Home
/
Huawei
/
S6700 Series
/
Configuration Manual

Huawei S6700 Series, Configuration Manual

Share

Page: 458 / 664

Huawei S6700 Series Configuration Manual Download Page 458

l

Keychain authentication
A keychain consists of multiple authentication keys, each of which contains an ID and a
password. Each key has a lifecycle. Based on the life cycle of a key, you can dynamically
select different authentication keys from the keychain. After keychains with the same rules
are configured on the two ends of a BGP connection, the keychains can dynamically select
authentication keys to enhance BGP attack defense.

l

GTSM
GTSM checks TTL values to defend against attacks. For example, an attacker forges BGP
packets and keeps sending them to one switch. After receiving these packets, the switch
identifies the destination of the packets. The forwarding plane of the switch then directly
sends the packets to the control plane for processing without checking the validity of the
packets. As a result, the switch is busy processing these "valid" packets, resulting in high
CPU usage.
GTSM checks whether or not the TTL value in the IP header is within a specified range,
protecting the switch against attacks and improving system security.

NOTE

l

The S6700 supports GTSM.

l

GTSM supports only unicast addresses; therefore, the GTSM function must be configured on all
the switchs configured with BGP.

Pre-configuration Tasks

Before configuring BGP security, complete the following task:

l

Configuring Basic BGP Functions

Data Preparation

To configure BGP security, you need the following data.

No.

Data

1

Each switch's peer address or peer group name

2

MD5 authentication password

3

Keychain authentication name

7.18.2 Configuring MD5 Authentication

In BGP, MD5 authentication sets an MD5 authentication password for a TCP connection, and
is performed by TCP. If authentication fails, no TCP connection will be established.

Procedure

Step 1

Run:

system-view

The system view is displayed.

S6700 Series Ethernet Switches
Configuration Guide - IP Routing

7 BGP Configuration

Issue 01 (2012-03-15)

Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.

439

«
...
456
457
458
459
460
...
»

Summary of Contents for S6700 Series

Page 1: ...S6700 Series Ethernet Switches V200R001C00 Configuration Guide IP Routing Issue 01 Date 2012 03 15 HUAWEI TECHNOLOGIES CO LTD ...

Page 2: ...be within the purchase scope or the usage scope Unless otherwise specified in the contract all statements information and recommendations in this document are provided AS IS without warranties guarantees or representations of any kind either express or implied The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensu...

Page 3: ...s follows Symbol Description DANGER Indicates a hazard with a high level of risk which if not avoided will result in death or serious injury WARNING Indicates a hazard with a medium or low level of risk which if not avoided could result in minor or moderate injury CAUTION Indicates a potentially hazardous situation which if not avoided could result in equipment damage data loss performance degrada...

Page 4: ...rouped in braces and separated by vertical bars A minimum of one item or a maximum of all items can be selected x y Optional items are grouped in brackets and separated by vertical bars Several items or no item can be selected 1 n The parameter before the sign can be repeated 1 to n times A line starting with the sign is comments Change History Updates between document issues are cumulative Theref...

Page 5: ... Public Network 8 1 5 1 Establishing the Configuration Task 8 1 5 2 Configuring an IPv4 Static Route on the Public Network 9 1 5 3 Configuring a BFD Session 9 1 5 4 Binding a Static Route to a BFD Session 9 1 5 5 Checking the Configuration 10 1 6 Configuration Examples 10 1 6 1 Example for Configuring IPv4 Static Routes 10 1 6 2 Example for Configuring IPv6 Static Routes 14 1 6 3 Example for Confi...

Page 6: ...2 Features 39 2 7 1 Establishing the Configuration Task 39 2 7 2 Configuring RIP 2 Route Summarization 40 2 7 3 Configuring Packet Authentication of RIP 2 41 2 7 4 Checking the Configuration 42 2 8 Optimizing a RIP Network 43 2 8 1 Establishing the Configuration Task 43 2 8 2 Configuring RIP Timers 44 2 8 3 Setting the Interval for Sending Packets and the Maximum Number of the Sent Packets 45 2 8 ...

Page 7: ...ormation 70 3 6 1 Establishing the Configuration Task 70 3 6 2 Configuring RIPng to Filter the Received Routes 71 3 6 3 Checking the Configuration 71 3 7 Optimizing a RIPng Network 72 3 7 1 Establishing the Configuration Task 72 3 7 2 Configuring RIPng Timers 73 3 7 3 Setting the Interval for Sending Update Packets and the Maximum Number of Packets Sent Each Time 73 3 7 4 Configuring Split Horizon...

Page 8: ...rmation 108 4 6 1 Establishing the Configuration Task 108 4 6 2 Configuring OSPF to Import External Routes 109 4 6 3 Configuring OSPF to Import a Default Route 110 4 6 4 Configuring Route Summarization 111 4 6 5 Configuring OSPF to Filter Routes Received by OSPF 112 4 6 6 Configuring the switch to Filter LSAs to Be Sent 113 4 6 7 Optional Configuring OSPF to Filter LSAs in an Area 114 4 6 8 Option...

Page 9: ...ample for Configuring OSPF GR 161 4 14 7 Example for Configuring OSPF BGP 164 4 14 8 Example for Configuring OSPF GTSM 173 4 14 9 Example for Configuring BFD for OSPF 179 5 OSPFv3 Configuration 185 5 1 OSPFv3 Overview 187 5 2 OSPFv3 Features Supported by S6700 187 5 3 Configuring Basic OSPFv3 Functions 187 5 3 1 Establishing the Configuration Task 187 5 3 2 Enabling OSPFv3 188 5 3 3 Enabling OSPFv...

Page 10: ...etwork 205 5 9 1 Establishing the Configuration Task 205 5 9 2 Configuring the SPF Timer 206 5 9 3 Suppressing an Interface from Sending and Receiving OSPFv3 Packets 207 5 9 4 Configuring DR Priority of an Interface 208 5 9 5 Configuring Stub Routers 209 5 9 6 Ignoring MTU Check on DD Packets 209 5 9 7 Checking the Configuration 210 5 10 Configuration OSPFv3 GR 210 5 10 1 Establishing the Configur...

Page 11: ... 6 7 1 Establishing the Configuration Task 266 6 7 2 Configuring a Preference Value for IPv4 IS IS 267 6 7 3 Configuring IPv4 IS IS to Advertise a Default Route 268 6 7 4 Configuring IPv4 IS IS to Import External Routes 269 6 7 5 Checking the Configuration 270 6 8 Configuring the IPv4 IS IS Route Convergence Speed 271 6 8 1 Establishing the Configuration Task 271 6 8 2 Configuring the Interval for...

Page 12: ...ulation Interval 311 6 15 5 Configuring Convergence Priorities for IPv6 IS IS Routes 311 6 15 6 Checking the Configuration 312 6 16 Configuring IS IS GR 313 6 16 1 Establishing the Configuration Task 313 6 16 2 Enabling IS IS GR 314 6 16 3 Configuring Parameters of an IS IS GR Session 314 6 16 4 Checking the Configuration 315 6 17 Maintaining IS IS 315 6 17 1 Resetting IS IS Data Structure 315 6 1...

Page 13: ...Establishing the Configuration Task 394 7 6 2 Configuring BGP Filters 395 7 6 3 Configuring to Controll the Acceptment of BGP Routing Information 401 7 6 4 Configuring BGP Soft Reset 402 7 6 5 Checking the Configuration 404 7 7 Configuring BGP Route Aggregation 405 7 8 Configuring BGP Peer Groups 407 7 8 1 Establishing the Configuration Task 407 7 8 2 Creating IBGP Peer Groups 408 7 8 3 Creating P...

Page 14: ...8 7 18 2 Configuring MD5 Authentication 439 7 18 3 Configuring BGP GTSM 440 7 18 4 Checking the Configuration 441 7 19 Maintaining BGP 442 7 19 1 Resetting BGP Connections 442 7 19 2 Clearing BGP Information 443 7 20 Configuration Examples 443 7 20 1 Example for Configuring Basic BGP Functions 443 7 20 2 Example for Configuring AS Path Filter 449 7 20 3 Example for Configuring BGP to Interact with...

Page 15: ...dvertising BGP4 Routing Information 515 8 5 7 Configuring the Policy for Receiving BGP4 Routing Information 516 8 5 8 Configuring BGP4 Soft Resetting 517 8 5 9 Checking the Configuration 519 8 6 Configuring Parameters of a Connection Between BGP4 Peers 519 8 6 1 Establishing the Configuration Task 519 8 6 2 Configuring BGP4 Timers 520 8 6 3 Setting the BGP4 ConnectRetry Interval 521 8 6 4 Checking...

Page 16: ...ation 554 9 1 MBGP Overview 555 9 2 MBGP Features Supported by the S6700 555 9 3 Configuring Basic MBGP Functions 555 9 3 1 Establishing the Configuration Task 555 9 3 2 Configuring a BGP Peer 556 9 3 3 Configuring an MBGP Peer 557 9 3 4 Configuring an MBGP Route Reflector 557 9 3 5 Configuring MBGP to Import Local Routes 558 9 3 6 Checking the Configuration 560 9 4 Configuring the Policy for Adve...

Page 17: ...Route 579 9 7 3 Checking the Configuration 580 9 8 Maintaining MBGP 580 9 8 1 Resetting MBGP Connection 580 9 8 2 Clearing MBGP Statistics 581 9 8 3 Debugging MBGP 581 9 9 Configuration Examples 582 9 9 1 Example for Configuring Basic MBGP Functions 582 10 Routing Policy Configuration 591 10 1 Overview of the Routing Policy 592 10 2 Routing Policy Features Supported by the S6700 593 10 3 Configuri...

Page 18: ...outing Policy 615 10 8 3 Checking the Configuration 616 10 9 Maintaining the Routing Policy 616 10 10 Configuration Examples 616 10 10 1 Example for Filtering Received and Advertised Routes 617 10 10 2 Example for Applying a Routing Policy to Imported Routes 621 11 MCE Configuration 627 11 1 MCE Overview 628 11 2 MCE Functions Supported by the S6700 629 11 3 Configuring a VPN Instance 630 11 3 1 E...

Page 19: ...tional Configuring OSPF Between an MCE and a PE 638 11 5 5 Optional Configuring IS IS Between an MCE and a PE 639 11 5 6 Optional Configuring BGP Between an MCE and a PE 639 11 5 7 Checking the Configuration 640 11 6 MCE Configuration Examples 640 11 6 1 Example for Configuring MCE 640 S6700 Series Ethernet Switches Configuration Guide IP Routing Contents Issue 01 2012 03 15 Huawei Proprietary and...

Page 20: ...onfiguring an IPv4 Static Route On an IPv4 network you can accurately control route selection by configuring IPv4 static routes 1 4 Configuring an IPv6 Static Route On an IPv6 network you can accurately control route selection by configuring IPv6 static routes 1 5 Configuring BFD for IPv4 Static Routes on the Public Network On an IPv4 network configuring BFD for IPv4 static routes on the public ne...

Page 21: ...to forward the IPv4 packet The S6700 supports ordinary static routes IPv6 Static Route Similar to IPv4 static routes IPv6 static routes need to be manually configured by the administrator IPv6 static routes are applicable to simple IPv6 networks If the destination address of an IPv6 static route is 0 with the mask length being 0 this IPv6 static route is an IPv6 default route If the destination ad...

Page 22: ...ble 1 3 Configuring an IPv4 Static Route On an IPv4 network you can accurately control route selection by configuring IPv4 static routes 1 3 1 Establishing the Configuration Task Before configuring an IPv4 static route familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configur...

Page 23: ...onfigure an IPv4 static route you need the following data No Data 1 Destination address and mask 2 Outbound interface or next hop IPv4 address 3 Preference of the IPv4 static route 1 3 2 Configuring an IPv4 Static Route on the Public Network When configuring an IPv4 static route configure its destination address outbound interface and next hop Context Do as follows on the switch to be configured w...

Page 24: ...lt preference is used if no preference is explicitly specified for the static route After a default preference is specified the new default preference is valid for subsequent rather than existing IPv4 static routes End 1 3 4 Checking the Configuration After an IPv4 static route is configured you can check detailed information about the configured IPv4 static route Prerequisites The configurations ...

Page 25: ...ute complete the following task l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that the link layer protocol status of the interfaces is Up Data Preparation To configure an IPv6 static route you need the following data No Data 1 Destination address and mask 2 Outbound interface or next hop IPv6 address 3 Preference of the IPv6 static route 1 4 2 Configuring a...

Page 26: ...n the switch that need to be configured with IPv6 static routes and change the default priority for IPv6 static routes Procedure Step 1 Run system view The system view is displayed Step 2 Run ipv6 route static default preference preference The default preference of IPv6 static routes is set By default the preference of IPv6 static routes is 60 When an IPv6 static route is configured the default pr...

Page 27: ... IPv4 network With BFD service providers can provide voice over IP VoIP and other real time services with high availability and scalability By binding IPv4 static routes to BFD sessions you can use BFD sessions to provide link detection for IPv4 static routes on the public network A static route can be bound to a BFD session Pre configuration Tasks Before configuring BFD for IPv4 static routes on ...

Page 28: ... you configure the next hop as the outbound interface you must specify the next hop address End 1 5 3 Configuring a BFD Session BFD sessions are used to quickly detect and monitor the connectivity of links on a network Background See the S6700 Series Ethernet Switches Configuration Guide Reliability 1 5 4 Binding a Static Route to a BFD Session When binding a static route to a BFD session ensure t...

Page 29: ...heck the configuration of BFD for static routes You can check information about a BFD session only after parameters for the BFD session are set and the BFD session is established If BFD session negotiation succeeds the status of the BFD session is displayed as Up You can also check that the BFD session is bound to the static route by running the display current configuration include bfd command in...

Page 30: ...ate a VLAN to which each interface belongs 2 Assign an IP address to each VLANIF interface 3 Configure a default IP gateway on each host 4 Configure static routes and default routes on each switch Data Preparation To complete the configuration you need the following data l The IDs of the VLANs to which the interfaces belong are shown in Figure 1 1 l The VLANIF interfaces and the IP addresses of th...

Page 31: ...e Flags R relay D download to fib Routing Tables Public Destinations 8 Routes 8 Destination Mask Proto Pre Cost Flags NextHop Interface 0 0 0 0 0 Static 60 0 RD 1 1 4 2 Vlanif10 1 1 1 0 24 Direct 0 0 D 1 1 1 1 Vlanif30 1 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 1 1 4 0 30 Direct 0 0 D 1 1 4 1 Vlanif10 1 1 4 1 32 Direct 0 0 D 127 0 0 1 InLoopBack 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 12...

Page 32: ...le of Switch B sysname SwitchB vlan batch 10 20 40 interface Vlanif10 ip address 1 1 4 2 255 255 255 252 interface Vlanif20 ip address 1 1 4 5 255 255 255 252 interface Vlanif40 ip address 1 1 2 1 255 255 255 0 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 20 interface XGigabitEther...

Page 33: ...resses The VLANIF interfaces connecting the Switches need to be configured with IPv6 link local addresses Figure 1 2 Networking diagram for configuring IPv6 static routes SwitchA XGE0 0 1 XGE0 0 1 XGE0 0 2 XGE0 0 1 XGE0 0 2 XGE0 0 2 XGE0 0 3 PC2 PC1 PC3 2 2 64 SwitchC SwitchB 2 1 64 1 1 64 3 1 64 1 2 64 3 2 64 VLANIF10 VLANIF50 VLANIF40 VLANIF20 VLANIF20 VLANIF30 VLANIF40 FE80 218 20FF FE00 83 FE8...

Page 34: ... 64 and outgoing interface being VLANIF 40 l Default route of Switch C with the outgoing interface being VLANIF 40 l Default gateway address 1 1 of PC1 default gateway address 2 1 of PC2 and default gateway address 3 1 of PC3 Procedure Step 1 Add interfaces to VLANs Quidway system view Quidway sysname SwitchA SwitchA vlan 10 SwitchA vlan10 quit SwitchA interface xgigabitethernet 0 0 2 SwitchA XGig...

Page 35: ...00 83 Step 5 Configure the addresses and the gateway addresses on the PCs Assign the IPv6 addresses to the PCs according to the networking diagram Set the default gateway address on PC1 to 1 1 the default gateway address on PC2 to 2 1 and the default gateway address on PC3 to 3 1 Step 6 Verify the configuration Check the IPv6 routing table of Switch A Switch A display ipv6 routing table Routing Ta...

Page 36: ...eived 0 00 packet loss round trip min avg max 62 62 63 ms Run the tracert command to verify the configuration Switch A tracert ipv6 3 1 traceroute to 3 1 30 hops max 60 bytes packet 1 2 1 31 ms 32 ms 31 ms 2 3 1 62 ms 63 ms 62 ms End Configuration Files l Configuration file of Switch A sysname Switch A ipv6 vlan batch 10 20 interface Vlanif10 ipv6 enable ipv6 address 1 1 64 interface Vlanif20 ipv6...

Page 37: ...oute static 1 64 Vlanif20 FE80 218 20FF FE00 81 ipv6 route static 3 64 Vlanif40 FE80 218 20FF FE00 82 return l Configuration file of Switch C sysname Switch C ipv6 vlan batch 40 50 interface Vlanif40 ipv6 enable ipv6 address auto link local interface Vlanif50 ipv6 enable ipv6 address 3 1 64 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface XGigabitEthe...

