manualshive.com logo in svg

HP MSR2000 Series, Configuration Manual

The HP MSR2000 Series High Availability Configuration Manual is a comprehensive guide designed to assist users in maximizing the capabilities of their networking equipment. Available for free download on our website, this manual offers step-by-step instructions and valuable insights to optimize network performance and ensure uninterrupted connectivity.

Share
Download
background image

 

 

339 

 

Step Command 

Remarks 

1.

 

Enter system view. 

system-view 

N/A 

2.

 

Enter BGP view. 

bgp

 

as-number

 

N/A 

3.

 

Enter IPv6 address family 
view. 

ipv6-family 

N/A 

4.

 

Enable MD5 authentication 

when establishing a TCP 
connection to the peer or peer 

group. 

peer

 { 

ipv6-group-name

 |

 

ipv6-address

 } 

password

 { 

cipher

 | 

simple

 } 

password

 

Not enabled by default. 

 

Applying an IPsec policy to an IPv6 BGP peer or peer group 

To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using 

an IPsec policy.  
Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device 
uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the 

device accepts the packet; otherwise, it discards the packet and will not establish a neighbor relationship 

with the sending device.   

Configuration prerequisites 

Before you apply an IPsec policy to a peer or peer group, complete following tasks: 

 

Create an IPsec proposal. 

 

Create an IPsec policy. 

For more information about IPsec policy configuration, see 

Security Configuration Guide

.  

Configuration guidelines 

An IPsec policy used for IPv6 BGP can be only in manual mode. For more information, see 

Security 

Configuration Guide

Configuration procedure 

To apply an IPsec policy to a peer or peer group 

 

Step Command 

Remarks 

1.

 

Enter system view. 

system-view 

N/A 

2.

 

Enter BGP view. 

bgp 

as-number

 

N/A 

3.

 

Enter IPv6 address 
family view. 

ipv6-family 

N/A 

4.

 

Apply an IPsec policy to 
a peer or peer group. 

peer 

{

 group-name 

|

 ip-address 

}

 ipsec-policy 

policy-name

 

Not configured by default. 

 

Summary of Contents for MSR2000 Series

Page 1: ...HP 5500 EI 5500 SI Switch Series Layer 3 IP Routing Configuration Guide Part number 5998 1718 Software version Release 2220 Document version 6W100 20130810 ...

Page 2: ...MATERIAL INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE Hewlett Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing performance or use of this material The only warranties for HP products and services are set forth in the express warranty statements accompan...

Page 3: ...uidelines 11 Configuration procedure 11 Displaying and maintaining static routes 11 Static route configuration examples 11 Basic static route configuration example 11 Static route FRR configuration example 13 BFD for static routes configuration example direct next hop 15 BFD for static routes configuration example indirect next hop 17 Configuring RIP 20 Hardware compatibility 20 Overview 20 RIP ro...

Page 4: ... for RIP 35 Single hop echo detection mode 36 Bidirectional control detection mode 36 Displaying and maintaining RIP 36 RIP configuration examples 37 Configuring RIP version 37 Configuring RIP route redistribution 38 Configuring an additional metric for a RIP interface 41 Configuring RIP to advertise a summary route 42 RIP FRR configuration example 45 Configuring BFD for RIP single hop echo detect...

Page 5: ...eneration interval 86 Disabling interfaces from receiving and sending OSPF packets 87 Configuring stub routers 87 Configuring OSPF authentication 88 Adding the interface MTU into DD packets 88 Configuring the maximum number of external LSAs in LSDB 89 Enabling compatibility with RFC 1583 89 Logging neighbor state changes 89 Configuring OSPF network management 90 Enabling message logging 90 Enablin...

Page 6: ...144 Configuring the maximum number of ECMP routes 145 Configuring IS IS route summarization 145 Advertising a default route 145 Configuring IS IS route redistribution 146 Configuring IS IS route filtering 146 Configuring IS IS route leaking 147 Tuning and optimizing IS IS networks 148 Configuration prerequisites 148 Specifying intervals for sending IS IS hello and CSNP packets 148 Specifying the I...

Page 7: ...cifying the source interface for TCP connections 200 Allowing establishment of EBGP connection to an indirectly connected peer or peer group 201 Controlling route generation 201 Configuration prerequisites 201 Injecting a local network 201 Configuring BGP route redistribution 202 Enabling default route redistribution into BGP 202 Controlling route distribution and reception 203 Configuration prere...

Page 8: ...g BGP 225 Displaying BGP 225 Resetting BGP connections 226 Clearing BGP information 227 BGP configuration examples 227 BGP basic configuration example 227 BGP and IGP synchronization configuration example 231 BGP load balancing configuration example 234 BGP community configuration example 236 BGP route reflector configuration example 238 BGP confederation configuration example 240 BGP path selecti...

Page 9: ...ion 269 Configuring RIPng IPsec policies 272 Configuring OSPFv3 275 Hardware compatibility 275 Introduction to OSPFv3 275 OSPFv3 overview 275 OSPFv3 packets 275 OSPFv3 LSA types 276 OSPFv3 timers 276 OSPFv3 features supported 277 Protocols and standards 277 OSPFv3 configuration task list 277 Enabling OSPFv3 278 Configuration prerequisites 278 Enabling OSPFv3 278 Configuring OSPFv3 area parameters ...

Page 10: ...nctions 309 Configuring IPv6 IS IS routing information control 310 Configuring BFD for IPv6 IS IS 311 Configuring IPv6 IS IS MTR 311 Configuration guidelines 311 Configuration prerequisites 312 Configuration procedure 312 Displaying and maintaining IPv6 IS IS 312 IPv6 IS IS configuration examples 313 IPv6 IS IS basic configuration example 313 BFD for IPv6 IS IS configuration example 318 IPv6 IS IS...

Page 11: ...nnections 338 Applying an IPsec policy to an IPv6 BGP peer or peer group 339 Configuring a large scale IPv6 BGP network 340 Configuration prerequisites 340 Configuring IPv6 BGP peer group 340 Configuring IPv6 BGP community 341 Configuring an IPv6 BGP route reflector 342 Configuring BFD for IPv6 BGP 343 Displaying and maintaining IPv6 BGP 343 Displaying BGP 343 Resetting IPv6 BGP connections 344 Cl...

Page 12: ... Configuring a QoS policy 380 Applying the QoS policy 381 Displaying and maintaining PBR configuration 382 PBR configuration using a PBR policy 382 PBR configuration using a QoS policy 382 PBR configuration examples 383 Configuring local PBR based on packet type 383 Configuring interface PBR based on packet type 384 IPv4 PBR configuration example using a QoS policy 386 IPv6 PBR configuration examp...

Page 13: ...0 Configuring routing between IPv6 MCE and VPN site 421 Configuring routing between IPv6 MCE and PE 424 Resetting BGP connections 427 Displaying information about IPv6 MCE 427 IPv6 MCE configuration examples 428 Using IPv6 ISIS to advertise VPN routes to the PE 428 Support and other resources 435 Contacting HP 435 Subscription service 435 Related information 435 Documents 435 Websites 435 Conventi...

Page 14: ... a Layer 3 interface by using the port link mode route command see Layer 2 LAN Switching Configuration Guide Routing table A router maintains at least two routing tables one global routing table and one forwarding information base FIB The FIB table contains only the optimal routes and the global routing table contains all routes The router uses the FIB table to forward packets For more information...

Page 15: ...ne with the smallest cost is the optimal route NextHop Next hop Interface Output interface Dynamic routing protocols Dynamic routing protocols dynamically collect and report reachability information to adapt to topology changes They are suitable for large networks Compared with static routing dynamic routing protocols require more resources and are complicated to configure Dynamic routing protocol...

Page 16: ...eference value the higher the preference Table 3 Route types and their default route preferences Routing approach Preference Direct route 0 OSPF 10 IS IS 15 Static route 60 RIP 100 OSPF ASE 150 OSPF NSSA 150 IBGP 255 EBGP 255 Unknown route from an untrusted source 256 Load sharing A routing protocol can be configured with multiple equal cost routes to the same destination These routes have the sam...

Page 17: ...configuration guide Displaying and maintaining a routing table Task Command Remarks Display information about the routing table display ip routing table vpn instance vpn instance name verbose begin exclude include regular expression Available in any view Display information about routes permitted by an IPv4 basic ACL display ip routing table vpn instance vpn instance name acl acl number verbose be...

Page 18: ...ation for a specified destination IPv6 address display ipv6 routing table vpn instance vpn instance name ipv6 address prefix length longer match verbose begin exclude include regular expression Available in any view Display IPv6 routing information for an IPv6 address range display ipv6 routing table vpn instance vpn instance name ipv6 address1 prefix length1 ipv6 address2 prefix length2 verbose b...

Page 19: ...administrator can configure a default route with both the destination and mask being 0 0 0 0 The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route Some dynamic routing protocols such as OSPF RIP and IS IS can also generate a default route For example an upstream router running OSPF can generate a default r...

Page 20: ... following tasks Configure the physical parameters for related interfaces Configure the link layer attributes for related interfaces Configure the IP addresses for related interfaces Follow these guidelines when you configure a static route The next hop address cannot be the IP address of a local interface such as Ethernet interface and VLAN interface Otherwise the static route does not take effec...

Page 21: ...erence value Optional 60 by default Configuring BFD for static routes NOTE Only the A5500 EI Switch Series supports BFD for static routes Bidirectional forwarding detection BFD provides a general purpose standard medium and protocol independent fast failure detection mechanism It can uniformly and quickly detect the failures of the bidirectional forwarding paths between two routers for protocols s...

Page 22: ...ss preference preference value tag tag value description description text Approach 2 ip route static vpn instance s vpn instance name 1 6 dest address mask mask length next hop address bfd control packet bfd source ip address vpn instance d vpn instance name next hop address bfd control packet bfd source ip address preference preference value tag tag value description description text Use either c...

Page 23: ...scription text Use either approach Configuring static route FRR NOTE Only the A5500 EI Switch Series supports static route FRR A link or router failure on a path can cause packet loss and even routing loop Static route fast reroute FRR enables fast rerouting to minimize the impact of link or node failures Figure 1 Network diagram As shown in Figure 1 upon a link failure FRR designates a backup nex...

Page 24: ...route policy route policy name Not configured by default Displaying and maintaining static routes Task Command Remarks Display information of static routes display ip routing table protocol static inactive verbose begin exclude include regular expression Available in any view Delete all the static routes delete vpn instance vpn instance name static routes all Available in system view For more info...

Page 25: ...ew SwitchC ip route static 0 0 0 0 0 0 0 0 1 1 5 5 3 Configure the default gateways of hosts A B and C as 1 1 2 3 1 1 6 1 and 1 1 3 1 Details not shown 4 Verify the configuration Display the IP routing table on Switch A SwitchA display ip routing table Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost NextHop Interface 0 0 0 0 0 Static 60 0 1 1 4 2 Vlan500 1 1 2 0 24 Di...

Page 26: ... 2 Pinging 1 1 2 2 with 32 bytes of data Reply from 1 1 2 2 bytes 32 time 1ms TTL 255 Reply from 1 1 2 2 bytes 32 time 1ms TTL 255 Reply from 1 1 2 2 bytes 32 time 1ms TTL 255 Reply from 1 1 2 2 bytes 32 time 1ms TTL 255 Ping statistics for 1 1 2 2 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum 1ms Maximum 1ms Average 1ms Use the tracert command on Ho...

Page 27: ...A system view SwitchA ip route static 4 4 4 4 32 vlan interface 101 24 24 24 4 SwitchA ip route static 1 1 1 1 32 vlan interface 100 12 12 12 1 3 Configure static route FRR Configure Switch S SwitchS bfd echo source ip 1 1 1 1 SwitchS ip ip prefix abc index 10 permit 4 4 4 4 32 SwitchS route policy frr permit node 10 SwitchS route policy if match ip prefix abc SwitchS route policy apply fast rerou...

Page 28: ...able Public Summary Count 1 Destination 1 1 1 1 32 Protocol Static Process ID 0 Preference 60 Cost 0 IpPrecedence QosLcId NextHop 13 13 13 1 Interface vlan 200 BkNextHop 24 24 24 2 BkInterface vlan 101 RelyNextHop 0 0 0 0 Neighbor 0 0 0 0 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLabel NULL State Active Adv Age 00h01m27s Tag 0 BFD for static routes configuration example direct next hop Network re...

Page 29: ... quit SwitchA ip route static 120 1 1 0 24 vlan interface 10 12 1 1 2 bfd control packet SwitchA ip route static 120 1 1 0 24 vlan interface 11 10 1 1 100 preference 65 SwitchA quit Configure static routes on Switch B and enable BFD control mode for the static route that traverses the Layer 2 switch SwitchB system view SwitchB interface vlan interface10 SwitchB vlan interface10 bfd min transmit in...

Page 30: ...tic routes information on Switch A again SwitchA display ip routing table protocol static Public Routing Table Static Summary Count 1 Static Routing table Status Active Summary Count 1 Destination Mask Proto Pre Cost NextHop Interface 120 1 1 0 24 Static 65 0 10 1 1 100 Vlan11 Static Routing table Status Inactive Summary Count 0 The output shows that Switch A communicates with Switch B through VLA...

Page 31: ...interval 500 SwitchA LoopBack1 bfd min receive interval 500 SwitchA LoopBack1 bfd detect multiplier 9 SwitchA LoopBack1 quit SwitchA ip route static 120 1 1 0 24 2 2 2 9 bfd control packet bfd source 1 1 1 9 SwitchA ip route static 120 1 1 0 24 vlan interface 11 10 1 1 100 preference 65 SwitchA quit Configure static routes on Switch B and enable BFD control mode for the static route that traverses...

Page 32: ...ol static Public Routing Table Static Summary Count 2 Static Routing table Status Active Summary Count 1 Destination Mask Proto Pre Cost NextHop Interface 120 1 1 0 24 Static 60 0 2 2 2 9 Vlan10 Static Routing table Status Inactive Summary Count 1 Destination Mask Proto Pre Cost NextHop Interface 120 1 1 0 24 Static 65 0 10 1 1 100 Vlan11 The output shows that Switch A communicates with Switch B t...

Page 33: ...th a metric value of 16 or greater is considered unreachable For this reason RIP is not suitable for large sized networks Route time Time elapsed since the last update The time is reset to 0 every time the routing entry is updated Route tag Used for route control For more information see Configuring routing policies RIP timers RIP employs the following timers Update timer Specifies the interval be...

Page 34: ... this to learn latest routing information 3 RIP periodically sends the local routing table to its neighbors After a RIP neighbor receives the message it updates its routing table selects optimal routes and sends an update to other neighbors RIP ages routes to keep only valid routes RIP versions There are two RIP versions RIPv1 and RIPv2 RIPv1 is a classful routing protocol It advertises messages t...

Page 35: ...25 route entries Version Version of RIP 0x01 for RIPv1 Must be zero This field must be zero AFI Address Family Identifier 2 for IP IP address Destination IP address of the route that can be a natural network subnet or a host address Metric Cost of the route RIPv2 message format The format of RIPv2 message is similar to RIPv1 Figure 7 RIPv2 Message Format The differences between RIPv1 and RIPv2 mes...

Page 36: ...uthentication mode in interface view the configuration will not take effect because RIPv1 does not support authentication Supported RIP features The current implementation supports the following RIP features RIPv1 and RIPv2 RIP support for multi VPN instance RIP FRR BFD RIP periodically sends route update requests to neighbors If no route update response for a route is received within the specifie...

Page 37: ... of ECMP routes Optional Enabling zero field check on incoming RIPv1 messages Optional Enabling source IP address check on incoming RIP updates Optional Configuring RIPv2 message authentication Optional Specifying a RIP neighbor Optional Configuring RIP to MIB binding Optional Configuring the RIP packet sending rate Optional Configuring RIP FRR Optional Configuring BFD for RIP Single hop echo dete...

Page 38: ... A 2 Enter RIP view rip process id vpn instance vpn instance name N A 3 Disable an interface from sending routing updates silent interface interface type interface number all Optional By default all interfaces can send routing updates The disabled interface can still receive updates 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Enable the i...

Page 39: ...eceive RIPv1 broadcasts and unicasts and RIPv2 broadcasts multicasts and unicasts 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Specify a RIP version for the interface rip version 1 2 broadcast multicast Optional By default if an interface has no RIP version specified the global version takes effect If no global RIP version is specified the...

Page 40: ...anged The inbound additional metric is added to the metric of a received route before the route is added into the routing table and the route s metric is changed If the sum of the additional metric and the original metric is greater than 16 the metric of the route will be 16 To configure additional routing metrics Step Command Remarks 1 Enter system view system view N A 2 Enter interface view inte...

Page 41: ...v2 to advertise a summary route on the specified interface Step Command Remarks 1 Enter system view system view N A 2 Enter RIP view rip process id vpn instance vpn instance name N A 3 Disable RIPv2 automatic route summarization undo summary Enabled by default 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Advertise a summary route rip summa...

Page 42: ...to advertise a default route default route only originate cost cost Optional Not enabled by default 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Configure the RIP interface to advertise a default route rip default route only originate cost cost no originate Optional By default a RIP interface can advertise a default route if the RIP proces...

Page 43: ...s to have a higher priority than those learned by other routing protocols then assign RIP a smaller priority value to influence optimal route selection To configure a priority for RIP Step Command Remarks 1 Enter system view system view N A 2 Enter RIP view rip process id vpn instance vpn instance name N A 3 Configure a priority for RIP preference route policy route policy name value Optional 100 ...

Page 44: ...Remarks 1 Enter system view system view N A 2 Enter RIP view rip process id vpn instance vpn instance name N A 3 Configure values for RIP timers timers garbage collect garbage collect value suppress suppress value timeout timeout value update update value Optional The default update timer timeout timer suppress timer and garbage collect timer are 30s 180s 120s and 120s respectively Configuring spl...

Page 45: ...system view system view N A 2 Enter RIP view rip process id vpn instance vpn instance name N A 3 Configure the maximum number of ECMP routes maximum load balancing number Optional 8 by default Enabling zero field check on incoming RIPv1 messages Some fields in the RIPv1 message must be zero These fields are called zero fields You can enable zero field check on received RIPv1 messages If such a fie...

Page 46: ...ture does not apply to RIPv1 because RIPv1 does not support authentication Although you can specify an authentication mode for RIPv1 in interface view the configuration does not take effect RIPv2 supports simple authentication and MD5 authentication To configure RIPv2 message authentication Step Command 1 Enter system view system view 2 Enter interface view interface interface type interface numbe...

Page 47: ...to RIP neighbors Sending large numbers of RIP packets at the same time may affect device performance and consume large network bandwidth To solve this problem specify the maximum number of RIP packets that can be sent at the specified interval To configure the RIP packet sending rate Step Command Remarks 1 Enter system view system view N A 2 Enable a RIP process and enter RIP view rip process id v...

Page 48: ...use RIP FRR and BFD for RIP at the same time otherwise RIP FRR may fail to take effect RIP FRR is available only when the state of primary link with Layer 3 interfaces staying up changes from bidirectional to unidirectional or down A unidirectional link refers to the link through which packets are forwarded only from one end to the other Configuration procedure To configure RIP FRR Step Command Re...

Page 49: ...N A 4 Enable BFD on the RIP interface rip bfd enable Disabled by default Bidirectional control detection mode This feature only works for RIP neighbors that are directly connected one hop away from each other To configure BFD for RIP bidirectional control detection mode Step Command Remarks 1 Enter system view system view N A 2 Create a RIP process and enter RIP view rip process id vpn instance vp...

Page 50: ...cess id route ip address mask mask length peer ip address statistics begin exclude include regular expression Available in any view Reset a RIP process reset rip process id process Available in user view Clear the statistics of a RIP process reset rip process id statistics Available in user view RIP configuration examples Configuring RIP version Network requirements As shown in Figure 10 enable RI...

Page 51: ... Route Flags R RIP T TRIP P Permanent A Aging S Suppressed G Garbage collect Peer 192 168 1 2 on Vlan interface100 Destination Mask Nexthop Cost Tag Flags Sec 10 0 0 0 8 192 168 1 2 1 0 RA 50 10 2 1 0 24 192 168 1 2 1 0 RA 16 10 1 1 0 24 192 168 1 2 1 0 RA 16 The output shows that RIPv2 uses classless subnet mask NOTE RIPv1 routing information has a long aging time so it will exist until it ages o...

Page 52: ...P 100 and RIP 200 and specify RIP version 2 on Switch B SwitchB system view SwitchB rip 100 SwitchB rip 100 network 11 0 0 0 SwitchB rip 100 version 2 SwitchB rip 100 undo summary SwitchB rip 100 quit SwitchB rip 200 SwitchB rip 200 network 12 0 0 0 SwitchB rip 200 version 2 SwitchB rip 200 undo summary SwitchB rip 200 quit Enable RIP 200 and specify RIP version 2 on Switch C SwitchC system view S...

Page 53: ...0 16 4 1 1 Vlan400 16 4 1 1 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 4 Configure an filtering policy to filter redistributed routes Define ACL 2000 and reference it to a filtering policy to filter routes redistributed from RIP 100 on Switch B making the route not advertised to Switch C SwitchB acl number 2000 SwitchB acl bas...

