the newer one The new path is then included in the updates sent to other RIP routers including Brocade devices RIP routers including Brocade devices also can modify a route...

Page 190: ...er learns through another protocol and then distributes into RIP Disabled Redistribution metric RIP assigns a RIP metric cost to each external route redistributed from another routing protocol into RI...

Page 191: ...d the route Poison reverse The device assigns a cost of 16 infinite or unreachable to a route before advertising it on the same interface as the one on which the device learned the route NOTE Enabling...

Page 192: ...nt the device from using a specific port for routes learned though that port by setting its metric to 16 The in keyword applies to routes the port learns from RIP neighbors The out keyword applies to...

Page 193: ...ch is found the Brocade device stops evaluating the route against the route map instances Route maps can contain match statements and set statements Each route map contains a permit or deny action for...

Page 194: ...earning and advertising parameters By default a Brocade device learns routes from all its RIP neighbors and advertises RIP routes to those neighbors You can configure the following learning and advert...

Page 195: ...from all neighbors except the ones you explicitly permit Thus to deny learning from a specific neighbor but allow all other neighbors you must add a filter that allows learning from all neighbors Mak...

Page 196: ...interface in RIP advertisements As a result other routers receive multiple paths for the backed up interface and might sometimes unsuccessfully use the path to the Backup rather than the path to the...

Page 197: ...the prefix list to routes the Brocade device learns from its neighbor on the interface Out is for Outbound filtering It applies the prefix list to routes the Brocade device advertises to its neighbor...

Page 198: ...35 The default is 120 seconds Displaying RIP Information To display RIP filters enter the following command at any CLI level device show ip rip RIP Summary Default port 520 Administrative distance is...

Page 199: ...is on poison reverse is off Default routes not accepted Metric offset Inbound 1 Metric offset Outbound 0 Prefix List Inbound Not set Prefix List Outbound Not set Route map Inbound Not set Route map Ou...

Page 200: ...on for ve 20 enter the following command device show running config interface ve 20 interface ve 20 ip ospf area 1 ip rip v1 only ip rip poison reverse ip address 10 2 0 1 24 Displaying CPU utilizatio...

Page 201: ...ks The command lists the usage statistics for the previous five second one minute five minute and fifteen minute intervals Displaying CPU utilization statistics Brocade FastIron Layer 3 Routing Config...

Page 202: ...Brocade FastIron Layer 3 Routing Configuration Guide 202 53 1003903 04...

Page 203: ...B into the main IPv6 route table Configuring RIPng To configure RIPng you must enable RIPng globally on the Brocade device and on individual device interfaces The following configuration tasks are opt...

Page 204: ...t of time in seconds after which a route is removed from the routing table 120 seconds You can adjust these timers for RIPng Before doing so keep the following caveats in mind If you adjust these RIPn...

Page 205: ...pdates sent from Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e100 1 3 1 ipv6 rip default information only To originate IPv6 default ro...

Page 206: ...ge the metric offset for incoming routes learned by Ethernet interface 1 3 1 to one and the metric offset for outgoing routes advertised by the interface to three enter the following commands device c...

Page 207: ...g ipv6 router rip device config ripng router distribute list prefix list 2001routes in Syntax no distribute list prefix list name in out The name parameter indicates the name of the prefix list genera...

Page 208: ...ion RIPng routing table Displaying RIPng configuration To display RIPng configuration information enter the show ipv6 rip command at any CLI level device show ipv6 rip IPv6 rip enabled port 521 Admini...

Page 209: ...4 2da e 2 1 23 RIP metric 2 tag 0 timers aging 50 Syntax show ipv6 rip route ipv6 prefix prefix length ipv6 address The ipv6 prefix prefix length parameters restrict the display to the entries for the...

Page 210: ...Png OSPF OSPFv3 routes are redistributed into RIPng Metric number The cost of the route The number parameter indicates the number of hops to the destination Tag number The tag value of the route Timer...

Page 211: ...SPFv2 overview Open Shortest Path First Version 2 OSPFv2 is a link state routing protocol that uses link state advertisements LSAs to update neighboring routers about a router s interfaces Each router...

Page 212: ...ve either a direct or indirect link to an OSPF backbone area also known as area 0 or area 0 0 0 0 Each ABR maintains a separate topological database for each area the router is in Each topological dat...

Page 213: ...n broadcast and non broadcast multi access NBMA networks the Designated Router and Backup Designated Router become adjacent to all other routers attached to the network In a network with no designated...

Page 214: ...PF Autonomous System AS In some cases multiple ASBRs in an AS can originate equivalent LSAs The LSAs are equivalent when they have the same cost the same next hop and the same destination The device o...

Page 215: ...domain into the OSPF AS while the other ASBRs flush the equivalent AS External LSAs from their databases As a result the overall volume of route advertisement traffic within the AS is reduced and the...

Page 216: ...nnected to it and inter area routing happens by way of routers connected to the backbone area and to their own associated areas The backbone area is the logical and physical structure for the OSPF dom...

Page 217: ...into a stub area by configuring the device to stop sending type 3 LSAs into the area You can disable the summary LSAs to create a TSA when you are configuring the stub area or after you have configure...

Page 218: ...he ABR generates a default type 7 LSA into the NSSA Link state advertisements Brocade devices support the following types of LSAs which are described in RFC 2328 and 3101 Router link Network link Summ...

Page 219: ...e parameters from the router with the physical connection be aware that the router ID is the IP address of the router requiring a logical connection to the backbone NOTE By default a device s router I...

Page 220: ...you configure an address range the range takes effect immediately All the imported routes are summarized according to the configured address range Imported routes that have already been advertised and...

Page 221: ...nge one or both of the timers NOTE If you want to change only one of the timers for example the SPF delay timer you must specify the new value for this timer as well as the current value of the SPF ho...

Page 222: ...te information When appendix E is supported the device generates the link state ID for a network as the following steps 1 Does an LSA with the network address as its ID already exist No Use the networ...

Page 223: ...n RFC 3137 This feature provides a user with the ability to gracefully introduce and remove an OSPFv2 device from the network by controlling when the data traffic can start and stop flowing through th...

Page 224: ...lliseconds will be observed If a topology change occurs during the hold time of 300 milliseconds the hold time is doubled to 600 milliseconds If a topology change event occurs during the 600 milliseco...

Page 225: ...ghbor information are synchronized to the standby module using the NSR synchronization library and IPC mechanism to transmit and receive packets Link state database synchronization To ensure non stop...

Page 226: ...tate 2way or full MD5 information Neighbor priority Synchronization limitations If a neighbor device is inactive for 30 seconds and if the standby module takes over in another 10 seconds the neighbor...

Page 227: ...tly installed into the LSDB OSPFv2 distribute list A distribution list can be configured to explicitly deny specific routes from being eligible for installation in the IP route table By default all OS...