Page 38: ...ollows 1 Create a BFD session on Switch A and Switch B to detect the link between Switch A and Switch B 2 Configure a static route from Switch A to the NMS and bind the static route to the BFD session Data Preparation To complete the configuration you need the following data l IDs of the VLANs that the interfaces belong to as shown in Figure 1 3 l VLANIF interfaces and the IP address of the NMS as...

Page 39: ...chB bfd session bb discriminator local 20 SwitchB bfd session bb discriminator remote 10 SwitchB bfd session bb commit SwitchB bfd session bb quit Step 4 Configure a static route and bind the route to the BFD session On Switch A configure a static route to the external network and bind the default static route to the BFD session named aa SwitchA ip route static 2 2 2 0 24 1 1 1 2 track bfd session...

Page 40: ...1 32 Direct 0 0 D 127 0 0 1 Vlanif10 1 1 1 255 32 Direct 0 0 D 1 1 1 2 Vlanif10 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 Run the undo shutdown command on VLANIF 10 of Switch B to simulate link recovery SwitchB Vlanif10 undo shutdown Check the routing table on Switch A and you can find default route 2 2 2 0 24 in the routing table After BFD dete...

Page 41: ...atch 10 20 bfd interface Vlanif10 ip address 1 1 1 2 255 255 255 0 interface Vlanif20 ip address 2 2 2 2 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bfd bb bind peer ip 1 1 1 1 discriminator local 20 discriminator remote 10 commit return S6700 Series Etherne...

Page 42: ... 2 5 Controlling the Advertising of RIP Routing Information To meet the requirements of complex networks accurately controlling the advertising of RIP routing information is essential 2 6 Controlling the Receiving of RIP Routing Information To meet the requirements of complex networks accurately controlling the receiving of RIP routing information is essential 2 7 Configuring RIP 2 Features Differ...

Page 43: ... section provides several configuration examples of RIP S6700 Series Ethernet Switches Configuration Guide IP Routing 2 RIP Configuration Issue 01 2012 03 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 24 ...

Page 44: ...cing bandwidth consumption The basic principle is simple Information about the routing for a particular packet is never sent back in the direction from which it was received l Poison reverse is that RIP sets the cost of the route learnt from an interface of a neighbor to 16 specifying the route as unreachable and then sends the route from the interface back to the neighbor In this way RIP can dele...

Page 45: ...ion tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment Configuring basic RIP functions allows you to enjoy certain RIP features Pre configuration Tasks Before configuring basic RIP functions complete the following tasks l Configuring the link layer protocol l Configuring IP addresses for interfaces to ensure that neigh...

Page 46: ...each process is responsible for a unique set of interfaces In addition the routing data is independent between RIP processes however routes can be imported between processes For the routers that support the VPN each RIP process is associated with a specific VPN instance In this case all the interfaces attached to the RIP process should be associated with the RIP process related VPN instance End 2 ...

Page 47: ...e different functions Context Do as follows on the RIP switch Procedure l Configuring the Global RIP Version Number 1 Run system view The system view is displayed 2 Run rip process id The RIP process is enabled and the RIP view is displayed 3 Run version 1 2 The global RIP version number is specified l Configuring the RIP Version Number for an Interface 1 Run system view The system view is display...

Page 48: ...tics interface all interface type interface number verbose neighbor neighbor ip address command to check statistics about RIP interfaces End 2 4 Configuring RIP Route Attributes By setting RIP route attributes you can change RIP routing policies to meet the requirements of complex networks 2 4 1 Establishing the Configuration Task RIP route attributes include the RIP preference additional metrics ...

Page 49: ...e routing table its metric in the routing table changes Running this command affects route selection on the local device and other devices on the network l The rip metricout command is used to add an additional metric to an outgoing route When this route is advertised an additional metric is added to this route but the metric of the route in the routing table does not change Running this command d...

Page 50: ...tain RIP routes over others Context Do as follows on the RIP switch Procedure Step 1 Run system view The system view is displayed Step 2 Run rip process id The RIP process is enabled and the RIP view is displayed Step 3 Run preference preference route policy route policy name The RIP preference is set By default the RIP preference is 100 End 2 4 4 Setting the Maximum Number of Equal Cost Routes By...

Page 51: ...hat are learned from other switchs End 2 5 Controlling the Advertising of RIP Routing Information To meet the requirements of complex networks accurately controlling the advertising of RIP routing information is essential 2 5 1 Establishing the Configuration Task RIP routing information can be advertised through default routes Update packets and imported external routes Applicable Environment To m...

Page 52: ...ed for 0 0 0 0 By default RIP does not advertise default routes to its neighbors Context Do as follows on the RIP switch Procedure Step 1 Run system view The system view is displayed Step 2 Run rip process id The RIP process is enabled and the RIP view is displayed Step 3 Run default route originate cost cost match default route policy route policy name avoid learning RIP is configured to generate...

Page 53: ...nce over the rip output command in the interface view By default an interface can receive and send Update packets l Configuration in the Interface View with a Low Priority 1 Run system view The system view is displayed 2 Run interface interface type interface number The interface view is displayed The interface must be a VLANIF interface 3 Run undo rip output The interface is disabled from sending...

Page 54: ...Step 5 Optional Run filter policy acl number acl name acl name ip prefix ip prefix name export protocol process id interface type interface number The imported routes are filtered when being advertised If the routing information to be advertised by RIP contains the routes imported from other routing protocols you can specify protocol to filter the specified routes If protocol is not specified all ...

Page 55: ...shing the Configuration Task You can obtain RIP routing information by receiving Update packets and host routes Applicable Environment In practice to meet the requirements of a complex network it is required to control the receiving of RIP routing information accurately After performing configuration procedures in this section you can l Disable an interface from receiving RIP Update packets l Filt...

Page 56: ...rom Receiving Host Routes When you disable RIP from receiving host routes on a router the router rejects to receive host routes This prevents the router from receiving a large number of unnecessary routes and thus avoiding wasting network resources Context In certain situations a switch may receive a large number of host routes from the same network segment These routes are not required in route a...

Page 57: ...ter the imported and advertised routes you can configure inbound and outbound routing policies by specifying ACLs and IP prefix lists You can also configure the switch to receive RIP packets only from a specified neighbor Do as follows on the RIP switch Procedure Step 1 Run system view The system view is displayed Step 2 Run rip process id The RIP process is enabled and the RIP view is displayed S...

Page 58: ... number verbose command to check information about the RIP interface l Run the display rip process id neighbor verbose command to check information about RIP neighbors l Run the display rip process id route command to check all the RIP routes that are learned from other switchs End 2 7 Configuring RIP 2 Features Different from RIP 1 RIP 2 supports VLSM CIDR and authentication to ensure higher secu...

Page 59: ...es that multiple subnet routes on the same natural network segment are summarized into one route with the natural mask when being advertised to other network segments Therefore route summarization reduces the network traffic and the size of the routing table Route summarization does not take effect in RIP 1 RIP 2 supports Variable Length Subnet Mask VLSM and Classless Interdomain Routing CIDR To b...

Page 60: ...mask avoid feedback The local summary address of RIP 2 is advertised NOTE The rip summary address ip address mask avoid feedback command is run in the interface view to enable classless network based route summarization End 2 7 3 Configuring Packet Authentication of RIP 2 RIP 2 supports the ability to authenticate protocol packets and provides two authentication modes Simple authentication and Mes...

Page 61: ...dard authentication packets The MD5 authentication password that starts and ends with is invalid because is used to distinguish old and new passwords End 2 7 4 Checking the Configuration After RIP 2 features are successfully configured you can view the current running status configuration and routing information of RIP Prerequisites The configurations of RIP 2 features are complete Procedure l Run...

Page 62: ...e number of packets to be sent by interfaces and the interval at which packets are sent l Configure split horizon or poison reverse to prevent routing loops l After the replay protect function is enabled neighbors can communicate after a RIP process is restarted l Check the validity of packets and authenticate packets on a network demanding high security l Run RIP on a link that does not support b...

Page 63: ...ample if the update time is longer than the aging time and a RIP route changes within the update time the switch cannot inform its neighbors of the change on time l You must configure RIP timers based on the network performance and uniformly on all the switches running RIP This avoids unnecessary network traffic or route flapping By default the Update timer is 30s the Age timer is 180s the Garbage...

Page 64: ...erval number pkt count The interval for sending Update packets and the maximum number of packets sent each time are set on the interface End 2 8 4 Configuring Split Horizon and Poison Reverse You can configure split horizon and poison reverse to prevent routing loops Context If both split horizon and poison reverse are configured only poison reverse takes effect Do as follows on the RIP switch Pro...

Page 65: ...ed and the RIP view is displayed 3 Run checkzero The zero field check is configured for RIPv1 packets Certain fields in a RIPv1 packet must be 0s and these fields are called zero fields RIPv1 checks the zero fields on receiving a packet If the value of any zero field in a RIPv1 packet is not 0 this packet is not processed As a RIPv2 packet does not contain any zero field configuring the zero field...

Page 66: ...k as each other s neighbor Do as follows on the RIP switch Procedure Step 1 Run system view The system view is displayed Step 2 Run rip process id The RIP process is enabled and the RIP view is displayed Step 3 Run peer ip address The RIP neighbor is configured End 2 8 7 Checking the Configuration After the function of adjusting and optimizing the RIP network performance is successfully configured...

Page 67: ...ete the pre configuration tasks and obtain the data required for the configuration This will help you complete the configuration task quickly and accurately Applicable Environment After performing configuration procedures in this section you can bind RIP to a MIB Pre configuration Tasks Before configuring the network management function in RIP complete the following tasks l Configuring IP addresse...

Page 68: ...ers that take effect on the switch End 2 10 Configuration Examples This section provides several configuration examples of RIP 2 10 1 Example for Configuring the RIP Version Networking Requirements As shown in Figure 2 1 RIP needs to be enabled on all the interfaces of Switch A Switch B Switch C and Switch D The switches are interconnected through RIPv2 Figure 2 1 Networking diagram for configurin...

Page 69: ...RIPv2 Procedure Step 1 Configure VLANs that the related interfaces belong to Quidway system view Quidway sysname SwitchA SwitchA vlan 10 SwitchA vlan10 quit SwitchA interface xgigabitethernet 0 0 1 SwitchA XGigabitEthernet0 0 1 port hybrid pvid vlan 10 SwitchA XGigabitEthernet0 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit The configurations of Switch B Switch C and Switch D ...

Page 70: ...the routes advertised by RIPv1 use natural masks Step 4 Configure the RIP version Configure RIPv2 on Switch A SwitchA rip SwitchA rip 1 version 2 SwitchA rip 1 quit Configure RIPv2 on Switch B SwitchB rip SwitchB rip 1 version 2 SwitchB rip 1 quit Configure RIPv2 on Switch C SwitchC rip SwitchC rip 1 version 2 SwitchC rip 1 quit Configure RIPv2 on Switch D SwitchD rip SwitchD rip 1 version 2 Switc...

Page 71: ...rface Vlanif10 ip address 192 168 1 2 255 255 255 0 interface Vlanif20 ip address 172 16 1 1 255 255 255 0 interface Vlanif30 ip address 10 1 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface XGigabitEthernet0 0 3 port hybrid pvid vlan 30 port hybrid...

Page 72: ... routing information with Switch C through RIP200 You must configure route import on Switch B so that the two RIP processes can import RIP routes of each other By default the metric of the imported routes of RIP200 is set to 3 In addition you must configure a filtering policy on Switch B Thus Switch B can filter out a route imported from RIP200 route to 192 168 4 0 24 and does not advertise the ro...

Page 73: ...tch A 192 168 1 0 and 192 168 1 0 l Network segments with RIP100 and RIP200 enabled on Switch B 192 168 1 0 and 192 168 2 0 l RIP200 enabled network segments on Switch C 192 168 2 0 192 168 3 0 and 192 168 4 0 l Default metric of routes that are imported to RIP100 from RIP200 3 l ACL 2000 for the routes that are imported to RIP100 from RIP200 which denies the routes of network segment 192 168 4 0 ...

Page 74: ...200 network 192 168 3 0 Switch C rip 200 network 192 168 4 0 Switch C rip 200 quit Check the routing table of Switch A Switch A display ip routing table Route Flags R relay D download to fib Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost Flags NextHop Interface 192 168 0 0 24 Direct 0 0 D 192 168 0 1 Vlanif50 192 168 0 1 32 Direct 0 0 D 127 0 0 1 Vlanif50 192 168 1 0...

Page 75: ... The rule denies the packets sent from 192 168 4 0 24 Switch B acl 2000 Switch B acl basic 2000 rule deny source 192 168 4 0 0 0 0 255 Switch B acl basic 2000 rule permit Switch B acl basic 2000 quit Configure Switch B to filter the route to 192 168 4 0 24 that is imported from RIP200 according to the ACL rule Switch B rip 100 Switch B rip 100 filter policy 2000 export Switch B rip 100 quit Step 6...

Page 76: ...onfiguration file of Switch B sysname Switch B vlan batch 10 20 acl number 2000 rule 5 deny source 192 168 4 0 0 0 0 255 rule 10 permit interface Vlanif10 ip address 192 168 1 2 255 255 255 0 interface Vlanif20 ip address 192 168 2 1 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybr...

Page 77: ...t hybrid pvid vlan 20 port hybrid untagged vlan 20 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface XGigabitEthernet0 0 3 port hybrid pvid vlan 40 port hybrid untagged vlan 40 rip 200 network 192 168 2 0 network 192 168 3 0 network 192 168 4 0 return S6700 Series Ethernet Switches Configuration Guide IP Routing 2 RIP Configuration Issue 01 2012 03 15 ...

Page 78: ... of RIPng Routing Information To meet the requirements of complex networks it is required to accurately control the advertising of RIPng routing information 3 6 Controlling the Receiving of RIPng Routing Information To meet the requirements of complex networks it is required to accurately control the receiving of RIPng routing information 3 7 Optimizing a RIPng Network You can adjust and optimize ...

Page 79: ...witch is 1 The hop count that is equal to or exceeds 16 is defined as infinity indicating that the destination network or host is unreachable By default RIPng sends an Update packet every 30 seconds If no Update packet is received from a neighbor in 180 seconds RIPng marks all the routes learned from the neighbor as unreachable If no Update packet is received from a neighbor in 300 seconds RIPng d...

Page 80: ...he network segment of an interface ensure that the link status of the interface is Up Applicable Environment The configuration of basic RIPng functions involves the configuration of basic RIPng features After the configuration the RIPng features are available During the RIPng configuration you must enable RIPng in the system view first If you run RIPng related commands in the interface view these ...

Page 81: ... End 3 3 3 Enabling RIPng in the VLANIF Interface View After an interface is associated with a RIPng process routing information on this interface can be exchanged through RIPng Context Do as follows on the switch to be enabled with RIPng Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif vlan id The VLANIF interface view is displayed The interface is at the ...

Page 82: ...terface type interface number verbose neighbor neighbor ipv6 address command to check statistics about RIPng interfaces End 3 4 Configuring RIPng Route Attributes By setting RIPng route attributes you can change RIPng routing policies 3 4 1 Establishing the Configuration Task RIPng route attributes include the RIPng preference and interface metric Applicable Environment To meet the requirements of...

Page 83: ...erence Context Each routing protocol has its preference according to which a routing policy selects the optimal route The RIPng preference can be set manually The greater the value is the lower the preference is Do as follows on the RIPng switch Procedure Step 1 Run system view The system view is displayed Step 2 Run ripng process id The RIPng process is enabled and the RIPng view is displayed Ste...

Page 84: ...lue1 through an IPv6 ACL or an IPv6 prefix list If a RIPng route does not pass the filtering its metric is increased by 1 Do as follows on the RIPng switch Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif interface number The interface view is displayed Step 3 Run ripng metricin value The metric added to a received route is set Step 4 Run ripng metricout va...

Page 85: ... the display ripng process id database command to check all activated routes in the RIPng database l Run the display ripng process id route command to check all the RIPng routes that are learned from other switchs End 3 5 Controlling the Advertising of RIPng Routing Information To meet the requirements of complex networks it is required to accurately control the advertising of RIPng routing inform...

Page 86: ...of RIPng routing information you need the following data No Data 1 Metric of the default route to be advertised 2 Protocol name and process ID of the external route to be imported 3 5 2 Configuring RIPng Route Summarization By configuring a RIPng router to advertise the summarized IPv6 address on an interface you can save the space used by RIPng routes in the routing table You can also set paramet...

Page 87: ...red to advertise a default route You can configure RIPng to advertise default routes as required l only advertises only IPv6 default routes 0 and suppresses the advertising of other routes l originate advertises IPv6 default routes 0 and does not affect the advertising of other routes A RIPng default route is forcibly advertised by using an Update packet through a specified interface regardless of...

Page 88: ...ng switch Procedure Step 1 Run system view The system view is displayed Step 2 Run ripng process id The RIPng view is displayed Step 3 Optional Run default cost cost The default cost is set for imported external routes Step 4 Run import route ripng isis ospfv3 process id bgp permit ibgp unr direct static cost cost route policy route policy name External routes are imported NOTE Import of IBGP rout...

Page 89: ...d to check all the RIPng routes that are learned from other switchs End 3 6 Controlling the Receiving of RIPng Routing Information To meet the requirements of complex networks it is required to accurately control the receiving of RIPng routing information 3 6 1 Establishing the Configuration Task Before controlling the receiving of RIPng routes familiarize yourself with the applicable environment ...