Page 54: ...ork learned from Switch B Figure 12 Network diagram Configuration procedure 1 Configure IP addresses for the interfaces Details not shown 2 Configure RIP basic functions Configure Switch A SwitchA system view SwitchA rip 1 SwitchA rip 1 network 1 0 0 0 SwitchA rip 1 version 2 SwitchA rip 1 undo summary SwitchA rip 1 quit Configure Switch B SwitchB system view SwitchB rip 1 SwitchB rip 1 network 1 ...

Page 55: ...re an additional metric of 3 for VLAN interface 200 on Switch A SwitchA interface vlan interface 200 SwitchA Vlan interface200 rip metricin 3 SwitchA Vlan interface200 display rip 1 database 1 0 0 0 8 cost 0 ClassfulSumm 1 1 1 0 24 cost 0 nexthop 1 1 1 1 Rip interface 1 1 2 0 24 cost 0 nexthop 1 1 2 1 Rip interface 1 1 3 0 24 cost 1 nexthop 1 1 1 2 1 1 4 0 24 cost 2 nexthop 1 1 1 2 1 1 5 0 24 cost...

Page 56: ... SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 10 6 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit Configure Switch C SwitchC system view SwitchC ospf SwitchC ospf 1 area 0 SwitchC ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 network 10 2 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit Swit...

Page 57: ...t 0 0 11 3 1 2 Vlan300 11 3 1 2 32 Direct 0 0 127 0 0 1 InLoop0 11 4 1 0 24 Direct 0 0 11 4 1 2 Vlan400 11 4 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 4 Configure route summarization on Switch C and advertise only the summary route 10 0 0 0 8 SwitchC interface vlan interface 300 SwitchC Vlan interface300 rip summary addre...

Page 58: ...c SwitchS route policy apply fast reroute backup interface vlan interface 100 backup nexthop 12 12 12 2 SwitchS route policy quit SwitchS rip 1 SwitchS rip 1 fast reroute route policy frr SwitchS rip 1 quit Configure Switch D SwitchD system view SwitchD bfd echo source ip 4 4 4 4 SwitchD ip ip prefix abc index 10 permit 1 1 1 1 32 SwitchD route policy frr permit node 10 SwitchD route policy if mat...

Page 59: ...e Adv Age 00h01m27s Tag 0 Configuring BFD for RIP single hop echo detection mode Network requirements In the following figure Switch A and Switch C are interconnected through a Layer 2 switch VLAN interface 100 of the two switches runs RIP process 1 BFD is enabled on VLAN interface 100 of Switch A Switch A is connected to Switch C through Switch B VLAN interface 200 on Switch A runs RIP process 2 ...

Page 60: ...mary SwitchA rip 1 network 192 168 1 0 SwitchA rip 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 rip bfd enable SwitchA Vlan interface100 quit SwitchA rip 2 SwitchA rip 2 version 2 SwitchA rip 2 undo summary SwitchA rip 2 network 192 168 2 0 SwitchA rip 2 quit Configure Switch B SwitchB system view SwitchB rip 1 SwitchB rip 1 version 2 SwitchB rip 1 undo summary SwitchB rip...

Page 61: ... session Total Session Num 1 Init Mode Active Session Working Under Echo Mode LD SourceAddr DestAddr State Holdtime Interface 5 192 168 1 1 192 168 1 2 Up 2000ms Vlan100 Display routes destined for 100 1 1 0 24 on Switch A SwitchA display ip routing table 100 1 1 0 24 verbose Routing Table Public Summary Count 2 Destination 100 1 1 0 24 Protocol RIP Process ID 1 Preference 100 Cost 1 IpPrecedence ...

Page 62: ... Adv Age 00h18m40s Tag 0 Configuring BFD for RIP bidirectional control detection mode Network requirements In the following figure Switch A is connected to Switch C through Switch B VLAN interface 100 on Switch A VLAN interface 200 on Switch C and VLAN interface 200 and VLAN interface 100 on Switch B run RIP process 1 Configure a static route to Switch C on Switch A and configure a static route to...

Page 63: ...onfigure Switch A SwitchA system view SwitchA rip 1 SwitchA rip 1 version 2 SwitchA rip 1 undo summary SwitchA rip 1 network 192 168 1 0 SwitchA rip 1 peer 192 168 2 2 SwitchA rip 1 undo validate source address SwitchA rip 1 import route static SwitchA rip 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 rip bfd enable SwitchA Vlan interface100 quit SwitchA rip 2 SwitchA rip 2...

Page 64: ...n init mode active SwitchC interface vlan interface 200 SwitchC Vlan interface200 bfd min transmit interval 500 SwitchC Vlan interface200 bfd min receive interval 500 SwitchC Vlan interface200 bfd detect multiplier 7 SwitchC Vlan interface200 quit 4 Configure static routes Configure a static route to Switch C on Switch A SwitchA ip route static 192 168 2 0 24 vlan interface 100 192 168 1 2 SwitchA...

Page 65: ...ce 300 BkNextHop 0 0 0 0 BkInterface RelyNextHop 0 0 0 0 Neighbor 192 168 3 2 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLabel NULL State Inactive Adv Age 00h12m50s Tag 0 When the link over VLAN interface 100 fails Switch A quickly detects the link state change Display the BFD information on Switch A SwitchA display bfd session Switch A has deleted the BFD session on VLAN interface 100 to Switch C...

Page 66: ...red on the local end Solution 1 Use the display current configuration command to verify RIP configuration 2 Use the display rip command to verify whether an interface is disabled Route oscillation occurred Symptom When all links function route oscillation occurs on the RIP network After displaying the routing table you may find some routes intermittently appear and disappear in the routing table A...

Page 67: ...cost multi path ECMP routing Supports multiple equal cost routes to a destination Routing hierarchy Supports a four level routing hierarchy that prioritizes routes into intra area inter area external Type 1 and external Type 2 routes Authentication Supports area and interface based packet authentication to ensure the security of packet exchange Support for multicast Multicasts protocol packets on ...

Page 68: ...le area only This LSA describes the collected states of the router s interfaces to an area Network LSA Type 2 LSA originated for broadcast and NBMA networks by the designated router flooded throughout a single area only This LSA contains the list of routers connected to the network Network Summary LSA Type 3 LSA originated by ABRs Area Border Routers and flooded throughout the LSA s associated are...

Page 69: ...re enormous occupying excessive bandwidth To solve these problems OSPF splits an AS into multiple areas each of which is identified by an area ID The boundaries between areas are routers rather than links A network segment or a link can only reside in one area An OSPF interface must be specified to belong to its attached area as shown in Figure 17 Figure 17 Area based OSPF network partition After ...

Page 70: ...ABRs acts as a point to point connection You can configure interface parameters such as hello interval on the virtual link as they are configured on a physical interface The two ABRs on the virtual link unicast OSPF packets to each other and the OSPF routers in between convey these OSPF packets as normal IP packets Stub area A stub area does not distribute Type 5 LSAs so the routing table size and...

Page 71: ...routes in Type 7 LSAs into Area 1 Upon receiving these Type 7 LSAs the NSSA ABR translates them to Type 5 LSAs and then advertises the Type 5 LSAs to Area 0 The ASBR of Area 2 redistributes RIP routes in Type 5 LSAs into the OSPF routing domain However Area 1 does not receive these Type 5 LSAs because it is an NSSA area Virtual links cannot transit NSSA areas Figure 20 NSSA area Comparison between...

Page 72: ...rea It connects the backbone area to a non backbone area The connection between an ABR and the backbone area can be physical or logical Backbone router At least one interface of a backbone router must reside in the backbone area All ABRs and internal routers in area 0 are backbone routers Autonomous System Boundary Router ASBR A router exchanging routing information with another AS is an ASBR whic...

Page 73: ...ccess When the link layer protocol is Frame Relay ATM or X 25 OSPF considers the network type as NBMA by default OSPF packets are unicast on a NBMA network P2MP point to multipoint By default OSPF considers no link layer protocol as P2MP which is a conversion from other network types such as NBMA On a P2MP network OSPF packets are multicast to 224 0 0 5 P2P point to point When the link layer proto...

Page 74: ...Figure 23 solid lines are Ethernet physical links and dashed lines represent OSPF adjacencies In the network with the DR and BDR only seven adjacencies are needed Figure 23 DR and BDR in a network DR and BDR election Routers in a network elect the DR and BDR according to their router priorities and router IDs Routers with a router priority value higher than 0 are candidates for DR BDR election The...

Page 75: ...ea ID ID of the area where the advertising router resides Checksum Checksum of the message AuType Authentication type ranging from 0 to 2 corresponding to non authentication simple plaintext authentication and MD5 authentication respectively Authentication Information determined by authentication type It is not defined for authentication type 0 It is defined as password information for authenticat...

Page 76: ...l Time before declaring a silent router down If two routers have different dead intervals they cannot become neighbors Designated router IP address of the DR Backup designated router IP address of the BDR Neighbor Router ID of the neighbor router DD packet Two routers exchange database description DD packets describing their LSDBs for database synchronization A DD packet contains only the headers ...

Page 77: ...MS Master Slave The Master Slave bit When set to 1 it indicates that the router is the master during the database exchange process otherwise the router is the slave router DD sequence number Used to sequence the collection of DD packets The initial value is set by the master The DD sequence number then increments until the complete database description has been sent LSR packet After exchanging DD ...

Page 78: ...U packet LSU Link State Update packets are used to send the requested LSAs to the peer Each packet carries a collection of LSAs Figure 29 LSU packet format LSAck packet Link State Acknowledgment LSAck packets are used to acknowledge received LSU packets An LSAack packet carries the headers of LSAs to be acknowledged Version 3 Router ID Area ID Checksum AuType Packet length Authentication Authentic...

Page 79: ...LSA was originated An LSA ages in the LSDB added by 1 per second but does not age during transmission LS type Type of the LSA Link state ID The contents of this field depend on the LSA s type LS sequence number Used by other routers to judge new and old LSAs LS checksum Checksum of the LSA except the LS age field Length Length in bytes of the LSA including the LSA header LSAs formats Router LSA ...

Page 80: ... of 2 indicates a link to a transit network a value of 3 indicates a link to a stub network and a value of 4 indicates a virtual link TOS Number of different TOS metrics given for this link If no TOS metric is given for the link this field is set to 0 TOS is not supported in RFC 2328 The TOS field is reserved for early versions of OSPF Metric Cost of using this router link TOS IP Type of Service t...

Page 81: ...inated by ABRs Except for the Link state ID field the formats of Type 3 and 4 summary LSAs are identical Figure 34 Summary LSA format Major fields of the Summary LSA are as follows Link state ID For a Type 3 LSA it is an IP address outside the area For a type 4 LSA it is the router ID of an ASBR outside the area Network mask The network mask for the type 3 LSA It is set to 0 0 0 0 for the Type 4 L...

Page 82: ...tised destination E External Metric The type of the external metric value which is set to 1 for type 2 external routes and set to 0 for type 1 external routes See Route types for a description of external route types Metric The metric to the destination Forwarding address Data traffic for the advertised destination is forwarded to this address External route tag A tag attached to each external rou...

Page 83: ...ached to a network segment must be identical OSPF Graceful Restart Graceful Restart GR ensures the continuity of packet forwarding when a routing protocol restarts or an active standby switchover occurs GR Restarter Graceful restarting router It must have GR capability GR Helper A neighbor of the GR Restarter It helps the GR Restarter to complete the GR process After an OSPF GR Restarter restarts ...

Page 84: ...alculation interval You can also configure them as needed OSPF routers should be configured on an area basis Wrong configurations may cause communication failures routing information blocks and routing loops Complete the following tasks to configure OSPF Task Remarks Enabling OSPF Required Configuring OSPF areas Configuring a stub area Optional Configuring an NSSA area Configuring a virtual link C...

Page 85: ...ing neighbor state changes Optional Configuring OSPF network management Optional Enabling message logging Optional Enabling the advertisement and reception of opaque LSAs Optional Configuring OSPF to give priority to receiving and processing hello packets Optional Configuring the LSU transmit rate Optional Setting the DSCP value for OSPF packets Optional Enabling OSPF ISPF Optional Configuring OSP...

Page 86: ... effect locally and has no influence on packet exchange between routers Two routers having different process IDs can exchange packets OSPF support for VPNs enables an OSPF process to run in a specified VPN To enable OSPF Step Command Remarks 1 Enter system view system view N A 2 Configure a global router ID router id router id Optional Not configured by default If no global router ID is configured...

Page 87: ...default route To further reduce the routing table size and routing information exchanged in the stub area configure it as a totally stub area by using the stub no summary command on the ABR In this way neither AS external routes nor inter area routing information will be distributed into the area All the packets destined outside of the AS or area will be sent to the ABR for forwarding To configure...

Page 88: ...by default You must use the nssa command on all the routers attached to an NSSA area 5 Specify a cost for the default route advertised to the NSSA area default cost cost Optional 1 by default The default cost command is available only on the ABR ASBR of an NSSA area Configuring a virtual link Non backbone areas exchange routing information via the backbone area Connectivity between the backbone an...

Page 89: ...apping any two routers in the network have a direct virtual circuit in between you can change the network type to broadcast to avoid manual configuration of neighbors When some routers in the broadcast network do not support multicast you can change the network type to NBMA An NBMA network must be fully meshed If it is partially meshed you can change the network type to P2MP to simplify configurat...

Page 90: ...e election right or not If you configure the router priority for a neighbor as 0 the local router will assume the neighbor has no election right and thus send no hello packets to this neighbor However if the local router is the DR or BDR it still sends hello packets to the neighbor with priority 0 for neighborship establishment To configure the OSPF network type for an Interface as NBMA Step Comma...

Page 91: ... on a P2MP unicast network peer ip address cost value dr priority dr priority Required if the interface type is P2MP unicast Configuring the P2P network type for an interface Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Configure the OSPF network type for the interface as P2P ospf network type p2p By default the net...

Page 92: ...ocess id router id router id vpn instance vpn instance name N A 3 Enter OSPF area view area area id N A 4 Configure ABR route summarization abr summary ip address mask mask length advertise not advertise cost cost Not configured by default The command is available on an ABR only Configuring route summarization when redistributing routes into OSPF on an ASBR Without route summarization an ASBR adve...

Page 93: ... process id router id router id vpn instance vpn instance name N A 3 Configure inbound route filtering filter policy acl number gateway ip prefix name gateway ip prefix name ip prefix ip prefix name gateway ip prefix name route policy route policy name import Not configured by default Configuring ABR Type 3 LSA filtering You can configure an ABR to filter Type 3 LSAs advertised to an area To confi...

Page 94: ...o configure a bandwidth reference value Step Command Remarks 1 Enter system view system view N A 2 Enter OSPF view ospf process id router id router id vpn instance vpn instance name N A 3 Configure a bandwidth reference value bandwidth reference value Optional The value defaults to 100 Mbps Configuring the maximum number of OSPF routes Step Command Remarks 1 Enter system view system view N A 2 Ent...

Page 95: ...fault the preference of OSPF internal routes is 10 and the preference of OSPF external routes is 150 Configuring OSPF route redistribution This section describes configuring OSPF to redistribute manually configured routes or routes discovered by other routing protocols Only active routes can be redistributed Use the display ip routing table protocol command to view route state information Configur...

Page 96: ...process id router id router id vpn instance vpn instance name N A 3 Redistribute a default route default route advertise always permit calculate other cost cost route policy route policy name type type summary cost cost Not redistributed by default The default route advertise summary cost command is applicable only to VPN and the default route is redistributed in a Type 3 LSA The PE router adverti...

Page 97: ...t timers to adjust the OSPF network convergence speed and network load On low speed links consider the delay time for sending LSAs Change the SPF calculation interval to reduce resource consumption caused by frequent network changes Configure OSPF authentication to improve security Configure OSPF network management functions such as binding OSPF MIB with a process sending trap information and coll...

Page 98: ...s The default hello interval is restored when the network type for an interface is changed 4 Specify the poll interval ospf timer poll seconds Optional The poll interval defaults to 120 seconds 5 Specify the dead interval ospf timer dead seconds Optional The default dead interval is 40 seconds on P2P and broadcast interfaces and 120 seconds on P2MP and NBMA interfaces The default dead interval is ...

Page 99: ...5 seconds Specifying the LSA arrival interval After receiving the same LSA as the previously received LSA within the LSA arrival interval OSPF discards the LSA To configure the LSA arrival interval Step Command Remarks 1 Enter system view system view N A 2 Enter OSPF view ospf process id router id router id vpn instance vpn instance name N A 3 Configure the LSA arrival interval lsa arrival interva...

Page 100: ...F adaptability and reduce resource consumption To disable interfaces from receiving and sending routing information Step Command Remarks 1 Enter system view system view N A 2 Enter OSPF view ospf process id router id router id vpn instance vpn instance name N A 3 Disable interfaces from receiving and sending OSPF packets silent interface interface type interface number all Optional Not disabled by...

Page 101: ...er id vpn instance vpn instance name N A 3 Enter area view area area id N A 4 Configure the authentication mode authentication mode md5 simple Not configured by default 5 Return to OSPF view quit N A 6 Return to system view quit N A 7 Enter interface view interface interface type interface number N A 8 Configure interface authentication mode Configure the simple authentication mode ospf authentica...

Page 102: ...ompatible with RFC 2328 the routes in the backbone area are preferred if not the routes in the non backbone area are preferred to reduce the burden of the backbone area To avoid routing loops HP recommends configuring all the routers to be either compatible or incompatible with RFC 1583 To make them compatible Step Command Remarks 1 Enter system view system view N A 2 Enter OSPF view ospf process ...

Page 103: ...ss ospf mib binding process id Optional By default the OSPF process with the smallest process id is bound with OSPF MIB 3 Enable OSPF trap generation snmp agent trap enable ospf process id ifauthfail ifcfgerror ifrxbadpkt ifstatechange iftxretransmit lsdbapproachoverflow lsdboverflow maxagelsa nbrstatechange originatelsa vifcfgerror virifauthfail virifrxbadpkt virifstatechange viriftxretransmit vi...

Page 104: ...ighbor relationships To configure OSPF to give priority to receiving and processing hello packets Step Command Remarks 1 Enter system view system view N A 2 Configure OSPF to give priority to receiving and processing hello packets ospf packet process prioritized treatment Not configured by default Configuring the LSU transmit rate Sending large numbers of LSU packets affects router performance and...

Page 105: ...t the DSCP value for OSPF packets dscp dscp value Optional By default the DSCP value in OSPF packets is 48 Enabling OSPF ISPF When a network topology is changed Incremental Shortest Path First ISPF allows the system to recompute only the affected part of the shortest path tree SPT instead of the entire SPT To enable OSPF ISPF Step Command Remarks 1 Enter system view system view N A 2 Enter OSPF vi...

Page 106: ...dress of echo packets bfd echo source ip ip address Not configured by default 3 Enter OSPF view ospf process id router id router id vpn instance vpn instance name N A 4 Enable OSPF FRR to automatically calculate a backup next hop fast reroute auto abr only Not configured by default If abr only is specified the route to the ABR is selected as the backup path Configuring OSPF FRR to designate a back...

Page 107: ...paque capability enable Disabled by default 4 Enable the IETF standard Graceful Restart capability graceful restart ietf Disabled by default 5 Configure the Graceful Restart interval graceful restart interval timer Optional 120 seconds by default Configuring the non IETF standard OSPF GR Restarter Step Command Remarks 1 Enter system view system view N A 2 Enable OSPF and enter its view ospf proces...

Page 108: ...Remarks 1 Enter system view system view N A 2 Enable OSPF and enter its view ospf process id router id router id vpn instance vpn instance name N A 3 Enable the link local signaling capability enable link local signaling Disabled by default 4 Enable the out of band re synchronization capability enable out of band resynchronization Disabled by default 5 Configure the neighbors for which the router ...

Page 109: ...iew interface interface type interface number N A 3 Enable BFD control packet bidirectional detection on the interface ospf bfd enable Not enabled by default Configuring echo packet single hop detection Step Command Description 1 Enter system view system view N A 2 Configure the source address of echo packets bfd echo source ip ip address Not configured by default 3 Enter interface view interface ...

Page 110: ... request queue interface type interface number neighbor id begin exclude include regular expression Available in any view Display OSPF retransmission queue information display ospf process id retrans queue interface type interface number neighbor id begin exclude include regular expression Available in any view Display OSPF ABR and ASBR information display ospf process id abr asbr begin exclude in...

Page 111: ...f SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 area 1 SwitchA ospf 1 area 0 0 0 1 network 10 2 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 1 quit SwitchA ospf 1 quit Configure Switch B SwitchB system view SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 q...

Page 112: ...rbose OSPF Process 1 with Router ID 10 2 1 1 Neighbors Area 0 0 0 0 interface 10 1 1 1 Vlan interface100 s neighbors Router ID 10 3 1 1 Address 10 1 1 2 GR State Normal State Full Mode Nbr is Master Priority 1 DR 10 1 1 1 BDR 10 1 1 2 MTU 0 Dead timer due in 37 sec Neighbor is up for 06 03 59 Authentication Sequence 0 Neighbor state change count 5 Neighbors Area 0 0 0 1 interface 10 2 1 1 Vlan int...