Page 228: ...OSPFv2 database device config ip access list 100 deny ip 10 31 39 0 0 0 0 255 any device config ip access list 100 permit ip any any device config router ospf device config ospf router area 0 device c...

Page 229: ...containing the set distance clause The other OSPFv2 route route 3 which does not match the relevant instance continues to have the default OSPFv2 administrative distance of 110 OSPFv2 route redistribu...

Page 230: ...is 4 equal cost paths but you can specify from 2 to 8 paths On the ICX 7750 device the value range for the maximum number of load sharing paths is from 2 through 32 which is controlled by the system...

Page 231: ...mple If the costs are the same the device now has four equal cost paths to R1 To allow the device to load share among the equal cost routes enable IP load sharing Four equal cost OSPF paths are suppor...

Page 232: ...bps port 10 All other port speeds 1 You can change the reference bandwidth The following formula is used to calculate the cost Cost reference bandwidth interface speed If the resulting cost is less th...

Page 233: ...Fv2 on a device Consider the following when enabling OSPFv2 on a device If a device is to operate as an ASBR you must enable the ASBR capability at the system level Redistribution must be enabled on d...

Page 234: ...device config ospf router area 1 1 1 1 nssa 1 Configuring a summary address for the NSSA If you want the ABR that connects the NSSA to other areas to summarize the routes in the NSSA before translati...

Page 235: ...fig router ospf device config ospf router area 40 stub 99 no summary Assigning an area range Ranges for an area can be assigned Ranges allow a specific IP address and mask to represent a range of IP a...

Page 236: ...loopback interface to an area with the IP address of 10 5 0 0 device configure terminal device config interface loopback 2 device config lbif 2 ip ospf area 10 5 0 0 Configuring virtual links If an Ar...

Page 237: ...outer area 1 device1 config ospf router area 1 virtual link 10 2 2 2 ABR2 device2 configure terminal device2 config router ospf device2 config ospf router area 1 device2 config ospf router area 2 devi...

Page 238: ...e disabled on a routing device 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the router ospf command to enter OSPF router configuration m...

Page 239: ...restart command using the helper disable keyword to disable the GR helper device config ospf router graceful restart helper disable The following example disables the GR helper device configure termin...

Page 240: ...metric router lsa on startup 85 This example configures an OSPFv2 device to advertise a maximum metric for 85 seconds after a restart before advertising with a normal metric device configure terminal...

Page 241: ...SPFv2 on a device If you disable OSPFv2 the device removes all the configuration information for the disabled protocol from the running configuration Moreover when you save the configuration to the st...

Page 242: ...onfiguration mode device configure terminal 2 Enter the no router ospf command to disable OSPFv2 on the device device config no router ospf The following example disables OSPFv2 on a device device con...

Page 243: ...Fv2 the version that IPv4 supports except for the following enhancements Support for IPv6 addresses and prefixes Ability to configure several IPv6 addresses on a device interface While OSPFv2 runs per...

Page 244: ...eceive external link state advertisements LSAs Stub OSPFv3 devices within a stub area cannot send or receive External LSAs In addition OSPF devices in a stub area must use a default route to the area...

Page 245: ...n to a previously configured area the device flushes all the summary LSAs it has generated as an ABR from the area NOTE Stub areas and TSAs apply only when the device is configured as an Area Border R...

Page 246: ...e 9 For more information about these LSAs refer to RFC 5340 Virtual links All ABRs must have either a direct or indirect link to an OSPFv3 backbone area 0 or 0 0 0 0 If an ABR does not have a physical...

Page 247: ...h the area ID value The neighbor router is the router ID IPv4 address of the router that is physically connected to the backbone when assigned from the router interface requiring a logical connection...

Page 248: ...n any of the OSPFv3 interfaces in the transit area the virtual links in the transit area do not operate The automatically selected IPv6 global address is updated whenever the previously selected IPv6...

Page 249: ...the device is flushed Default routes generated by other OSPFv3 devices are not affected If you re enable the default route origination the change takes effect immediately and you do not need to reload...

Page 250: ...rative distance You can specify unique default administrative distances for the following OSPFv3 route types Intra area routes Inter area routes External routes NOTE The choice of routes within OSPFv3...

Page 251: ...n filters to routes first and then applies them to the address ranges NOTE If you disable redistribution all the aggregate routes are flushed along with other imported routes NOTE Only imported type 5...

Page 252: ...ed to one of the IPv6 addresses on the device or to an IPv6 multicast address Packets that are only forwarded by the line card do not receive IPsec scrutiny Brocade devices support the following compo...

Page 253: ...ions and security policies based on certain user specified parameters Refer to the FastIron Command Reference for more information on user specified parameters The system creates a security associatio...

Page 254: ...device device configure terminal device config ip router id 10 11 12 13 Enabling OSPFv3 When OSPFv3 is enabled on a device the device enters OSPFv3 router configuration mode Several commands can then...

Page 255: ...en rd 100 200 4 Enter the ip router id command to specify the router ID device config vrf green ip router id 10 11 12 14 5 Enter the address family ipv6 command to enter IPv6 address family configurat...

Page 256: ...gned by IP address device configure terminal device config ip router id 10 11 12 13 device config ipv6 router ospf device config ospf6 router area 0 device config ospf6 router area 10 1 1 1 Assigning...

Page 257: ...fig vrf red rd 100 200 device config vrf red ip router id 10 11 12 13 device config vrf red address family ipv6 device config vrf red ipv6 device config vrf red ipv6 exit device config ipv6 router osp...

Page 258: ...1 ipv6 ospf area 0 device config vif 1 exit device config interface ve 2 device config vif 2 ipv6 address 2001 db8 93e8 cc00 2 device config vif 2 ipv6 ospf area 1 Assigning a stub area OSPFv3 areas...

Page 259: ...iguring virtual links If an Area Border Router ABR does not have a physical link to a backbone area a virtual link can be configured between that ABR and another device within the same area that has a...

Page 260: ...device1 config ospf6 router area 1 device1 config ospf6 router area 1 virtual link 10 2 2 2 ABR2 device2 configure terminal device2 config ip router id 10 2 2 2 device2 config ipv6 router ospf device2...

Page 261: ...mers The Shortest Path First SPF delay and hold time can be modified 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the ipv6 router ospf c...

Page 262: ...default type 1 external route with a metric of 2 is created and advertised The following example creates and advertises a default route with a metric of 2 and a type 1 external route device configure...

Page 263: ...pf6 router distance external 100 The administrative distance for external routes is changed from the default to 100 The following example changes the default administrative distances for intra area ro...

Page 264: ...uter ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 globally device config ipv6 router ospf 3 Enter the default passive interface command to mark all interfaces passive by de...

Page 265: ...he GR helper with strict LSA checking device configure terminal device config ipv6 router ospf device config ospf6 router graceful restart helper strict lsa checking Configuring IPsec on an OSPFv3 are...

Page 266: ...authentication protocol you must enter the esp keyword NOTE Ensure that OSPFv3 areas are assigned All device interfaces must be assigned to one of the defined areas on an OSPFv3 router When an interfa...