Page 90: ...routes Context Do as follows on the RIPng switch Procedure Step 1 Run system view The system view is displayed Step 2 Run ripng process id The RIPng view is displayed Step 3 Run filter policy acl6 number acl6 name acl6 name ipv6 prefix ipv6 prefix name import The imported routes are filtered You can specify an IPv6 ACL or an IPv6 prefix list to filter the imported routes Only the routes that pass ...

Page 91: ...iguration This will help you complete the configuration task quickly and accurately Applicable Environment On certain networks you need to configure RIPng features and optimize the performance of a RIPng network After performing configuration procedures in this section you can l Change the convergence speed of the RIPng network by adjusting RIPng timers l Configure split horizon and poison reverse...

Page 92: ...s 120s Do as follows on the RIPng switch Procedure Step 1 Run system view The system view is displayed Step 2 Run ripng process id The RIPng view is displayed Step 3 Run timers ripng update age garbage collect RIPng timers are configured End 3 7 3 Setting the Interval for Sending Update Packets and the Maximum Number of Packets Sent Each Time By setting the interval for sending packets and the max...

Page 93: ...oute as unreachable back through the interface from which the route is learned If both split horizon and poison reverse are configured only poison reverse takes effect Do as follows on the RIPng switch Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif vlan id The interface view is displayed Step 3 Run the following command as required l Run ripng split horiz...

Page 94: ... id command to check the configuration of the RIPng process l Run the display ripng process id database verbose command to check all activated routes in the RIPng database l Run the display ripng process id interface interface type interface number verbose command to check information about the RIPng interface l Run the display ripng process id neighbor verbose command to check information about R...

Page 95: ...This section provides a configuration example of RIPng 3 9 1 Example for Configuring RIPng to Filter the Received Routes Networking Requirements As shown in Figure 3 1 the prefix length of all the IPv6 addresses is 64 bits In addition the VLANIF interfaces between the neighboring Switches are assigned IPv6 link local addresses All the Switches must learn IPv6 routing information on the network thr...

Page 96: ...witch C XGE0 0 2 VLANIF 40 2 1 64 Switch C XGE0 0 3 VLANIF 50 3 1 64 Configuration Roadmap The configuration roadmap is as follows 1 Enable RIPng on each Switch so that the Switches can communicate with each other 2 Configure an ACL on Switch B to filter the received routes Data Preparation To complete the configuration you need the following data l IDs of the VLANs that the interfaces belong to a...

Page 97: ...20 quit The configurations of Switch B and Switch C are similar to the configuration of Switch A and are not mentioned here Step 3 Configure the basic RIPng functions Configure Switch A Switch A ripng 1 Switch A ripng 1 quit Switch A interface vlanif 10 Switch A Vlanif10 ripng 1 enable Switch A Vlanif10 quit Switch A interface vlanif 20 Switch A Vlanif20 ripng 1 enable Switch A Vlanif20 quit Confi...

Page 98: ...rtised by Switch B Step 4 Configure Switch B to filter the received routes Switch B acl ipv6 number 2000 Switch B acl6 basic 2000 rule deny source 3 64 Switch B acl6 basic 2000 rule permit Switch B acl6 basic 2000 quit Switch B ripng 1 Switch B ripng 1 filter policy 2000 import Switch B ripng 1 quit Step 5 Verify the configuration Check the RIPng routing table of Switch B The RIPng routing table s...

Page 99: ...hernet0 0 2 port hybrid pvid vlan 10 port hybrid untagged vlan 10 ripng 1 return l Configuration file of Switch B sysname Switch B ipv6 vlan batch 20 30 acl ipv6 number 2000 rule 0 deny source 3 64 rule 1 permit interface Vlanif20 ipv6 enable ipv6 address auto link local ripng 1 enable interface Vlanif30 ipv6 enable ipv6 address auto link local ripng 1 enable interface XGigabitEthernet0 0 1 port h...

Page 100: ...erface Vlanif50 ipv6 enable ipv6 address 3 1 64 ripng 1 enable interface XGigabitEthernet0 0 1 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface XGigabitEthernet0 0 3 port hybrid pvid vlan 50 port hybrid untagged vlan 50 ripng 1 return S6700 Series Ethernet Switches Configuration Guide IP Routing 3 ...

Page 101: ...ting Information You can control the advertising and receiving of OSPF routing information and import routes of other protocols 4 7 Configuring an OSPF Stub Area Configuring a non backbone area as a stub area can reduce routing entries in the area in an AS does not transmit routes learned from other areas in the AS or AS external routes This reduces bandwidth and storage resource consumption 4 8 C...

Page 102: ...he Network Management Function of OSPF OSPF supports the network management function You can bind the OSPF MIB to a certain OSPF process and configure the trap function and log function 4 13 Maintaining OSPF Maintaining OSPF involves resetting OSPF and clearing OSPF statistics 4 14 Configuration Examples This section provides several configuration examples of OSPF S6700 Series Ethernet Switches Co...

Page 103: ...ng information only of the local area The reduce of LSDB size dramatically reduces memory and CPU usage In addition less bandwidth is consumed because of the decrease in routing information transmitted within the AS l Equal cost routes OSPF supports multiple equal cost routes to the same destination l Routing hierarchy Four types of routing are available They are listed in the descending order of ...

Page 104: ...m by dividing an AS into different areas An area is regarded as a device group logically Each group is identified by an area ID On the border of an area resides a switch rather than a link A network segment or a link belongs to only one area That is the area to which each OSPF interface belongs must be specified as shown in Figure 4 1 Figure 4 1 OSPF area division Area3 Area0 Area1 Area2 Area4 Aft...

Page 105: ...net or FDDI OSPF defaults the network type to broadcast In this type of networks the following situations occur Hello packets and packets from the Designated Router DR are sent in multicast mode 224 0 0 5 indicates the reserved IP multicast addresses for OSPF routers Link State Update LSU packets are sent to the DR in multicast mode 224 0 0 6 indicates the reserved IP multicast address for the OSP...

Page 106: ...fferent routing protocols An interface of a switch belongs to only a certain OSPF process A typical application of OSPF multi process is to run OSPF between PEs and CEs in the VPN where OSPF is also adopted in the backbone network On the PEs the two OSPF processes are independent of each other Authentication OSPF supports packet authentication Only the OSPF packets that pass the authentication can...

Page 107: ...mes 2 way for the first time or it returns to Init from the 2 way or higher state as shown in Figure 4 3 the interface enabled with the Smart discover function sends Hello packets to the neighbor without waiting for the timeout of the Hello timer when the interface finds that the status of the neighbor changes When the interface status of the DR and the BDR in the multi access network changes the ...

Page 108: ... is 30 seconds and the period for advertising that the neighbor is Down is four times the interval for sending Hello packets If the switch does not receive the Hello packet from the neighbor before the neighboring switch becomes invalid it deletes the neighbor That is theswitch detects the neighbor faults in seconds This leads to the loss of a large number of packets in a high speed network To sol...

Page 109: ... functions enable OSPF specify the OSPF process and area and establish OSPF neighbor relationships Applicable Environment When OSPF is configured on multiple switches in the same area most configuration data such as the timer filter and aggregation must be planned uniformly in the area Incorrect configurations may cause neighboring switches to fail to send messages to each other or even causing ro...

Page 110: ... must be specified Procedure Step 1 Run system view The system view is displayed Step 2 Run ospf process id router id router id vpn instance vpn instance name The OSPF process is started and the OSPF view is displayed l process id specifies the process ID and the process id value is 1 by default The S6700 supports OSPF multi process Processes can be classified by service type The S6700s exchange p...

Page 111: ...t of the loopback interface configure the network type as NBMA or broadcast in the interface view For details see Configuring Network Types for OSPF Interfaces End 4 3 3 Optional Creating OSPF Virtual Links This section describes how to create logical links between backbone areas to ensure the OSPF network connectivity Context After OSPF areas are defined OSPF route updates between non backbone ar...

Page 112: ...r RFC 2328 Context RFC 2328 and RFC 1583 define the route selection rule differently After OSPF is enabled on the switch specify a route selection rule based on the switch configuration The switch complies with the route selection rule defined in RFC 1583 by default If the neighboring switch complies with the route selection rule defined in RFC 2328 configure the local switch to comply with that d...

Page 113: ... ASE is specified the default OSPF priority value is 150 End 4 3 6 Optional Restricting the Flooding of LSA Update Packets When a large number of LSA update packets are flooded the neighboring switch may be busy processing LSA update packets and has to discard the Hello packets that are used to maintain neighbor relationships This causes neighbor relationships to be interrupted To resolve this pro...

Page 114: ...command is not run the function of restricting the flooding of LSA update packets automatically takes effect when the number of neighboring switches exceeds 256 End 4 3 7 Optional Configuring the Maximum Number of Packet Retransmission Attempts When no response to DD packets LSU packets or LSR packets is received the retransmission mechanism is used and the maximum number of packet retransmission ...

Page 115: ...teps on the switch running OSPF Procedure Step 1 Run system view The system view is displayed Step 2 Run interface interface type interface number The interface view is displayed Step 3 Run ospf timer retransmit interval An interval at which an LSA packet is retransmitted to the neighboring switch is set Setting the interval to a proper value is recommended A rather small interval will cause unnec...

Page 116: ...nterface MTU and check whether the MTU in the DD packet from the neighboring switch exceeds the MTU of the local switch End 4 3 10 Checking the Configuration After basic OSPF functions are successfully configured you can check information about the LSDB neighbors in each area and routing table Prerequisites All configurations of basic OSPF functions are complete Procedure l Run the display ospf pr...

Page 117: ...o packets LSU packets and LSAck packets are multicasted DD packets and LSR packets are unicasted If the link layer protocol is Ethernet or Fiber Distributed Data Interface FDDI OSPF regards the network as a broadcast network by default Non broadcast multiple access NBMA On an NBMA network Hello packets DD packets LSR packets LSU packets and LSAck packets are unicasted The NBMA network must be full...

Page 118: ...s for interfaces to ensure that neighboring switches are reachable at the network layer l Configuring Basic OSPF Functions Data Preparation To configure OSPF on the NBMA or P2MP network you need the following data No Data 1 Number of the interface running OSPF 2 Network type 3 DR priority of an interface 4 IP address of a neighbor on an NBMA network 5 Interval at which Hello packets are sent on an...

Page 119: ...cast address exists change the network type of the interface to NBMA l On an interface with the NBMA network type if the network is fully meshed or any two routers are directly connected change the network type of the interface to broadcast and do not configure neighboring router information on the interface l On an interface with the NBMA network type if the network is not fully meshed change the...

Page 120: ...in the polling mechanism 1 Run ospf timer poll interval The interval at which Hello packets for polling are sent by an NBMA interface is set The default value is 120 in seconds Step 3 Configure a neighboring switch on the NBMA network The interface with the network type of NBMA cannot broadcast Hello packets to discover neighboring switches Therefore the IP address of a neighboring switch must be ...

Page 121: ...mp mask ignore OSPF is disabled from checking the network mask on the P2MP network Step 2 Optional Configure the switch to filter the LSA packets to be sent When multiple links exist between two switches you can configure the local switch to filter the LSA packets to be sent This can reduce unnecessary LSA retransmission attempts and save bandwidth resources 1 Run quit Exit from the interface view...

Page 122: ...d routing router id router id l Run the display ospf process id interface all interface typeinterface number verbose command to check interface information End 4 5 Configuring an OSPF Route Selection Rule You can configure an OSPF route selection rule to meet requirements of complex networks 4 5 1 Establishing the Configuration Task Before configuring an OSPF route selection rule familiarize yours...

Page 123: ...ce cost Context After the OSPF interface costs are set the interface with a smaller cost value preferentially transmits routing information This helps select the optimal route The OSPF interface cost can be set manually or calculated based on the interface bandwidth Perform the following steps on the switch running OSPF Procedure Step 1 Run system view The system view is displayed Step 2 Run inter...

Page 124: ...rence value is set Ensure that the bandwidth reference values of switches in an OSPF process are the same End 4 5 3 Configuring Equal Cost Routes You can set the number of OSPF equal cost routes and route preference to implement load balancing and adjust route selection Context If the destinations and costs of the multiple routes discovered by one routing protocol are the same load balancing can b...

Page 125: ...thop command to set the route preference Ensure that the preferences of valid routes to be used must be high The smaller the weight value the higher the preference of the route The default weight value is 255 which indicates that load balancing is implemented regardless of the route preferences End 4 5 4 Configuring a Stub Router To ensure that a route is not interrupted during flapping triggering...

Page 126: ...h and the local switch can reject routing information advertised by another switch Context Suppressing an interface from receiving and sending OSPF packets helps routing information to bypass a specific switch and enables the local switch to reject routing information advertised by another switch This ensures that an optimal route is provided Perform the following steps on the switch running OSPF ...

Page 127: ...ting table information l Run the display ospf process id interface all interface type interface number verbose command to check OSPF interface information End 4 6 Controlling OSPF Routing Information You can control the advertising and receiving of OSPF routing information and import routes of other protocols 4 6 1 Establishing the Configuration Task Before controlling OSPF routing information fam...

Page 128: ...hes Feature Description VPN Perform the following steps on the ASBR running OSPF Procedure Step 1 Run system view The system view is displayed Step 2 Run ospf process id The OSPF process view is displayed Step 3 Run import route limit limit number bgp permit ibgp direct unr rip process id rip static isis process id isis ospf process id ospf cost cost type type tag tag route policy route policy nam...

Page 129: ...ort route command cannot be used to import the default route from another AS End 4 6 3 Configuring OSPF to Import a Default Route The default route is widely applied on the OSPF network to reduce routing entries in the routing table and filter specific routing information Context On the area border and AS border of an OSPF network generally reside multiple switches for next hop backup or traffic l...

Page 130: ...cify the default cost of Type 3 summary LSAs enable VPN first Before advertising a default route OSPF compares the preferences of default routes Therefore if a static default route is configured on an OSPF device to add the default route advertised by OSPF to the current routing table ensure that the preference of the configured static default route is lower than that of the default route advertis...

Page 131: ...igure ASBR route summarization 1 Run system view The system view is displayed 2 Run ospf process id The OSPF process view is displayed 3 Run asbr summary ip address mask not advertise tag tag cost cost distribute delay interval ASBR route summarization is configured NOTE After route summarization is configured the routing table on the local OSPF switch remains the same The routing table on another...

Page 132: ...conditions End 4 6 6 Configuring the switch to Filter LSAs to Be Sent Filtering the LSAs to be sent on the local router can prevent unnecessary LSA transmission This reduces the size of the LSDB on the neighboring switch and speeds up network convergence Context When multiple links exist between two switches you can configure the local switch to filter the LSAs to be sent This prevents unnecessary...

Page 133: ...a id The OSPF area view is displayed Step 4 Filter incoming or outgoing Type 3 LSAs in the area l Filter incoming Type 3 LSAs in the area Run the filter acl number acl name acl name ip prefix ip prefix name route policy route policy name export command to filter incoming Type 3 LSAs in the area l Filter outgoing Type 3 LSAs in the area Run the filter acl number acl name acl name ip prefix ip prefi...

Page 134: ...f process id The OSPF process view is displayed Step 3 Run mesh group enable The mesh group function is enabled By default the mesh group function is disabled End 4 6 9 Setting the Maximum Number of External LSAs in the LSDB You can set the maximum number of external LSAs in the LDSB to keep a proper number of external LSAs Procedure Step 1 Run system view The system view is displayed Step 2 Run o...

Page 135: ... Environment The number of LSAs can be reduced by partitioning an AS into different areas To reduce the number of entries in the routing table and the number of LSAs to be transmitted in a non backbone area configure the non backbone area on the border of the AS as a stub area Configuring a stub area is optional A stub area generally resides on the border of an AS For example a non backbone area w...

Page 136: ... switches in a stub area must be configured with stub attributes using the stub command l Configuring or deleting stub attributes will update routing information in the area Stub attributes can be deleted or configured again only after the routing update is complete Step 5 Optional Run stub no summary The ABR is prevented from sending Type 3 LSAs to the stub area Step 6 Optional Run default cost c...

Page 137: ...in the scenario where AS external routes are to be imported but not forwarded to save system resources The NSSA is a new type of OSPF area Neither the NSSA nor the stub area transmits routes learned from other areas in the AS it resides The stub area does not allow AS external routes to be imported whereas the NSSA allows AS external routes to be imported and forwarded in the entire AS Type 7 LSAs...

Page 138: ...licable to the following scenarios l The parameter default route advertise is used to advertise Type 7 LSAs carrying the default route on the ABR or ASBR to the NSSA Type 7 LSAs carrying the default route will be generated regardless of whether the default route 0 0 0 0 exists in the routing table on the ABR On the ASBR however the default Type 7 LSA is generated only when the default route 0 0 0 ...

Page 139: ...ted services when translator roles change The interval value value must be greater than the flooding period Step 5 Optional Run default cost cost The cost of the default route to the NSSA is set To ensure the reachability of AS external routes the ABR in the NSSA generates a default route and advertises the route to the other switches in the NSSA Type 7 LSAs can be used to carry default route info...

Page 140: ...tion will cause packet loss This cannot meet high reliability requirements of the carrier class network BFD for OSPF is introduced to resolve this problem After BFD for OSPF is configured in a specified process or on a specified interface the link status can be rapidly detected and fault detection can be completed in milliseconds This speeds up OSPF convergence when the link status changes Pre con...