Page 113: ...et 10 2 1 0 10 2 1 1 1069 28 8000000F 10 Sum Net 10 3 1 0 10 3 1 1 780 28 80000014 2 Sum Net 10 4 1 0 10 2 1 1 769 28 8000000F 13 Area 0 0 0 1 Type LinkState ID AdvRouter Age Len Sequence Metric Router 10 2 1 1 10 2 1 1 769 36 80000012 0 Router 10 4 1 1 10 4 1 1 1663 48 80000012 0 Network 10 2 1 1 10 2 1 1 769 32 80000010 0 Sum Net 10 5 1 0 10 2 1 1 769 28 80000003 14 Sum Net 10 3 1 0 10 2 1 1 106...

Page 114: ...vg max 1 1 2 ms Configuring OSPF route redistribution Network requirements As shown in Figure 39 all the switches run OSPF and the AS is divided into three areas Switch A and Switch B act as ABRs to forward routes between areas Switch C is configured as an ASBR to redistribute external routes static routes Routing information is propagated properly in the AS Figure 39 Network diagram Configuration...

Page 115: ...0 2 10 4 1 0 24 25 Inter 10 3 1 1 10 3 1 1 0 0 0 2 10 5 1 0 24 10 Stub 10 5 1 1 10 5 1 1 0 0 0 2 10 1 1 0 24 12 Inter 10 3 1 1 10 3 1 1 0 0 0 2 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 3 1 2 0 24 1 Type2 1 10 3 1 1 10 4 1 1 Total Nets 6 Intra Area 2 Inter Area 3 ASE 1 NSSA 0 Configuring OSPF to advertise a summary route Network requirements As shown in Figure 40 Switch A and Sw...

Page 116: ...0 0 quit SwitchA ospf 1 quit Configure Switch B SwitchB system view SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 11 2 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit Configure Switch C SwitchC system view SwitchC ospf SwitchC ospf 1 area 0 SwitchC ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 network 10 2 1 0 0 0 0 255 Switc...

Page 117: ... 1 1 1 as 200 SwitchC bgp import route ospf SwitchC bgp import route direct SwitchC bgp quit 4 Configure Switch B and Switch C to redistribute BGP routes into OSPF Configure OSPF to redistribute routes from BGP on Switch B SwitchB ospf SwitchB ospf 1 import route bgp Configure OSPF to redistribute routes from BGP on Switch C SwitchC ospf SwitchC ospf 1 import route bgp Display the OSPF routing tab...

Page 118: ...ummarized into one route 10 0 0 0 8 Configuring an OSPF stub area Network requirements Figure 41 shows an AS is split into three areas where all switches run OSPF Switch A and Switch B act as ABRs to forward routing information between areas Switch D acts as the ASBR to redistribute routes static routes Configure Area 1 as a stub area reducing LSAs to this area without affecting route reachability...

Page 119: ...0 24 7 Inter 10 2 1 1 10 2 1 1 0 0 0 1 10 4 1 0 24 3 Stub 10 4 1 1 10 4 1 1 0 0 0 1 10 5 1 0 24 17 Inter 10 2 1 1 10 2 1 1 0 0 0 1 10 1 1 0 24 5 Inter 10 2 1 1 10 2 1 1 0 0 0 1 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 3 1 2 0 24 1 Type2 1 10 2 1 1 10 5 1 1 Total Nets 6 Intra Area 2 Inter Area 3 ASE 1 NSSA 0 The output shows that because Switch C resides in a normal OSPF area it...

Page 120: ... Filter Type 3 LSAs out the stub area SwitchA ospf SwitchA ospf 1 area 1 SwitchA ospf 1 area 0 0 0 1 stub no summary SwitchA ospf 1 area 0 0 0 1 quit Display OSPF routing information on Switch C SwitchC display ospf routing OSPF Process 1 with Router ID 10 4 1 1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0 0 0 0 0 4 Inter 10 2 1 1 10 2 1 1 0 0 0 1 10 2 1 0 24 3...

Page 121: ...igure Switch C SwitchC system view SwitchC ospf SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 nssa SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit NOTE If Switch C in the NSSA area wants to obtain routes to other areas within the AS you must configure the nssa command with the keyword default route advertise on Switch A an ABR so Switch C can obtain a default route It is recommended to co...

Page 122: ... Router ID 10 5 1 1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10 2 1 0 24 22 Inter 10 3 1 1 10 3 1 1 0 0 0 2 10 3 1 0 24 10 Transit 10 3 1 2 10 3 1 1 0 0 0 2 10 4 1 0 24 25 Inter 10 3 1 1 10 3 1 1 0 0 0 2 10 5 1 0 24 10 Stub 10 5 1 1 10 5 1 1 0 0 0 2 10 1 1 0 24 12 Inter 10 3 1 1 10 3 1 1 0 0 0 2 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 3 1...

Page 123: ...system view SwitchB router id 2 2 2 2 SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit Configure Switch C SwitchC system view SwitchC router id 3 3 3 3 SwitchC ospf SwitchC ospf 1 area 0 SwitchC ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Confi...

Page 124: ...on Sequence 0 Router ID 4 4 4 4 Address 192 168 1 4 GR State Normal State Full Mode Nbr is Master Priority 1 DR 192 168 1 4 BDR 192 168 1 3 MTU 0 Dead timer due in 31 sec Neighbor is up for 00 01 28 Authentication Sequence 0 Switch D becomes the DR and Switch C is the BDR 3 Configure router priorities on interfaces Configure Switch A SwitchA interface vlan interface 1 SwitchA Vlan interface1 ospf ...

Page 125: ...or 00 11 15 Authentication Sequence 0 The DR and BDR are not changed because the new router priority settings do not take effect immediately 4 Restart OSPF process Restart the OSPF process of Switch D SwitchD reset ospf 1 process Warning Reset OSPF process Y N y Display neighbor information on Switch D SwitchD display ospf peer verbose OSPF Process 1 with Router ID 4 4 4 4 Neighbors Area 0 0 0 0 i...

Page 126: ...spf interface OSPF Process 1 with Router ID 1 1 1 1 Interfaces Area 0 0 0 0 IP Address Type State Cost Pri DR BDR 192 168 1 1 Broadcast DR 1 100 192 168 1 1 192 168 1 3 SwitchB display ospf interface OSPF Process 1 with Router ID 2 2 2 2 Interfaces Area 0 0 0 0 IP Address Type State Cost Pri DR BDR The interface state DROther means the interface is not the DR BDR Configuring OSPF virtual links Net...

Page 127: ...re Switch C SwitchC system view SwitchC ospf 1 router id 3 3 3 3 SwitchC ospf 1 area 1 SwitchC ospf 1 area 0 0 0 1 network 10 2 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 area 2 SwitchC ospf 1 area 0 0 0 2 network 10 3 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 2 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view SwitchD ospf 1 router id 4 4 4 4 SwitchD ospf 1 area 2 S...

Page 128: ...uter ID 2 2 2 2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10 2 1 0 24 2 Transit 10 2 1 1 3 3 3 3 0 0 0 1 10 3 1 0 24 5 Inter 10 2 1 2 3 3 3 3 0 0 0 0 10 1 1 0 24 2 Transit 10 1 1 2 2 2 2 2 0 0 0 0 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 Switch B has learned the route 10 3 1 0 24 to Area 2 Configuring OSPF Graceful Restart Network requirements As sh...

Page 129: ...onfigure Switch C SwitchC system view SwitchC router id 3 3 3 3 SwitchC ospf 100 SwitchC ospf 100 area 0 SwitchC ospf 100 area 0 0 0 0 network 192 1 1 0 0 0 0 255 SwitchC ospf 100 area 0 0 0 0 quit 3 Configure OSPF GR Configure Switch A as the non IETF standard OSPF GR Restarter enable the link local signaling capability the out of band re synchronization capability and non IETF standard Graceful ...

Page 130: ...ted for OSPF Router OSPF 100 notify RM that OSPF process will enter GR OSPF 100 created GR wait timer timeout interval is 40 s OSPF 100 created GR Interval timer timeout interval is 120 s OSPF 100 Intf 192 1 1 1 Rcv InterfaceUp State Down Waiting OSPF 100 Intf 192 1 1 1 Rcv BackupSeen State Waiting BackupDR OSPF 100 created OOB Progress timer for neighbor 192 1 1 2 OSPF 100 restarted OOB Progress ...

Page 131: ... functions See Configuring OSPF basic functions 3 Configure OSPF to redistribute routes On Switch C configure a static route destined for network 3 1 1 0 24 SwitchC system view SwitchC ip route static 3 1 1 0 24 10 4 1 2 On Switch C configure a static route destined for network 3 1 2 0 24 SwitchC ip route static 3 1 2 0 24 10 4 1 2 On Switch C configure a static route destined for network 3 1 3 0 ...

Page 132: ...ter policy ip prefix prefix1 export static Display the OSPF routing table of Switch A SwitchA display ip routing table Routing Tables Public Destinations 11 Routes 11 Destination Mask Proto Pre Cost NextHop Interface 3 1 1 0 24 O_ASE 150 1 10 2 1 2 Vlan200 3 1 2 0 24 O_ASE 150 1 10 2 1 2 Vlan200 10 1 1 0 24 Direct 0 0 10 1 1 1 Vlan100 10 1 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 2 1 0 24 Direct 0 0...

Page 133: ... 0 0 127 0 0 1 InLoop0 The route destined for 10 5 1 0 24 is filtered out Configuring OSPF FRR Network requirements Switch S Switch A and Switch D belong to the same OSPF domain as illustrated in Figure 47 Configure OSPF FRR so that when the link between Switch S and Switch D fails traffic can be switched to Link B immediately Figure 47 Network diagram Configuration procedure 1 Configure IP addres...

Page 134: ...interface 100 backup nexthop 12 12 12 2 SwitchS route policy quit SwitchS ospf 1 SwitchS ospf 1 fast reroute route policy frr SwitchS ospf 1 quit Configure Switch D SwitchD system view SwitchD bfd echo source ip 4 4 4 4 SwitchD ip ip prefix abc index 10 permit 1 1 1 1 32 SwitchD route policy frr permit node 10 SwitchD route policy if match ip prefix abc SwitchD route policy apply fast reroute back...

Page 135: ...24 24 2 BkInterface Vlan interface101 RelyNextHop 0 0 0 0 Neighbor 0 0 0 0 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLabel NULL State Active Adv Age 00h01m27s Tag 0 Configuring BFD for OSPF Network requirements As shown in Figure 48 OSPF is enabled on Switch A Switch B and Switch C that are reachable to each other at the network layer After the link over which Switch A and Switch B communicate th...

Page 136: ...work 10 1 0 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 13 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 120 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit SwitchB interface vlan interface 13 SwitchB Vlan interface13 ospf cost 2 SwitchB Vlan interface13 quit Configure Switch C SwitchC system view SwitchC ospf SwitchC ospf 1 area 0 SwitchC ospf 1 area 0 0 0 0 network...

Page 137: ...mary Count 1 Destination 120 1 1 0 24 Protocol OSPF Process ID 0 Preference 0 Cost 2 IpPrecedence QosLcId NextHop 10 1 0 100 Interface Vlan interface10 BkNextHop 0 0 0 0 BkInterface RelyNextHop 0 0 0 0 Neighbor 0 0 0 0 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLabel NULL State Active Adv Age 00h58m10s Tag 0 The output shows that Switch A communicates with Switch B through VLAN interface 10 When t...

Page 138: ...hbor router s IP address to verify connectivity 4 Verify OSPF timers The dead interval on an interface must be at least four times the hello interval 5 Use the peer ip address command to specify the neighbor manually on an NBMA network 6 On an NBMA or a broadcast network at least one connected interface must have a router priority higher than 0 Incorrect routing information Symptom OSPF cannot fin...

Page 139: ...n two areas are configured at least one area is connected to the backbone 5 In a stub area all routers attached are configured with the stub command In an NSSA area all routers attached are configured with the nssa command 6 If a virtual link is configured use the display ospf vlink command to verify the state of the virtual link ...

Page 140: ...S refers to a router End system ES Refers to a host system in TCP IP ISO defines the ES IS protocol for communication between an ES and an IS An ES does not participate in the IS IS processing Routing domain RD A group of ISs exchanges routing information with each other using the same routing protocol in a routing domain Area A unit in a routing domain The IS IS protocol allows a routing domain t...

Page 141: ...h area merging partitioning and switching System ID A system ID identifies a host or router uniquely It has a fixed length of 48 bits 6 bytes The system ID of a device can be generated from the Router ID For example a router uses the IP address 168 10 1 1 of Loopback 0 as the Router ID The system ID in IS IS can be obtained in the following ways Extend each decimal number of the IP address to 3 di...

Page 142: ...s with Level 1 and Level 1 2 routers in the same area The LSDB maintained by the Level 1 router contains the local area routing information It directs the packets destined for an outside area to the nearest Level 1 2 router Level 2 router A Level 2 router establishes neighbor relationships with the Level 2 and Level 1 2 routers in the same or in different areas It maintains a Level 2 LSDB containi...

Page 143: ...uous Level 2 and Level 1 2 routers which can reside in different areas Figure 51 IS IS topology 2 NOTE The IS IS backbone does not need to be a specific area Both the Level 1 and Level 2 routers use the SPF algorithm to generate the shortest path tree SPT Route leaking An IS IS routing domain is comprised of only one Level 2 area and multiple Level 1 areas A Level 1 area consists of a group of Lev...

Page 144: ...iate System DIS The Level 1 and Level 2 DISs are elected You can assign different priorities to different level DIS elections The higher a router s priority is the more likely the router becomes the DIS If multiple routers with the same highest DIS priority exist the one with the highest SNPA Subnetwork Point of Attachment address MAC address on a broadcast network will be elected A router can be ...

Page 145: ... fields of the PDU common header are as follows Intradomain routing protocol discriminator Set to 0x83 Length indicator Length of the PDU header in bytes including both common and specific headers Version Protocol ID extension Set to 1 0x01 ID length Length of the NSAP address and NET ID R Reserved Set to 0 PDU type See Table 4 Version Set to 1 0x01 Maximum area address Maximum number of area addr...

Page 146: ...ters use the Level 2 LAN IIHs The P2P IIHs are used on point to point networks Figure 55 illustrates the hello packet format in broadcast networks where the blue fields are the common header Figure 55 L1 L2 LAN IIH format Major fields of the L1 L2 LAN IIH are as follows Reserved Circuit type The first six bits are reserved with a value of 0 The last two bits indicate the router type Here 00 means ...

Page 147: ... LAN ID fields in the LAN IIH the P2P IIH has a Local Circuit ID field LSP packet format The Link State PDU LSP carries link state information LSP involves two types Level 1 LSP and Level 2 LSP The Level 2 LSPs are sent by the Level 2 routers and the Level 1 LSPs are sent by the Level 1 routers The Level 1 2 router can send both types of LSPs The two types of LSPs have the same format ...

Page 148: ... that is generated by a L1 L1 router for L1 LSPs only it indicates that the router generating the LSP is connected to multiple areas OL LSDB Overload Indicates that the LSDB is not complete because the router has run out of memory Other routers will not send packets to the overloaded router except packets destined to the networks directly connected to the router For example in Figure 58 Router A f...

Page 149: ...2 PSNP CSNP covers the summary of all LSPs in the LSDB to synchronize the LSDB between neighboring routers On broadcast networks CSNP is sent by the DIS periodically 10s by default On point to point networks CSNP is only sent during the adjacency establishment The CSNP packet format is shown in Figure 59 Figure 59 L1 L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest ...

Page 150: ...hbors LSP LSP 4 Partition Designated Level 2 IS L2 LSP 6 IS Neighbors MAC Address LAN IIH 7 IS Neighbors SNPA Address LAN IIH 8 Padding IIH 9 LSP Entries SNP 10 Authentication Information IIH LSP SNP 128 IP Internal Reachability Information LSP 129 Protocols Supported IIH LSP 130 IP External Reachability Information L2 LSP 131 Inter Domain Routing Protocol Information L2 LSP Intradomain routing pr...

Page 151: ...responses from neighbors The GR Restarter then synchronizes the LSDB with all GR capable neighbors calculates routes updates its routing table and forwarding table and removes stale routes The IS IS routing convergence is then complete IS IS NSR Nonstop routing NSR is a new feature that overcomes the application limit of GR It backs up IS IS link state information from the master device to the sla...

Page 152: ... some routers do not support LSP fragment extension In this mode adjacencies are formed between the originating system and virtual systems with the link cost from the originating system to each virtual system as 0 Each virtual system acts as a router connected to the originating system in the network but the virtual systems are reachable through the originating system only The IS IS routers not su...

Page 153: ...cencies RFC 3567 Intermediate System to Intermediate System IS IS Cryptographic Authentication RFC 3719 Recommendations for Interoperable Networks using IS IS RFC 3786 Extending the Number of IS IS LSP Fragments Beyond the 256 Limit RFC 3787 Recommendations for Interoperable IP Networks using IS IS RFC 3784 IS IS extensions for Traffic Engineering RFC 3847 Restart signaling for IS IS IS IS configu...

Page 154: ...ion Optional Configuring routing domain authentication Optional Configuring IS IS GR Optional Configuring IS IS NSR Optional Configuring IS IS FRR Optional Enabling IS IS SNMP trap Optional Binding an IS IS process with MIBs Optional Configuring BFD for IS IS Optional Configuring IS IS basic functions Configuration prerequisites Before you configure IS IS basic functions complete the following tas...

Page 155: ...evel Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Specify the IS level is level level 1 level 1 2 level 2 Optional The default is Level 1 2 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Specify the circuit level isis circuit level level 1 level 1 2 level 2 O...

Page 156: ...Configuring IS IS link cost The IS IS cost of an interface is determined in the following order 1 IS IS cost specified in interface view 2 IS IS cost specified in system view The cost is applied to the interfaces associated with the IS IS process 3 Automatically calculated cost If the cost style is wide or wide compatible IS IS automatically calculates the cost using the formula interface cost ban...

Page 157: ...imit Optional narrow by default 4 Specify a global IS IS cost circuit cost value level 1 level 2 By default no global cost is specified Enabling automatic IS IS cost calculation Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Specify an IS IS cost style cost style wide wide compatible narrow by default 4 Enable automa...

Page 158: ...he network range of the summary route are summarized into one route for advertisement Doing so can reduce the size of routing tables as well as the scale of LSP and LSDB Both IS IS routes and redistributed routes can be summarized The router summarizes only the routes in the locally generated LSPs The cost of the summary route is the lowest one among the costs of summarized routes To configure rou...

Page 159: ...tem view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Redistribute routes from another routing protocol import route protocol process id all processes allow ibgp cost cost cost type external internal level 1 level 1 2 level 2 route policy route policy name tag tag By default No route is redistributed If no level is specified routes are redistributed into ...

Page 160: ...ce name N A 3 Configure the filtering of routes redistributed from another routing protocol or IS IS process filter policy acl number ip prefix ip prefix name route policy route policy name export protocol process id Not configured by default Configuring IS IS route leaking With IS IS route leaking enabled the Level 1 2 router can advertise the routing information of other Level 1 areas and Level ...

Page 161: ...llo packets sent by the DIS is 1 3 the hello interval set with the isis timer hello command Specifying the IS IS hello multiplier If a neighbor receives no hello packets from the router within the advertised hold time it considers the router down and recalculates the routes The hold time is the hello multiplier multiplied by the hello interval On a broadcast link Level 1 and Level 2 hello packets ...

Page 162: ...ted networks in LSPs through other interfaces This can save bandwidth and CPU resources and ensures other routers know networks directly connected to the interface To disable an interface from sending and receiving IS IS packets Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Disable the interface from sending and rece...

Page 163: ...metric system ID or area ID is changed the router generates an LSP after a configurable interval If such a change occurs frequently excessive LSPs are generated consuming a large amount of router resources and bandwidth To solve the problem you can adjust the LSP generation interval To specify the LSP refresh interval and generation interval Step Command Remarks 1 Enter system view system view N A...

Page 164: ... packets to be smaller than the smallest interface MTU in this area If they are not the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU which takes time and affects other services To specify LSP lengths Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Specify the maximum length of ...

Page 165: ...id Not configured by default Configuring SPF parameters When the LSDB changes on a router a route calculation starts Frequent route calculations consume a lot of system resources You can set an appropriate interval for SPF calculations to improve efficiency To configure the SPF parameters Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn i...

Page 166: ... overload bit set overload on startup start from nbr system id timeout1 nbr timeout timeout2 allow external interlevel Not set by default Configuring system ID to host name mappings In IS IS a system ID identifies a router or host uniquely A system ID has a fixed length of 6 bytes When an administrator needs to view IS IS neighbor information routing table or LSDB information using the system IDs ...

Page 167: ...e LSDB To configure dynamic system ID to host name mapping Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Specify a host name for the router is name sys name Not specified by default 4 Return to system view quit N A 5 Enter interface view interface interface type interface number N A 6 Configure a DIS name isis dis n...

Page 168: ...re configurable on an interface that has IS IS enabled If you configure an authentication mode and a password without specifying a level the authentication mode and password apply to both Level 1 and Level 2 If neither ip nor osi is specified the OSI related fields in LSPs are checked To configure neighbor relationship authentication Step Command Remarks 1 Enter system view system view N A 2 Enter...

Page 169: ...domain authentication is configured Configuring IS IS GR Restarting IS IS on a router causes network disconnections and route reconvergence With the Graceful Restart GR feature the restarting router known as the GR Restarter can notify the event to its GR capable neighbors GR capable neighbors known as the GR Helpers will keep their adjacencies with the router within a configurable GR interval Aft...