Page 267: ...link device config ospf6 router area 1 virtual link 10 1 1 1 authentication ipsec spi 512 esp sha1 no encrypt 1134567890223456789012345678901234567890 IPsec is configured on the specified virtual lin...

Page 268: ...ow ipsec statistics IPSecurity Statistics secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs 2 secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs 2 IPSecurity Packet Statistics secEspTotalInPkts 20 ips...

Page 269: ...ulation executed 15 times Pending outgoing LSA count 0 Authentication key rollover interval 300 seconds Number of areas in this router is 3 Router is operating as ABR Router is operating as ASBR Redis...

Page 270: ...3 80000004 799 5b06 64 Yes 0 0 0 200 Rtr 0 192 168 98 111 800002ea 823 cb7b 56 Yes 0 0 0 200 Rtr 0 192 168 98 213 800001c7 799 8402 56 Yes 0 0 0 200 Net 1156 192 168 98 111 80000004 823 b2d2 32 Yes 0...

Page 271: ...ge Cksum Len Sync N A Extn 2 192 168 98 71 80000258 132 a3ff 32 Yes Bits E T Metric 1 Prefix Options Referenced LSType 0 Prefix 0 Tag 1 10 The following example of the show ipv6 ospf database command...

Page 272: ...tes 2001 192 111 42 111 Destination Cost E2Cost Tag Flags Dis IA 2001 192 111 42 111 128 1 0 0 00000007 110 Next_Hop_Router Outgoing_Interface Adv_Router fe80 768e f8ff fe3e 1800 e 4 3 1 10 168 98 111...

Page 273: ...and to maintain loop free routing An AS is a collection of networks that share the same routing and administration characteristics For example a corporate Intranet consisting of several networks unde...

Page 274: ...tination A BGP4 route consists of the following information Network number prefix A value made up of the network mask bits and an IP address for example 10 215 129 0 18 indicates a network mask of 18...

Page 275: ...if BGP4 as path ignore is configured 6 If the AS path lengths are the same prefer the path with the lowest origin type From low to high route origin types are valued as follows IGP is lowest EGP is h...

Page 276: ...the following BGP4 version Indicates the version of the protocol that is in use on the device BGP4 version 4 supports Classless Interdomain Routing CIDR and is the version most widely used in the Int...

Page 277: ...e if a device configured to perform BGP4 routing has already sent the latest route information to peers in UPDATE messages the device does not send more UPDATE messages Instead BGP4 devices send KEEPA...

Page 278: ...arding diminishes route flapping and provides continuous service during a system restart switchover failover or hitless OS upgrade During such events routes remain available between devices BGP4 resta...

Page 279: ...cess operates effectively when implemented for the following processes that involve the intentional switching of the active status from one management module to another System Reload When a device und...

Page 280: ...le failover or system reload if an incoming TCP packet contains an MD5 digest and no matching TCP session is found the device attempts to find a matching BGP4 peer based on the IP address If a BGP4 pe...

Page 281: ...associated with ISP B changes to AS 100 If Customer C cannot or does not want to change their configuration or peering relationship with ISP B a peer with Local AS configured with the value 200 can be...

Page 282: ...and activation for BGP4 BGP4 is disabled by default Follow the steps below to enable BGP4 1 Enable the BGP4 protocol 2 Set the local AS number NOTE You must specify the local AS number for BGP4 to be...

Page 283: ...GP4 configuration from the startup configuration When you save the startup configuration file after disabling the protocol all of the BGP4 configuration information for the disabled protocol is remove...

Page 284: ...ional Aggregate routes in the BGP4 route table into CIDR blocks Optional Configure the device as a BGP4 route reflector Optional Configure the device as a member of a BGP4 confederation Optional Chang...

Page 285: ...e confederation parameters Disable or re enable load sharing Change the maximum number of load sharing paths Change other load sharing parameters Define route flap dampening parameters Add change or n...

Page 286: ...GP4 neighbors send or receive full BGP route tables the number of BGP neighbors the memory can support is less than in configurations where the neighbors send smaller route tables Memory configuration...

Page 287: ...owing device config ip router id 10 157 22 26 Syntax no ip router id ip addr The ip addr can be any valid unique IP address NOTE You can specify an IP address used for an interface on the Brocade devi...

Page 288: ...communicate with a BGP4 neighbor A loopback interface adds stability to the network by working around route flap problems that can occur due to unstable links between the device and neighbors Loopbac...

Page 289: ...list string in out remote as as number remove private as route map in out map name route reflector client send community shutdown generate rib out soft reconfiguration inbound timers keep alive num h...

Page 290: ...ice denies the route To change the default behavior configure the last filter as permit any any NOTE The address filter must already be configured ebgp btsh enables GTSM protection for the specified n...

Page 291: ...device should list itself as the next hop in updates sent to the specified neighbor This option is disabled by default password string specifies an MD5 password for securing sessions between the devic...

Page 292: ...neighbor By default the device does not send the community attribute shutdown administratively shuts down the session with this neighbor Shutting down the session lets you configure the neighbor and...

Page 293: ...PRESSED F FILTERED Prefix Next Hop Metric LocPrf Weight Status 1 10 1 44 0 24 10 2 0 1 1 101 32768 BLS AS_PATH Route is not advertised to any peers To override the summary only parameter and allow a s...

Page 294: ...vice config bgp neighbor 10 10 200 102 password test The BGP4 configuration commands appear in the following format as a result of the show ip bgp configuration command device show ip bgp configuratio...

Page 295: ...at the global CONFIG level of the CLI NOTE The command also displays SNMP community strings in clear text in the output of the show snmp server command Displaying neighbor information To display IPv6...

Page 296: ...pv6 parameter clears information for ipv6 address family The vpnv4 parameter clears information for VPNV4 address family The vrf parameter clears information for a VRF instance The neighbor parameter...

Page 297: ...To configure a peer group enter commands such as the following at the BGP4 configuration level device config bgp router neighbor PeerGroup1 peer group device config bgp router neighbor PeerGroup1 desc...

Page 298: ...e peer group name parameter specifies the peer group name NOTE You must add the peer group before you can add neighbors to it Administratively shutting down a session with a BGP4 neighbor You can prev...

Page 299: ...ers keep alive 30 hold time 90 Syntax no timers keep alive num hold time num For each keyword num indicates the number of seconds The Keep Alive Time can be 0 65535 The Hold Time can be 0 or 3 65535 1...

Page 300: ...no fast external fallover Changing the maximum number of paths for BGP4 Multipath load sharing Multipath load sharing enables the device to balance traffic to a route across multiple equal cost paths...

Page 301: ...destination the software adds the additional path to the BGP4 route table and the IP route table Changing the maximum number of shared BGP4 paths To change the maximum number of BGP4 shared paths ente...