Page 141: ...ter values are used to create a BFD session If all the interfaces in a certain process are configured with BFD and their neighbor relationships are in the Full state OSPF creates BFD sessions with default parameter values on all the interfaces in the process Step 6 Optional Run bfd all interfaces min rx interval receive interval min tx interval transmit interval detect multiplier multiplier value ...

Page 142: ...calculated by multiplying 300 ms by 5 l On the peer switch the actual interval at which BFD packets are transmitted is 300 ms calculated by using the formula max 100 ms 300 ms the actual interval at which BFD packets are received is 600 ms calculated by using the formula max 200 ms 600 ms and the detection period is 2400 ms calculated by multiplying 600 ms by 4 Step 7 Optional Prevent an interface...

Page 143: ...terface is higher than that of BFD for OSPF configured for a process Step 6 Optional Run ospf bfd min rx interval receive interval min tx interval transmit interval detect multiplier multiplier value frr binding BFD session parameters are modified You can skip this step The default interval at which BFD packets are transmitted and the default detection multiplier are recommended The parameters are...

Page 144: ...00 ms calculated by using the formula max 100 ms 300 ms the detection period is 1500 ms calculated by multiplying 300 ms by 5 l On the peer switch the actual interval at which BFD packets are transmitted is 300 ms calculated by using the formula max 100 ms 300 ms the actual interval at which BFD packets are received is 600 ms calculated by using the formula max 200 ms 600 ms and the detection peri...

Page 145: ...Before configuring OSPF GR complete the following tasks l Configuring IP addresses for interfaces to ensure that neighboring switches are reachable at the network layer l Configuring Basic OSPF Functions Data Preparation To configure OSPF GR you need the following data No Data 1 OSPF process number 2 Optional Parameters for establishing GR sessions NOTE The default parameter values are recommended...

Page 146: ...et l Set period the GR period on the Restarter is set By default the restart time is 120 seconds l Set planned only the Restarter supports only the planned GR By default the Restarter supports both the planned GR and unplanned GR l Set partial the Restarter supports the partial GR By default the Restarter supports the totally GR End 4 10 4 Optional Configuring GR Session Parameters on the Helper T...

Page 147: ...Procedure l Run the display ospf process id graceful restart verbose command to check the restart status of OSPF GR End 4 11 Improving Security of an OSPF Network On a network demanding high security you can adopt the GTSM mechanism and configure OSPF authentication to improve the security of the OSPF network 4 11 1 Establishing the Configuration Task Before improving the security of an OSPF netwo...

Page 148: ...g function to record the information that the packets are dropped This is convenient for fault location Procedure Step 1 Run system view The system view is displayed Step 2 Run ospf valid ttl hops hops vpn instance vpn instance name OSPF GTSM functions are configured NOTE The ospf valid ttl hops command has two functions l Enabling OSPF GTSM l Configuring the TTL value to be detected The parameter...

Page 149: ...to set the authentication mode and password Its priority is higher than that of the area authentication mode Procedure l Configuring the Area Authentication Mode 1 Run system view The system view is displayed 2 Run ospf process id The OSPF process view is displayed 3 Run area area id The OSPF area view is displayed 4 Run the following commands to configure the authentication mode of the OSPF area ...

Page 150: ... authentication is configured for the OSPF interface Run ospf authentication mode md5 hmac md5 key id plain plain text cipher cipher text The MD5 authentication is configured for the OSPF interface Run ospf authentication mode null The non authentication mode is configured for the OSPF interface Run ospf authentication mode keychain keychain name The Keychain authentication is configured for the O...

Page 151: ...MIB to a certain OSPF process and configure the trap function and log function 4 12 1 Establishing the Configuration Task Before configuring the network management function for OSPF familiarize yourself with the applicable environment complete pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment OSPF su...

Page 152: ...y the system Context Do as follows on the OSPF router Procedure Step 1 Run system view The system view is displayed Step 2 Run snmp agent trap enable feature name ospf non excessive all trap name ospfifauthfailure ospfifconfigerror ospfifrxbadpacket ospfifstatechange ospflsdbapproachingoverflow ospflsdboverflow ospfmaxagelsa ospfnbrrestarthelperstatuschange ospfnbrstatechange ospfnssatranslatorsta...

Page 153: ...nmp trap The log function is enabled End 4 12 5 Checking the Configuration After the network management function is configured for OSPF you can check the contents of the information channel information recorded in the information center log buffer and trap buffer Prerequisites The configurations for the network management function of OSPF are complete Procedure l Run the display ospf process id br...

Page 154: ...on describes how to clear OSPF statistics including OSPF counters imported routes and GTSM statistics on the board Context CAUTION OSPF information cannot be restored after being cleared Exercise caution when running this command To clear the OSPF information run the following reset ospf commands in the user view Procedure l Run the reset ospf process id counters neighbor interface type interface ...

Page 155: ...Switch A Switch C Switch D Switch E Switch F Area 0 Area 1 Area 2 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 2 XGE 0 0 2 XGE 0 0 2 XGE 0 0 2 Switch B Switch Interface VLANIF Interface IP Address Switch A XGE0 0 1 VLANIF 10 192 168 0 1 24 Switch A XGE 0 0 2 VLANIF 20 192 168 1 1 24 Switch B XGE 0 0 1 VLANIF 10 192 168 0 2 24 Switch B XGE 0 0 2 VLANIF 30 192 168 2 1 24 Switc...

Page 156: ... Switch C is 3 3 3 3 the OSPF process ID is 1 the network segments of Area 1 are 192 168 1 0 24 and 172 16 1 0 24 The router ID of Switch D is 4 4 4 4 the OSPF process ID is 1 and the network segments of Area 2 are 192 168 2 0 24 and 172 17 1 0 24 The router ID of Switch E is 5 5 5 5 the OSPF process ID is 1 and the network segment of Area 1 is 172 16 1 0 24 The router ID of Switch F is 6 6 6 6 th...

Page 157: ...SwitchE ospf 1 area 0 0 0 1 network 172 16 1 0 0 0 0 255 SwitchE ospf 1 area 0 0 0 1 quit SwitchE ospf 1 quit Configure Switch F SwitchF router id 6 6 6 6 SwitchF ospf SwitchF ospf 1 area 2 SwitchF ospf 1 area 0 0 0 2 network 172 17 1 0 0 0 0 255 SwitchF ospf 1 area 0 0 0 2 quit SwitchF ospf 1 quit 4 Verify the configuration Check OSPF neighbors of Switch A SwitchA display ospf peer OSPF Process 1...

Page 158: ...Len Sequence Metric Router 192 168 1 2 192 168 1 2 188 48 80000002 1 Router 5 5 5 5 5 5 5 5 214 36 80000004 1 Router 3 3 3 3 3 3 3 3 217 60 80000008 1 Router 1 1 1 1 1 1 1 1 289 48 80000002 1 Sum Net 172 17 1 0 1 1 1 1 202 28 80000002 3 Network 172 16 1 1 3 3 3 3 670 32 80000001 0 Sum Net 172 17 1 0 1 1 1 1 202 28 80000001 3 Sum Net 192 168 2 0 1 1 1 1 242 28 80000001 2 Sum Net 192 168 0 0 1 1 1 1...

Page 159: ...hernet0 0 1 port trunk allow pass vlan 10 interface XGigabitEthernet0 0 2 port trunk allow pass vlan 20 ospf 1 area 0 0 0 0 network 192 168 0 0 0 0 0 255 area 0 0 0 1 network 192 168 1 0 0 0 0 255 return l Configuration file of Switch B sysname SwitchB router id 2 2 2 2 vlan batch 10 30 interface Vlanif10 ip address 192 168 0 2 255 255 255 0 interface Vlanif30 ip address 192 168 2 1 255 255 255 0 ...

Page 160: ...if30 ip address 192 168 2 2 255 255 255 0 interface Vlanif50 ip address 172 17 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port trunk allow pass vlan 30 interface XGigabitEthernet0 0 2 port trunk allow pass vlan 50 ospf 1 area 0 0 0 2 network 192 168 2 0 0 0 0 255 network 172 17 1 0 0 0 0 255 return l Configuration file of Switch E sysname SwitchE router id 5 5 5 5 vlan batch 40 interface Vl...

Page 161: ...tions as the ASBR to import static routes The requirement is to configure Area 1 as the stub area thus reducing the LSAs advertised to this area without affecting the route reachability Figure 4 6 Configuring OSPF stub areas Switch A Switch C Switch D Switch E Switch F Area 0 Area 1 Area 2 XGE 0 0 1 XGE 0 0 1 XGE0 0 1 XGE0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 2 XGE 0 0 2 XGE 0 0 2 XGE 0 0 2 Switch B S ...

Page 162: ...router ID of SwitchA is 1 1 1 1 the OSPF process ID is 1 the network segment of Area 0 is 192 168 0 0 24 and the network segment of Area 1 is 192 168 1 0 24 The router ID of SwitchB is 2 2 2 2 the OSPF process ID is 1 the network segment of Area 0 is 192 168 0 0 24 and the network segment of Area 2 is 192 168 2 0 24 The router ID of SwitchC is 3 3 3 3 the OSPF process ID is 1 and the network segme...

Page 163: ...1 0 0 0 1 Routing for ASEs Destination Cost Type Tag NextHop AdvRouter 200 0 0 0 8 4 Type1 1 192 168 1 1 4 4 4 4 Total Nets 6 Intra Area 2 Inter Area 3 ASE 1 NSSA 0 If the area where SwitchC resides is the common area you can view that AS external routes exist in the routing table 3 Configure Area 1 as a stub area Configure SwitchA SwitchA ospf SwitchA ospf 1 area 1 SwitchA ospf 1 area 0 0 0 1 stu...

Page 164: ...uting Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0 0 0 0 0 2 Inter area 192 168 1 1 1 1 1 1 0 0 0 1 172 16 1 0 24 1 Transit 172 16 1 1 3 3 3 3 0 0 0 1 192 168 1 0 24 1 Transit 192 168 1 2 3 3 3 3 0 0 0 1 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 After the advertisement of Summary LSA to the stub area is disabled the route entries are further reduced The AS ex...

Page 165: ...0 0 255 stub return l Configuration file of SwitchD sysname SwitchD vlan batch 30 50 router id 4 4 4 4 interface Vlanif30 ip address 192 168 2 2 255 255 255 0 interface Vlanif50 ip address 172 17 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port trunk allow pass vlan 30 interface XGigabitEthernet0 0 2 port trunk allow pass vlan 50 ospf 1 import route static type 1 area 0 0 0 2 network 192 168...

Page 166: ...e SwitchC as an ASBR to import external routes static routes The routing information can be transmitted correctly in the AS Figure 4 7 Configuring OSPF NSSA areas Switch A Switch C Switch D Switch E Switch F Area 0 Area 1 Area 2 Switch B XGE 0 0 2 XGE 0 0 2 XGE 0 0 2 XGE 0 0 2 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 S switch Interface VLANIF Interface IP Address SwitchA XGE 0 0...

Page 167: ...1 1 1 the OSPF process ID is 1 the network segment of Area 0 is 192 168 0 0 24 and the network segment of Area 1 is 192 168 1 0 24 The router ID of SwitchB is 2 2 2 2 the OSPF process ID is 1 the network segment of Area 0 is 192 168 0 0 24 and the network segment of Area 2 is 192 168 2 0 24 The router ID of SwitchC is 3 3 3 3 the OSPF process ID is 1 and the network segments of Area 1 are 192 168 ...

Page 168: ... 1 1 3 3 3 3 0 0 0 1 192 168 1 0 24 1 Transit 192 168 1 2 3 3 3 3 0 0 0 1 Total Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 4 Configure SwitchC to import static routes Import static routes on SwitchC as follows SwitchC ip route static 100 0 0 0 8 null 0 SwitchC ospf SwitchC ospf 1 import route static SwitchC ospf 1 quit 5 Verify the configuration Check the OSPF routing table of SwitchD SwitchD d...

Page 169: ...ion files of SwitchB SwitchD and SwitchF are the same as the configuration file of SwitchA and are not mentioned here l Configuration file of SwitchC sysname SwitchC router id 3 3 3 3 vlan batch 20 40 interface Vlanif20 ip address 192 168 1 2 255 255 255 0 interface Vlanif40 ip address 172 16 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port trunk allow pass vlan 20 interface XGigabitEthernet...

Page 170: ...f Switch B is 0 so Switch B cannot be selected as DR The priority of Switch D is not configured and its default value is 1 Figure 4 8 Networking diagram for configuring DR election of an OSPF process Switch A Switch B Switch C Switch D XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 Switch Interface VLANIF IP address SwitchA XGE 0 0 1 VLANIF 10 192 168 1 1 24 SwitchB XGE 0 0 1 VLANIF 10 192 168 1 2 24 Swi...

Page 171: ...0 is 192 168 1 0 24 and the DR priority is 2 The router ID of Switch B is 4 4 4 4 the OSPF process ID is 1 the network segment of Area 0 is 192 168 1 0 24 and the DR priority is 1 Configuration Procedure 1 Create a VLAN to which each interface belongs The configuration details are not mentioned here 2 Assign an IP address to each interface The configuration details are not mentioned here 3 4 14 1 ...

Page 172: ...er interval 5 Neighbor is up for 00 03 53 Authentication Sequence 0 Check information about the neighbor of Switch A You can view the DR priority and neighbor status By default the DR priority is 1 Now Switch D is a DR and Switch C is a BDR NOTE When the priority is the same the Switch with a higher router ID is selected as DR If one Ethernet interface of the Switch becomes DR the other broadcast ...

Page 173: ...user view to restart the OSPF process 6 Verify the configuration Check the status of OSPF neighbors SwitchD display ospf peer OSPF Process 1 with Router ID 4 4 4 4 Neighbors Area 0 0 0 0 interface 192 168 1 4 Vlanif10 s neighbors Router ID 1 1 1 1 Address 192 168 1 1 State Full Mode Nbr is Master Priority 100 DR 192 168 1 1 BDR 192 168 1 3 MTU 0 Dead timer due in 35 sec Retrans timer interval 5 Ne...

Page 174: ...hbors are DR Others This indicates that they are neither DRs nor BDRs Configuration Files l Configuration file of SwitchA sysname SwitchA router id 1 1 1 1 vlan batch 10 interface Vlanif10 ip address 192 168 1 1 255 255 255 0 ospf dr priority 100 interface XGigabitEthernet0 0 1 port trunk allow pass vlan 10 ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 return l Configuration file of SwitchB sy...

Page 175: ...Ethernet0 0 1 port trunk allow pass vlan 10 ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 return 4 14 5 Example for Configuring OSPF Load Balancing Networking Requirements As shown in Figure 4 9 l SwitchA SwitchB SwitchC and SwitchD connect to each other through OSPF l SwitchA SwitchB SwitchC and SwitchD belong to Area 0 l Load balancing is performed between SwitchB and SwitchC The traffic of ...

Page 176: ...VLANIF 40 192 168 1 2 24 SwitchD XGE 0 0 3 VLANIF 60 172 17 1 1 24 Configuration Roadmap The configuration roadmap is as follows 1 Enable OSPF on each Switch to implement interconnection 2 Cancel load balancing and check the routing table 3 Optional Set the preferences for equal cost routes on SwitchA Data Preparation To configure OSPF load balancing you need the following data l The ID of the VLA...

Page 177: ... of SwitchA SwitchA display ip routing table Route Flags R relay D download to fib Routing Tables Public Destinations 13 Routes 13 Destination Mask Proto Pre Cost Flags NextHop Interface 10 1 1 0 24 Direct 0 0 D 10 1 1 1 Vlanif10 10 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 2 32 Direct 0 0 D 10 1 1 2 Vlanif10 10 1 2 0 24 Direct 0 0 D 10 1 2 1 Vlanif20 10 1 2 1 32 Direct 0 0 D 127 0 0 1 In...

Page 178: ...become valid routes This is because the default number of equal cost routes is 4 6 Optional Set the preferences for equal cost routes on SwitchA If you need not perform load balancing between SwitchB and SwitchC set the preferences for equal cost routes and specify the next hop SwitchA ospf SwitchA ospf 1 nexthop 10 1 2 2 weight 1 SwitchA ospf 1 quit Check the routing table of SwitchA SwitchA disp...

Page 179: ...ce XGigabitEthernet0 0 3 port trunk allow pass vlan 50 ospf 1 router id 1 1 1 1 area 0 0 0 0 network 10 1 1 0 0 0 0 255 network 10 1 2 0 0 0 0 255 network 172 16 1 0 0 0 0 255 return l Configuration file of SwitchB sysname SwitchB vlan batch 10 30 interface Vlanif10 ip address 10 1 1 2 255 255 255 0 interface Vlanif30 ip address 192 168 0 1 255 255 255 0 interface XGigabitEthernet0 0 1 port trunk ...

Page 180: ...GigabitEthernet0 0 1 port trunk allow pass vlan 30 interface XGigabitEthernet0 0 2 port trunk allow pass vlan 40 interface XGigabitEthernet0 0 3 port trunk allow pass vlan 60 ospf 1 router id 4 4 4 4 area 0 0 0 0 network 192 168 0 0 0 0 0 255 network 192 168 1 0 0 0 0 255 network 172 17 1 0 0 0 0 255 return 4 14 6 Example for Configuring OSPF GR Networking Requirements As shown in Figure 4 10 Swit...