Page 170: ...switchover NSR can complete link state recovery and route re generation without requiring the cooperation of other devices The IS IS NSR and IS IS GR features are mutually exclusive To configure IS IS NSR Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Enable IS IS NSR non stop routing Disabled by default 4 Set the NS...

Page 171: ...stem view N A 2 Configure the source address of echo packets bfd echo source ip ip address Not configured by default 3 Enter IS IS view isis process id vpn instance vpn instance name N A 4 Enable IS IS FRR to automatically calculate a backup next hop fast reroute auto Not configured by default Configuring IS IS FRR to designate a backup next hop with a routing policy You can use the apply fast rer...

Page 172: ...llows you to bind MIB with an IS IS process to send and collect information For more information about MIB see Network Management and Monitoring Configuration Guide To bind an IS IS process with MIBs Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Bind the IS IS process with MIBs isis mib binding process id By default...

Page 173: ...n Available in any view Display the host name to system ID mapping table display isis name table process id vpn instance vpn instance name begin exclude include regular expression Available in any view Display IS IS neighbor information display isis peer statistics verbose process id vpn instance vpn instance name begin exclude include regular expression Available in any view Display IS IS IPv4 ro...

Page 174: ...nterfaces Details not shown 2 Configure IS IS Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 is level level 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 isis enable 1 SwitchA Vlan interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 is level level 1 Swi...

Page 175: ...D Vlan interface100 isis enable 1 SwitchD Vlan interface100 quit SwitchD interface vlan interface 300 SwitchD Vlan interface300 isis enable 1 SwitchD Vlan interface300 quit 3 Verify the configuration Display the IS IS LSDB of each switch to verify the LSP integrity SwitchA display isis lsdb Database information for ISIS 1 Level 1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT P OL ...

Page 176: ...00000008 0xe651 1053 68 0 0 0 0000 0000 0002 01 00 0x00000005 0xd2b3 1052 55 0 0 0 0000 0000 0003 00 00 0x00000014 0x194a 1051 111 1 0 0 0000 0000 0003 01 00 0x00000002 0xabdb 854 55 0 0 0 Self LSP Self LSP Extended ATT Attached P Partition OL Overload Level 2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT P OL 0000 0000 0003 00 00 0x00000012 0xc93c 842 100 0 0 0 0000 0000 0004 00 ...

Page 177: ...10 1 1 1 R 192 168 0 0 24 20 NULL Vlan100 10 1 1 1 R 0 0 0 0 0 10 NULL Vlan100 10 1 1 1 R Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set SwitchC display isis route Route information for ISIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 192 168 0 0 24 10 NULL Vlan300 Direct D L 10 1 1 0 24 10 NULL Vlan100 Direct D L 10 1 2 ...

Page 178: ...L Advertised in LSPs U Up Down Bit Set DIS election configuration Network requirements As shown in Figure 64 Switch A B C and D reside in IS IS area 10 on a broadcast network Ethernet Switch A and Switch B are Level 1 2 switches Switch C is a Level 1 switch and Switch D is a Level 2 switch Change the DIS priority of Switch A to make it elected as the Level 1 2 DIS router Figure 64 Network diagram ...

Page 179: ... 1 SwitchC Vlan interface100 quit Configure Switch D SwitchD system view SwitchD isis 1 SwitchD isis 1 network entity 10 0000 0000 0004 00 SwitchD isis 1 is level level 2 SwitchD isis 1 quit SwitchD interface vlan interface 100 SwitchD Vlan interface100 isis enable 1 SwitchD Vlan interface100 quit Display information about IS IS neighbors of Switch A SwitchA display isis peer Peer information for ...

Page 180: ...rface information for ISIS 1 Interface Vlan interface100 Id IPV4 State IPV6 State MTU Type DIS 001 Up Down 1497 L1 L2 No Yes By using the default DIS priority Switch C is the Level 1 DIS and Switch D is the Level 2 DIS The pseudonodes of Level 1 and Level 2 are 0000 0000 0003 01 and 0000 0000 0004 01 3 Configure the DIS priority Configure the DIS priority on Switch A SwitchA interface vlan interfa...

Page 181: ...0001 01 Display information about IS IS neighbors and interfaces of Switch C SwitchC display isis peer Peer information for ISIS 1 System Id 0000 0000 0002 Interface Vlan interface100 Circuit Id 0000 0000 0001 01 State Up HoldTime 25s Type L1 PRI 64 System Id 0000 0000 0001 Interface Vlan interface100 Circuit Id 0000 0000 0001 01 State Up HoldTime 7s Type L1 PRI 100 SwitchC display isis interface ...

Page 182: ...AS They use IS IS to interconnect Switch A and Switch B are Level 1 routers Switch D is a Level 2 router and Switch C is a Level 1 2 router Redistribute RIP routes into IS IS on Switch D Figure 65 Network diagram for IS IS route redistribution Configuration procedure 1 Configure IP addresses for interfaces Details not shown 2 Configure IS IS basic functions Configure Switch A SwitchA system view S...

Page 183: ...e 1 SwitchC Vlan interface100 quit SwitchC interface vlan interface 300 SwitchC Vlan interface300 isis enable 1 SwitchC Vlan interface300 quit Configure Switch D SwitchD system view SwitchD isis 1 SwitchD isis 1 is level level 2 SwitchD isis 1 network entity 20 0000 0000 0004 00 SwitchD isis 1 quit SwitchD interface interface vlan interface 300 SwitchD Vlan interface300 isis enable 1 SwitchD Vlan ...

Page 184: ...erface NextHop Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L 10 1 2 0 24 10 NULL VLAN200 Direct D L 192 168 0 0 24 10 NULL VLAN300 Direct D L Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set SwitchD display isis route Route information for ISIS 1 ISIS 1 IPv4 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 10 1 1 0 24 20 NULL VLAN300 192 168 0...

Page 185: ... 1 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L 10 1 2 0 24 10 NULL VLAN200 Direct D L 192 168 0 0 24 10 NULL VLAN300 Direct D L Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set ISIS 1 IPv4 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 10 1 1 0 24 10 NULL VLAN100 Direc...

Page 186: ...aceful restart SwitchA isis 1 graceful restart interval 150 SwitchA isis 1 return Configure Switch B and Switch C in the same way Details not shown 4 Verify the configuration After Router A establishes adjacencies with Router B and Router C they begin to exchange routing information Restart IS IS on Router A which enters the restart state and sends connection requests to its neighbors through the ...

Page 187: ...S NSR configuration Configuration procedure 1 Configure IP addresses and subnet masks for interfaces on the switches Details not shown 2 Configure IS IS on the switches ensuring that Switch S Switch A and Switch B can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS IS Details not shown 3 Enable IS IS NSR on Switch S SwitchS system view SwitchS ...

Page 188: ...ute Route information for ISIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 12 12 12 0 24 10 NULL vlan100 Direct D L 22 22 22 22 32 10 NULL Loop0 Direct D 14 14 14 0 32 10 NULL vlan100 12 12 12 2 R L 44 44 44 44 32 10 NULL vlan100 12 12 12 2 R L Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set ISIS 1 IPv4 Level 2 Forwarding ...

Page 189: ... to RM L Advertised in LSPs U Up Down Bit Set ISIS 1 IPv4 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 14 14 14 0 24 10 NULL vlan200 Direct D L 44 44 44 44 32 10 NULL Loop0 Direct D 12 12 12 0 32 10 NULL 22 22 22 22 32 10 NULL Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set The output shows that the neighbor relationships and routing inf...

Page 190: ...m view SwitchD bfd echo source ip 4 4 4 4 SwitchD isis 1 SwitchD isis 1 fast reroute auto SwitchD isis 1 quit Method II Enable IS IS FRR to designate a backup next hop by using a referenced routing policy Configure Switch S SwitchS system view SwitchS bfd echo source ip 1 1 1 1 SwitchS ip ip prefix abc index 10 permit 4 4 4 4 32 SwitchS route policy frr permit node 10 SwitchS route policy if match...

Page 191: ...nterface Vlan interface200 BkNextHop 12 12 12 2 BkInterface Vlan interface100 RelyNextHop 0 0 0 0 Neighbor 0 0 0 0 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLabel NULL State Active Adv Age 00h01m27s Tag 0 Display route 1 1 1 1 32 on Switch D to view the backup next hop information SwitchD display ip routing table 1 1 1 1 verbose Routing Table Public Summary Count 1 Destination 1 1 1 1 32 Protocol...

Page 192: ...tions Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 isis enable 1 SwitchA Vlan interface100 quit Configure Switch B SwitchB system view SwitchB isis 1 SwitchB isis 1 network entity 10 0000 0000 0002 00 SwitchB isis 1 quit SwitchB interface vlan interface 200...

Page 193: ...cify the MD5 authentication mode and password t5Hr on VLAN interface 200 of Switch B and on VLAN interface 200 of Switch C SwitchB interface vlan interface 200 SwitchB Vlan interface200 isis authentication mode md5 t5Hr SwitchB Vlan interface200 quit SwitchC interface vlan interface 200 SwitchC Vlan interface200 isis authentication mode md5 t5Hr SwitchC Vlan interface200 quit Specify the MD5 authe...

Page 194: ...ch B communicate through the Layer 2 switch fails BFD can quickly detect the failure and notify IS IS of the failure Switch A and Switch B then communicate through Switch C Figure 70 Network diagram for BFD configuration on an IS IS link Device Interface IP address Device Interface IP address Switch A Vlan int10 10 1 0 102 24 Switch B Vlan int10 10 1 0 100 24 Vlan int11 11 1 1 1 24 Vlan int13 13 1...

Page 195: ...chC Vlan interface13 isis enable SwitchC Vlan interface13 quit 3 Configure BFD parameters Enable BFD on Switch A and configure BFD parameters SwitchA bfd session init mode active SwitchA interface vlan interface 10 SwitchA Vlan interface10 isis bfd enable SwitchA Vlan interface10 bfd min receive interval 500 SwitchA Vlan interface10 bfd min transmit interval 500 SwitchA Vlan interface10 bfd detect...

Page 196: ...tch B through VLAN interface 10 When the link over VLAN interface 10 fails BFD can quickly detect the failure Display the BFD information on Switch A SwitchA display bfd session Switch A has deleted the BFD session on VLAN interface 10 to Switch B and displays no output Display routes destined for 120 1 1 0 24 on Switch A SwitchA display ip routing table 120 1 1 0 verbose Routing Table Public Summ...

Page 197: ...ion by advertising only incremental updates and is applicable to advertising a great amount of routing information on the Internet Eliminates routing loops completely by adding AS path information to BGP route advertisements Provides abundant policies to implement flexible route filtering and selection Provides good scalability A router advertising BGP messages is called a BGP speaker It establish...

Page 198: ...first message sent by each side is an open message for peer relationship establishment Figure 72 BGP open message format Major fields of the BGP open message are as follows Version This one byte unsigned integer indicates the protocol version number The current BGP version is 4 My autonomous system This two byte unsigned integer indicates the autonomous system number of the sender Hold time When e...

Page 199: ...field that contains a list of withdrawn IP prefixes Total path attribute length Total length of the path attributes field in bytes A value of 0 indicates that no NLRI field is present in this update message Path attributes List of path attributes related to NLRI Each path attribute is a triple attribute type attribute length attribute value of variable length BGP uses these attributes to avoid rou...

Page 200: ...s and be included in every Update message Routing information errors occur without this attribute Well known discretionary Can be recognized by all BGP routers and optionally included in every Update message as needed Optional transitive Transitive attribute between ASs A BGP router not supporting this attribute can still receive routes with this attribute and advertise them to other peers Optiona...

Page 201: ...E attribute AS_PATH AS_PATH is a well known mandatory attribute This attribute identifies the autonomous systems through which routing information carried in this Update message has passed When a route is advertised from the local AS to another AS each passed AS number is added into the AS_PATH attribute so the receiver can determine ASs to route the message back The number of the AS closest to th...

Page 202: ...ddress of its sending interface When sending a received route to an EBGP peer a BGP speaker sets the NEXT_HOP for the route to the address of the sending interface When sending a route received from an EBGP peer to an IBGP peer a BGP speaker does not modify the NEXT_HOP attribute If load balancing is configured the NEXT_HOP attribute of the equal cost routes is modified For load balancing informat...

Page 203: ...ext hops it considers the route with the highest LOCAL_PREF value as the best route As shown in Figure 79 traffic from AS 20 to AS 10 travels through Router C that is selected according to LOCAL_PREF Figure 79 LOCAL_PREF attribute COMMUNITY The COMMUNITY attribute is a group of specific data A route can carry one or more COMMUNITY attribute values each of which is represented by a four byte intege...

Page 204: ...deration or IBGP in turn 8 The route with the smallest next hop metric 9 The route with the shortest CLUSTER_LIST 10 The route with the smallest ORIGINATOR_ID 11 The route advertised by the router with the smallest router ID 12 The route advertised by the peer with the lowest IP address CLUSTER_IDs of route reflectors form a CLUSTER_LIST If a route reflector receives a route that contains its own ...

Page 205: ...destined for the same destination to Router C If load balancing is configured and the two routes have the same AS_PATH attribute ORIGIN attribute LOCAL_PREF and MED Router C installs both the two routes to its route table for load balancing After that Router C forwards to Router D and Router E the route that has AS_PATH unchanged but has NEXT_HOP changed to Router C other BGP transitive attributes...

Page 206: ...uting table Router D adds the route into its BGP routing table and advertises the route to the EBGP peer You can disable the synchronization feature in the following situations The local AS is not a transitive AS AS20 is a transitive AS in the above figure Routers in the local AS are IBGP fully meshed Settlements for problems in large scale BGP networks Route summarization Route summarization can ...

Page 207: ... advertised to other BGP peers Figure 82 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify their configurations When a peer joins the peer group the peer obtains the same configuration as the peer group If the configuration of the peer group is changed the configuration of group members is changed When a peer is added into a peer group the ...

Page 208: ...or nor a client is a non client which as shown in Figure 83 must establish BGP sessions to the route reflector and other non clients Figure 83 Network diagram for a route reflector The route reflector and clients form a cluster In some cases you can configure more than one route reflector in a cluster to improve network reliability and prevent a single point of failure as shown in the following fi...

Page 209: ...nging an AS into a confederation you must reconfigure your routers The topology is changed In large scale BGP networks both route reflector and confederation can be used BGP GR Graceful Restart GR ensures the continuity of packet forwarding when BGP restarts or a Master Slave switchover occurs GR Restarter Graceful restarting router It must be GR capable GR Helper A neighbor of the GR Restarter It...

Page 210: ...ddress format are NLRI NEXT_HOP and AGGREGATOR AGGREGATOR contains the IP address of the speaker generating the summary route They are all carried in updates To support multiple network layer protocols BGP 4 puts information about network layer into NLRI and NEXT_HOP MP BGP introduces the following path attributes MP_REACH_NLRI Multiprotocol Reachable NLRI for advertising feasible routes and next ...

Page 211: ...st one approach Configuring BGP route redistribution Enabling default route redistribution into BGP Optional Controlling route distribution and reception Configuring BGP route summarization Optional Advertising a default route to a peer or peer group Configuring BGP route distribution reception filtering policies Enabling BGP and IGP route synchronization Limiting prefixes received from a peer or ...

Page 212: ...ing BGP GR Optional Enabling trap Optional Enabling logging of peer state changes Optional Configuring BFD for BGP Optional Configuring BGP basic functions This section does not differentiate between BGP and MP BGP Configuration prerequisites The neighboring nodes are accessible to each other at the network layer Creating a BGP connection A router ID is the unique identifier of a BGP router in an ...

Page 213: ...ide in only one AS so the router can run only one BGP process 8 Configure a description for a peer peer group peer group name ip address description description text Not configured by default You must create a peer group before configuring it Specifying the source interface for TCP connections BGP uses TCP as the transport layer protocol By default BGP uses the output interface of the optimal rout...

Page 214: ... indirectly connected peer or peer group Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Allow the establishment of EBGP connection to an indirectly connected peer or peer group peer group name ip address ebgp max hop hop count Optional Not allowed by default Controlling route generation Different from IGP BGP focuses on route generation and advertisem...

Page 215: ...rks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enable route redistribution from a routing protocol into BGP import route protocol process id all processes allow direct med med value route policy route policy name Not enabled by default The allow direct keyword is available only when the specified routing protocol is OSPF Enabling default route redistribution into BGP ...

Page 216: ...nfigure automatic route summarization summary automatic Not configured by default Configuring manual route summarization By configuring manual route summarization you can summarize both redistributed routes and routes injected using the network command and determine the mask length for a summary route as needed To configure BGP manual route summarization Step Command Remarks 1 Enter system view sy...

Page 217: ...y default Configuring BGP route distribution reception filtering policies Configuration prerequisites Configure following filters as needed ACL IP prefix list Routing policy AS path list For how to configure an ACL see ACL and QoS Configuration Guide For how to configure an IP prefix list routing policy and AS path list see Configuring routing policies Configuring BGP route distribution filtering ...

Page 218: ... peer or peer group peer group name ip address ip prefix ip prefix name export Configure at least one command Not configured by default You can configure a filtering policy as needed If several filtering policies are configured they are applied in the following sequence 4 filter policy export 5 peer filter policy export 6 peer as path acl export 7 peer ip prefix export 8 peer route policy export O...

Page 219: ...ied in the following sequence 4 filter policy import 5 peer filter policy import 6 peer as path acl import 7 peer ip prefix import 8 peer route policy import Only routes passing all the configured policies can be received Enabling BGP and IGP route synchronization By default upon receiving an IBGP route a BGP router checks the route s next hop If the next hop is reachable the BGP router advertises...

Page 220: ...rmation but does not break down the BGP connection to the peer For approach 3 the router breaks down the BGP connection to the peer and then reestablishes a BGP connection to the peer Configuring BGP route dampening By configuring BGP route dampening you can suppress unstable routes from being added to the local routing table or being advertised to BGP peers To configure BGP route dampening Step C...

Page 221: ...erred value for routes received from a peer or peer group peer group name ip address preferred value value Optional By default the preferred value is 0 Configuring preferences for BGP routes A router can run multiple routing protocols with each having a preference If they find the same route the route found by the routing protocol with the highest preference is selected This task allows you to con...

Page 222: ... attribute MED is used to determine the best route for traffic going into an AS When a BGP router obtains from EBGP peers multiple routes to the same destination but with different next hops it considers the route with the smallest MED value as the best route if other conditions are the same Configuring the default MED value Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view...

Page 223: ...etwork 10 0 0 0 learned from Router C cannot be optimal You can configure the bestroute compare med command on Router D After that Router D puts routes received from the same AS into a group Router D then selects the route with the lowest MED from the same group and compares routes from different groups This mechanism avoids the above mentioned problem The following output is the BGP routing table...

Page 224: ... correct next hop in some cases you must configure the router as the next hop for routes sent to the peer For example as shown in Figure 87 Router A and Router B establish an EBGP neighbor relationship and Router B and Router C establish an IBGP neighbor relationship When Router B advertises a network learned from Router A to Router C if Router C has no route to IP address 1 1 1 1 24 you must conf...

Page 225: ...r to appear in routes from a peer or peer group BGP checks whether the AS_PATH attribute of a route from a peer contains the local AS number If so it discards the route to avoid routing loops To permit local AS number to appear in routes from a peer or peer group and specify the appearance times Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Permit lo...

Page 226: ...updates to a peer or peer group Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure BGP to remove private AS numbers from the AS_PATH attribute of updates to a peer or peer group peer group name ip address public as only By default BGP updates carry private AS numbers Ignoring the first AS number of EBGP route updates Typically BGP checks the AS_...

Page 227: ...alive interval Follow these guidelines when you configure BGP keepalive interval and holdtime The intervals set with the peer timer command are preferred to those set with the timer command If the router has established a neighbor relationship with a peer you must reset the BGP connection to validate the new set timers The timer command takes effect for only new connections After peer timer comman...

Page 228: ...age to the peers which then resend their routing information to the router After receiving the routing information the router performs dynamic route update by using the new policy To enable BGP route refresh for a peer or peer group Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enable BGP route refresh for a peer or peer group peer group name ip addr...

Page 229: ...gh Open messages determines whether to carry ORF information in messages and if yes whether to carry non standard ORF information in the packets After completing the negotiation process and establishing the neighboring relationship the BGP router and its BGP peer can exchange ORF information through specific route refresh messages For the parameters configured on both sides for ORF capability nego...

Page 230: ...4 byte AS number suppression function the peer device can then process the Open message even though it does not support 4 byte AS numbers and the BGP peer relationship can be established If the peer device supports 4 byte AS numbers do not enable the 4 byte AS number suppression function otherwise the BGP peer relationship cannot be established To enable 4 byte AS number suppression Step Command R...

Page 231: ... reestablishment Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enable quick EBGP session reestablishment ebgp interface sensitive Optional Not enabled by default Enabling MD5 authentication for TCP connections BGP employs TCP as the transport protocol To increase security configure BGP to perform MD5 authentication when establishing a TCP connection ...

Page 232: ...ration and maintenance become difficult because of the large numbers of BGP peers To facilitate configuration you can configure peer group community route reflector or confederation as needed Configuration prerequisites Peering nodes are accessible to each other at the network layer Configuring BGP peer groups A peer group is a group of peers with the same route selection policy In a large scale n...