Page 302: ...config bgp maximum paths ebgp Syntax no maximum paths ebgp num The number variable specifies the number of equal cost multipath EBGP routes that will be selected The range is 2 to 8 If the value is s...

Page 303: ...s the local preference Local preference indicates a degree of preference for a route relative to other routes BGP4 neighbors can send the local preference value as an attribute of a route in an UPDATE...

Page 304: ...path or a static route path By default the software performs only one lookup for the next hop IP address for the BGP4 route If the next hop lookup does not result in a valid next hop IP address or th...

Page 305: ...considered unreachable by the device The IP route table entry for the next hop gateway for the BGP4 route s next hop gateway 10 0 0 1 24 is shown here device show ip route 10 0 0 1 Total number of IP...

Page 306: ...10 0 0 0 255 255 255 0 0 0 0 0 1 1 1 1 D AS_PATH 65001 4355 1 1 This lookup results in an IGP route that is a directly connected route As a result the BGP4 route destination is now reachable through...

Page 307: ...r a command such as the following device config bgp router distance 200 200 200 Syntax no distance external distance internal distance local distance The external distance sets the EBGP distance and c...

Page 308: ...ommand output to show what you have actually configured The following example shows a running configuration with the first as enforcement items for global peer group and neighbor in bold device config...

Page 309: ...AS information in the paths For example if the device receives UPDATES for the same route from neighbors in three autonomous systems the device can compare the MEDs of all the paths together instead...

Page 310: ...n cluster All members of the cluster must be in the same AS The cluster ID can be any number from 1 4294967295 or an IP address The default is the device ID expressed as a 32 bit number NOTE If the cl...

Page 311: ...D attribute value that is the same as the ID of the device the device discards the route and does not advertise it By discarding the route the device prevents a routing loop The first time a route is...

Page 312: ...n is not required between clients If you need to disable route reflection between clients enter the no client to client reflection command When this feature is disabled route reflection does not occur...

Page 313: ...through 65535 These are private autonomous system numbers and BGP4 devices do not propagate these AS numbers to the Internet FIGURE 30 Example BGP4 confederation In this example four devices are confi...

Page 314: ...ier 10 deviceA config bgp router confederation peers 64512 64513 deviceA config bgp router write memory Syntax no local as num The num parameter with the local as command indicates the AS number for t...

Page 315: ...10 157 24 0 24 enter the following command device config bgp aggregate address 10 157 0 0 255 255 0 0 Syntax no aggregate address ip addr ip mask as set summary only suppress map map name advertise m...

Page 316: ...graceful restart Syntax no graceful restart Configuring timers for BGP4 Restart optional You can optionally configure the following timers to change their values from the default values Restart Timer...

Page 317: ...time 900 Syntax no graceful restart purge time seconds The seconds variable sets the maximum time before a restarting device cleans up stale routes Possible values are 1 3600 seconds The default value...

Page 318: ...address to an unused network address 10 199 1 1 3 Set the local preference to a value higher than any possible internal or external local preference 50 4 Complete the route map by setting origin to I...

Page 319: ...as 100 device config bgp router redistribute static route map blockuser device config bgp router exit The following configuration defines the specific next hop address and sets the local preference to...

Page 320: ...t Cost Type 1 10 0 0 40 29 DIRECT eth 1 3 7 1 1 S 2 10 0 0 192 27 DIRECT eth 1 3 7 1 1 S 3 10 0 14 0 23 DIRECT eth 1 3 7 1 1 S device Device 1 and 2 Show ip route static output for device 1 and device...

Page 321: ...ble redistribution of all OSPF routes and directly attached routes into BGP4 enter the following commands device config router bgp device config bgp router redistribute ospf device config bgp router r...

Page 322: ...tributing OSPF external routes To configure the device to redistribute OSPF external type 1 routes enter the following command device config bgp router redistribute ospf match external1 Syntax no redi...

Page 323: ...le the device to redistribute BGP4 routes into OSPF and RIP enter the following command device config bgp router bgp redistribute internal Syntax no bgp redistribute internal To disable redistribution...

Page 324: ...his ACL To configure the AS path match clauses in a route map use the match as path command The regular expression parameter specifies the AS path information you want to permit or deny to routes that...

Page 325: ...ing For example the following regular expression matches on an AS path that begins with 3 3 A dollar sign matches on the end of an input string For example the following regular expression matches on...

Page 326: ...ckslash as a string character enter two slashes For example to filter on AS path strings containing a backslash enter the backslash portion of the regular expression as device config bgp router ip as...

Page 327: ...mber internet The Internet community no export The community of sub autonomous systems within a confederation Routes with this community can be exported to other sub autonomous systems within the same...

Page 328: ...value or le value you specify must meet the following condition length ge value le value 81 If you do not specify ge ge value or le le value the prefix list matches only on the exact network prefix yo...

Page 329: ...ast match statement in the last instance of the route map to permit any any If there is no match statement the software considers the route to be a match For route maps that contain address filters AS...

Page 330: ...t the device applies the match and set clauses associated with this route map instance The num parameter specifies the instance of the route map you are defining To delete a route map enter a command...

Page 331: ...e to the specified value The tagtag value parameter compares the route tag to the specified tag value The protocol bgp static network parameter matches on BGP4 static network routes The protocol bgp e...

Page 332: ...ing Syntax no match ip next hop prefix list name The string parameter with the first command specifies an IP ACL and can be a number from 1 through 199 or the ACL name if it is a named ACL To configur...

Page 333: ...tches However a route containing communities 23 45 57 68 and 12 34 or communities 23 45 57 68 12 34 and no export does not match To match the route communities must be the same as those in exactly one...

Page 334: ...ic type type 1 type 2 external metric type internal next hop ip addr origin igp incomplete tag weight num The as path prependnum num parameter adds the specified AS numbers to the front of the AS path...

Page 335: ...e IP route table instead of changing the value in the BGP4 route table The weight num parameter sets the weight for the route The range for the weight value is 0 through 4294967295 Setting a BGP4 rout...

Page 336: ...mmunity list ACL Using a table map to set the tag value Route maps that contain set statements change values in routes when the routes are accepted by the route map For inbound route maps route maps t...

Page 337: ...the neighbor to receive ORFs from the neighbor or both The neighbor uses the ORFs you send as outbound filters when it sends routes to the device Likewise the device uses the ORFs it receives from the...

Page 338: ...end the current session but sends the prefix list to the neighbor in the next route refresh message NOTE Make sure cooperative filtering is enabled on the device and on the neighbor before you send th...

Page 339: ...autonomous system numbers AS4s AS4s are supported by default You can specify and view AS4s by default and using the enable facility described in this section However not all devices in a network are a...

Page 340: ...enabling AS4s for a neighbor or a peer group you can also use the combination of the capability keyword and the optional enable or disable keyword to disable this feature in a specific case where the...

Page 341: ...e local AS number The local autonomous system number ASN identifies the autonomous system where the BGP4 device resides Normally AS4s are sent only to a device peer group or neighbor that is similarly...