Page 181: ... VLANIF interface as shown in Figure 4 10 l Router ID and OSPF process ID of each Switch and area that each interface belongs to On Switch A the router ID is 1 1 1 1 the OSPF process ID is 1 the network segment of Area 0 is 1 1 1 0 24 On Switch B the router ID is 2 2 2 2 OSPF process ID is 1 the network segment of Area 0 is 1 1 1 0 24 Procedure Step 1 Configure the basic OSPF functions See Example...

Page 182: ...ast exit reason On graceful restart none On Helper none Verify the GR feature of Switch A SwitchA quit SwitchA reset ospf process graceful restart View the neighbor status on SwitchB SwitchB display ospf peer OSPF Process 1 with Router ID 1 1 1 2 Neighbors Area 0 0 0 0 interface 1 1 1 2 Vlanif10 s neighbors Router ID 1 1 1 1 Address 1 1 1 1 GR State Doing GR State Full Mode Nbr is Slave Priority 1...

Page 183: ...ility enable graceful restart area 0 0 0 0 network 1 1 1 0 0 0 0 255 return 4 14 7 Example for Configuring OSPF BGP Network Requirements As shown in Figure 4 11 all switches run BGP An EBGP connection is established between Switch D and Switch E IBGP full connections are established between partial switches in AS 10 and OSPF is used as an IGP protocol It is required to enable OSPF BGP linkage on S...

Page 184: ...rnet 0 0 1 VLANIF 30 10 1 4 1 30 SwitchD XGigabitEthernet 0 0 1 VLANIF 30 10 1 4 2 30 SwitchD XGigabitEthernet 0 0 2 VLANIF 40 10 1 3 2 30 SwitchD XGigabitEthernet 0 0 3 VLANIF 50 10 2 1 1 30 SwitchE XGigabitEthernet 0 0 1 VLANIF 50 10 2 1 2 30 SwitchE XGigabitEthernet 0 0 2 VLANIF 60 10 3 1 1 30 SwitchF XGigabitEthernet 0 0 1 VLANIF 60 10 3 1 2 30 Configuration Roadmap The configuration roadmap i...

Page 185: ...Ethernet0 0 1 port hybrid pvid vlan 10 SwitchA XGigabitEthernet0 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit SwitchA interface xgigabitethernet 0 0 2 SwitchA XGigabitEthernet0 0 2 port hybrid pvid vlan 20 SwitchA XGigabitEthernet0 0 2 port hybrid untagged vlan 20 SwitchA XGigabitEthernet0 0 2 quit The configurations of SwitchB SwitchC SwitchD SwitchE and SwitchF are similar...

Page 186: ...router id 3 3 3 3 SwitchC bgp peer 1 1 1 1 as number 10 SwitchC bgp peer 1 1 1 1 connect interface LoopBack 0 SwitchC bgp peer 2 2 2 2 as number 10 SwitchC bgp peer 2 2 2 2 connect interface LoopBack 0 SwitchC bgp peer 4 4 4 4 as number 10 SwitchC bgp peer 4 4 4 4 connect interface LoopBack 0 SwitchC bgp quit Configure Switch D SwitchD system view SwitchD interface LoopBack 0 SwitchD LoopBack0 ip ...

Page 187: ...30 Direct 0 0 D 10 1 2 1 Vlanif20 10 1 2 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 2 2 32 Direct 0 0 D 10 1 2 2 Vlanif20 10 1 3 0 30 OSPF 10 2 D 10 1 1 2 Vlanif10 10 1 3 1 32 BGP 255 0 RD 4 4 4 4 Vlanif10 10 1 4 0 30 OSPF 10 3 D 10 1 1 2 Vlanif10 OSPF 10 3 D 10 1 2 2 Vlanif20 10 1 4 1 32 BGP 255 0 RD 4 4 4 4 Vlanif10 10 2 1 0 30 BGP 255 0 RD 4 4 4 4 Vlanif10 10 2 1 2 32 BGP 255 0 RD 4 4 4 4 Vla...

Page 188: ...F 10 4 D 10 1 2 2 Vlanif40 4 4 4 0 24 BGP 255 0 RD 4 4 4 4 Vlanif40 4 4 4 4 32 OSPF 10 4 D 10 1 2 2 Vlanif40 5 5 5 0 24 BGP 255 0 RD 10 2 1 2 Vlanif40 10 1 1 0 30 Direct 0 0 D 10 1 1 1 Vlanif10 10 1 1 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 1 2 32 Direct 0 0 D 10 1 1 2 Vlanif10 10 1 2 0 30 Direct 0 0 D 10 1 2 1 Vlanif40 10 1 2 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 2 2 32 Direct 0 0 D 1...

Page 189: ...Back0 10 1 2 0 30 OSPF 10 2 D 10 1 1 1 Vlanif10 10 1 3 0 30 Direct 0 0 D 10 1 3 1 Vlanif40 10 1 3 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 10 1 3 2 32 Direct 0 0 D 10 1 3 2 Vlanif40 10 1 4 0 30 OSPF 10 2 D 10 1 3 2 Vlanif40 10 1 4 1 32 BGP 255 0 RD 10 1 3 2 Vlanif40 10 2 1 0 30 BGP 255 0 RD 10 1 3 2 Vlanif40 10 2 1 2 32 BGP 255 0 RD 10 1 3 2 Vlanif40 10 3 1 0 30 BGP 255 0 RD 10 1 3 2 Vlanif40 As sh...

Page 190: ...interface LoopBack 0 peer 3 3 3 3 as number 10 peer 3 3 3 3 connect interface LoopBack 0 peer 4 4 4 4 as number 10 peer 4 4 4 4 connect interface LoopBack 0 ipv4 family unicast undo synchronization peer 10 1 1 1 enable peer 10 1 3 2 enable ospf 1 area 0 0 0 0 network 10 1 1 0 0 0 0 3 network 10 1 3 0 0 0 0 3 network 2 2 2 2 0 0 0 0 return l Configuration file of Switch C sysname SwitchC vlan batch...

Page 191: ...52 interface Vlanif50 ip address 10 2 1 1 255 255 255 252 interface LoopBack0 ip address 4 4 4 4 255 255 255 255 bgp 10 router id 4 4 4 4 peer 10 2 1 2 as number 20 peer 1 1 1 1 as number 10 peer 1 1 1 1 connect interface LoopBack 0 peer 2 2 2 2 as number 10 peer 2 2 2 2 connect interface LoopBack 0 peer 3 3 3 3 as number 10 peer 3 3 3 3 connect interface LoopBack 0 ipv4 family unicast undo synchr...

Page 192: ...ing OSPF GTSM Networking Requirements As shown in Figure 4 12 OSPF is run between switches and GTSM is enabled on Switch C The following are the valid TTL ranges of the packets sent from each switch to Switch C l Switch A and Switch E are the neighboring switches of Switch C The valid TTL range of packets is 255 255 l The valid TTL ranges of the packets sent from Switch B Switch D and Switch F toS...

Page 193: ...VLANIF 30 192 168 2 1 24 SwitchC XGigabitEthernet0 0 1 VLANIF 20 192 168 1 2 24 SwitchC XGigabitEthernet0 0 2 VLANIF 40 172 16 1 1 24 SwitchD XGigabitEthernet0 0 1 VLANIF 30 192 168 2 2 24 SwitchD XGigabitEthernet0 0 2 VLANIF 50 172 17 1 1 24 SwitchE XGigabitEthernet0 0 2 VLANIF 40 172 16 1 2 24 SwitchF XGigabitEthernet0 0 2 VLANIF 50 172 17 1 2 24 Configuration Roadmap The configuration roadmap i...

Page 194: ...hA and are not mentioned here Step 3 Configure basic OSPF functions The configuration details see Example for Configuring Basic OSPF Functions Step 4 Configure OSPF GTSM Configure the valid TTL range of packets from Switch C to other switches as 252 255 SwitchC ospf valid ttl hops 4 Configure the valid TTL range of packets from Switch A to Switch C as 255 255 SwitchA ospf valid ttl hops 1 Configur...

Page 195: ...ped packets is 0 SwitchC display gtsm statistics all GTSM Statistics Table SlotId Protocol Total Counters Drop Counters Pass Counters 1 BGP 0 0 0 1 BGPv6 0 0 0 1 OSPF 0 0 0 1 LDP 0 0 0 2 BGP 0 0 0 2 BGPv6 0 0 0 2 OSPF 0 0 0 2 LDP 0 0 0 3 BGP 0 0 0 3 BGPv6 0 0 0 3 OSPF 0 0 0 3 LDP 0 0 0 4 BGP 0 0 0 4 BGPv6 0 0 0 4 OSPF 0 0 0 4 LDP 0 0 0 5 BGP 0 0 0 5 BGPv6 0 0 0 5 OSPF 0 0 0 5 LDP 0 0 0 7 BGP 0 0 0...

Page 196: ...5 255 255 0 interface Vlanif30 ip address 192 168 2 1 255 255 255 0 interface XGigabitEthernet 0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet 0 0 2 port hybrid pvid vlan 30 port hybrid untagged vlan 30 ospf 1 area 0 0 0 0 network 192 168 0 0 0 0 0 255 area 0 0 0 2 network 192 168 2 0 0 0 0 255 ospf valid ttl hops 2 return l Configuration file of Switch C sys...

Page 197: ... hybrid pvid vlan 30 port hybrid untagged vlan 30 interface XGigabitEthernet 0 0 2 port hybrid pvid vlan 50 port hybrid untagged vlan 50 ospf 1 area 0 0 0 2 network 192 168 2 0 0 0 0 255 network 172 17 1 0 0 0 0 255 ospf valid ttl hops 3 return l Configuration file of Switch E sysname SwitchE vlan batch 40 router id 5 5 5 5 interface Vlanif40 ip address 172 16 1 2 255 255 255 0 interface XGigabitE...

Page 198: ...ffic is transmitted on the main link SwitchA Switch B Link Switch A Switch C Switch B is a backup link l BFD is configured on the interfaces between Switch A and Switch B When a fault occurs on the link between the Switch s BFD can quickly detect the fault and notify OSPF of the fault Then the service flow is transmitted on the backup link Figure 4 13 Networking diagram for configuring BFD for OSP...

Page 199: ...s 1 the network segments of Area 0 are 3 1 1 0 24 2 2 2 0 24 and 172 16 1 0 24 On Switch C the router ID is 3 3 3 3 the OSPF process ID is 1 the network segments of Area 0 are 192 168 1 0 24 and 172 16 1 0 24 l Minimum interval for sending the BFD packets minimum interval for receiving the BFD packets and local detection time multiplier on Switch A and Switch B Procedure Step 1 Create VLANs and ad...

Page 200: ... display is as follows SwitchA display ospf bfd session all OSPF Process 1 with Router ID 1 1 1 1 Area 0 0 0 0 interface 3 3 3 1 Vlanif20 s BFD Sessions NeighborId 2 2 2 2 AreaId 0 0 0 0 Interface Vlanif20 BFDState up rx 1000 tx 1000 Multiplier 3 BFD Local Dis 8195 LocalIpAdd 3 3 3 1 RemoteIpAdd 3 3 3 2 Diagnostic Info No diagnostic information Area 0 0 0 0 interface 1 1 1 1 Vlanif10 s BFD Session...

Page 201: ...nterface Vlanif30 BFDState up rx 1000 tx 1000 Multiplier 3 BFD Local Dis 8199 LocalIpAdd 2 2 2 2 RemoteIpAdd 2 2 2 1 Diagnostic Info No diagnostic information Step 6 Verify the configuration Run the shutdown command on VLANIF 20 of Switch B to simulate a link fault SwitchB interface vlanif 20 SwitchB Vlanif20 shutdown View the routing table of Switch A SwitchA display ospf routing OSPF Process 1 w...

Page 202: ... interface Vlanif20 ip address 3 3 3 2 255 255 255 0 ospf bfd enable ospf bfd min tx interval 100 min rx interval 100 detect multiplier 4 interface Vlanif30 ip address 2 2 2 2 255 255 255 0 interface Vlanif40 ip address 172 16 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface XGigabitEthernet0 0 2 port link type access port default vl...

Page 203: ...ct multiplier 4 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 30 port hybrid untagged vlan 30 ospf 1 bfd all interface enable area 0 0 0 0 network 1 1 1 0 0 0 0 255 network 2 2 2 0 0 0 0 255 return S6700 Series Ethernet Switches Configuration Guide IP Routing 4 OSPF Configuration Issue 01 2012 03 15 Huawe...

Page 204: ...ts stub areas and virtual links the principle and applicable environment of which are similar to those in OSPFv2 5 6 Configuring OSPFv3 NSSA Areas By configuring areas as NSSA areas external routes can be imported and a new type of LSA namely Type 7 NSSA LSA is introduced 5 7 Configuring OSPFv3 Route Attributes By setting OSPFv3 route attributes you can change OSPFv3 routing policies to meet the r...

Page 205: ...intaining OSPFv3 Maintaining OSPFv3 and Debugging OSPFv3 involve resetting OSPFv3 5 12 Configuration Examples This section provides several configuration examples of OSPFv3 S6700 Series Ethernet Switches Configuration Guide IP Routing 5 OSPFv3 Configuration Issue 01 2012 03 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 186 ...

Page 206: ...independent of IPv6 address prefixes l OSPFv3 identifies its neighbors with the IPv6 link local addresses l OSPFv3 has three new types of LSA flooding scopes 5 2 OSPFv3 Features Supported by S6700 The S6700 supports various OSPFv3 features including multi process The S6700 supports the following OSPFv3 features l Basic features stipulated in RFC 2740 l OSPFv3 stub areas l OSFPv3 multi process l Mu...

Page 207: ...on one switch are differentiated by process IDs OSPFv3 process ID is set when OSPFv3 is enabled and is only locally valid It does not affect the packet exchange with other switches In the format of an IPv4 address a router ID is a 32 bit unsigned integer that uniquely identifies a switch within an AS The router ID of OSPFv3 must be manually set If no router ID is set OSPFv3 fails to run normally W...

Page 208: ...ystem view The system view is displayed Step 2 Run interface vlanif vlan id The VLANIF interface view is displayed Step 3 Run ospfv3 process id area area id instance instance id OSPFv3 is enabled on the VLANIF interface The area ID can be a decimal integer or in the IPv4 address format but it is displayed in the IPv4 address format Step 4 Optional Run the ospfv3 network type broadcast nbma p2mp no...

Page 209: ...at An OSPFv3 area cannot be deleted directly Only after all the configurations in the area view are removed and the status of the related interfaces in this area become Down this area is automatically removed End 5 3 5 Checking the Configuration After basic OSPFv3 functions are configured you can check OSPFv3 brief information LSDB information neighbor information and OSPFv3 routing table Prerequi...

Page 210: ...hbor Relationship By establishing and maintaining OSPFv3 neighbor relationships or adjacencies you can build OSPFv3 networks 5 4 1 Establishing the Configuration Task When setting parameters on an interface ensure that these parameters are consistent with those on the adjacent router Applicable Environment In applications establishing or maintaining the OSPFv3 neighbor relationship is a premise fo...

Page 211: ...ect the DR and the BDR RFC 2328 requires that the Hello timer values of neighbors be consistent The value of the Hello timer is inversely proportional to the route convergence speed and network load Do as follows on the switch that runs OSPFv3 Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif interface number The interface view is displayed Step 3 Run ospfv3...

Page 212: ...ghboring Switches After a switch sends an LSA to its neighbor the switch expects to receive an LSAck packet from its neighbor If the router does not receive an LSAck packet within the LSA retransmission interval it retransmits the LSA to the neighbor Context Do as follows on the switch that runs OSPFv3 Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif interf...

Page 213: ...w The system view is displayed Step 2 Run interface vlanif interface number The interface view is displayed Step 3 Run ospfv3 trans delay interval instance instance id The delay in transmitting LSAs on the interface is set End 5 4 6 Checking the Configuration After OSPFv3 neighbor relationships or adjacencies are stable you can check OSPFv3 interface information and neighbor information Prerequisi...

Page 214: ...number of LSAs Pre configuration Tasks Before configuring OSPFv3 area attributes complete the following tasks l Enabling IPv6 capability l Configuring Basic OSPFv3 Functions Data Preparation To configure OSPFv3 area attributes you need the following data No Data 1 Areas to be defined as stub areas 2 Metrics of default routes sent to stub areas 5 5 2 Configuring OSPFv3 Stub Areas A stub area is a s...

Page 215: ... stub area End 5 5 3 Configuring OSPFv3 Virtual Links You can establish the logical connectivity between backbone areas and the non backbone areas that are not physically connected to the backbone area Context After OSPFv3 areas are defined OSPFv3 route update between non backbone areas is implemented through a backbone area Then OSPFv3 requires that all non backbone areas should maintain the conn...

Page 216: ... id display ospfv3 process id lsdb originate router advertising router id self originate external ipv6 address prefix length link state id l Run the commands as follow to check the OSPFv3 routing table display ospfv3 process id routing uninstalled display ospfv3 process id routing abr routes asbr routes statistics uninstalled ipv6 address prefix length intra routes inter routes ase routes nssa rou...