Page 233: ...nd add peers into it All the added peers share the same AS number Create the EBGP peer group specify an AS number for a peer and add the peer into the peer group Create the EBGP peer group and add a peer into it with an AS number specified To configure an EBGP peer group using Approach 1 Step Command 1 Enter system view system view 2 Enter BGP view bgp as number 3 Create an EBGP peer group group g...

Page 234: ... peer ip address group group name as number as number N A NOTE Do not specify any AS number for a peer before adding it into the peer group Peers added in the group can have different AS numbers Configuring BGP community A BGP community is a group of destinations with the same characteristics It has no geographical boundaries and is independent of ASs You can configure a routing policy to define w...

Page 235: ...uting information between clients If clients are fully meshed disable route reflection between clients to reduce routing costs Generally a cluster has only one route reflector and the router ID is used to identify the cluster You can configure multiple route reflectors to improve network stability To avoid routing loops specify the same cluster ID for these route reflectors by using the reflector ...

Page 236: ...ion ID confederation id as number Not configured by default 4 Specify peering sub ASs in the confederation confederation peer as as number list Not configured by default Configuring confederation compatibility If some other routers in the confederation do not comply with RFC 3065 enable confederation compatibility to allow the router to work with those routers To configure confederation compatibil...

Page 237: ...ment and Monitoring Configuration Guide To enable trap Step Command Remarks 1 Enter system view system view N A 2 Enable trap for BGP snmp agent trap enable bgp Optional Enabled by default Enabling logging of peer state changes Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enable the logging of peer state changes globally log peer change Optional Ena...

Page 238: ...gp paths as regular expression begin exclude include regular expression Available in any view Display BGP peer or peer group information display bgp peer ip address log info verbose group name log info verbose begin exclude include regular expression Available in any view Display the prefix information in the ORF packet from the specified BGP peer display bgp peer ip address received ip prefix beg...

Page 239: ...on display bgp routing table label begin exclude include regular expression Available in any view Display routing information to or from a peer display bgp routing table peer ip address advertised routes received routes network address mask mask length statistic begin exclude include regular expression Available in any view Display routing information matching a regular expression display bgp rout...

Page 240: ...Network requirements In Figure 89 run EBGP between Switch A and Switch B and IBGP between Switch B and Switch C so that Switch C can access the network 8 1 1 0 24 connected to Router A Figure 89 Network diagram Configuration procedure 1 Configure IP addresses for interfaces Details not shown 2 Configure IBGP To prevent route flapping caused by port state changes this example uses loopback interfac...

Page 241: ...witchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit SwitchC display bgp peer BGP local router ID 3 3 3 3 Local AS number 65009 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 2 2 2 2 65009 2 2 0 0 00 00 13 Established The output shows that Switch C has established an IBGP peer relationship with Switch B 3 Configure EBGP The EBGP peers Switch ...

Page 242: ...nship with Switch A Display the BGP routing table on Switch A SwitchA display bgp routing table Total Number of Routes 1 BGP Local router ID is 1 1 1 1 Status codes valid VPNv4 best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 8 1 1 0 24 0 0 0 0 0 0 i Display the BGP routing table on Switch B SwitchB display bgp r...

Page 243: ...B SwitchB bgp 65009 SwitchB bgp import route direct Display the BGP routing table on Switch A SwitchA display bgp routing table Total Number of Routes 4 BGP Local router ID is 1 1 1 1 Status codes valid VPNv4 best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 2 2 2 2 32 3 1 1 1 0 0 65009 3 1 1 0 24 3 1 1 1 0 0 6500...

Page 244: ...5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 2 2 2 ms BGP and IGP synchronization configuration example Network requirements As shown in Figure 90 all devices of company A belong to AS 65008 and all devices of company B belong to AS 65009 AS 65008 and AS 65009 are connected through Switch A and Switch B Switch A must be able to access network 9 1 2 0 24 in AS ...

Page 245: ...onfigure Switch B SwitchB bgp 65009 SwitchB bgp router id 2 2 2 2 SwitchB bgp peer 3 1 1 2 as number 65008 4 Configure BGP and IGP synchronization Configure BGP to redistribute routes from OSPF on Switch B so that Switch A can obtain the route to 9 1 2 0 24 Configure OSPF to redistribute routes from BGP on Switch B so that Switch C can obtain the route to 8 1 1 0 24 Configure BGP to redistribute r...

Page 246: ...ytes press CTRL_C to break Reply from 9 1 2 1 bytes 56 Sequence 1 ttl 254 time 15 ms Reply from 9 1 2 1 bytes 56 Sequence 2 ttl 254 time 31 ms Reply from 9 1 2 1 bytes 56 Sequence 3 ttl 254 time 47 ms Reply from 9 1 2 1 bytes 56 Sequence 4 ttl 254 time 46 ms Reply from 9 1 2 1 bytes 56 Sequence 5 ttl 254 time 47 ms 9 1 2 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss...

Page 247: ...tch A On Switch B establish an EBGP connection with Switch A and an IBGP connection with Switch C configure BGP to advertise network 9 1 1 0 24 to Switch A so that Switch A can access the intranet through Switch B configure a static route to interface loopback 0 on Switch C or use a routing protocol like OSPF to establish the IBGP connection On Switch C establish an EBGP connection with Switch A a...

Page 248: ...es 3 BGP Local router ID is 1 1 1 1 Status codes valid VPNv4 best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 8 1 1 0 24 0 0 0 0 0 0 i 9 1 1 0 24 3 1 1 1 0 0 65009i 3 1 2 1 0 0 65009i The output shows two valid routes to destination 9 1 1 0 24 the route with next hop 3 1 1 1 is marked with a greater than sign ind...

Page 249: ...e best routes By using the display ip routing table command you can find two routes to 9 1 1 0 24 one with next hop 3 1 1 1 and outbound interface VLAN interface 200 the other with next hop 3 1 2 1 and outbound interface VLAN interface 300 BGP community configuration example Network requirements As shown in Figure 92 Switch B establishes EBGP connections with Switch A and C Configure NO_EXPORT com...

Page 250: ... ID 2 2 2 2 Local AS number 20 Paths 1 available 1 best BGP routing table entry information of 9 1 1 0 24 From 200 1 2 1 1 1 1 1 Original nexthop 200 1 2 1 AS path 10 Origin igp Attribute value MED 0 pref val 0 pre 255 State valid external best Advertised to such 1 peers 200 1 3 2 Switch B advertised routes to Switch C in AS 30 Display the routing table on Switch C SwitchC display bgp routing tabl...

Page 251: ...ble entry information of 9 1 1 0 24 From 200 1 2 1 1 1 1 1 Original nexthop 200 1 2 1 Community No Export AS path 10 Origin igp Attribute value MED 0 pref val 0 pre 255 State valid external best Not advertised to any peers yet The route 9 1 1 0 24 is not available in the routing table of Switch C BGP route reflector configuration example Network requirements In Figure 93 all switches run BGP Betwe...

Page 252: ...next hop local SwitchB bgp quit Configure Switch C SwitchC system view SwitchC bgp 200 SwitchC bgp router id 3 3 3 3 SwitchC bgp peer 193 1 1 2 as number 200 SwitchC bgp peer 194 1 1 2 as number 200 SwitchC bgp quit Configure Switch D SwitchD system view SwitchD bgp 200 SwitchD bgp router id 4 4 4 4 SwitchD bgp peer 194 1 1 1 as number 200 SwitchD bgp quit 3 Configure the route reflector Configure...

Page 253: ...ctions in AS 200 split it into three sub ASs AS 65001 AS 65002 and AS 65003 Switches in AS 65001 are fully meshed Figure 94 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan int100 200 1 1 1 24 Switch D Vlan int200 10 1 5 1 24 Vlan int200 10 1 1 1 24 Vlan int400 10 1 3 2 24 Vlan int300 10 1 2 1 24 Switch E Vlan int200 10 1 5 2 24 Vlan int400 10 1 3 1 24 Vlan int...

Page 254: ...confederation peer as 65001 65003 SwitchB bgp peer 10 1 1 1 as number 65001 SwitchB bgp quit Configure Switch C SwitchC system view SwitchC bgp 65003 SwitchC bgp router id 3 3 3 3 SwitchC bgp confederation id 200 SwitchC bgp confederation peer as 65001 65002 SwitchC bgp peer 10 1 2 1 as number 65001 SwitchC bgp quit 3 Configure IBGP connections in AS 65001 Configure Switch A SwitchA bgp 65001 Swit...

Page 255: ... 255 255 0 SwitchF bgp quit 5 Verify the configuration Display the routing table on Switch B SwitchB display bgp routing table Total Number of Routes 1 BGP Local router ID is 2 2 2 2 Status codes valid VPNv4 best best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn i 9 1 1 0 24 10 1 1 1 0 100 0 65001 100i SwitchB display ...

Page 256: ...lid internal best Not advertised to any peers yet The output shows the following Switch F can send route information to Switch B and Switch C through the confederation by establishing only an EBGP connection with Switch A Switch B and Switch D are in the same confederation but belong to different sub ASs They obtain external route information from Switch A and generate the same BGP route entries i...

Page 257: ...0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 network 194 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit Configure Switch C SwitchC system view SwitchC ospf SwitchC ospf area 0 SwitchC ospf 1 area 0 0 0 0 network 193 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 network 195 1 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view Swi...

Page 258: ...ue for the route 1 0 0 0 8 advertised from Switch A to peer 192 1 1 2 Define an ACL numbered 2000 to permit route 1 0 0 0 8 SwitchA acl number 2000 SwitchA acl basic 2000 rule permit source 1 0 0 0 0 255 255 255 SwitchA acl basic 2000 quit Define two routing policies apply_med_50 which sets the MED for route 1 0 0 0 8 to 50 and apply_med_100 which sets the MED for route 1 0 0 0 8 to 100 SwitchA ro...

Page 259: ... 255 255 SwitchC acl basic 2000 quit Configure a routing policy named localpref on Switch C setting the local preference of route 1 0 0 0 8 to 200 the default is 100 SwitchC route policy localpref permit node 10 SwitchC route policy if match acl 2000 SwitchC route policy apply local preference 200 SwitchC route policy quit Apply routing policy localpref to routes from peer 193 1 1 1 SwitchC bgp 20...

Page 260: ...gp router id 1 1 1 1 SwitchA bgp peer 200 1 1 1 as number 65009 Inject network 8 0 0 0 8 to the BGP routing table SwitchA bgp network 8 0 0 0 Enable GR capability for BGP SwitchA bgp graceful restart 2 Configure Switch B Configure IP addresses for interfaces Details not shown Configure the EBGP connection SwitchB system view SwitchB bgp 65009 SwitchB bgp router id 2 2 2 2 SwitchB bgp peer 200 1 1 ...

Page 261: ...nge packets with network 1 1 1 0 24 Configure BFD over the link Then if the link fails BFD can quickly detect the failure and notify it to BGP Then the link Switch A Switch D Switch C takes effect immediately Figure 97 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan int100 3 0 1 1 24 Switch C Vlan int101 3 0 2 2 24 Vlan int200 2 0 1 1 24 Vlan int201 2 0 2 2 24...

Page 262: ... policies apply_med_50 and apply_med_100 Policy apply_med_50 sets the MED for route 1 1 1 0 24 to 50 Policy apply_med_100 sets that to 100 SwitchA route policy apply_med_50 permit node 10 SwitchA route policy if match acl 2000 SwitchA route policy apply cost 50 SwitchA route policy quit SwitchA route policy apply_med_100 permit node 10 SwitchA route policy if match acl 2000 SwitchA route policy ap...

Page 263: ...terface 100 Configure the minimum interval for transmitting BFD control packets as 500 milliseconds SwitchA Vlan interface100 bfd min transmit interval 500 Configure the minimum interval for receiving BFD control packets as 500 milliseconds SwitchA Vlan interface100 bfd min receive interval 500 Configure the detect multiplier as 7 SwitchA Vlan interface100 bfd detect multiplier 7 Configure the BFD...

Page 264: ...Peers in established state 2 Peer AS MsgRcvd MsgSent OutQ PrefRcv Up Down State 2 0 1 1 200 7 10 0 0 00 01 05 Established 3 0 1 1 200 7 10 0 0 00 01 34 Established The output shows that Switch C has established two BGP neighborships with Switch A Display route 1 1 1 0 24 on Switch C SwitchC display ip routing table 1 1 1 0 24 verbose Routing Table Public Summary Count 4 Destination 1 1 1 0 24 Prot...

Page 265: ...put shows that Switch A and Switch C communicate through Switch B and Switch C has two routes to reach network 1 1 1 0 24 Switch C Switch B Switch A which is the active route Switch C Switch D Switch A which is the backup route When the link between Switch A and Switch B fails Switch C can quickly detect the link failure Display route 1 1 1 0 24 on Switch C SwitchC display ip routing table 1 1 1 0...

Page 266: ...d to verify that the peer s AS number is correct 2 Use the display bgp peer command to verify that the peer s IP address is correct 3 If a loopback interface is used verify that the loopback interface is specified with the peer connect interface command 4 If the peer is a non direct EBGP peer verify that the peer ebgp max hop command is configured 5 Verify that a valid route to the peer is availab...

Page 267: ... environments Their major difference lies in the destination and next hop addresses IPv6 static routes use IPv6 addresses whereas IPv4 static routes use IPv4 addresses Default IPv6 route An IPv6 static route with a destination prefix of 0 is a default IPv6 route The default route is used to forward packets that match no specific routes in the routing table Configuring an IPv6 static route In small...

Page 268: ...route you must specify the next hop address Displaying and maintaining IPv6 static routes Task Command Remarks Display IPv6 static route information display ipv6 routing table protocol static inactive verbose begin exclude include regular expression Available in any view Remove all IPv6 static routes delete ipv6 vpn instance vpn instance name static routes all Available in system view To delete a ...

Page 269: ...itchB ipv6 route static 3 64 5 1 Enable IPv6 and configure a default IPv6 static route on Switch C SwitchC system view SwitchC ipv6 SwitchC ipv6 route static 0 5 2 3 Configure the IPv6 addresses for all the hosts based on the network diagram configure the default gateway of Host A Host B and Host C as 1 1 2 1 and 3 1 4 Verify the configuration Display the IPv6 routing table on Switch A SwitchA dis...

Page 270: ... command SwitchA ping ipv6 3 1 PING 3 1 56 data bytes press CTRL_C to break Reply from 3 1 bytes 56 Sequence 1 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Sequence 2 hop limit 254 time 62 ms Reply from 3 1 bytes 56 Sequence 3 hop limit 254 time 62 ms Reply from 3 1 bytes 56 Sequence 4 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Sequence 5 hop limit 254 time 63 ms 3 1 ping statistics 5 pa...

Page 271: ...ween two directly connected routers is 1 When the hop count is greater than or equal to 16 the destination network or host is unreachable By default the routing update is sent every 30 seconds If the router receives no routing updates from a neighbor within 180 seconds the routes learned from the neighbor are considered unreachable If no routing update is received within another 240 seconds the ro...

Page 272: ...each entry RTE format The following are types of RTEs in RIPng Next hop RTE Defines the IPv6 address of a next hop IPv6 prefix RTE Describes the destination IPv6 address route tag prefix length and metric in the RIPng routing table Figure 100 Next hop RTE format IPv6 next hop address is the IPv6 address of the next hop Figure 101 IPv6 prefix RTE format IPv6 prefix RTE field description IPv6 prefix...

Page 273: ...hange After a router receives a response it checks the validity of the response before adding the route to its routing table such as whether the source IPv6 address is the link local address and whether the port number is correct The response packet that failed the check is discarded Protocols and standards RFC 2080 RIPng for IPv6 RFC 2081 RIPng Protocol Applicability Statement RIPng configuration...

Page 274: ...isabled by default If RIPng is not enabled on an interface the interface will not send or receive a RIPng route Configuring RIPng route control Before you configure RIPng complete the following tasks Configure an IPv6 address on each interface and make sure that all neighboring nodes can reach each other Configure RIPng basic functions Define an IPv6 ACL before using it for route filtering For rel...

Page 275: ...lt route is available in the local IPv6 routing table To advertise a default route Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Advertise a default route ripng default route only originate cost cost Not advertised by default Configuring a RIPng route filtering policy Reference a configured IPv6 ACL or prefix list to...

Page 276: ...l By default the RIPng priority is 100 Configuring RIPng route redistribution Step Command Remarks 1 Enter system view system view N A 2 Enter RIPng view ripng process id vpn instance vpn instance name N A 3 Configure a default routing metric for redistributed routes default cost cost Optional The default metric of redistributed routes is 0 4 Redistribute routes from another routing protocol impor...

Page 277: ...ng split horizon and poison reverse If both split horizon and poison reverse are configured only the poison reverse function takes effect Configuring split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors HP recommends enabling split horizon to prevent routing loops To configure...

Page 278: ...ng view ripng process id vpn instance vpn instance name N A 3 Configure the maximum number of ECMP routes for load balancing maximum load balancing number Optional 8 by default Applying IPsec policies for RIPng To protect routing information and defend attacks RIPng supports using an IPsec policy to authenticate protocol packets Outbound RIPng packets carry the Security Parameter Index SPI defined...

Page 279: ...cy policy name Not configured by default To apply an IPsec policy on an interface Step Command Remarks 1 Enter system view system view N A 2 Enter interface view interface interface type interface number N A 3 Apply an IPsec policy on the interface ripng ipsec policy policy name Not configured by default Displaying and maintaining RIPng Task Command Remarks Display configuration information of a R...

Page 280: ... route will not be added to the routing table of Switch B and Switch B will not forward it to Switch A Figure 102 Network diagram Configuration procedure 1 Configure IPv6 addresses for interfaces Details not shown 2 Configure basic RIPng functions Configure Switch A SwitchA system view SwitchA ripng 1 SwitchA ripng 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ripng 1 enabl...

Page 281: ... E2FF FE23 82F5 on Vlan interface100 Dest 1 64 via FE80 20F E2FF FE23 82F5 cost 1 tag 0 A 6 Sec Dest 2 64 via FE80 20F E2FF FE23 82F5 cost 1 tag 0 A 6 Sec Peer FE80 20F E2FF FE00 100 on Vlan interface200 Dest 3 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 4 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Dest 5 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 11 Sec Display the routing...

Page 282: ...E00 100 on Vlan interface200 Dest 4 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 5 Sec Dest 5 64 via FE80 20F E2FF FE00 100 cost 1 tag 0 A 5 Sec SwitchA display ripng 1 route Route Flags A Aging S Suppressed G Garbage collect Peer FE80 20F E2FF FE00 1235 on Vlan interface100 Dest 1 64 via FE80 20F E2FF FE00 1235 cost 1 tag 0 A 2 Sec Dest 4 64 via FE80 20F E2FF FE00 1235 cost 2 tag 0 A 2 Sec Dest 5...

Page 283: ...ystem view SwitchB ripng 100 SwitchB ripng 100 quit SwitchB interface vlan interface 100 SwitchB Vlan interface100 ripng 100 enable SwitchB Vlan interface100 quit SwitchB ripng 200 SwitchB ripng 200 quit SwitchB interface vlan interface 300 SwitchB Vlan interface300 ripng 200 enable SwitchB Vlan interface300 quit Enable RIPng 200 on Switch C SwitchC system view SwitchC ripng 200 SwitchC interface ...

Page 284: ...ce 0 Interface NULL0 Cost 0 3 Configure RIPng route redistribution Configure route redistribution between the two RIPng processes on Switch B SwitchB ripng 100 SwitchB ripng 100 default cost 3 SwitchB ripng 100 import route ripng 200 SwitchB ripng 100 quit SwitchB ripng 200 SwitchB ripng 200 import route ripng 100 SwitchB ripng 200 quit Display the routing table on Switch A SwitchA display ipv6 ro...

Page 285: ...re RIPng on the switches and configure IPsec policies on the switches to authenticate and encrypt protocol packets Figure 104 Network diagram Configuration procedure 1 Configure IPv6 addresses for interfaces Details not shown 2 Configure RIPng basic functions Configure Switch A SwitchA system view SwitchA ripng 1 SwitchA ripng 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 r...

Page 286: ...10 sa string key outbound esp abcdefg SwitchA ipsec policy manual policy001 10 sa string key inbound esp abcdefg SwitchA ipsec policy manual policy001 10 quit On Switch B create an IPsec proposal named tran1 and set the encapsulation mode to transport mode the security protocol to ESP the encryption algorithm to DES and authentication algorithm to SHA1 create an IPsec policy named policy001 specif...

Page 287: ...olicy001 10 proposal tran1 SwitchC ipsec policy manual policy001 10 sa spi outbound esp 12345 SwitchC ipsec policy manual policy001 10 sa spi inbound esp 12345 SwitchC ipsec policy manual policy001 10 sa string key outbound esp abcdefg SwitchC ipsec policy manual policy001 10 sa string key inbound esp abcdefg SwitchC ipsec policy manual policy001 10 quit 4 Apply the IPsec policies in the RIPng pro...

Page 288: ...OSPFv3 and OSPFv2 have the following differences OSPFv3 runs on a per link basis and OSPFv2 runs on a per IP subnet basis OSPFv3 supports multiple instances per link but OSPFv2 does not OSPFv3 identifies neighbors by Router ID and OSPFv2 by IP address OSPFv3 packets OSPFv3 has the following packet types hello DD LSR LSU and LSAck These packets have the same packet header which is different from th...