Page 342: ...from the neighbor or the routes sent to the neighbor If you do not specify in or out the device performs a soft refresh in both options soft in performs one of the following actions on inbound routes...

Page 343: ...following command sequences show how to enable the different notations for AS4s and how these notations appear in the output display To see ASNs in asplain use the show ip bgp command device config s...

Page 344: ...attribute length 3 entire AS4_PATH ignored Attribute flag error ignore the AS4_PATH SYSLOG Sep 9 19 02 03 11 mu2 BGP From Peer 192 168 1 1 received invalid AS4_PATH attribute flag 0x40 entire AS4_PAT...

Page 345: ...s Reuse threshold Specifies the minimum penalty a route can have and still be suppressed by the device If the route penalty falls below this value the device un suppresses the route and can use it aga...

Page 346: ...ap that explicitly enables dampening Use a set clause within the route map to enable dampening When you associate this route map with a specific neighbor the route map enables dampening for all routes...

Page 347: ...and clearing route flap dampening statistics The software provides many options for displaying and clearing route flap statistics Displaying route flap dampening statistics To display route dampening...

Page 348: ...he device Flaps The number of flaps the route has experienced Since The amount of time since the first flap of this route Reuse The amount of time remaining until this route will be un suppressed and...

Page 349: ...ou to select a sub address family which is the type of routes for the configuration Specify unicast routes TABLE 49 IPv4 BGP4 commands for different configuration levels Command Global iPv4 and IPv6 I...

Page 350: ...xit an address family configuration level enter the following command device config bgp exit address family device config bgp Syntax no exit address family BGP route reflector A BGP device selects a p...

Page 351: ...ries for Interior Gateway Protocol IGP routes because the IGP routes are required by BGP4 to resolve BGP4 next hop entries If the RTM is not able to reserve enough entries for IGP routes BGP4 RIB rout...

Page 352: ...ame number of preferred BGP4 routes will be reinstalled in the RTM 4 Perform the following step to exit the BGP4 unicast family configuration device config bgp ipv4u exit address family Syntax exit ad...

Page 353: ...nd the BGP4 route is now considered the best BGP4 route even though the route is not installed in the RTM Because the rib route limit command was configured to allow for only 300 000 routes in the RTM...

Page 354: ...or and if configured apply maxas limit in in the following order 1 Neighbor value 2 Peer group value 3 Global value In a case where a neighbor has no maximum AS limit a peer group has a value of 3 con...

Page 355: ..._CONFED_SET 4 1 2 3 AS_CONFED_SEQUENCE 3 4 AS_SET 1 5 6 7 AS_SEQ 2 8 9 attribute length 9 Exceeded internal memory limit NOTE The device generates a log message one time every two minutes Because of t...

Page 356: ...4 network route and the BGP4 static network route are mutually exclusive They cannot be configured with the same prefix and mask When you configure a route using the static network command BGP4 automa...

Page 357: ...r group If you specify a neighbor IP address you are configuring that individual neighbor If you specify a peer group name you are configuring a peer group Dynamic route filter update Routing protocol...

Page 358: ...propriate steps are taken to apply the new or updated filter to existing routes Filter update delay and BGP The filter changes update delay command applies remove only to changes of filters that are a...

Page 359: ...ig bgp router neighbor 192 168 9 210 ebgp btsh Syntax no neighbor ip addr peer group name ebgp btsh NOTE For GTSM protection to work properly it must be enabled on both the device and the neighbor Dis...

Page 360: ...of the confederation in which the device resides Confederation Peers The numbers of the local autonomous systems contained in the confederation This list matches the confederation peer list you config...

Page 361: ...how ip bgp neighborip addr command the TCP receiver queue value will be greater than 0 indicates that the session has gone down and the software is clearing or removing routes indicates that the inbou...

Page 362: ...ltihop neighbor 10 102 1 1 update source loopback 1 neighbor 192 168 2 1 remote as 100 neighbor 10 200 2 2 remote as 400 neighbor 2001 db8 1 1 remote as 200 neighbor 2001 db8 1 2 remote as 400 neighbo...

Page 363: ...vice accepted and installed in the BGP4 route table Filtered or Kept Number of routes that were filtered out but were retained in memory for use by the soft reconfiguration feature Filtered Number of...

Page 364: ...for Statistics for the times the device has run out of BGP4 memory for the neighbor during the current BGP4 session Receiving Update Messages The number of times UPDATE messages were discarded because...

Page 365: ...e neighbor These fields are described in detail in section 3 2 of RFC 793 Transmission Control Protocol Functional Specification Syntax show ip bgp neighbors ip addr advertised routes detail ip add ma...

Page 366: ...IP Address The IP address of the neighbor AS The AS the neighbor is in EBGP or IBGP Whether the neighbor session is an IBGP session an EBGP session or a confederation EBGP session EBGP The neighbor i...

Page 367: ...ghbor before deciding that the neighbor is not operational PeerGroup The name of the peer group the neighbor is in if applicable Multihop EBGP Whether this option is enabled for the neighbor RouteRefl...

Page 368: ...Identifier Unsupported Optional Parameter Authentication Failure Unacceptable Hold Time Unsupported Capability UPDATE Message Error Malformed Attribute List Unrecognized Well known Attribute Missing...

Page 369: ...work Field Malformed AS Path Unspecified Hold Timer Expired Finite State Machine Error Cease Unspecified Notification Received Refer to details for the field Notification Sent TCP Connection state The...

Page 370: ...at the device retransmitted because they were not acknowledged UnAckSeq The current acknowledged sequence number IRcvSeq The initial receive sequence number for the session RcvNext The next sequence n...

Page 371: ...prefix For information about the fields in this display refer to Displaying summary route information on page 372 The fields in this display also appear in the show ip bgp display Displaying the best...

Page 372: ...following at the Privileged EXEC level of the CLI device show ip bgp peer group STR 1 BGP peer group is STR Address family IPV4 Unicast activate Address family IPV4 Multicast no activate Address famil...

Page 373: ...table that are EBGP routes Displaying VRF instance information To display VRF instance information enter a command such as the following at the Privileged EXEC level of the CLI device show ip bgp vrf...

Page 374: ...ameter filters the display using the specified community ACL The community list option lets you display routes that match a specific community filter The detail option lets you display more details ab...

Page 375: ...any level of the CLI device show ip bgp routes not installed best Searching for matching routes use C to quit Status A AGGREGATE B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I...

Page 376: ...H S SUPPRESSED F FILTERED s STALE Prefix Next Hop MED LocPrf Weight Status 1 10 3 4 0 24 192 168 4 106 100 0 BE AS_PATH 65001 4355 1 1221 Last update to IP routing table 0h12m1s 1 path s installed Gat...

Page 377: ...received from the neighbor are the best BGP4 routes to their destinations but were not installed in the IP route table because the device received better routes from other sources such as OSPF RIP or...