Page 217: ...to Be an NSSA Area Derived from a stub area an NSSA allows AS external routes to be imported an ASBR advertises Type 7 NSSA LSAs in the local NSSA Context Do as follows on the OSPFv3 router Procedure Step 1 Run system view The system view is displayed Step 2 Run ospfv3 process id The OSPFv3 process view is displayed Step 3 Run area area id The OSPFv3 area view is displayed Step 4 Run nssa default ...

Page 218: ... routes nssa routes End 5 7 Configuring OSPFv3 Route Attributes By setting OSPFv3 route attributes you can change OSPFv3 routing policies to meet the requirements of complex networks 5 7 1 Establishing the Configuration Task Before configuring OSPFv3 route attributes familiarize yourself with the applicable environment complete pre configuration tasks and obtain the required data This can help you...

Page 219: ...he switch that runs OSPFv3 Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif interface number The interface view is displayed Step 3 Run ospfv3 cost cost instance instance id The cost is set on the OSPFv3 interface By default the link cost on an OSPFv3 interface is 1 End 5 7 3 Setting the Maximum Number of Equal Cost Routes If the destinations and costs of t...

Page 220: ...ng router id self originate router network inter router asbr router asbr router id inter prefix nssa ipv6 address prefix length link intra prefix grace link state id display ospfv3 process id lsdb originate router advertising router id self originate external ipv6 address prefix length link state id l Run the commands as follow to check the OSPFv3 routing table display ospfv3 process id routing un...

Page 221: ...me used to filter routing information 3 Link cost on an OSPFv3 interface 4 Maximum number of equal cost routes 5 Name process ID and metric of external routes to be imported 5 8 2 Configuring OSPFv3 Route Aggregation An ABR can summarize routes with the same prefix into one LSA and advertise the summarized route in other areas This can reduce the size of the LSDB in other areas Context If multiple...

Page 222: ...routes that pass the filtering to be received or advertised Context After receiving LSAs OSPFv3 determines whether to add the calculated routes to the local routing table according to the filtering policy Do as follows on the switch that runs OSPFv3 Procedure Step 1 Run system view The system view is displayed Step 2 Run ospfv3 process id The OSPFv3 view is displayed Step 3 Run filter policy acl6 ...

Page 223: ...st cost type type tag tag route policy route policy name External routes are imported Step 5 Optional Run default route advertise always cost cost type type tag tag route policy route policy name Default routes are advertised to the OSPFv3 route area Step 6 Optional Run filter policy acl6 number acl6 name acl6 name ipv6 prefix ipv6 prefix name export protocol process id The imported external route...

Page 224: ...length link intra prefix grace link state id display ospfv3 process id lsdb originate router advertising router id self originate external ipv6 address prefix length link state id l Run the commands as follow to check the OSPFv3 routing table display ospfv3 process id routing uninstalled display ospfv3 process id routing abr routes asbr routes statistics uninstalled ipv6 address prefix length intr...

Page 225: ...y setting the interval for SPF calculation you can reduce resource consumption caused by frequent network changes Context Whenever the LSDB of OSPFv3 changes the shortest path should be recalculated Calculating the shortest path each time the LSDB changes consumes enormous resources and lowers the efficiency of a switch Adjusting the SPF delay and hold interval can suppress frequent network change...

Page 226: ...ckets you can prevent routers on a certain network from obtaining OSPFv3 routing information and prevent the local router from receiving routing information from other routers Context To prevent aswitch from advertising routes to theswitch on a certain network and from importing the routes of other switches you can suppress the interface on which OSPFv3 is enabled from receiving and sending OSPFv3...

Page 227: ...ork Context The DR priority on a switch interface qualifies the interface for the DR election If the DR priority is 0 the switch cannot be elected as a DR or BDR Do as follows on the switch that runs OSPFv3 Procedure Step 1 Run system view The system view is displayed Step 2 Run interface vlanif interface number The interface view is displayed Step 3 Run ospfv3 dr priority priority instance instan...

Page 228: ...3 process view is displayed Step 3 Run stub router on startup interval The stub router is configured NOTE There is no correlation between the stub router configured through this command and the router in the stub area End 5 9 6 Ignoring MTU Check on DD Packets By disabling an interface from checking the MTU field in the received DD packet you can enable an OSPFv3 router to receive the packet with ...

Page 229: ...k intra prefix grace link state id display ospfv3 process id lsdb originate router advertising router id self originate external ipv6 address prefix length link state id l Run the commands as follow to check the OSPFv3 routing table display ospfv3 process id routing uninstalled display ospfv3 process id routing abr routes asbr routes statistics uninstalled ipv6 address prefix length intra routes i...

Page 230: ...onship exchange routing information synchronize the LSDB and update the routing table and forwarding table These operations help ensure OSPFv3 fast convergence and stabilize the network topology Context Do as follows on the switch that runs OSPFv3 Procedure Step 1 Run system view The system view is displayed Step 2 Run ospfv3 process id The OSPFv3 view is displayed Step 3 Run graceful restart peri...

Page 231: ...anned only lsa checking ignore The helper of OSPFv3 GR is enabled By default the helper of OSPFv3 GR is disabled End 5 10 4 Check the Configuration After OSPFv3 GR is configured you can check GR information Prerequisites The configurations for OSPFv3 GR are complete Procedure l Run the display ospfv3 process id graceful restart information command to check the status of OSPFv3 GR End 5 11 Maintain...

Page 232: ...id all counters neighbor interface type interface number router id End 5 12 Configuration Examples This section provides several configuration examples of OSPFv3 5 12 1 Example for Configuring OSPFv3 Areas Networking Requirements As shown in Figure 5 1 OSPFv3 is enabled on all Switches and the AS is divided into three areas Switch B and Switch C serve as ABRs to forward the inter area routes You n...

Page 233: ...roadmap is as follows 1 Configure IPv6 addresses for interfaces 2 Enable the basic OSPFv3 functions on each Switch 3 Configure Area 2 as a stub area by running the stub command on all the Switches in Area 2 and check the OSPFv3 routing table of Switch D 4 Configure the Area 2 as a totally stub area and check the OSPFv3 routing table of Switch D Data Preparation To complete the configuration you ne...

Page 234: ...of Switch A and are not mentioned here Step 3 Configure the basic OSPFv3 functions Configure Switch A Switch A ospfv3 Switch A ospfv3 1 router id 1 1 1 1 Switch A ospfv3 1 quit Switch A interface vlanif 10 Switch A Vlanif10 ospfv3 1 area 1 Switch A Vlanif10 quit Switch A interface vlanif 20 Switch A Vlanif20 ospfv3 1 area 1 Switch A Vlanif20 quit Configure Switch B Switch B ospfv3 Switch B ospfv3 ...

Page 235: ...lanif40 0OSPFv3 View the OSPFv3 routing table of Switch D Switch D display ospfv3 routing Codes E2 Type 2 External E1 Type 1 External IA Inter Area N NSSA U Uninstalled OSPFv3 Process 1 Destination Metric Next hop IA 1000 64 2 via FE80 1572 0 5EF4 1 Vlanif40 IA 1001 64 3 via FE80 1572 0 5EF4 1 Vlanif40 1002 64 1 directly connected Vlanif40 IA 2000 64 4 via FE80 1572 0 5EF4 1 Vlanif40 Step 4 Config...

Page 236: ...ub no summary Switch C ospfv3 1 area 0 0 0 2 quit Step 6 Verify the configuration View the OSPFv3 routing table of Switch D and you can see that the entries in the routing table are reduced other non directly connected routes are suppressed only the default route is reserved Switch D display ospfv3 routing Codes E2 Type 2 External E1 Type 1 External IA Inter Area N NSSA U Uninstalled OSPFv3 Proces...

Page 237: ...2 return l Configuration file of Switch C sysname Switch C ipv6 vlan batch 30 40 interface Vlanif30 ipv6 enable ipv6 address 1000 2 64 ospfv3 1 area 0 0 0 0 interface Vlanif40 ipv6 enable ipv6 address 1002 1 64 ospfv3 1 area 0 0 0 2 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 30 port hybrid untagged vla...

Page 238: ...ority is elected as the BDR The priority of Switch B is 0 which means that it cannot become the DR Switch D is not configured with a priority that is Switch D uses the default priority namely 1 Figure 5 2 Networking diagram for configuring DR election through OSPFv3 SwitchA XGE0 0 1 XGE0 0 1 XGE0 0 1 XGE0 0 1 SwitchD SwitchB VLANIF10 VLANIF10 VLANIF10 1001 4 64 VLANIF10 SwitchC 1001 3 64 1001 1 64...

Page 239: ...thernet 0 0 1 SwitchA XGigabitEthernet0 0 1 port hybrid pvid vlan 10 SwitchA XGigabitEthernet0 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit The configurations of Switch B Switch C Switch D are similar to the configuration of Switch A and are not mentioned here Step 2 Assign IPv6 addresses to the VLANIF interfaces SwitchA ipv6 SwitchA interface vlanif 10 SwitchA Vlanif10 ipv6...

Page 240: ...e DR the other broadcast interfaces of this Switch have a high priority in the future DR election That is the Switch still functions as the DR The DR cannot be preempted Switch A display ospfv3 peer OSPFv3 Process 1 OSPFv3 Area 0 0 0 0 Neighbor ID Pri State Dead Time Interface Instance ID 2 2 2 2 1 2 Way DROther 00 00 32 Vlanif10 0 3 3 3 3 1 Full Backup 00 00 36 Vlanif10 0 4 4 4 4 1 Full DR 00 00 ...

Page 241: ...f10 0 Step 5 Perform DR BDR election again Restart all Switches or run the shutdown and undo shutdown commands on the VLANIF interface that establishes the OSPFv3 neighbor relationship to re elect the DR and BDR Step 6 Verify the configuration View the neighbors of Switch A and you can see that Switch C is the BDR Switch A display ospfv3 peer OSPFv3 Process 1 OSPFv3 Area 0 0 0 0 Neighbor ID Pri St...

Page 242: ...0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 ospfv3 1 router id 2 2 2 2 return l Configuration file of Switch C sysname Switch C ipv6 vlan batch 10 interface Vlanif10 ipv6 enable ipv6 address 1001 3 64 ospfv3 1 area 0 0 0 0 ospfv3 dr priority 2 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 ospfv3 1 router id 3 3 3 3...

Page 243: ...tch B and Switch C are located so that Switch A and Switch D can communicate with each other Figure 5 3 Networking diagram for configuring OSPFv3 virtual links SwitchA XGE0 0 1 XGE0 0 1 XGE0 0 2 XGE0 0 1 XGE0 0 2 SwitchD SwitchB VLANIF20 VLANIF10 VLANIF10 VLANIF30 1002 2 64 VLANIF30 SwitchC Area 0 Area 2 1001 2 64 1001 1 64 1000 1 64 XGE0 0 2 VLANIF20 1000 2 64 1002 1 64 Area 1 Device name Interfa...

Page 244: ... 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit The configurations of Switch B Switch C Switch D are similar to the configuration of Switch A and are not mentioned here Step 2 Assign IPv6 addresses to the VLANIF interfaces SwitchA ipv6 SwitchA interface vlanif 10 SwitchA Vlanif10 ipv6 enable SwitchA Vlanif10 ipv6 address 1001 2 64 SwitchA Vlanif10 quit The configurations of Sw...

Page 245: ... display ospfv3 routing Codes E2 Type 2 External E1 Type 1 External IA Inter Area N NSSA U Uninstalled OSPFv3 Process 1 Destination Metric Next hop 1000 64 1 directly connected Vlanif20 1002 64 1 directly connected Vlanif30 Step 4 Configure a vritual link in Area 1 where Switch B and Switch C are located Configure Switch B Switch B ospfv3 Switch B ospfv3 1 area 1 Switch B ospfv3 1 area 0 0 0 1 vli...

Page 246: ... file of Switch B sysname Switch B ipv6 vlan batch 10 20 interface Vlanif10 ipv6 enable ipv6 address 1001 1 64 ospfv3 1 area 0 0 0 2 interface Vlanif20 ipv6 enable ipv6 address 1000 1 64 ospfv3 1 area 0 0 0 1 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 ospfv3 1 router id ...

Page 247: ...nterface XGigabitEthernet0 0 2 port hybrid pvid vlan 30 port hybrid untagged vlan 30 ospfv3 1 router id 4 4 4 4 return 5 12 4 Example for Configuring OSPFv3 GR Networking Requirements As shown in Figure 5 4 Switch A Switch B and Switch C belong to the same OSPFv3 area They communicate with each other through the OSPFv3 protocol and are enabled with GR When OSPFv3 adjacencies are established betwee...

Page 248: ...n you need the following data l IPv6 addresses of the interfaces l Process ID of the OSPFv3 protocol l Router ID 1 1 1 1 of Switch A and area Area 0 where Switch A is located l Router ID 2 2 2 2 of Switch B and area Area 0 where Switch B is located l Router ID 3 3 3 3 of Switch C and area Area 0 where Switch C is located Procedure Step 1 Add interfaces to VLANs Quidway system view Quidway sysname ...

Page 249: ... C enable OSPFv3 and set the router ID to 3 3 3 3 Switch C ospfv3 100 Switch C ospfv3 100 router id 3 3 3 3 Switch C ospfv3 100 quit Switch C interface vlanif 20 Switch C Vlanif20 ospfv3 100 area 0 Switch C Vlanif20 quit Step 4 Enable OSPFv3 GR for Switch A Switch A ospfv3 100 Switch A ospfv3 100 graceful restart Switch A ospfv3 100 quit Step 5 Enable OSPFv3 helper for Switch B Switch B ospfv3 100...

Page 250: ...hen you restart the OSPFv3 process through GR on Switch A Switch A display ipv6 fib SwitchA display ipv6 fib IPv6 FIB Table Total number of Routes 2 Destination 1000 PrefixLength 64 NextHop 1000 1 Flag U Interface Vlanif10 Tunnel ID 0x0 TimeStamp Date 25 6 2007 Time 17 31 46 Destination 2000 PrefixLength 64 NextHop FE80 200 1FF FE00 200 Flag DGU Interface Vlanif10 Tunnel ID 0x0 TimeStamp Date 26 6...

Page 251: ...2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 ospfv3 100 router id 2 2 2 2 helper role return l Configuration file of Switch C sysname Switch C ipv6 vlan batch 20 interface Vlanif20 ipv6 enable ipv6 address 2000 2 64 ospfv3 100 area 0 0 0 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 20 port hybrid untagged vlan 20 ospfv3 100 router id 3 3 3 3 return S6700 Series Ethernet Switc...

Page 252: ...es for configuring IS IS processes and interfaces to implement communication between nodes on an IPv4 IS IS network 6 4 Establishing or Maintaining IS IS Neighbor Relationships or Adjacencies This section describes how to configure the parameters that affect the IS IS neighbor relationship 6 5 Configuring IPv4 IS IS Route Selection Configuring IS IS route selection can achieve refined control over...

Page 253: ...e route searching efficiency and simplify route management on a large scale IS IS network configure IS IS route summarization to reduce the number of IS IS routes in a routing table 6 14 Configuring IPv6 IS IS to Interact with Other Routing Protocols If other routing protocols are configured on an IS IS network you need to configure IS IS to interact with these protocols to ensure successful commu...

Page 254: ...col IS IS Areas To support large scale networks the IS IS adopts a two level structure in a Routing Domain RD A large RD is divided into one or more areas The intra area routes are managed by the Level 1 routers whereas the inter area routes are managed by the Level 2 routers Figure 6 1 shows an IS IS network Its topology is similar to that of a multi area OSPF network Area 1 is a backbone area Al...

Page 255: ...int links such as PPP and HDLC NOTE For a Non Broadcast Multi Access NBMA network such as ATM you need to configure sub interfaces for it The type of subnets cannot be Point to Multipoint P2MP IS IS cannot run on P2MP networks 6 2 IS IS Features Supported by the S6700 The S6700 supports various Intermediate System to Intermediate System IS IS protocol features including multi instance multi proces...

Page 256: ...interface after the TE tunnel is enabled with IGP Shortcut Based on the unicast route to the multicast source address a switch sends a Join message through a TE tunnel interface In this situation switchs spanned by the TE tunnel cannot detect the Join message so they do not create any multicast forwarding entry A TE tunnel is unidirectional so multicast data packets sent by the multicast source ar...

Page 257: ... not be a physical interface but a TE tunnel interface If a client sends a Join packet with the specified outbound interface as a TE tunnel interface a router that the TE tunnel traverses does not parse the Join packet but adds an MPLS label to the packet before forwarding it No multicast forwarding entry is created on the router The router will discard packets sent from a multicast source causing...

Page 258: ...ent carries an additional system ID l Operating mode An IS IS router can run the LSP fragment extension feature in the following modes Mode 1 The originating system sends a link to each virtual system Then each virtual system sends a link to the originating system The virtual systems function as the switchs that are connected to the originating system on the network This mode is used when some rou...

Page 259: ... the route with the highest preference will be used and the others will function as backups This facilitates traffic management improves the network reliability and avoids configuration change IS IS Fast Convergence l Incremental SPF I SPF I SPF calculates only changed routes at a time but not all routes ISO 10589 defines Dijkstra as the algorithm to calculate routes When a node is added to or rem...

Page 260: ...router does not calculate routes frequently Therefore you can set a short interval in milliseconds for triggering the route calculation for the first time If the network topology changes frequently the value of the intelligent timer increases with the calculation times and the interval for route calculation becomes longer This prevents excessive CPU resource consumption The LSP generation intellig...