Page 289: ...k Link LSAs have link local flooding scope Each Link LSA describes the IPv6 address prefix of the link and Link local address of the router Intra Area Prefix LSA Each Intra Area Prefix LSA contains IPv6 prefix information on a router stub area or transit area information and has area flooding scope It was introduced because Router LSAs and Network LSAs do not contain address information RFC 5187 d...

Page 290: ...e to exit the GR process when the timer expires OSPFv3 features supported Basic features defined in RFC 2740 OSPFv3 stub area OSPFv3 multi process VPN instances OSPFv3 GR BFD Protocols and standards RFC 2740 OSPF for IPv6 RFC 2328 OSPF Version 2 RFC 5187 OSPFv3 Graceful Restart OSPFv3 configuration task list Task Remarks Enabling OSPFv3 Required Configuring OSPFv3 area parameters Configuring an OS...

Page 291: ...twork layer Enable IPv6 packet forwarding Enabling OSPFv3 To enable an OSPFv3 process on a router you must enable the OSPFv3 process globally assign the OSPFv3 process a router ID and enable the OSPFv3 process on related interfaces A router ID uniquely identifies a router within an AS You must specify a unique router ID for each OSPFv3 router within the AS to ensure normal operation If a router ru...

Page 292: ...warding Configure OSPFv3 basic functions Configuring an OSPFv3 stub area Follow these guidelines when you configure an OSPFv3 stub area You cannot remove an OSPFv3 area directly The area can be removed only when you remove all configurations in area view and all interfaces attached to the area become down All the routers attached to a stub area must be configured with the stub command The keyword ...

Page 293: ...with the link layer protocols of the interfaces When the link layer protocol is PPP OSPFv3 considers the network type as P2P by default When the link layer protocol is Ethernet OSPFv3 considers the network type as broadcast by default You can change the network type of an OSPFv3 interface as needed For example An NBMA network must be fully connected Any two routers in the network must be directly ...

Page 294: ...BMA or P2MP unicast neighbor and its DR priority ospfv3 peer ipv6 address dr priority dr priority instance instance id Configuring OSPFv3 routing information control This section describes how to configure the control of OSPF routing information advertisement and reception and redistribution from other protocols Configuration prerequisites Before you configure OSPFv3 routing information control co...

Page 295: ... for an interface with one of the following methods Configure the cost value in interface view Configure a bandwidth reference value for the interface and OSPFv3 computes the cost automatically based on the bandwidth reference value Interface OSPFv3 cost Bandwidth reference value 100 Mbps Interface bandwidth Mbps If the calculated cost is greater than 65535 the value of 65535 is used if the calcul...

Page 296: ... the route found by the protocol with the highest priority is selected To configure a priority for OSPFv3 Step Command Remarks 1 Enter system view system view N A 2 Enter OSPFv3 view ospfv3 process id N A 3 Configure a priority for OSPFv3 preference ase route policy route policy name preference Optional By default the priority of OSPFv3 internal routes is 10 and priority of OSPFv3 external routes ...

Page 297: ...ix name export isisv6 process id ospfv3 process id ripng process id bgp4 direct static Optional Not configured by default Tuning and optimizing OSPFv3 networks This section describes configurations of OSPFv3 timers interface DR priority MTU check ignorance for DD packets and disabling interfaces from sending OSPFv3 packets The following are OSPFv3 timers Packet timer Specified to adjust topology c...

Page 298: ...nterval ospfv3 timer retransmit interval instance instance id Optional By default the LSA retransmission interval is 5 seconds The LSA retransmission interval cannot be too short otherwise unnecessary retransmissions occur 7 Configure the LSA transmission delay ospfv3 trans delay seconds instance instance id Optional By default the LSA transmission delay is 1 second 8 Return to system view quit N ...

Page 299: ...w these guidelines when you disable interfaces from receiving and sending OSPF packets Multiple OSPFv3 processes can disable the same interface from receiving and sending OSPFv3 packets Using the silent interface command disables only the interfaces associated with the current process After an OSPF interface is set to silent direct routes of the interface can still be advertised in Intra Area Pref...

Page 300: ...sks Keep the GR Restarter forwarding entries stable during reboot Establish all adjacencies and obtain complete topology information after reboot After the master slave switchover the GR Restarter sends a Grace LSA to tell its neighbors that it performs a GR Upon receiving the Grace LSA the neighbors with the GR Helper capability enter the helper mode and are then called GR Helpers Then the GR Res...

Page 301: ...negotiated interval thereby implementing fast fault detection To configure BFD for OSPFv3 you need to configure OSPFv3 first To configure BFD for OSPFv3 Step Command Remarks 1 Enter system view system view N A 2 Enter OSPFv3 view ospfv3 process id N A 3 Specify a router ID router id router id N A 4 Quit the OSPFv3 view quit N A 5 Enter interface view interface interface type interface number N A 6...

Page 302: ...information about IPsec policy configuration see Security Configuration Guide Configuration guidelines An IPsec policy used for OSPFv3 can only be in manual mode For more information see Security Configuration Guide Configuration procedure To apply an IPsec policy in an area Step Command Remarks 1 Enter system view system view N A 2 Enter OSPFv3 view ospfv3 process id N A 3 Enter OSPF area view ar...

Page 303: ... Display OSPFv3 neighbor statistics display ospfv3 peer statistics begin exclude include regular expression Available in any view Display OSPFv3 routing table information display ospfv3 process id routing ipv6 address prefix length ipv6 address prefix length abr routes asbr routes all statistics begin exclude include regular expression Available in any view Display OSPFv3 area topology information...

Page 304: ...t as ABRs to forward routing information between areas Configure Area 2 as a stub area in order to reduce LSAs in the area without affecting route reachability Figure 106 Network diagram Configuration procedure 1 Configure IPv6 addresses for interfaces Details not shown 2 Configure OSPFv3 basic functions Configure Switch A SwitchA system view SwitchA ipv6 SwitchA ospfv3 SwitchA ospfv3 1 router id ...

Page 305: ...Vlan interface400 ospfv3 1 area 2 SwitchC Vlan interface400 quit Configure Switch D SwitchD system view SwitchD ipv6 SwitchD ospfv3 SwitchD ospfv3 1 router id 4 4 4 4 SwitchD ospfv3 1 quit SwitchD interface Vlan interface 400 SwitchD Vlan interface400 ospfv3 1 area 2 SwitchD Vlan interface400 quit Display OSPFv3 neighbor information on Switch B SwitchB display ospfv3 peer OSPFv3 Area ID 0 0 0 0 Pr...

Page 306: ...Cost 1 NextHop directly connected Interface Vlan400 Destination 2001 3 64 Type IA Cost 4 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 3 Configure Area 2 as a stub area Configure Switch D SwitchD ospfv3 SwitchD ospfv3 1 area 2 SwitchD ospfv3 1 area 0 0 0 2 stub Configure Switch C and specify the cost of the default route sent to the stub area as 10 SwitchC ospfv3 SwitchC ospfv3 1 area 2 SwitchC osp...

Page 307: ...ion on Switch D Route entries are reduced All non direct routes are removed except the default route SwitchD display ospfv3 routing E1 Type 1 external route IA Inter area route I Intra area route E2 Type 2 external route Selected route OSPFv3 Router with ID 4 4 4 4 Process 1 Destination 0 Type IA Cost 11 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 Destination 2001 2 64 Type I Cost 1 NextHop direc...

Page 308: ...0 SwitchA Vlan interface100 quit Configure Switch B SwitchB system view SwitchB ipv6 SwitchB ospfv3 SwitchB ospfv3 1 router id 2 2 2 2 SwitchB ospfv3 1 quit SwitchB interface vlan interface 200 SwitchB Vlan interface200 ospfv3 1 area 0 SwitchB Vlan interface200 quit Configure Switch C SwitchC system view SwitchC ipv6 SwitchC ospfv3 SwitchC ospfv3 1 router id 3 3 3 3 SwitchC ospfv3 1 quit SwitchC i...

Page 309: ...Vlan200 0 3 3 3 3 1 Full Backup 00 00 31 Vlan100 0 3 Configure DR priorities for interfaces Configure the DR priority of VLAN interface 100 as 100 on Switch A SwitchA interface Vlan interface 100 SwitchA Vlan interface100 ospfv3 dr priority 100 SwitchA Vlan interface100 quit Configure the DR priority of VLAN interface 200 as 0 on Switch B SwitchB interface vlan interface 200 SwitchB Vlan interface...

Page 310: ...ghbor information on Switch D Switch A becomes the DR SwitchD display ospfv3 peer OSPFv3 Area ID 0 0 0 0 Process 1 Neighbor ID Pri State Dead Time Interface Instance ID 1 1 1 1 100 Full DR 00 00 34 Vlan100 0 2 2 2 2 0 2 Way DROther 00 00 34 Vlan200 0 3 3 3 3 2 Full Backup 00 00 32 Vlan100 0 Configuring OSPFv3 route redistribution Network requirements As shown in Figure 108 Switch A Switch B and Sw...

Page 311: ...erface200 ospfv3 1 area 2 SwitchA Vlan interface200 quit Enable OSPFv3 process 1 and OSPFv3 process 2 on Switch B SwitchB system view SwitchB ipv6 SwitchB ospfv3 1 SwitchB ospfv3 1 router id 2 2 2 2 SwitchB ospfv3 1 quit SwitchB interface vlan interface 100 SwitchB Vlan interface100 ospfv3 1 area 2 SwitchB Vlan interface100 quit SwitchB ospfv3 2 SwitchB ospfv3 2 router id 3 3 3 3 SwitchB ospfv3 2 ...

Page 312: ...ct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 4 64 Protocol Direct NextHop 4 1 Preference 0 Interface Vlan400 Cost 0 Destination 4 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 3 Configure OSPFv3 route redistribution Configure OSPFv3 process 2 to redistribute direct routes and t...

Page 313: ...nterface InLoop0 Cost 0 Destination 4 64 Protocol Direct NextHop 4 1 Preference 0 Interface Vlan400 Cost 0 Destination 4 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0 Configuring OSPFv3 GR Network requirements As shown in Figure 109 Switch A Switch B and Switch C that belong to the same AS and t...

Page 314: ...ce100 quit Enable OSPFv3 on Switch B and set the router ID to 2 2 2 2 By default GR helper is enabled on Switch B SwitchB system view SwitchB ipv6 SwitchB ospfv3 1 SwitchB ospfv3 1 router id 2 2 2 2 SwitchB ospfv3 1 quit SwitchB interface vlan interface 100 SwitchB Vlan interface100 ospfv3 1 area 1 SwitchB Vlan interface100 quit Enable OSPFv3 on Switch C and set the router ID to 3 3 3 3 By default...

Page 315: ...Vlan int10 2001 1 64 Switch B Vlan int10 2001 2 64 Vlan int11 2001 2 1 64 Vlan int13 2001 3 2 64 Switch C Vlan int11 2001 2 2 64 Vlan int13 2001 3 1 64 Configuration procedure 1 Configure IP addresses for the interfaces Details not shown 2 Configure OSPF basic functions Configure Switch A Enable OSPFv3 and configure the router ID as 1 1 1 1 SwitchA system view SwitchA ipv6 SwitchA ospfv3 SwitchA o...

Page 316: ... BFD parameters SwitchA bfd session init mode active SwitchA interface vlan interface 10 SwitchA Vlan interface10 ospfv3 bfd enable SwitchA Vlan interface10 bfd min transmit interval 500 SwitchA Vlan interface10 bfd min receive interval 500 SwitchA Vlan interface10 bfd detect multiplier 7 SwitchA Vlan interface10 return Enable BFD on Switch B and configure BFD parameters SwitchB bfd session init m...

Page 317: ...hange on Switch B Display the BFD information on Switch A SwitchA display bfd session Switch A has deleted the BFD session on VLAN interface 10 to Switch B and displays no output Display routes destined for 2001 4 0 64 on Switch A SwitchA display ipv6 routing table 2001 4 0 64 verbose Routing Table Summary Count 1 Destination 2001 4 PrefixLength 64 NextHop 2001 2 2 Preference 10 IpPrecedence QosLc...

Page 318: ...le OSPFv3 and configure the router ID as 2 2 2 2 SwitchB system view SwitchB ipv6 SwitchB ospfv3 1 SwitchB ospfv3 1 router id 2 2 2 2 SwitchB ospfv3 1 quit SwitchB interface vlan interface 100 SwitchB Vlan interface100 ospfv3 1 area 0 SwitchB Vlan interface100 quit SwitchB interface vlan interface 200 SwitchB Vlan interface200 ospfv3 1 area 1 SwitchB Vlan interface200 quit Configure Switch C enabl...

Page 319: ... manual mode for it reference IPsec proposal tran1 set the SPIs of the inbound and outbound SAs to 12345 and the keys for the inbound and outbound SAs using ESP to abcdefg create an IPsec proposal named tran2 and set the encapsulation mode to transport mode the security protocol to ESP the encryption algorithm to DES and authentication algorithm to SHA1 create an IPsec policy named policy002 speci...

Page 320: ...sal tran2 esp authentication algorithm sha1 SwitchC ipsec proposal tran2 quit SwitchC ipsec policy policy002 10 manual SwitchC ipsec policy manual policy002 10 proposal tran2 SwitchC ipsec policy manual policy002 10 sa spi outbound esp 54321 SwitchC ipsec policy manual policy002 10 sa spi inbound esp 54321 SwitchC ipsec policy manual policy002 10 sa string key outbound esp gfedcba SwitchC ipsec po...

Page 321: ...rk at least one interface must have a DR priority higher than 0 Incorrect routing information Symptom OSPFv3 cannot find routes to other areas Analysis The backbone area must maintain connectivity to all other areas If a router connects to more than one area at least one area must be connected to the backbone The backbone cannot be configured as a stub area In a stub area routers cannot receive ex...

Page 322: ...information to indicate network reachability and has a type value of 236 0xEC IPv6 Interface Address Same as the IP Interface Address TLV in IPv4 ISIS except the 32 bit IPv4 address is translated to the 128 bit IPv6 address The NLPID is an eight bit field that identifies which network layer protocol is supported For IPv6 the NLPID is 142 0x8E which must be carried in hello packets sent by a router...

Page 323: ...lt 5 Generate an IPv6 IS IS default route ipv6 default route advertise level 1 level 1 2 level 2 route policy route policy name Optional By default no IPv6 default route is defined 6 Configure IPv6 IS IS to filter incoming routes ipv6 filter policy acl6 number ipv6 prefix ipv6 prefix name route policy route policy name import Optional By default no filtering policy is defined 7 Configure IPv6 IS I...

Page 324: ...view N A 2 Enable an IS IS process and enter IS IS view isis process id N A 3 Configure the network entity title for the IS IS process network entity net Not configured by default 4 Enable IPv6 for the IS IS process ipv6 enable Disabled by default 5 Return to system view quit N A 6 Enter interface view interface interface type interface number N A 7 Enable IPv6 for an IS IS process on the interfac...

Page 325: ... IS IS neighbors Configuration procedure To configure IPv6 IS IS MTR Step Command Remarks 1 Enter system view system view N A 2 Enter IS IS view isis process id vpn instance vpn instance name N A 3 Specify the cost style for IS IS cost style narrow wide wide compatible compatible narrow compatible relax spf limit By default narrow is adopted 4 Enable IPv6 IS IS MTR multiple topology ipv6 unicast D...

Page 326: ...isplay IPv6 IS IS routing information display isis route ipv6 level 1 level 2 verbose process id vpn instance vpn instance name begin exclude include regular expression Available in any view Display SPF log information display isis spf log process id vpn instance vpn instance name begin exclude include regular expression Available in any view Display the statistics of the IS IS process display isi...

Page 327: ... Vlan interface100 isis ipv6 enable 1 SwitchA Vlan interface100 quit Configure Switch B SwitchB system view SwitchB ipv6 SwitchB isis 1 SwitchB isis 1 is level level 1 SwitchB isis 1 network entity 10 0000 0000 0002 00 SwitchB isis 1 ipv6 enable SwitchB isis 1 quit SwitchB interface vlan interface 200 SwitchB Vlan interface200 isis ipv6 enable 1 SwitchB Vlan interface200 quit Configure Switch C Sw...

Page 328: ...e300 isis ipv6 enable 1 SwitchD Vlan interface300 quit SwitchD interface vlan interface 301 SwitchD Vlan interface301 isis ipv6 enable 1 SwitchD Vlan interface301 quit 3 Verify the configuration Display the IPv6 IS IS routing table on Switch A SwitchA display isis route ipv6 Route information for ISIS 1 ISIS 1 IPv6 Level 1 Forwarding Table Destination PrefixLen 0 Flag R Cost 10 Next Hop FE80 200 F...

Page 329: ...nation 2001 3 PrefixLen 64 Flag R Cost 20 Next Hop FE80 200 FF FE0F 4 Interface Vlan200 Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set Display the IPv6 IS IS routing table on Switch C SwitchC display isis route ipv6 Route information for ISIS 1 ISIS 1 IPv6 Level 1 Forwarding Table Destination 2001 1 PrefixLen 64 Flag D L Cost 10 Next Hop Direct Interface Vlan100 Destination 20...

Page 330: ...d to RM L Advertised in LSPs U Up Down Bit Set Display the IPv6 IS IS routing table on Switch D SwitchD display isis route ipv6 Route information for ISIS 1 ISIS 1 IPv6 Level 2 Forwarding Table Destination 2001 1 PrefixLen 64 Flag R Cost 20 Next Hop FE80 200 FF FE0F 4 Interface Vlan300 Destination 2001 2 PrefixLen 64 Flag R Cost 20 Next Hop FE80 200 FF FE0F 4 Interface Vlan300 Destination 2001 3 P...

Page 331: ...tch B Vlan int10 2001 2 64 Vlan int11 2001 2 1 64 Vlan int13 2001 3 2 64 Switch C Vlan int11 2001 2 2 64 Vlan int13 2001 3 1 64 Configuration procedure 1 Configure IP addresses for interfaces Details not shown 2 Configure IPv6 IS IS Configure Switch A SwitchA system view SwitchA ipv6 SwitchA isis 1 SwitchA isis 1 is level level 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 SwitchA isis 1 ip...

Page 332: ...ace13 quit 3 Configure BFD functions Enable BFD on Switch A and configure BFD parameters SwitchA bfd session init mode active SwitchA interface vlan interface 10 SwitchA Vlan interface10 isis ipv6 bfd enable SwitchA Vlan interface10 bfd min transmit interval 500 SwitchA Vlan interface10 bfd min receive interval 500 SwitchA Vlan interface10 bfd detect multiplier 7 SwitchA Vlan interface10 return En...

Page 333: ... the link over VLAN interface 10 fails BFD can quickly detect the failure Display the BFD information on Switch A SwitchA display bfd session Switch A has deleted the BFD session on VLAN interface 10 to Switch B and displays no output Display routes destined for 2001 4 0 64 on Switch A SwitchA display ipv6 routing table 2001 4 0 64 verbose Routing Table Summary Count 1 Destination 2001 4 0 PrefixL...

Page 334: ... Configure Switch B SwitchB system view SwitchB isis SwitchB isis 1 cost style wide SwitchB isis 1 multiple topology ipv6 unicast Configure Switch D SwitchD system view SwitchD isis SwitchD isis 1 cost style wide SwitchD isis 1 multiple topology ipv6 unicast 4 Verify the configuration Display the IS IS routing table of the IPv6 topology on Switch A SwitchA isis 1 display isis route ipv6 Route info...

Page 335: ... to RM L Advertised in LSPs U Up Down Bit Set ISIS 1 IPv6 Level 2 Forwarding Table Destination 12 PrefixLen 64 Flag D L Cost 4 Next Hop Direct Interface Vlan12 Destination 44 1 PrefixLen 128 Flag Cost 36 Destination 14 PrefixLen 64 Flag D L Cost 36 Next Hop Direct Interface Vlan14 Flags D Direct R Added to RM L Advertised in LSPs U Up Down Bit Set The output interface of IPv6 route 44 1 128 destin...

Page 336: ...in RFC 2858 multiprotocol extensions for BGP 4 For brevity purposes MP BGP for IPv6 is called IPv6 BGP IPv6 BGP puts IPv6 network layer information into the attributes of Network Layer Reachability Information NLRI and NEXT_HOP The NLRI attribute of IPv6 BGP involves the following MP_REACH_NLRI Multiprotocol Reachable NLRI for advertising reachable route and next hop information MP_UNREACH_NLRI Mu...

Page 337: ...oute filtering Optional Configuring IPv6 BGP and IGP route synchronization Optional Configuring route dampening Optional Configuring IPv6 BGP route attributes Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes Optional Configuring the MED attribute Optional Configuring the AS_PATH attribute Optional Tuning and optimizing IPv6 BGP networks Configuring IPv6 BGP timers Opt...

Page 338: ...P peer Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Specify a router ID router id router id Optional Required if no IP addresses are configured for any interfaces 4 Enter IPv6 address family view ipv6 family N A 5 Specify an IPv6 peer peer ipv6 address as number as number N A Injecting a local IPv6 route Step Command Remarks 1 Enter system view syst...

Page 339: ... peer or peer group peer ipv6 group name ipv6 address preferred value value By default the preferred value is 0 Specifying the source interface for establishing TCP connections IPv6 BGP uses TCP as the transport layer protocol By default IPv6 BGP uses the output interface of the optimal route to a peer or peer group as the source interface for establishing TCP connections to the peer or peer group...