Page 378: ...The network prefix and mask length Status The route status which can be one or more of the following A AGGREGATE The route is an aggregate route for multiple networks B BEST BGP4 has determined that t...

Page 379: ...route IGP is preferred over EGP and both are preferred over INCOMPLETE Weight The value this device associates with routes from a specific neighbor For example if the device receives routes to the sam...

Page 380: ...4 route table Next Hop The IP address of the next hop device for routes that have this set of attributes Metric The cost of the routes that have this set of attributes Origin The source of the route i...

Page 381: ...5 0 0 0 192 168 13 2 1 1 1 0 B 10 0 1 1 255 255 128 0 192 168 13 2 1 1 1 0 B 10 1 0 0 255 255 0 0 0 0 0 0 1 1 1 1 D 10 10 11 0 255 255 255 0 0 0 0 0 1 2 24 1 D 10 2 97 0 255 255 255 0 192 168 13 2 1 1...

Page 382: ...best route among those in the BGP4 route table to the route destination d This route is currently dampened and thus unusable h The route has a history of flapping and is unreachable now The route has...

Page 383: ...ved GracefulRestartCapability Received Restart Time 120 sec Restart bit 0 afi safi 1 1 Forwarding bit 0 GracefulRestartCapability Sent Restart Time 120 sec Restart bit 0 afi safi 1 1 Forwarding bit 1...

Page 384: ...As path attribute count 1 Outbound Policy Group ID 1 Use Count 1 TCP Connection state ESTABLISHED flags 00000044 0 0 Maximum segment size 1460 TTL check 0 value 0 rcvd 64 Byte Sent 148 Received 203 Lo...

Page 385: ...e from the neighbor the state changes to ESTABLISHED If the message is a Notification the state changes to IDLE ESTABLISHED BGP4 is ready to exchange Update messages with the neighbor If there is more...

Page 386: ...ngth Error Invalid ORIGIN Attribute Invalid NEXT_HOP Attribute Last Connection Reset Reason continued Reasons described in the BGP specifications continued Optional Attribute Error Invalid Network Fie...

Page 387: ...t capability Peer negotiated IPV6 unicast capability Peer configured for IPV4 unicast routes Peer configured for IPV6 unicast routes Neighbor AS4 Capability Negotiation Shows the state of the device s...

Page 388: ...BGP4 TCP session with the neighbor Remote host Shows the IPv4 address of the neighbor Remote port Shows the TCP port the neighbor is using for the BGP4 TCP session with the device ISentSeq Shows the i...

Page 389: ...configuration AS4s appear in the display of a running configuration as shown device show ip bgp config Current BGP configuration router bgp local as 7701000 confederation identifier 120000 confederati...

Page 390: ...or You also can clear and reset the BGP4 routes that have been installed in the IP route table Using soft reconfiguration The soft reconfiguration feature applies policy changes without resetting the...

Page 391: ...device show ip bgp filtered routes Searching for matching routes use C to quit Status A AGGREGATE B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH m NOT I...

Page 392: ...b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH S SUPPRESSED F FILTERED Prefix Next Hop MED LocPrf Weight Status 1 10 3 0 0 8 192 168 4 106 100 0 BE AS_PATH 650...

Page 393: ...routes affected by the new or changed filters to the neighbor The soft in and soft out parameters specify whether you want to refresh the routes received from the neighbor or sent to the neighbor sof...

Page 394: ...nder Refresh Req indicate how many dynamic refreshes have been sent to and received from the neighbor The statistic is cumulative across sessions device config bgp show ip bgp neighbor 10 4 0 2 1 IP A...

Page 395: ...llowing command device clear ip bgp neighbor all Syntax clear ip bgp neighbor all ip addr peer group name as num soft outbound soft in out The all ip addr peer group name and as num parameters specify...

Page 396: ...hbors If you clear the buffer containing the first 400 bytes of the last packet that contained errors all the bytes are changed to zeros The Last Connection Reset Reason field of the BGP4 neighbor tab...

Page 397: ...es NOTE The implementation of BGP4 supports the advertising of routes among different address families However it supports BGP4 unicast routes only it does not currently support BGP4 multicast routes...

Page 398: ...tion level provides access to commands that allow you to configure BGP4 unicast routes The commands that you enter at this level apply only to the IPv6 unicast address family BGP4 supports the IPv6 ad...

Page 399: ...n also be configured using a global address The global IPv6 address of a neighbor in a remote AS must be added and the neighbor should be activated in the IPv6 address family configuration mode using...

Page 400: ...ateway If this second lookup results in an IGP path the software considers the BGP4 route to be valid and adds it to the IPv6 route table Otherwise the device performs another lookup on the next hop I...

Page 401: ...re not in the RTM using the always propagate command BGP4 route aggregation A device can be configured to aggregate routes in a range of networks into a single IPv6 prefix By default a device advertis...

Page 402: ...t a prefix list from a neighbor and apply the prefix list to locally configured ORFs The local peer exchanges the ORF capability in send mode with a remote peer for a prefix list that is configured as...

Page 403: ...eful restart GR allows for restarts where neighboring devices participate in the restart helping to ensure that no route and topology changes occur in the network for the duration of the restart The G...

Page 404: ...config bgp ipv6u neighbor 2001 db8 93e8 cc00 1 activate The following example configures a neighbor using a global IPv6 address device configure terminal device config router bgp device config bgp ro...

Page 405: ...ing example configures a neighbor using a link local address and configures a route map to set up a global next hop for packets destined for the neighbor device configure terminal device config router...

Page 406: ...s the peer group device configure terminal device config router bgp device config bgp router local as 1000 device config bgp router neighbor mypeergroup1 peer group device config bgp router neighbor m...

Page 407: ...device config bgp router neighbor 10 0 0 1 peer group p1 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor p1 activate Importing routes into BGP4 Routes can be expl...

Page 408: ...he local BGP4 route table device configure terminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u default information originate Advertising the...

Page 409: ...le BGP routing device config router bgp 3 Enter the address family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode device config bgp router address fa...

Page 410: ...4 Enter the cluster id command and specify a value to change the cluster ID of a device from the default device ID device config bgp router cluster id 321 The following example changes the cluster ID...

Page 411: ...mode device configure terminal 2 Enter the router bgp command to enable BGP routing device config router bgp 3 Enter the address family command and specify the ipv6 and unicast keywords to enter IPv6...

Page 412: ...terminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u maximum paths use load sharing Configuring a route map for BGP4 prefixes Route maps can...

Page 413: ...prefixlist seq 10 permit 2001 db8 32 device config route map myroutemap permit 10 device config route map myroutemap match ipv6 address prefix list myprefixlist device config route map myroutemap exit...

Page 414: ...pecify the in keyword to filter the incoming route updates from a specified BGP neighbor device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 prefix list myprefixlist in 6 Do one of the following Ent...