Page 261: ...orrectly guide packet forwarding The S6700 supports dynamic IPv4 and IPv6 BFD for IS IS NOTE For details about IS IS GR see the IS IS chapter in the S6700 Series Ethernet Switches Feature Description IP Routing IS IS Three Way Handshake A reliable link layer protocol is required when IS IS runs on a point to point P2P link Based on ISO 10589 the two way handshake mechanism of IS IS uses Hello pack...

Page 262: ...uring basic IPv4 IS IS functions includes the following operations 1 Create IPv4 IS IS processes 2 Configure IPv4 IS IS interfaces Pre configuration Tasks Before configuring basic IPv4 IS IS functions complete the following tasks l Configure a link layer protocol l Assign an IP address to each interface to ensure IP connectivity Data Preparation To configure basic IPv4 IS IS functions you need the...

Page 263: ...s and configure the NET of a device 1 Run system view The system view is displayed 2 Run isis process id An IS IS process is created and the IS IS process view is displayed The process id parameter specifies the ID of an IS IS process The default value of process id is 1 To associate an IS IS process with a VPN instance run the isis process id vpn instance vpn instance name command 3 Run network e...

Page 264: ...f the local IS IS device 4 Run is name map system id symbolic name IS IS static host name mapping is configured The system ID of a peer IS IS device is mapped to the specified host name This command configuration takes effect only on the local IS IS device The value of symbolic name will not be added to LSP packets If dynamic host name mappings is configured on an IS IS network the mappings on the...

Page 265: ... send Hello packets This suppression improves the link bandwidth usage Procedure l Configure an IS IS interface 1 Run system view The system view is displayed 2 Run interface interface type interface number The interface view is displayed 3 Run isis enable process id An IS IS interface is configured After this command is run the IS IS device uses the specified interface to send Hello packets and f...

Page 266: ... the area End 6 3 4 Optional Configuring the IPv4 IS IS Interfaces Configuring the IS IS interface costs can control IS IS route selection Context The costs of IS IS interfaces can be determined in the following modes in descending order by priority l Interface cost is configured for a specified interface l Global cost is configured for all interfaces l Automatically calculated cost is automatical...

Page 267: ...IS IS device can learn only the interface whose route cost exceeds 1023 for the first time That is the cost of each interface before this interface is not greater than 63 The routes of the network segment where the interface resides and the routes imported by the interface can all be learned The cost of the route is 1023 Subsequent routes forwarded by the interface are discarded If relax spf limit...

Page 268: ...cost The configuration of the bandwidth reference value takes effect only when the cost type is wide or wide compatible In this case Cost of each interface Value of bandwidth reference Interface bandwidth x 10 If the cost style is narrow narrow compatible or compatible the cost of each interface is based on costs listed in Table 6 1 Table 6 1 Mapping between IS IS interface costs and interface ban...

Page 269: ...not be established between the two interfaces For example if the type of an interface on a peer device is P2P you can configure the type of an interface on the local device to P2P so that an IS IS neighbor relationship can be established between the two devices IS IS on a P2P network is not required to select a DIS Therefore you do not need to configure DIS priorities To ensure the reliability of ...

Page 270: ...k type the default settings are restored for the interval for sending Hello packets the number of Hello packets that IS IS fails to receive from a neighbor before the neighbor is declared Down interval for retransmitting LSPs on a P2P link various IS IS authentication modes DIS priority and interval for sending CSNPs on a broadcast network l Set the negotiation mode in which P2P neighbor relations...

Page 271: ...s Down and the route to the network segment where the interface resides is not advertised through LSPs l Configure IS IS not to check whether the IP addresses of received Hello packets are on the same network segment 1 Run system view The system view is displayed 2 Run interface interface type interface number The interface view is displayed 3 Run isis peer ip ignore IS IS is configured not to che...

Page 272: ... the parameters that affect the IS IS neighbor relationship familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment This section describes how to establish or maintain the IS IS neighbor relationship covering l Adjusting timers of various IS...

Page 273: ... of packets you can set different intervals If no level is specified both the Level 1 timer and Level 2 timer are configured On a P2P link there are only one type of Hello packets Thus neither level 1 nor level 2 is required NOTE Parameters level 1 and level 2 are configured only on a broadcast interface l Configuring the Invalid Number of Hello Packets 1 Run system view The system view is display...

Page 274: ...ot specified the timer of the current level is configured l Configuring the Interval for Retransmitting LSPs 1 Run system view The system view is displayed 2 Run interface vlanif vlan id The VLANIF interface view is displayed 3 Run isis enable Enable IS IS on the VLANIF interface 4 Run isis circuit type p2p Sets the interface network type as P2P 5 Run isis timer lsp retransmit retransmit interval ...

Page 275: ... the LSP to be generated or received by IS IS can affect the transmission of LSPs Context Do as follows on the switch that runs IS IS Procedure l Configuring the Interval for Refreshing LSPs 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run timer lsp refresh refresh time The LSP refreshment period is set To synchronize all the LSPs in an area th...

Page 276: ... is set If no level is configured both Level 1 and Level 2 are configured The initial delay for generating the same LSPs or LSP fragments is init interval The delay for generating the same LSPs or LSP fragments secondly is incr interval When the routes change each time the delay for generating the same LSPs or LSP fragments is twice as the previous value until the delay is up to max interval After...

Page 277: ... mesh group mesh group number mesh blocked The interface is added to a mesh group On the Non Broadcast Multiple Access NBMA network after receiving an LSP the interface of a switch floods the LSP to the other interfaces In a network with higher connectivity and multiple P2P links however the flooding method causes repeated LSP flooding and wastes bandwidth To avoid the preceding problem you can co...

Page 278: ...ured mode 1 and Level 1 2 are used by default End 6 4 4 Checking the Configuration After configuring parameters that affect the IS IS neighbor relationship you can check information about the IS IS interface and statistics about the IS IS process Prerequisites The configurations of Establishing or Maintaining IS IS Neighbor Relationships or Adjacencies are complete Procedure l Run display isis int...

Page 279: ...es NOTE Changing the IS IS cost for an interface can achieve the function of controlling route selection but requires routes on the interface to be recalculated and reconverged when a network topology changes especially on a large scale network In addition the configuration result may not meet your expectation Therefore the configuration of changing IS IS costs has best to be finished when configu...

Page 280: ...ough the nearest Level 1 2 device The route used may not be the optimal route to the destination To enable a device in a Level 1 area to select the optimal route configure IPv4 IS IS route leaking so that specified routes in the Level 2 area can be leaked into the local Level 1 area Routes of services deployed only in the local Level 1 area do not need to be leaked into the Level 2 area A policy c...

Page 281: ... equal cost IS IS routes are available on a network configure the equal cost IS IS routes to work in load balancing mode to increase the bandwidth usage of each link or configure preference values for the equal cost IS IS routes to facilitate traffic management Context If there are redundant IS IS links multiple routes may have an equal cost Choose either of the following methods to use these equa...

Page 282: ...st IS IS route NOTE A larger value of the value parameter indicates a higher preference End 6 5 4 Filtering IPv4 IS IS Routes If some IS IS routes are not preferred configure conditions to filter IS IS routes Only IS IS routes meeting the specified conditions can be added to an IP routing table Context Only routes in an IP routing table can be used to forward IP packets An IS IS route can take eff...

Page 283: ...ted configure the IS to enter the overload state so that no device will forward traffic to this IS IS IS routes converge more quickly than BGP routes To prevent blackhole routes on a network where both IS IS and BGP are configured set an overload bit to instruct an IS to enter the overload state during its start or restart After BGP convergence is complete cancel the overload bit Procedure Step 1 ...

Page 284: ...on is used to summarize routes with the same IP prefix into one route On a large scale IS IS network route summarization can be configured to reduce the number of IS IS routes in a routing table This summarization improves the usage of system resources and facilitates route management If a link on an IP network segment that is summarized frequently alternates between Up and Down states IP network ...

Page 285: ...nvironment If other routing protocols are configured on an IS IS network the following issues need to be considered l Preference of IS IS routes If multiple routes to the same destination are discovered by different routing protocols running on the same device the route discovered by the protocol with the highest preference is selected For example if both OSPF and IS IS are configured the route di...

Page 286: ...IPv4 IS IS route convergence speed you need the following data No Data 1 ACL for filtering routes IP prefix list or routing policy 2 Preference value of IS IS 6 7 2 Configuring a Preference Value for IPv4 IS IS If multiple routes to the same destination are discovered by different routing protocols configuring the highest preference value for IS IS allows a route discovered by IS IS to be selected...

Page 287: ...d for the specified IS IS routes NOTE preference takes effect only for IS IS routes that match the specified routing policy End 6 7 3 Configuring IPv4 IS IS to Advertise a Default Route To forward all traffic in an IS IS area through a default route configure IS IS on a Level 1 2 device to advertise the default route Context Only the route 0 0 0 0 0 can be advertised as a default route on a Level ...

Page 288: ...tes configure IS IS on a Level 1 2 device of this area to import external routes Context If IS IS is configured on a Level 1 2 device to advertise a default route all traffic in IS IS areas will be forwarded by this Level 1 2 device This will burden this Level 1 2 device because no external route can be learned on the devices in the IS IS areas If multiple Level 1 2 devices are deployed optimal ro...

Page 289: ...isis process id The IS IS view is displayed 3 Run filter policy acl number acl name acl name ip prefix ip prefix name route policy route policy name export protocol process id IS IS is configured to advertise specified external routes to the IS IS areas NOTE After this command is run only external routes that meet the specified conditions can be advertised to the IS IS areas End 6 7 5 Checking the...

Page 290: ...rgence speed configure the following parameters l Interval for detecting IS IS neighboring device failures l Flooding parameters of CSNPs and LSPs l Interval for SPF calculation You can also configure convergence priorities for IPv4 IS IS routes so that key routes can be converged by preference when a network topology changes This minimizes adverse impacts on key services Pre configuration Tasks B...

Page 291: ...packets are sent l Shorten the holding time of neighboring devices l Configuring Dynamic IPv4 BFD for IS IS NOTE Configuring IPv4 BFD for IS IS is recommended because this method provides a faster fault detection speed than the other two methods Procedure l Set an interval at which Hello packets are sent 1 Run system view The system view is displayed 2 Run interface interface type interface number...

Page 292: ...s are processed differently on broadcast links and P2P links l On a broadcast link CSNPs are periodically sent by a DIS device If a router detects that its LSDB is not synchronized with that on its neighboring router the router will send PSNPs to apply for missing LSPs l On a P2P link CSNPs are sent only during initial establishment of neighboring relationships If a request is acknowledged a neigh...

Page 293: ...ragment for the second time is determined by incr interval From the third time on the delay in generating an LSP increases twice every time until the delay reaches the value specified by max interval After the delay remains at the value specified by max interval for three times or the IS IS process is restarted the delay decreases to the value specified by init interval If incr interval is not spe...

Page 294: ...s 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run timer lsp refresh refresh time A refresh interval is set for LSPs To synchronize all LSPs in the areas IS IS regularly transmits all the current LSPs to neighbors By default the LSP refresh interval is 900s and the maximum lifetime of an LSP is 1200s Ensure that the LSP refresh interval is more...

Page 295: ...pecified by throttle interval The value of count is an integer ranging from 1 to 1000 l Enable LSP fast flooding 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run flash flood lsp count max timer interval interval level 1 level 2 The LSP fast flooding is enabled Running the flash flood command speeds up LSP flooding The lsp count parameter specif...

Page 296: ...orm SPF calculation Frequent SPF calculation will consume excessive CPU resources affecting services To solve this problem configure an intelligent timer to control the interval for SPF calculation For example to speed up IS IS route convergence set the interval for SPF calculation to a small value and set the interval to a large value after the IS IS network becomes stable Procedure Step 1 Run sy...

Page 297: ...er IS IS routes is low The S6700 allows you to configure the highest convergence priority for specific IS IS routes so that those IS IS routes will be converged first when a network topology changes Procedure Step 1 Run system view The system view is displayed Step 2 Run isis process id The IS IS view is displayed Step 3 Run prefix priority level 1 level 2 critical high medium ip prefix prefix nam...

Page 298: ...g Static IPv4 BFD for IS IS BFD can provide link failure detection featuring light load and high speed at the millisecond level Static IPv4 BFD can be configured to monitor IS IS links Context In a static BFD session scenario you need to configure single hop BFD parameters such as local and remote discriminators and then configure the device to send BFD session setup requests A static BFD session ...

Page 299: ...p command as the next hop address 2 Set discriminators Run discriminator local discr value A local discriminator is set Run discriminator remote discr value A remote discriminator is set The local discriminator of a device must be the remote discriminator of the device on the other end otherwise a BFD session cannot be established In addition the local and remote discriminators cannot be modified ...

Page 300: ...S IS route convergence Context Connection status between an IS IS device and its neighbors can be monitored by exchanging Hello packets at intervals The minimum allowable sending interval is 3s and a neighbor is declared Down after at least three intervals during which no response Hello packet is received from the neighbor IS IS takes more than one second to detect that a neighbor becomes Down res...

Page 301: ...for IS IS on a large number of IS IS interfaces l Enable dynamic IPv4 BFD for specified interfaces This method is recommended if you need to enable dynamic IPv4 BFD for IS IS on a small number of IS IS interfaces Procedure l Enable dynamic IPv4 BFD for an IS IS process 1 Run system view The system view is displayed 2 Run bfd BFD is enabled globally 3 Run quit The system view is displayed 4 Run isi...

Page 302: ... displayed 5 Run isis bfd enable BFD is enabled on the interface After BFD is configured globally and the neighbor status is Up on a broadcast network DIS is in the Up state default BFD parameters will be used to establish BFD sessions on the specified interface 6 Optional Run isis bfd min rx interval receive interval min tx interval transmit interval detect multiplier multiplier value Run this co...

Page 303: ...6 network configure basic IS IS functions to implement communication between different nodes on the network Other IS IS functions can be configured only after basic IS IS functions are configured Configuring basic IPv6 IS IS functions includes the following operations 1 Create IPv6 IS IS processes 2 Configure IPv6 IS IS interfaces Pre configuration Tasks Before configuring basic IPv6 IS IS functio...

Page 304: ...onfiguration improves the maintainability on an IS IS network l Optional Enable the output of the IS IS adjacency status If the local terminal monitor is enabled and the output of the IS IS adjacency status is enabled IS IS adjacency changes will be output to the router until the output of the adjacency status is disabled Procedure l Create an IS IS process and configure the NET of a device enable...

Page 305: ...el 1 2 level 2 The level of the switch is configured l Optional Configure IS IS host name mapping 1 Run system view The system view is displayed 2 Run isis process id An IS IS process is created and the IS IS process view is displayed 3 Run is name symbolic name IS IS dynamic host name mapping is configured The system ID of the local device is mapped to the specified host name The value of symboli...

Page 306: ...onships will be established between two Level 1 2 devices If only one level of neighbor relationships is required you can configure the level of an interface to prevent the establishment of the other level of neighbor relationships After IS IS is enabled on an interface the interface will automatically send Hello packets attempting to establish neighbor relationships If a peer device is not an IS ...

Page 307: ...Changing the level of an IS IS interface is valid only when the level of the IS IS device is Level 1 2 If the level of the IS IS device is not a Level 1 2 the level of the IS IS device determines the level of the adjacency to be established l Optional Suppress an IS IS interface 1 Run system view The system view is displayed 2 Run interface interface type interface number The interface view is dis...

Page 308: ...ified the cost of a route works as follows If the cost of a route is not greater than 1023 and the cost of every interface that the route passes through is smaller than or equal to 63 the cost of the route received by the interface is the actual cost If the cost of a route is not greater than 1023 but the costs of all interfaces that the route passes through are greater than 63 the IS IS device ca...

Page 309: ...the isis ipv6 cost command to configure the cost of a specified interface l Configure the global IS IS cost 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run ipv6 circuit cost cost level 1 level 2 The global IS IS cost is configured You can use the ipv6 circuit cost command to configure the costs of all interfaces at a time l Enable IS IS to aut...

Page 310: ...es for Interfaces on Different Types of Networks Different IS IS attributes can be configured for different types of network interfaces Context The establishment modes of IS IS neighbor relationships are different on a broadcast network and on a P2P network Different IS IS attributes can be configured for interfaces on different types of networks IS IS is required to select a DIS on a broadcast ne...

Page 311: ...e network type of an IS IS interface changes interface configurations change accordingly After a broadcast interface is configured as a P2P interface using the isis circuit type p2p command the default settings are restored for the interval for sending Hello packets the number of Hello packets that IS IS fails to receive from a neighbor before the neighbor is declared Down interval for retransmitt...

Page 312: ... number The interface view is displayed 3 Run isis ppp osicp check The OSICP negotiation status is checked on a PPP interface By default the OSICP negotiation status of a PPP interface does not affect the status of an IS IS interface The isis ppp osicp check command is applicable only to PPP interfaces This command is invalid for other P2P interfaces After this command is run the OSICP negotiation...

Page 313: ...mmand to check information about IS IS routes End 6 12 Configuring IPv6 IS IS Route Selection Configuring IS IS route selection can achieve refined control over route selection 6 12 1 Establishing the Configuration Task Before configuring IPv6 IS IS route selection familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configu...

Page 314: ... 1 ACL6 for filtering routes IPv6 prefix list or routing policy 2 Maximum number of load balancing equal cost IS IS routes 3 Time when an IS IS device enters the overload state 6 12 2 Configuring IPv6 IS IS Route Leaking Configuring IS IS route leaking enables you to optimize IS IS route selection on a two level area network Context If multiple Level 1 2 devices in a Level 1 area are connected to ...