Page 340: ... connection Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 address family view ipv6 family N A 4 Allow the establishment of EBGP connection to an indirectly connected peer or peer group peer ipv6 group name ipv6 address ebgp max hop hop count Not configured by default Configuring a description for an IPv6 peer or peer group Step Command Rem...

Page 341: ...nce 4 Enter IPv6 address family view ipv6 family N A 5 Enable the state change logging for an IPv6 peer or peer group peer ipv6 group name ipv6 address log change Optional Enabled by default Controlling route distribution and reception This task includes routing information filtering routing policy application and route dampening Configuration prerequisites Before you configure route distribution ...

Page 342: ... large BGP networks configure route summarization on BGP routers BGP supports only manual summarization of IPv6 routes To configure IPv6 BGP route summarization Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 address family view ipv6 family N A 4 Configure manual route summarization aggregate ipv6 address prefix length as set attribute polic...

Page 343: ...A 3 Enter IPv6 address family view ipv6 family N A 4 Configure the filtering of outgoing routes filter policy acl6 number ipv6 prefix ipv6 prefix name export protocol process id Not configured by default 5 Apply a routing policy to routes advertised to an IPv6 peer or peer group peer ipv6 group name ipv6 address route policy route policy name export Not applied by default 6 Specify an IPv6 ACL to ...

Page 344: ...er or peer group peer ipv6 group name ipv6 address ipv6 prefix ipv6 prefix name import Not specified by default 9 Specify the upper limit of prefixes allowed to receive from an IPv6 peer or peer group peer ipv6 group name ipv6 address route limit limit percentage Optional Unlimited by default Configuring IPv6 BGP and IGP route synchronization By default upon receiving an IBGP route an IPv6 BGP rou...

Page 345: ...ure IPv6 BGP basic functions Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes Follow these guidelines when you configure IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes To ensure an IBGP peer can find the correct next hop configure routes advertised to the IPv6 IBGP peer or peer group to use the local router as the next hop If BGP load balancing is ...

Page 346: ...he local router as the next hop for routes sent to an IPv6 EBGP peer or peer group but does not change the next hop for routes sent to an IPv6 IBGP peer or peer group Configuring the MED attribute Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 address family view ipv6 family N A 4 Configure a default MED value default med med value Optional...

Page 347: ...establishing an IPv6 BGP connection two routers send keepalive messages periodically to each other to maintain the connection If a router receives no keepalive message from the peer after the holdtime elapses it tears down the connection When establishing an IPv6 BGP connection the two parties compare their holdtimes taking the shorter one as the common holdtime If the holdtime is 0 neither keepal...

Page 348: ...me defaults to 180 seconds The holdtime interval must be at least three times the keepalive interval Timers configured by using the timer command have lower priority than timers configured by using the peer timer command 5 Configure the interval for sending the same update to an IPv6 peer or peer group peer ipv6 group name ipv6 address route update interval interval Optional The interval for sendi...

Page 349: ...The peer then applies the ORFs in addition to its local routing policies if any to filter updates to the BGP speaker reducing the number of exchanged update messages and saving network resources After you enable the BGP ORF capability the local BGP router negotiates the ORF capability with the BGP peer through Open messages The local BGP router determines whether to carry ORF information in messag...

Page 350: ...and on the peer Enabling 4 byte AS number suppression When a switch that supports 4 byte AS numbers sends an Open message for peer relationship establishment the Optional parameters field of the message indicates that the AS number occupies four bytes in the range of 1 to 4294967295 If the peer device does not support 4 byte AS numbers for examples it supports only 2 byte AS numbers the peer relat...

Page 351: ...ess dscp dscp value Optional By default the DSCP value in IPv6 BGP packets is 48 Configuring the maximum number of ECMP routes Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 address family view ipv6 family N A 4 Configure the maximum number of ECMP routes balance number By default no load balancing is enabled Enabling MD5 authentication for...

Page 352: ...c policy If they match the device accepts the packet otherwise it discards the packet and will not establish a neighbor relationship with the sending device Configuration prerequisites Before you apply an IPsec policy to a peer or peer group complete following tasks Create an IPsec proposal Create an IPsec policy For more information about IPsec policy configuration see Security Configuration Guid...

Page 353: ...e reflectors or confederation can solve this issue In a large scale AS both of them can be used Confederation configuration of IPv6 BGP is identical to that of BGP4 so it is not mentioned here Configuration prerequisites Before you configure a large scale IPv6 BGP network complete the following tasks Make peer nodes accessible to each other at the network layer Enable BGP and configure a router ID...

Page 354: ...mand Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 address family view ipv6 family N A 4 Create an EBGP peer group group ipv6 group name external N A 5 Specify the AS number of an IPv6 peer peer ipv6 address as number as number Not specified by default 6 Add the IPv6 peer into the peer group peer ipv6 address group ipv6 group name Not added by default ...

Page 355: ...Pv6 BGP route reflector Because the route reflector forwards routing information between clients you must make clients of a route reflector fully meshed If clients are fully meshed HP recommends disabling route reflection between clients to reduce routing costs If a cluster has multiple route reflectors you must specify the same cluster ID for these route reflectors to avoid routing loops To confi...

Page 356: ...or IPv6 BGP you must enable BGP To enable BFD for a BGP peer Step Command Remarks 1 Enter system view system view N A 2 Enable BGP and enter BGP view bgp as number Not enabled by default 3 Enter IPv6 address family view ipv6 family N A 4 Enable BFD for the specified BGP peer peer ipv6 address bfd Not enabled for any BGP peer by default Displaying and maintaining IPv6 BGP Displaying BGP Task Comman...

Page 357: ...ession Available in any view Display IPv6 BGP dampening parameter information display bgp ipv6 routing table dampening parameter begin exclude include regular expression Available in any view Display IPv6 BGP routing information originated from different ASs display bgp ipv6 routing table different origin as begin exclude include regular expression Available in any view Display IPv6 BGP routing fl...

Page 358: ...ath acl as path acl number regexp as path regexp reset bgp ipv6 peer ipv6 address flap info Available in user view IPv6 BGP configuration examples Some examples for IPv6 BGP configuration are similar to those of BGP4 For more information see Configuring BGP IPv6 BGP basic configuration example Network requirements All switches in Figure 1 16 run IPv6 BGP Between Switch A and Switch B is an EBGP co...

Page 359: ...t Configure Switch D SwitchD system view SwitchD ipv6 SwitchD bgp 65009 SwitchD bgp router id 4 4 4 4 SwitchD bgp ipv6 family SwitchD bgp af ipv6 peer 9 1 1 as number 65009 SwitchD bgp af ipv6 peer 9 2 1 as number 65009 SwitchD bgp af ipv6 quit SwitchD bgp quit 3 Configure the EBGP connection Configure Switch A SwitchA system view SwitchA ipv6 SwitchA bgp 65008 SwitchA bgp router id 1 1 1 1 Switch...

Page 360: ... and B have established an EBGP connection Switch B C and D have established IBGP connections with each other IPv6 BGP route reflector configuration example Network requirements As shown in the following figure Switch B receives an EBGP update and sends it to Switch C which is configured as a route reflector with two clients Switch B and Switch D Switch B and Switch D do not need to establish an I...

Page 361: ...pv6 SwitchC bgp 200 SwitchC bgp router id 3 3 3 3 SwitchC bgp ipv6 family SwitchC bgp af ipv6 peer 101 2 as number 200 SwitchC bgp af ipv6 peer 102 2 as number 200 Configure Switch D SwitchD system view SwitchD ipv6 SwitchD bgp 200 SwitchD bgp router id 4 4 4 4 SwitchD bgp ipv6 family SwitchD bgp af ipv6 peer 102 1 as number 200 3 Configure route reflector Configure Switch C as a route reflector a...

Page 362: ...chA bgp ipv6 family SwitchA bgp af ipv6 group ibgp internal SwitchA bgp af ipv6 peer 1 2 group ibgp SwitchA bgp af ipv6 quit SwitchA bgp quit Configure Switch B SwitchB system view SwitchB ipv6 SwitchB bgp 65008 SwitchB bgp router id 2 2 2 2 SwitchB bgp ipv6 family SwitchB bgp af ipv6 group ibgp internal SwitchB bgp af ipv6 peer 1 1 group ibgp SwitchB bgp af ipv6 quit SwitchB bgp quit 3 Configure ...

Page 363: ...p 12345 SwitchA ipsec policy manual policy001 10 sa string key outbound esp abcdefg SwitchA ipsec policy manual policy001 10 sa string key inbound esp abcdefg SwitchA ipsec policy manual policy001 10 quit On Switch B create an IPsec proposal named tran1 and set the encapsulation mode to transport mode the security protocol to ESP the encryption algorithm to DES and authentication algorithm to SHA1...

Page 364: ...ulation mode to transport mode the security protocol to ESP the encryption algorithm to DES and authentication algorithm to SHA1 create an IPsec policy named policy002 specify the manual mode for it reference IPsec proposal tran2 set the SPIs of the inbound and outbound SAs to 54321 and the keys for the inbound and outbound SAs using ESP to gfedcba SwitchC ipsec proposal tran2 SwitchC ipsec propos...

Page 365: ...er ID 1 1 1 1 BGP current state Established Up for 00h01m51s BGP current event RecvKeepalive BGP last state OpenConfirm Port Local 1029 Remote 179 Configured Active Hold Time 180 sec Keepalive Time 60 sec Received Active Hold Time 180 sec Negotiated Active Hold Time 180 sec Peer optional capabilities Peer support bgp multi protocol extended Peer support bgp route refresh capability Address family ...

Page 366: ...um time between advertisement runs is 30 seconds Optional capabilities Route refresh capability has been enabled ORF advertise capability based on prefix type 64 Local both Negotiated send Peer Preferred Value 0 IPsec policy name policy002 SPI 54321 Routing policy configured No routing policy is configured The output shows that both IBGP and EBGP neighbor relationships have been established and al...

Page 367: ...between Switch A and Switch C SwitchA system view SwitchA bgp 200 SwitchA bgp ipv6 family SwitchA bgp af ipv6 peer 3001 3 as number 200 SwitchA bgp af ipv6 peer 2001 3 as number 200 SwitchA bgp af ipv6 quit When the two links between Switch A and Switch C are both up Switch C adopts the link Switch A Switch B Switch C to exchange packets with network 1200 0 64 Set a higher MED value for route 1200...

Page 368: ...nk Switch A Switch D Switch C takes effect immediately SwitchA bgp af ipv6 peer 3001 3 bfd SwitchA bgp af ipv6 quit SwitchA bgp quit 4 Configure IPv6 BGP on Switch C SwitchC system view SwitchC bgp 200 SwitchC bgp ipv6 family SwitchC bgp af ipv6 peer 3000 1 as number 200 SwitchC bgp af ipv6 peer 3000 1 bfd SwitchC bgp af ipv6 peer 2000 1 as number 200 SwitchC bgp af ipv6 quit SwitchC bgp quit 5 Co...

Page 369: ...ans Inter 500ms Min Recv Inter 500ms Act Detect Inter 3000ms Recv Pkt Num 57 Send Pkt Num 53 Hold Time 2200ms Connect Type Direct Running Up for 00 00 06 Auth mode none Protocol BGP6 Diag Info No Diagnostic The output shows that a BFD session is established between Switch A s VLAN interface 100 and Switch C s VLAN interface 101 and that BFD runs properly Display IPv6 peer information on Switch C a...

Page 370: ...failure on Switch B Display route 1200 0 64 on Switch C SwitchC display ipv6 routing table 1200 0 64 verbose Routing Table Summary Count 1 Destination 1200 PrefixLength 64 NextHop 2000 1 Preference 255 RelayNextHop 2001 2 Tag 0H Neighbor 2000 1 ProcessID 0 Interface Vlan interface201 Protocol BGP4 State Active Adv Cost 100 Tunnel ID 0x0 Label NULL Age 4635sec The output shows that Switch A and Swi...

Page 371: ...terface is used verify that the loopback interface is specified with the peer connect interface command 4 If the peer is not directly connected verify that the peer ebgp max hop command is configured 5 Verify that a valid route to the peer is available 6 Use the ping command to verify the connectivity to the peer 7 Use the display tcp ipv6 status command to verify the TCP connection 8 Check whethe...

Page 372: ...ived routes Filters redistributed routes Modifies or sets the attributes of some routes Routing policy implementation To configure a routing policy you must do the following 1 Define some filters based on the attributes of routing information such as destination address and the advertising router s address 2 Apply the filters to the routing policy You can use multiple filters to define match crite...

Page 373: ...h criteria A routing policy can comprise multiple nodes which are in logic OR relationship Each routing policy node is a match unit and a node with a smaller number is matched first Once a node is matched the routing policy is passed and the packet will not go to the next node A routing policy node comprises a set of if match apply and continue clauses The if match clauses define the match criteri...

Page 374: ...default If all the items are set to the deny mode no routes can pass the IPv4 prefix list You must define the permit 0 0 0 0 0 less equal 32 item following multiple deny items to allow other IPv4 routing information to pass For example the following configuration filters routes 10 1 0 0 16 10 2 0 0 16 and 10 3 0 0 16 but allows other routes to pass Sysname system view Sysname ip ip prefix abc inde...

Page 375: ...for an AS path list that is identified by number The relationship between items is logical OR If a route matches one of these items it passes the AS path list To define an AS path list Step Command Remarks 1 Enter system view system view N A 2 Define an AS path list ip as path as path number deny permit regular expression Not defined by default Defining a community list You can define multiple ite...

Page 376: ...a route matches the current routing policy node it continues to match against the specified next node in the same routing policy Configuration prerequisites Before configuring this task you need to configure the filters and routing protocols You also need to decide on the name of the routing policy and node numbers match criteria and attributes to be modified Creating a routing policy Follow these...

Page 377: ...sfied if no rules of the referenced ACL are matched or the matching rule is inactive the clause is not satisfied An ACL specified in an if match clause must be a non VPN ACL The if match commands for matching IPv4 destination next hop and source address are different from those for matching IPv6 ones BGP does not support criteria for matching against outbound interfaces of routing information To d...

Page 378: ...ting information having the specified route type if match route type external type1 external type1or2 external type2 internal is is level 1 is is level 2 nssa external type1 nssa external type1or2 nssa external type2 Optional Not configured by default 11 Match RIP OSPF and IS IS routing information having the specified tag value if match tag value Optional Not configured by default Defining apply ...

Page 379: ...rence preference Optional Not set by default 12 Set the ORIGIN attribute for BGP routing information apply origin egp as number igp incomplete Optional Not set by default 13 Set the preference for the routing protocol apply preference preference Optional Not set by default 14 Set a preferred value for BGP routing information apply preferred value preferred value Optional Not set by default 15 Set ...

Page 380: ...regular expression Available in any view Display BGP community list information display ip community list basic community list number adv community list number comm list name begin exclude include regular expression Available in any view Display BGP extended community list information display ip extcommunity list ext comm list number begin exclude include regular expression Available in any view D...

Page 381: ...cify IP addresses for interfaces Details not shown 2 Configure IS IS Configure Switch C SwitchC system view SwitchC isis SwitchC isis 1 is level level 2 SwitchC isis 1 network entity 10 0000 0000 0001 00 SwitchC isis 1 quit SwitchC interface vlan interface 200 SwitchC Vlan interface200 isis enable SwitchC Vlan interface200 quit SwitchC interface vlan interface 201 SwitchC Vlan interface201 isis en...

Page 382: ...pf 1 area 0 0 0 0 quit SwitchB ospf 1 import route isis 1 SwitchB ospf 1 quit Display the OSPF routing table on Switch A to view redistributed routes SwitchA display ospf routing OSPF Process 1 with Router ID 192 168 1 1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 192 168 1 0 24 1562 Stub 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag...

Page 383: ...tch A The cost of route 172 17 1 0 24 is 100 the tag of route 172 17 1 0 24 is 20 SwitchA display ospf routing OSPF Process 1 with Router ID 192 168 1 1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 192 168 1 0 24 1 Transit 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 172 17 1 0 24 100 Type2 1 192 168 1 2 192 168 2 2...

Page 384: ...ey are active SwitchA ipv6 route static 20 32 11 2 SwitchA ipv6 route static 30 32 11 2 SwitchA ipv6 route static 40 32 11 2 Configure a routing policy SwitchA ip ipv6 prefix a index 10 permit 30 32 SwitchA route policy static2ripng deny node 0 SwitchA route policy if match ipv6 address prefix list a SwitchA route policy quit SwitchA route policy static2ripng permit node 10 SwitchA route policy qu...

Page 385: ...7D58 0 CA03 1 cost 1 tag 0 A 3 Sec Applying a routing policy to filter received BGP routes Network requirements As shown in Figure 122 all the switches run BGP Switch C establishes EBGP connections with other switches Configure a routing policy on Switch D to reject routes from AS 200 Figure 122 Network diagram Configuration procedure 1 Configure IP addresses for the interfaces Details not shown 2...

Page 386: ...ect routes 7 7 7 7 24 8 8 8 8 24 and 9 9 9 9 24 to BGP SwitchB bgp network 7 7 7 7 24 SwitchB bgp network 8 8 8 8 24 SwitchB bgp network 9 9 9 9 24 Display the BGP routing table information of Switch D SwitchD bgp display bgp routing table Total Number of Routes 6 BGP Local router ID is 4 4 4 4 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete...

Page 387: ...3 BGP Local router ID is 4 4 4 4 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Network NextHop MED LocPrf PrefVal Path Ogn 4 4 4 0 24 1 1 3 1 0 300 100i 5 5 5 0 24 1 1 3 1 0 300 100i 6 6 6 0 24 1 1 3 1 0 300 100i The output shows that Switch D has learned only routes 4 4 4 0 24 5 5 5 0 24 and 6 6 6 0 24 from AS 100 Troubleshooting routing ...

Page 388: ...ailed Analysis At least one item of the IPv6 prefix list must be configured as permit mode and at least one node of the routing policy must be configured as permit mode Solution 1 Use the display ip ipv6 prefix command to display IP prefix list information 2 Use the display route policy command to display routing policy information ...

Page 389: ...d next hop in the PBR policy does not exist the matching packet is forwarded according to the routing table If a default next hop is configured in the PBR policy destination based routing takes precedence over PBR Using a QoS policy The QoS policy uses QoS traffic classification to define matching criteria and uses the redirection action of traffic behavior to guide packet forwarding This implemen...

Page 390: ...uses If a packet Then In permit mode In deny mode Matches all the if match clauses on a policy node The apply clause is executed and the packet will not go to the next policy node for a match The apply clause is not executed the packets will not go to the next policy node for a match and will be forwarded according to the routing table Fails to match an if match clause on the policy node The apply...

Page 391: ...ps If a policy has a node with no if match clause configured all packets can pass the policy node However an action is taken according to the match mode and the packets will not go to the next policy node for a match If a policy has a node with the permit match mode but no apply clause configured all packets matching all the if match clauses can pass the policy node However no action is taken the ...

Page 392: ... next hops take effect to implement load sharing For interface PBR the first next hop serves as the main next hop and the second one serves as the backup next hop Configuring local PBR Only one policy can be referenced for local PBR To configure local PBR Step Command Remarks 1 Enter system view system view N A 2 Configure local PBR based on a policy ip local policy based route policy name Not con...

Page 393: ...the following tasks Configure a QoS policy by configuring the match criteria and a redirection action for PBR Apply the QoS policy by defining the occasion to which the PBR applies Configuring a QoS policy To configure a QoS policy Step Command Remarks 1 Enter system view system view N A 2 Create a class and enter class view traffic classifier tcl name operator and or N A 3 Configure the match cri...

Page 394: ... global inbound To apply the QoS policy to an interface Step Command Remarks 1 Enter system view system view N A 2 Enter interface view or port group view Enter interface view interface interface type interface number Enter port group view port group manual port group name Use either approach Settings in interface view take effect on the current interface settings in port group view take effect on...

Page 395: ... match against these if match clauses However no apply clauses are applicable to the permitted packets and the packets will not go to the next policy node for a match The statistics of PBR will be changed If a policy node has no if match clause but apply clauses configured all packets can pass the policy and then are forwarded according to the apply clauses if the permit keyword is specified for t...

Page 396: ...ch A is directly connected to Switch B and Switch C Switch B and Switch C are unreachable to each other Figure 123 Network diagram Configuration procedure 1 Configure Switch A Define ACL 3101 to match TCP packets SwitchA system view SwitchA acl number 3101 SwitchA acl adv 3101 rule permit tcp SwitchA acl adv 3101 quit Configure Node 5 of policy aaa to forward TCP packets to next hop 1 1 2 2 Switch...

Page 397: ...The operation succeeds SwitchA ping 1 1 3 2 PING 1 1 3 2 56 data bytes press CTRL_C to break Reply from 1 1 3 2 bytes 56 Sequence 1 ttl 255 time 2 ms Reply from 1 1 3 2 bytes 56 Sequence 2 ttl 255 time 1 ms Reply from 1 1 3 2 bytes 56 Sequence 3 ttl 255 time 1 ms Reply from 1 1 3 2 bytes 56 Sequence 4 ttl 255 time 1 ms Reply from 1 1 3 2 bytes 56 Sequence 5 ttl 255 time 1 ms 1 1 3 2 ping statistic...