Page 415: ...gp command to enable BGP routing device config router bgp 3 Enter the local as command to configure the autonomous system number ASN in which your device resides device config bgp router local as 6552...

Page 416: ...a BGP community ACL and sets the BGP community attributes in a route map instance device configure terminal device config ip community list extended 1 permit 1 2 23 device config route map ComRmap per...

Page 417: ...device config bgp ipv6u neighbor fe80 4398 ab30 45de 1 route map in ComRmap 13 Enter the neighbor ipv6 address send community command to enable the sending of standard and extended attributes in updat...

Page 418: ...ts neighbors and peers when it is performing a restart 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the router bgp command to enable BGP...

Page 419: ...bgp device config bgp router local as 1 device config bgp router neighbor 1000 1 remote as 2 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 1000 1 activate devi...

Page 420: ...device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 allowas in 3 Displaying BGP4 statistics Various show ipv6 bgp comman...

Page 421: ...egmentNum 0 Neighboring As 0 Source As 0 Address 0x1205c7cc Hash 365 0x01000000 Links 0x00000000 0x00000000 Reference Counts 1 0 1 Magic 2 This example shows information about two route attribute entr...

Page 422: ...000 3 22 abc 1 0 8 128 2001 700 122 57 57 100 0 BE AS_PATH 7000 322 6 57 7000 3 22 abc 1 0 a 128 2001 700 122 57 57 100 0 BE AS_PATH 7000 322 This example shows general BGP4 route information 5 Enter...

Page 423: ...o not have to be entered in this order 1 Enter the show ipv6 bgp neighbors command device show ipv6 bgp neighbors Total number of BGP Neighbors 2 IP Address 2001 1 AS 2 EBGP RouterID 192 0 0 1 VRF def...

Page 424: ...d device show ipv6 bgp neighbor last packet with error Total number of BGP Neighbors 67 1 IP Address 153 2 Last error BGP4 0 bytes hex dump of packet that contains error This example shows information...

Page 425: ...tes The clear ipv6 bgp dampening command is entered to reactivate all suppressed BGP4 routes The show ipv6 bgp dampened paths command is re entered to verify that the suppressed BGP4 routes have been...

Page 426: ...hat there are no suppressed routes device config bgp router exit device config exit device show ipv6 bgp dampened paths device clear ipv6 bgp dampening device show ipv6 bgp dampened paths Configuring...

Page 427: ...ndancy Protocol VRRP is an election protocol that provides redundancy to routers within a Local Area Network LAN VRRP was designed to eliminate a single point of failure in a static default route envi...

Page 428: ...works reconfiguring default gateways is impractical Configuring a VRRP virtual router on Router 1 and Router 2 provides a redundant path for the hosts VRRP allows you to provide alternate router paths...

Page 429: ...ress The device on which the virtual IP address is assigned becomes the VRRP owner and this device responds to packets addressed to any of the IP addresses in the virtual router group The owner device...

Page 430: ...available the backup router with the highest priority a configurable value becomes the new master By default routers are given a priority of 100 VRRP hold timer The hold timer delays the preemption of...

Page 431: ...terfaces do not use authentication neither does VRRP For example if you configure your device interfaces to use a simple password to authenticate traffic VRRP uses the same simple password and VRRP pa...

Page 432: ...l packets are IP type 112 reserved for VRRP and they are sent to the VRRP multicast address 224 0 0 18 VRRP E Control packets are UDP packets destined to port 8888 and they are sent to the all router...

Page 433: ...vrrp 3 Configure the Ethernet interface link for Router 1 device config interface ethernet 1 1 6 4 Configure the IP address of the interface device config if e1000 1 1 6 ip address 10 53 5 1 24 5 Assi...

Page 434: ...y device that is designated as a backup VRRP device For each VRRP virtual routing instance there is one master device and all other devices are backups For example Router 2 in Figure 34 on page 433 is...

Page 435: ...inal device config router vrrp device config interface ethernet 1 1 5 device config if e1000 1 1 5 ip address 10 53 5 3 24 device config if e1000 1 1 5 ip vrrp vrid 1 device config if e1000 1 1 5 vrid...

Page 436: ...pe is simple text authentication A show running config command with appropriate parameters will actually display the password The output verifies the type of authentication Configuring MD5 authenticat...

Page 437: ...example enables MD5 authentication on Ethernet interface 1 1 6 and verifies the authentication type device configure terminal device config router vrrp device config interface ethernet 1 1 6 device co...

Page 438: ...ssociated with the VRID device config if e1000 1 1 6 vrid 1 owner priority 99 6 Verify the abdication of the master device using the show ip vrrp command device config if e1000 1 1 6 vrid 1 show ip vr...

Page 439: ...the interface For VRRP if the interface goes down the device priority is set to the priority value and another backup device with a higher priority assumes the role of master For VRRP E if the interfa...

Page 440: ...e assumes the role of the master device regardless of the setting for the preempt parameter In VRRP E preemption is disabled by default In situations where a new backup device is to be added with a hi...

Page 441: ...ets destined for the IPv4 or IPv6 VRID addresses Troubleshooting network connections to the VRRP nonowner master device is difficult unless accept mode is enabled NOTE The accept mode functionality en...

Page 442: ...vrid 1 accept mode 8 Exit configuration mode and return to privileged EXEC mode device conf if e1000 1 1 5 vrid 1 end 9 Verify that accept mode is enabled device show ip vrrp vrid 1 Interface 1 1 5 au...

Page 443: ...ng example suppresses RIP advertisements for the backed up interface device configure terminal device config router rip device config rip router use vrrp path VRRP Ev2 overview VRRP Extended VRRP E is...

Page 444: ...onfigured for the same virtual router ID VRID must be on the same subnet device config if e1000 1 1 5 ip address 10 53 5 3 24 5 Assign the device to VRID 1 device config if e1000 1 1 5 ip vrrp extende...

Page 445: ...rt path forwarding The VRRP E Extension for Server Virtualization feature allows Brocade devices to bypass the VRRP E master router and directly forward packets to their destination through interfaces...

Page 446: ...l servers between Host Server 1 and Host Server 2 Short path forwarding with revert priority Revert priority is used to dynamically enable or disable VRRP E short path forwarding If short path forward...

Page 447: ...RP E virtual router ID to the device device config vif 10 ip vrrp extended vrid 5 In this example VRRP E group configuration mode is entered 6 Enter the backup command with a priority value to configu...

Page 448: ...ent tracked port up state changes NOTE If you change the backup priority of a VRRP E backup router to be higher than the priority of the original master device the slow start timer will not work The o...

Page 449: ...ure your network with Layer 3 protocols using OSPF and RIP 1 On Router B and Router C in the diagram apply the example configurations 2 The software selects Router C as the master VRRP E device becaus...

Page 450: ...rwarding activate Displaying VRRPv2 information Various show commands can be used to display statistical and summary information about VRRP and VRRP E configurations Before displaying VRRP information...

Page 451: ...h invalid authentication type 0 received packets with authentication type mismatch 0 received packets with authentication failures 0 received packets dropped by owner 0 received packets with ttl error...

Page 452: ...e show ip vrrp statistics ethernet 1 1 5 Interface 1 1 5 VRID 2 number of transitions to backup state 0 number of transitions to master state 0 total number of vrrp packets received 0 received backup...

Page 453: ...nd it also supports IPv4 addresses for dual stack networks configured with VRRP or VRRP E VRRPv3 is compliant with RFC 5798 The benefit of implementing VRRPv3 is faster switchover to backup devices th...

Page 454: ...ice config ipv6 unicast routing 3 Globally enable IPv6 VRRP device config ipv6 router vrrp 4 Configure the Ethernet interface link for the owner device device config ipv6 vrrp router interface etherne...

Page 455: ...When implementing IPv6 VRRPv3 across a network with devices from other vendors be aware of a potential interoperability issue Brocade has implemented IPv6 VRRPv3 functionality to comply with RFC 5798...

Page 456: ...nfig if e1000 1 1 4 vrid 2 ipv6 address fe80 768e f8ff fe2a 0099 device config if e1000 1 1 4 vrid 2 ipv6 address fd2b 2 device config if e1000 1 1 4 vrid 2 activate Enabling an IPv4 VRRPv3 owner devi...

Page 457: ...g Enabling an IPv4 VRRPv3 backup device VRRPv3 supports IPv4 sessions as well as IPv6 sessions To configure a VRRPv3 session for IPv4 assign a virtual router group with the VRRP version set to 3 This...

Page 458: ...if e1000 1 1 5 vrid 1 version 3 device config if e1000 1 1 5 vrid 1 ip address 10 53 5 1 device config if e1000 1 1 5 vrid 1 activate VRRP router 1 for this interface is activating Tracked ports and...

Page 459: ...6 vrid 1 track port ethernet 1 2 4 priority 20 The priority value is used when a tracked port goes down and the new priority is set to this value Ensure that the priority value is lower than the prior...

Page 460: ...able VRRP device config router vrrp 3 Configure the Ethernet interface link device config interface ethernet 1 1 5 4 Configure the IP address of the interface All devices configured for the same virtu...

Page 461: ...new checksum method for both IPv4 and IPv6 sessions and this version 3 checksum computation is enabled by default To accommodate third party devices that still use a VRRPv2 style checksum for IPv4 VRR...

Page 462: ...n a Brocade device device configure terminal device config router vrrp device config interface ethernet 1 2 4 device config if e1000 1 2 4 ip vrrp vrid 14 device config if e1000 1 2 4 vrid 14 version...

Page 463: ...erface When IPv6 link local address auto generation is configured for IPv6 VRRP a virtual IPv6 link local address is generated automatically using the EUI 64 result of the virtual MAC address The virt...

Page 464: ...nfigure the global IPv6 address of the interface device config vif 3 ipv6 address fd3b 3 64 5 Assign the device to virtual router ID VRID 2 device config vif 3 ipv6 vrrp vrid 2 NOTE You can assign a V...

Page 465: ...nd to display IPv6 VRRPv3 configuration information device config show ipv6 vrrp Total number of VRRP routers defined 1 Interface 1 1 3 auth type no authentication VRID 13 index 2 interface 1 1 3 stat...

Page 466: ...0 received proxy neighbor solicitation packets dropped 0 received ipv6 packets dropped 0 Clearing VRRPv3 statistics VRRPv3 session counters can be cleared using a CLI command Ensure that VRRPv3 is co...

Page 467: ...3 device config ipv6 router vrrp extended 3 Configure the Ethernet interface link device config ipv6 vrrpe router interface ethernet 1 1 7 4 Configure the IPv6 address of the interface All devices con...

Page 468: ...config if e1000 1 1 7 vrid 4 activate VRRP E router 4 for this interface is activating Displaying and clearing VRRP Ev3 statistics Several show commands can display statistical information about IPv6...

Page 469: ...al mac dddd eeee ffff configured priority 100 current priority 100 track priority 5 hello interval 1 sec backup hello interval 60 sec advertise backup disabled dead interval 0 ms preempt mode true vir...

Page 470: ...Brocade FastIron Layer 3 Routing Configuration Guide 470 53 1003903 04...

Page 471: ...s an input customer interface to a unique VPN instance The router maintains a different VRF table for each VPN instance on that PE router Multiple input interfaces may also be associated with the same...

Page 472: ...with different VRFs Virtual interfaces Loopback interfaces Tunnel interfaces The tunnel can belong to any user defined VRF but the tunnel source and tunnel destination are restricted to the default VR...

Page 473: ...ble lists commands that configure system max values at the global level TABLE 60 Commands for configuring system max values Command Description ip vrf Configures maximum VRF instances supported by the...

Page 474: ...ecause the device does not support VRF The following table provides relevant values for the ICX 7250 TABLE 63 Configuration limits for ICX 7250 devices Configuration Min Default Max ip route 4096 1200...

Page 475: ...stem max ip route default vrf 9000 system max ip6 route default vrf 5120 system max ip route vrf 500 system max ip6 route vrf 500 Additional features to support Multi VRF In addition to basic features...

Page 476: ...fer to the FastIron Ethernet Switch Security Configuration Guide DHCP snooping Dynamic Host Configuration Protocol DHCP snooping enables a Brocade device to filter untrusted DHCP IPv4 or IPv6 packets...

Page 477: ...5120 100 100 device config 2 Change the maximum number of routes save the configuration and reload the device device config system max ip route default vrf 10000 Total max configured ipv4 routes are...

Page 478: ...ecure device config vlan 10 tagged e 1 1 1 3 Repeat the previous step on the corresponding interface on the peer device Configuring a VRF instance Do the following to configure a VRF instance A device...

Page 479: ...onfigured 2 Status Codes A active D pending deletion I inactive Name Default RD vrf v4 v6 Routes Interfaces corporate 11 11 A A I 0 guest 10 10 A A I 0 Total number of IPv4 unicast route for all non d...

Page 480: ...on this interface have been removed have been removed 4 Configure an IPv4 address and mask on the VE interface device config vif 10 ip address 192 168 1 254 24 5 Enable OSPF Area 0 device config vif...

Page 481: ...as in the following example device show vrf green VRF green default RD 1 1 Table ID 1 IP Router Id 1 1 1 1 Interfaces ve111 ve211 ve311 ve1116 ve2115 Address Family IPv4 Max Routes 5500 Number of Unic...

Page 482: ...will be removed from port 1 7 1 The port will be returned to default VRF To delete an IPv4 or IPv6 address family from a VRF instance use the no form of the address family command All configuration r...

Page 483: ...mand configured a router does not respond to ARP requests for IP addresses in the same subnet as the incoming ports The local proxy arp command permits the router to respond to ARP requests for IP add...

Reviews:

No comments

Brands by name

Popular brands

Load more brands