Page 398: ...3101 SwitchA pbr aaa 5 apply ip address next hop 1 1 2 2 SwitchA pbr aaa 5 quit Apply the policy aaa to VLAN interface 11 SwitchA interface vlan interface 11 SwitchA Vlan interface11 ip address 10 110 0 10 255 255 255 0 SwitchA Vlan interface11 ip policy based route aaa SwitchA Vlan interface11 quit Configure the IP addresses of VLAN interface 10 and VLAN interface 20 SwitchA interface vlan interf...

Page 399: ...4 and the gateway as 10 1 10 0 10 On Host A Telnet to Switch B 1 1 2 2 that is directly connected to Switch A The operation succeeds On Host A Telnet to Switch C 1 1 3 2 that is directly connected to Switch A The operation fails Ping Switch C from Host A The operation succeeds Telnet uses TCP and ping uses ICMP The preceding results show that all TCP packets arriving on VLAN interface 1 1 of Switc...

Page 400: ...ncoming traffic of GigabitEthernet 1 0 1 SwitchA interface gigabitethernet 1 0 1 SwitchA GigabitEthernet1 0 1 qos apply policy a inbound Verifying the configuration After completing the configuration verify that when Switch A receives packets with destination IP address 201 1 1 2 it forwards the packets to Switch C instead of Switch B IPv6 PBR configuration example using a QoS policy Network requi...

Page 401: ...class a with behavior a in QoS policy a SwitchA qos policy a SwitchA qospolicy a classifier a behavior a SwitchA qospolicy a quit Apply QoS policy a to the incoming traffic of GigabitEthernet 1 0 1 SwitchA interface gigabitethernet 1 0 1 SwitchA GigabitEthernet1 0 1 qos apply policy a inbound Verifying the configuration After completing the configuration verify that when Switch A receives packets ...

Page 402: ... forward VPN packets on service provider backbones MPLS L3VPN provides flexible networking modes excellent scalability and convenient support for MPLS QoS and MPLS TE The MPLS L3VPN model consists of the following types of devices Customer edge CE device A CE resides on a customer network and has one or more interfaces directly connected with service provider networks It can be a router a switch o...

Page 403: ...to multiple VPNs A site is connected to a provider network through one or more CEs A site can contain many CEs but a CE can belong to only one site Sites connected to the same provider network can be classified into different sets by policies Only the sites in the same set can access each other through the provider network Such a set is called a VPN Address space overlapping Each VPN independently...

Page 404: ...refix An RD can be related to an autonomous system AS number in which case it is the combination of the AS number and a discretionary number or it can be related to an IP address in which case it is the combination of the IP address and a discretionary number An RD can be in one of the following formats distinguished by the Type field When the value of the Type field is 0 the Administrator subfiel...

Page 405: ...public network However the traditional MPLS L3VPN architecture requires each VPN instance exclusively use a CE to connect with a PE as shown in Figure 127 For better services and higher security a private network is usually divided into multiple VPNs to isolate services To meet these requirements you can configure a CE for each VPN which increases users device expenses and maintenance costs Or you...

Page 406: ...Ns on PE 1 in the same way as those on the MCE device The MCE device is connected to PE 1 through a trunk which permits packets of VLAN 2 and VLAN 3 with VLAN tags carried In this way PE 1 can determine the VPN a received packet belongs to according to the VLAN tag of the packet and passes the packet to the corresponding tunnel Configuring routing on an MCE Interface to VPN instance binding enable...

Page 407: ...domains you must enable the redistributed routes to carry the OSPF domain ID by configuring the domain id command in OSPF view The domain ID is added to BGP VPN routes as an extended community attribute In cases where a VPN has multiple MCE devices attached to it and when an MCE device advertises the routes learned from BGP within the VPN the routes may be learned by other MCE devices generating r...

Page 408: ...on a PE you isolate not only VPN routes from public network routes but also routes of a VPN from those of another VPN This feature allows VPN instances to be used in networking scenarios besides MCE Creating a VPN Instance A VPN instance is associated with a site It is a collection of the VPN membership and routing rules of its associated site A VPN instance does not necessarily correspond to one ...

Page 409: ...e interface after configuring the command Configuring route related attributes of a VPN instance The control process of VPN route advertisement is as follows When a VPN route learned from a site gets redistributed into BGP BGP associates it with a route target extended community attribute list which is usually the export target attribute of the VPN instance associated with the site The VPN instanc...

Page 410: ...arget attribute can be redistributed NOTE Only when BGP runs between the MCE and PE can the route target attribute be advertised to the PE together with the routing information In other cases configuring this attribute makes no sense You can configure route related attributes for IPv4 VPNs in both VPN instance view and IPv4 VPN view Those configured in IPv4 VPN view take precedence Configuring rou...

Page 411: ...alue tag tag value description description text Use either command Perform this configuration on the MCE On a VPN site configure a normal static route 3 Configure the default precedence for static routes ip route static default preference default preference value Optional 60 by default Configuring RIP between MCE and VPN site A RIP process belongs to the public network or a single VPN instance If ...

Page 412: ...F process that is bound with a VPN instance does not use the public network router ID configured in system view Therefore you must configure a router ID when starting the OSPF process All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure correct route advertisement For more information about OSPF see Layer 3 IP Routing Configuration Guide To configure OSPF b...

Page 413: ...A The MCE advertises the default route to the site 8 Create an OSPF area and enter OSPF area view area area id By default no OSPF area is created 9 Enable OSPF on the interface attached to the specified network in the area network ip address wildcard mask By default an interface neither belongs to any area nor runs OSPF Configuring IS IS between MCE and VPN site An IS IS process belongs to the pub...

Page 414: ... and redistribute the IGP routes of each VPN instance on the VPN sites If EBGP is used for route exchange you also can configure filtering policies to filter the received routes and the routes to be advertised 1 Configure the MCE Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter BGP VPN instance view ipv4 family vpn instance vpn instance name N A 4...

Page 415: ...ormal network For more information about BGP see Layer 3 IP Routing Configuration Guide 2 Configure a VPN site Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure the MCE as the EBGP peer peer group name ip address as number as number N A 4 Redistribute the IGP routes of the VPN import route protocol process id med med value route policy route po...

Page 416: ...rned from the VPN site to other IBGP peers including VPNv4 peers Only when you configure the VPN site as a client of the RR the MCE does the MCE advertise routes learned from it to other IBGP peers 2 Configure a VPN site Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Configure the MCE as the IBGP peer peer group name ip address as number as number N A...

Page 417: ...nce value Optional 60 by default Configuring RIP between MCE and PE Step Command Remarks 1 Enter system view system view N A 2 Create a RIP process for a VPN instance and enter RIP view rip process id vpn instance vpn instance name N A 3 Enable RIP on the interface attached to the specified network network network address By default RIP is disabled on an interface 4 Redistribute the VPN routes imp...

Page 418: ...umber of routes redistributed per time is 1000 the default tag is 1 and default type of redistributed routes is Type 2 8 Create an OSPF area and enter OSPF area view area area id By default no OSPF area is created 9 Enable OSPF on the interface attached to the specified network in the area network ip address wildcard mask By default an interface neither belongs to any area nor runs OSPF Configurin...

Page 419: ...ite import route protocol process id all processes med med value route policy route policy name By default no route redistribution is configured 6 Configure a filtering policy to filter the routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised ...

Page 420: ...loops 9 Configure a filtering policy to filter the routes to be advertised filter policy acl number ip prefix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised 10 Configure a filtering policy to filter the received routes filter policy acl number ip prefix ip prefix name import Optional By default ...

Page 421: ...splay fib vpn instance vpn instance name ip address mask mask length begin exclude include regular expression Available in any view Display information about a specific peer group or all BGP VPNv4 peer groups display bgp vpnv4 vpn instance vpn instance name group group name begin exclude include regular expression Available in any view Display information about BGP VPNv4 routes injected into a spe...

Page 422: ...view Clear the route flap dampening information of a VPN instance reset bgp vpn instance vpn instance name dampening network address mask mask length Available in user view Clear route flap history information about a BGP peer of a VPN instance reset bgp vpn instance vpn instance name ip address flap info reset bgp vpn instance vpn instance name flap info ip address mask mask length as path acl as...

Page 423: ...MCE ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit Create VLAN 10 add port GigabitEthernet 1 0 1 to VLAN 10 and create VLAN interface 10 MCE vlan 10 MCE vlan10 port gigabitether...

Page 424: ...VPN 1 directly and no routing protocol is enabled in VPN 1 Therefore you can configure static routes On VR 1 assign IP address 10 214 10 2 24 to the interface connected to MCE and 192 168 0 1 24 to the interface connected to VPN 1 Add ports to VLANs correctly Details not shown On VR 1 configure a default route with the next hop as 10 214 10 3 VR1 system view VR1 ip route static 0 0 0 0 0 0 0 0 10 ...

Page 425: ... 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 192 168 10 0 24 RIP 100 1 10 214 20 2 Vlan20 The output shows that the MCE has learned the private routes of VPN 2 The MCE maintains the routes of VPN 1 and those of VPN2 in two different routing tables In this way routes from different VPNs are separated 3 Configure routing between MCE and PE 1 The MCE uses port GigabitEthernet 1 0 3 to con...

Page 426: ... PE1 vlan40 quit PE1 interface vlan interface 40 PE1 Vlan interface40 ip binding vpn instance vpn2 PE1 Vlan interface40 ip address 40 1 1 2 24 PE1 Vlan interface40 quit Configure the IP address of the interface Loopback0 as 101 101 10 1 for the MCE and as 100 100 10 1 for PE 1 Specify the loopback interface address as the router ID for the MCE and PE 1 Details not shown Enable OSPF process 10 on t...

Page 427: ...e following output shows that PE 1 has learned the private route of VPN 2 through OSPF PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 40 1 1 0 24 Direct 0 0 40 1 1 2 Vlan40 40 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 192 168 1...

Page 428: ...ot shown Configure OSPF on the MCE and bind OSPF process 10 with VPN instance vpn1 to learn the routes of VPN 1 MCE system view MCE ospf router id 10 214 10 3 10 vpn instance vpn1 MCE ospf 10 area 0 MCE ospf 10 area 0 0 0 0 network 10 214 10 0 0 0 0 255 Display the routing table of VPN 1 on the MCE MCE ospf 10 area 0 0 0 0 display ip routing table vpn instance vpn1 Routing Tables vpn1 Destinations...

Page 429: ...nk ports The configuration procedure is similar to that described in Using OSPF to advertise VPN routes to the PE Details not shown Start BGP process 100 on the MCE and enter the IPv4 address family view of VPN instance vpn1 MCE bgp 100 MCE bgp ipv4 family vpn instance vpn1 Specify PE 1 as the EBGP peer of the MCE and redistribute the routing information of OSPF process 10 The IP address of PE 1 s...

Page 430: ... the private route of VPN 2 through BGP PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 40 1 1 0 24 Direct 0 0 40 1 1 2 Vlan40 40 1 1 2 32 Direct 0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 192 168 10 0 24 BGP 255 2 40 1 1 1 Vlan40 Now the MCE ha...

Page 431: ...network scenarios besides MPLS L3VPNs Creating a VPN instance A VPN instance is associated with a site It is a collection of the VPN membership and routing rules of its associated site A VPN instance does not necessarily correspond to one VPN A VPN instance takes effect only after you configure an RD for it You can configure a description for a VPN instance to record its related information such a...

Page 432: ...ibuted into BGP BGP associates it with a route target extended community attribute list which is usually the export target attribute of the VPN instance associated with the CE The VPN instance determines which routes it can accept and redistribute according to the import extcommunity in the route target The VPN instance determines how to change the route targets attributes for routes to be adverti...

Page 433: ...and IPv6 VPN view Those configured in IPv6 VPN view take precedence Configuring routing on an IPv6 MCE An IPv6 MCE implements service isolation through route isolation IPv6 MCE routing configuration includes IPv6 MCE VPN site routing configuration IPv6 MCE PE routing configuration On the PE in an IPv6 MCE network environment disable routing loop detection to avoid route loss during route calculati...

Page 434: ...dress preference preference value Use either command Perform this configuration on the IPv6 MCE On a VPN site configure normal IPv6 static routes Configuring RIPng between IPv6 MCE and VPN site A RIPng process belongs to the public network or a single IPv6 VPN instance If you create a RIPng process without binding it to an IPv6 VPN instance the process belongs to the public network By configuring ...

Page 435: ...CE and VPN site Step Command Remarks 1 Enter system view system view N A 2 Create an OSPFv3 process for a VPN instance and enter OSPFv3 view ospfv3 process id vpn instance vpn instance name Perform this configuration on the IPv6 MCE On a VPN site configure normal OSPFv3 3 Set the router ID router id router id N A 4 Redistribute remote site routes advertised by the PE import route protocol process ...

Page 436: ...l process id allow ibgp cost cost level 1 level 1 2 level 2 route policy route policy name tag tag Optional By default no routes from any other routing protocol are redistributed to IPv6 IS IS If you do not specify the route level in the command redistributed routes are added to the level 2 routing table by default 6 Return to system view quit N A 7 Enter interface view interface interface type in...

Page 437: ... same with the normal IPv6 BGP VPN route exchange For more information about IPv6 BGP see Layer 3 IP Routing Configuration Guide 2 Configure a VPN site Step Command Remarks 1 Enter system view system view N A 2 Enter BGP view bgp as number N A 3 Enter IPv6 address family view ipv6 family N A 4 Configure the IPv6 MCE as the EBGP peer peer ipv6 address as number as number N A 5 Redistribute the IGP ...

Page 438: ...name N A 3 Redistribute the VPN routes import route protocol process id allow ibgp cost cost route policy route policy name By default no route of any other routing protocol is redistributed into RIPng 4 Configure the default cost value for the redistributed routes default cost value Optional 0 by default 5 Return to system view quit N A 6 Enter interface view interface interface type interface nu...

Page 439: ...ult 4 Enable the IPv6 capacity for the IS IS process ipv6 enable Disabled by default 5 Redistribute the VPN routes ipv6 import route protocol process id allow ibgp cost cost level 1 level 1 2 level 2 route policy route policy name tag tag Optional By default IS IS does not redistribute routes of any other routing protocol If you do not specify the route level in the command the command will redist...

Page 440: ...he same way as it runs within a public network For more information about IPv6 BGP see Layer 3 IP Routing Configuration Guide Resetting BGP connections When BGP configuration changes you can use the soft reset function or reset BGP connections to make new configurations take effect Soft reset requires that BGP peers have route refreshment capability supporting Route Refresh messages Use the follow...

Page 441: ...rbose verbose begin exclude include regular expression Available in any view Display the BGP VPNv6 routing information of a VPN instance display bgp vpnv6 vpn instance vpn instance name routing table network address prefix length longer prefixes peer ipv6 address advertised routes received routes begin exclude include regular expression Available in any view For commands that display information a...

Page 442: ... 1 MCE vpn instance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguisher 20 1 MCE vpn instance vpn2 vpn target 20 1 MCE vpn instance vpn2 quit Create VLAN 10 add port GigabitEthernet 1 0 1 to VLAN 10 and create VLAN interface 10 MCE vlan 10 MCE vlan10 port gigabitethernet 1 0 1 CE VPN 1 Site 2 CE VPN 2 Site 1 PE 1 PE 3 PE 2 VPN 2 2012 6...

Page 443: ...nstance vpn2 PE1 vpn instance vpn2 route distinguisher 40 1 PE1 vpn instance vpn2 vpn target 20 1 PE1 vpn instance vpn2 quit 2 Configure routing between the MCE and VPN sites The MCE is connected with VPN 1 directly and no routing protocol is enabled in VPN 1 Therefore you can configure IPv6 static routes On VR 1 assign IP address 2001 1 2 64 to the interface connected to the MCE and 2012 1 2 64 t...

Page 444: ...lay the routing tables of VPN instances vpn1 and vpn2 MCE display ipv6 routing table vpn instance vpn1 Routing Table vpn1 Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2001 1 64 Protocol Direct NextHop 2001 1 1 Preference 0 Interface Vlan10 Cost 0 Destination 2001 1 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop...

Page 445: ...thernet1 0 3 port link type trunk MCE GigabitEthernet1 0 3 port trunk permit vlan 30 40 MCE GigabitEthernet1 0 3 quit On PE 1 configure the port connected to MCE as a trunk port and configure it to permit packets of VLAN 30 and VLAN 40 to pass with VLAN tags PE1 interface gigabitethernet 1 0 1 PE1 GigabitEthernet1 0 1 port link type trunk PE1 GigabitEthernet1 0 1 port trunk permit vlan 30 40 PE1 G...

Page 446: ...01 10 1 for the MCE and as 100 100 10 1 for PE 1 Specify the loopback interface address as the router ID for the MCE and PE 1 Details not shown Enable OSPFv3 process 10 on the MCE bind the process to VPN instance vpn1 and redistribute the IPv6 static route of VPN 1 MCE ospfv3 10 vpn instance vpn1 MCE ospf 10 router id 101 101 10 1 MCE ospf 10 import route static MCE ospf 10 quit Enable OSPFv3 on V...

Page 447: ...VPN 2 s routes from RIPng process 20 into the OSPFv3 routing table of the MCE The following output shows that PE 1 has learned the private route of VPN 2 through OSPFv3 PE1 display ipv6 routing table vpn instance vpn2 Routing Table vpn2 Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 40 64 Protocol Direct NextHop 40 2 Preference...

Page 448: ...ing you will receive email notification of product enhancements new driver versions firmware updates and other product resources Related information Documents To find related documents browse to the Manuals page of the HP Business Support Center website http www hp com support manuals For related documentation navigate to the Networking section and select a networking category For a complete list ...

Page 449: ...eparated by vertical bars from which you select one choice multiple choices or none 1 n The argument or keyword and argument combination before the ampersand sign can be entered 1 to n times A line that starts with a pound sign is comments GUI conventions Convention Description Boldface Window names button names field names and menu items are in bold text For example the New User window appears cl...

Page 450: ... 2 features Represents an access controller a unified wired WLAN module or the switching engine on a unified wired WLAN switch Represents an access point Represents a security product such as a firewall a UTM or a load balancing or security card that is installed in a device Represents a security card such as a firewall card a load balancing card or a NetStream card Port numbering in examples The ...

Page 451: ...onfiguring IS IS routing information control 143 Configuring OSPF areas 74 Configuring OSPF FRR 92 Configuring OSPF Graceful Restart 94 Configuring OSPF network types 76 Configuring OSPF route control 78 Configuring OSPFv3 area parameters 279 Configuring OSPFv3 GR 287 Configuring OSPFv3 network types 280 Configuring OSPFv3 routing information control 281 Configuring PBR using a PBR policy 378 Conf...

Page 452: ...k list 323 IPv6 BGP overview 323 IPv6 IS IS configuration examples 313 IPv6 MCE configuration examples 428 IPv6 static routes features 254 IPv6 static routing configuration example 255 IS IS configuration examples 161 IS IS configuration task list 140 IS IS overview 127 L Load sharing 3 M MCE configuration examples 409 MCE overview 389 O OSPF configuration examples 98 OSPF configuration task list ...

Page 453: ...uning and optimizing IPv6 BGP networks 334 Tuning and optimizing IS IS networks 148 Tuning and optimizing OSPF networks 84 Tuning and optimizing OSPFv3 networks 284 Tuning and optimizing RIP networks 31 Tuning and optimizing the RIPng network 263 ...

Reviews:

No comments

Related manuals for MSR2000 Series

3Com OfficeConnect 1600 Datasheet preview
OfficeConnect 1600
Brand: 3Com Pages: 8
3Com 3CRWEASY96A Quick Start Manual preview
3CRWEASY96A
Brand: 3Com Pages: 8
Wattle Pegasus Quick Installation Manual preview
Pegasus
Brand: Wattle Pages: 6
Baicells Nova430i Quick Manual preview
Nova430i
Brand: Baicells Pages: 8
Observint N16 Quick Setup Manual preview
N16
Brand: Observint Pages: 11
Patton electronics 1090 Service Manual preview
1090
Brand: Patton electronics Pages: 8
H3C S5120V3-EI Series Manual preview
S5120V3-EI Series
Brand: H3C Pages: 54
H3C CR16000-M Installation Manual preview
CR16000-M
Brand: H3C Pages: 116
Speedtouch IPQoS Configuration Manual preview
IPQoS
Brand: Speedtouch Pages: 124
Paxton Net2Air Ins-40085-US Quick Start Manual preview
Net2Air Ins-40085-US
Brand: Paxton Pages: 4
ZyXEL Communications GS3700 Series Handbook preview
GS3700 Series
Brand: ZyXEL Communications Pages: 215
TDK InvenSense RoboKit1 Hardware Reference Manual preview
InvenSense RoboKit1
Brand: TDK Pages: 13
IBM CFFh Installation Manual preview
CFFh
Brand: IBM Pages: 34
ZoneVu ZSI-450-IP Installation Manual & User Manual preview
ZSI-450-IP
Brand: ZoneVu Pages: 15
Razer RZ37-0251 Manual preview
RZ37-0251
Brand: Razer Pages: 17
Topcom Xplorer 871B (Norwegian) Hurtig Installasjonsveiledning preview
Xplorer 871B
Brand: Topcom Pages: 16
Maipu SM3100-9TC-AC Install Manual preview
SM3100-9TC-AC
Brand: Maipu Pages: 26
National Instruments PXI PXITM -1000 User Manual preview
PXI PXITM -1000
Brand: National Instruments Pages: 55

Brands by name

Popular brands

Load more brands