Page 315: ...t is connected to an external area By default routes in the Level 2 area are not leaked into Level 1 areas After this command is run only routes that meet the specified conditions can be leaked into Level 1 areas l Configure routes in Level 1 areas to leak into the Level 2 area 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run ipv6 import route ...

Page 316: ...r the number of IS IS equal cost routes to work in load balancing mode is determined by number If the number of IS IS equal cost routes is smaller than the value of number IS IS equal cost routes of the actual number work in load balancing mode End 6 12 4 Filtering IPv6 IS IS Routes If some IS IS routes are not preferred configure conditions to filter IS IS routes Only IS IS routes meeting the spe...

Page 317: ...y isolated configure the IS to enter the overload state so that no device will forward traffic to this IS IS IS routes converge more quickly than BGP routes To prevent blackhole routes on a network where both IS IS and BGP are configured set an overload bit to instruct an IS to enter the overload state during its start or restart After BGP convergence is complete cancel the overload bit Procedure ...

Page 318: ...ed to summarize routes with the same IP prefix into one route On a large scale IS IS network route summarization can be configured to reduce the number of IS IS routes in a routing table This summarization improves the usage of system resources and facilitates route management If a link on an IP network segment that is summarized frequently alternates between Up and Down states IP network segments...

Page 319: ...vironment If other routing protocols are configured on an IS IS network the following issues need to be considered l Preference of IS IS routes If multiple routes to the same destination are discovered by different routing protocols running on the same device the route discovered by the protocol with the highest preference is selected For example if both OSPFv3 and IS IS are configured the route d...

Page 320: ...interact with other routing protocols you need the following data No Data 1 ACL6 for filtering routes IPv6 prefix list or routing policy 2 Preference value of IS IS 6 14 2 Configuring a Preference Value for IPv6 IS IS If multiple routes to the same destination are discovered by different routing protocols configuring the highest preference value for IS IS allows a route discovered by IS IS to be s...

Page 321: ...e To forward all traffic in an IS IS area through a default route configure IS IS on a Level 1 2 device to advertise the default route Context Only the route 0 can be advertised as a default route on a Level 1 2 device All traffic destined for other areas is first forwarded to the Level 1 2 device To ensure successful traffic forwarding external routes must be learned on the Level 1 2 device NOTE ...

Page 322: ... device This will burden this Level 1 2 device because no external route can be learned on the devices in the IS IS areas If multiple Level 1 2 devices are deployed optimal routes to other areas need to be selected To ensure optimal routes are selected all the other devices in the IS IS areas must learn all or some external routes Routing policies can be configured to import or advertise external ...

Page 323: ...onfiguration After IS IS is enabled to import routes from other protocols run the following commands to verify that the configurations are correct Procedure l Run the display isis lsdb level 1 level 2 verbose local lsp id is name symbolic name process id vpn instance vpn instance name command to check IS IS LSDB information l Run the display isis route process id vpn instance vpn instance name ipv...

Page 324: ...ailures l Flooding parameters of CSNPs and LSPs l Interval for SPF calculation You can also configure convergence priorities for IPv6 IS IS routes so that key routes can be converged by preference when a network topology changes This minimizes adverse impacts on key services Pre configuration Tasks Before configuring the IPv6 IS IS route convergence speed complete the following tasks l Configuring...

Page 325: ...ighboring devices Procedure l Set an interval at which Hello packets are sent 1 Run system view The system view is displayed 2 Run interface interface type interface number The interface view is displayed 3 Run isis timer hello hello interval level 1 level 2 The interval at which Hello packets are sent is set NOTE A broadcast link can transmit both Level 1 and Level 2 Hello packets You can set dif...

Page 326: ...neighboring router the router will also send PSNPs to apply for missing LSPs To speed up LSDB synchronization modify the following parameters of SNPs and LSPs on the S6700 l Set an interval at which CSNPs are sent l Configure the intelligent timer controlling LSP generation l Set the maximum length for LSPs l Set the refresh interval for LSPs l Set the maximum lifetime for LSPs l Set the minimum i...

Page 327: ... LSP or LSP fragment for the first time is determined by init interval From the second time on the delay in generating an LSP is determined by max interval After the delay remains at the value specified by max interval for three times or the IS IS process is restarted the delay decreases to the value specified by init interval When only max interval is specified the intelligent timer functions as ...

Page 328: ...e NOTE The larger a network the greater the deviation between the LSP refresh interval and the maximum LSP lifetime l Set the maximum lifetime for LSPs 1 Run system view The system view is displayed 2 Run isis process id The IS IS view is displayed 3 Run timer lsp max age age time The maximum lifetime is set for LSPs When a router generates the system LSP it fills in the maximum lifetime for this ...

Page 329: ... be sent is greater than the value of lsp count lsp count takes effect If the number of LSPs to be sent is smaller than the value of lsp count LSPs of the actual number are sent If a timer is configured and the configured timer does not expire before the route calculation the LSPs are flooded immediately when being received otherwise the LSPs are sent when the timer expires When LSP fast flooding ...

Page 330: ... calculation increases twice every time until the delay reaches the value specified by max interval After the delay remains at the value specified by max interval for three times or the IS IS process is restarted the delay decreases to the value specified by init interval l If incr interval is not specified the delay in SPF calculation for the first time is determined by init interval From the sec...

Page 331: ...of a Level 2 IS IS route l If the route level is not specified the configuration of the prefix priority command takes effect for both Level 1 and Level 2 IS IS routes NOTE The ipv6 prefix priority command is only applicable to the public network After the ipv6 prefix priority command is run the convergence priority of 32 bit host routes is low and the convergence priorities of the other routes are...

Page 332: ...pting the forwarding The advantages of IS IS GR are as follows l When IS IS restarts the switch can resend connection requests to its neighbor The adjacency relationship is not torn down l Before LSPs packets are generated GR minimizes the interference caused by waiting for the database synchronization l If the switch starts for the first time the switch sets the overload bit in LSPs until the LSD...

Page 333: ...e sequence number of an LSP fragment is reinitialized when the switch starts Therefore the switch considers that the previously advertised LSP stored on other switches is newer than the LSP generated locally after the switch starts This leads to the temporary black hole in the network which lasts until the normal LSDB update process finishes The switch then regenerates its LSPs and advertises the ...

Page 334: ...an run the undo graceful restart suppress sa command By default the SA bit is not suppressed End 6 16 4 Checking the Configuration After configuring IS IS GR you can check the IS IS GR status and parameters Prerequisites The configurations for IS IS GR are complete Procedure Step 1 Run display isis graceful restart status level 1 level 2 process id vpn instance vpn instance name command to check t...

Page 335: ...ake effect Context CAUTION The specified IS IS neighbor relationship is deleted after you reset a specified IS IS neighbor by using the reset isis peer command Exercise caution when running this command After the IS IS routing policy or the protocol changes you can reset a specific IS IS neighbor to validate the new configuration To reset a specific IS IS neighbor run the following reset command i...

Page 336: ...nfiguring basic IS IS functions IS IS Area 10 IS IS Area 20 Switch A Switch B Switch C Switch D L1 L1 L1 2 L2 XGE 0 0 1 XGE 0 0 1 XGE 0 0 1 XGE 0 0 3 XGE 0 0 2 XGE 0 0 2 XGE 0 0 1 Switch Interface VLANIF Interface IP Address SwitchA XGE 0 0 1 VLANIF 10 10 1 1 2 24 SwitchB XGE 0 0 1 VLANIF 20 10 1 2 2 24 SwitchC XGE 0 0 1 VLANIF 10 10 1 1 1 24 SwitchC XGE 0 0 2 VLANIF 20 10 1 2 1 24 SwitchC XGE 0 0...

Page 337: ...onfigure the IDs of the VLANs to which the interfaces belong The configuration details are not mentioned 2 Assign IP addresses to VLANIF interfaces The configuration details are not mentioned 3 Run the IS IS progress on each Switch specify the network entity and configure the level Configure SwitchA SwitchA isis 1 SwitchA isis 1 is level level 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 S...

Page 338: ...000 0002 00 00 0x00000003 0xef4d 545 68 0 0 0 0000 0000 0003 00 00 0x00000008 0x3340 582 111 1 0 0 0000 0000 0003 01 00 0x00000004 0xa7dd 582 55 0 0 0 0000 0000 0002 01 00 0x00000002 0xc0c4 524 55 0 0 0 Total LSP s 5 In TLV Leaking Route By LSPID Self LSP Self LSP Extended ATT Attached P Partition OL Overload SwitchB display isis lsdb Database information for ISIS 1 Level 1 Link State Database LSP...

Page 339: ... 0000 0000 0003 00 00 0x00000008 0x55bb 644 100 0 0 0 0000 0000 0003 03 00 0x00000003 0xef91 644 55 0 0 0 0000 0000 0004 00 00 0x00000005 0x651 624 84 0 0 0 Total LSP s 3 In TLV Leaking Route By LSPID Self LSP Self LSP Extended ATT Attached P Partition OL Overload Display the IS IS routing information of each Switch A default route must be available in the routing table of the Level 1 Switch and t...

Page 340: ...ect A Added to URT L Advertised in LSPs S IGP Shortcut U Up Down Bit Set SwitchD display isis route Route information for ISIS 1 ISIS 1 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 192 168 0 0 24 10 NULL Vlanif30 Direct D L 10 1 1 0 24 20 NULL Vlanif30 192 168 0 1 A 10 1 2 0 24 20 NULL Vlanif30 192 168 0 1 A 172 16 0 0 24 10 NULL Vlanif40 192 168 0 2 A Flag...

Page 341: ... 10 0000 0000 0003 00 interface Vlanif10 ip address 10 1 1 1 255 255 255 0 isis enable 1 interface Vlanif20 ip address 10 1 2 1 255 255 255 0 isis enable 1 interface Vlanif30 ip address 192 168 0 1 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 20 interfac...

Page 342: ...18 2 Example for Configuring IS IS Route Aggregation Networking Requirements As shown in Figure 6 4 l SwitchA SwitchB and SwitchC are interconnected by running the IS IS protocol l SwitchA belongs to Area 20 SwitchB and SwitchC belong to Area 10 l SwitchA is a Level 2 Switch SwitchB is a Level 1 2 Switch SwitchC is a Level 1 Switch l The addresses in Area 10 can be aggregated as 172 1 0 0 16 S6700...

Page 343: ...hC XGE 0 0 4 VLANIF 40 172 1 3 1 24 Configuration Roadmap The configuration roadmap is as follows 1 Enable basic IS IS functions on each Switch so that the Switches can be interconnected 2 Check the IS IS routing table of SwitchA 3 Configure route convergence on SwitchB Data Preparation To complete the configuration you need the following data l VLAN ID of each interface as shown in Figure 6 4 l I...

Page 344: ...t SwitchB interface vlanif 50 SwitchB Vlanif50 isis enable 1 SwitchB Vlanif50 quit Configure SwitchC SwitchC isis 1 SwitchC isis 1 is level level 1 SwitchC isis 1 network entity 10 0000 0000 0003 00 SwitchC isis 1 quit SwitchC interface vlanif 10 SwitchC Vlanif10 isis enable 1 SwitchC Vlanif10 quit The configurations of the VLANIF 20 VLANIF30 and VLANIF 40 interfaces are the same as the configurat...

Page 345: ... NULL Vlanif50 172 2 1 2 A 172 2 1 0 24 10 NULL Vlanif50 Direct D L Flags D Direct A Added to URT L Advertised in LSPs S IGP Shortcut U Up Down Bit Set Configuration Files l Configuration file of SwitchA sysname SwitchA vlan batch 50 isis 1 is level level 2 network entity 20 0000 0000 0001 00 interface Vlanif50 ip address 172 2 1 1 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port l...

Page 346: ...dress 172 1 2 1 255 255 255 0 isis enable 1 interface Vlanif40 ip address 172 1 3 1 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 20 interface XGigabitEthernet0 0 3 port link type trunk port trunk allow pass vlan 30 interface XGigabitEthernet0 0 4 port li...

Page 347: ...LANIF 10 10 1 1 3 24 SwitchD XGE 0 0 1 VLANIF 10 10 1 1 4 24 Configuration Roadmap The configuration roadmap is as follows 1 Enable basic IS IS functions on each Switch so that the Switches can be interconnected 2 Check information about the IS IS interface on each Switch with the default priority 3 Configure the DIS priority on the Switch Data Preparation To complete the configuration you need th...

Page 348: ...E INTERFACE VPN INSTANCE VLAN 10 1 1 2 00e0 fccd acdf I Vlanif10 Total 1 Dynamic 0 Static 0 Interface 1 Display the MAC address of the VLANIF 10 interface on SwitchC SwitchC display arp interface vlanif 10 IP ADDRESS MAC ADDRESS EXPIRE M TYPE INTERFACE VPN INSTANCE VLAN 10 1 1 3 00e0 1396 1600 I Vlanif10 Total 1 Dynamic 0 Static 0 Interface 1 Display the MAC address of the VLANIF 10 interface on S...

Page 349: ...2 01 Up 27s L1 64 0000 0000 0002 Vlanif10 0000 0000 0004 01 Up 28s L2 L1L2 64 0000 0000 0004 Vlanif10 0000 0000 0004 01 Up 8s L2 64 Total Peer s 4 Display information about the IS IS interfaces on SwitchA SwitchA display isis interface Interface information for ISIS 1 Interface Id IPV4 State IPV6 State MTU Type DR Vlanif10 001 Up Down 1497 L1 L2 No No Display information about the IS IS interfaces...

Page 350: ...Display information about the IS IS interfaces on SwitchA SwitchA display isis interface Interface information for ISIS 1 Interface Id IPV4 State IPV6 State MTU Type DIS Vlanif10 001 Up Down 1497 L1 L2 Yes Yes As displayed above after the DIS priority of the IS IS interface is changed SwitchA immediately becomes a Level 1 2 DIS and its pseudonode is 0000 0000 0001 01 Display information about the ...

Page 351: ...s dis priority 100 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 return l Configuration file of SwitchB sysname SwitchB vlan batch 10 isis 1 network entity 10 0000 0000 0002 00 interface Vlanif10 ip address 10 1 1 2 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 return l Configuration file of Switc...

Page 352: ...hD are interconnected in an IP network by running the IS IS protocol l SwitchA SwitchB SwitchC and SwitchD are Level 2 Switches in Area 10 l Load balancing is required for the transmission of the traffic from SwitchA to SwitchD through SwitchB and SwitchC respectively Figure 6 6 Networking diagram for configuring IS IS load balancing Area10 Switch A Switch C Switch B Switch D XGE0 0 1 XGE0 0 2 XGE...

Page 353: ... complete the configuration you need the following data l VLAN ID of each interface as shown in Figure 6 6 l IP address of each VLANIF interface as shown in Figure 6 6 l System ID level and area ID of each Switch Switch A The system ID is 0000 0000 0001 the area ID is 10 the level is Level 2 Switch B The system ID is 0000 0000 0002 the area ID is 10 the level is Level 2 Switch C The system ID is 0...

Page 354: ...Up Down Bit Set As shown in the routing table when the maximum number of equal cost routes for load balancing is set to 1 IS IS chooses the next hop 10 1 1 2 Switch B as the only best route to the destination network 172 17 1 0 This is because Switch B has a smaller system ID 5 Restore the default number of equal cost routes for load balancing on Switch A SwitchA isis 1 SwitchA isis 1 undo maximum...

Page 355: ...4 Destination IntCost ExtCost ExitInterface NextHop Flags 192 168 1 0 24 20 NULL Vlanif20 10 1 2 2 A 10 1 1 0 24 10 NULL Vlanif10 Direct D L 172 16 1 0 24 10 NULL Vlanif50 Direct D L 172 17 1 0 24 30 NULL Vlanif20 10 1 2 2 A 10 1 2 0 24 10 NULL Vlanif20 Direct D L 192 168 0 0 24 20 NULL Vlanif10 10 1 1 2 A Flags D Direct A Added to URT L Advertised in LSPs S IGP Shortcut U Up Down Bit Set As shown...

Page 356: ...002 00 interface Vlanif10 ip address 10 1 1 2 255 255 255 0 isis enable 1 interface Vlanif30 ip address 192 168 0 1 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 30 return l Configuration file of Switch C sysname SwitchC vlan batch 20 40 isis 1 is level l...

Page 357: ...t link type trunk port trunk allow pass vlan 40 interface XGigabitEthernet0 0 3 port link type trunk port trunk allow pass vlan 60 return 6 18 5 Example for Configuring IS IS GR Networking Requirements As shown in Figure 6 7 the networking requirements are as follows Switch A Switch A and Switch C belong to the same autonomous system They run the IS IS protocol to implement interworking and provid...

Page 358: ... in Figure 6 7 l System ID level and area ID of each Switch Switch A The system ID is 0000 0000 0001 the area ID is 10 the level is Level 1 Switch B The system ID is 0000 0000 0002 the area ID is 10 the level is Level 2 Switch C The system ID is 0000 0000 0003 the area ID is 10 the level is Level 1 2 l Restart interval Procedure Step 1 Configure VLANs that the related interfaces belong to Quidway ...

Page 359: ...0678 Vlanif10 0x0 100 2 1 0 24 100 1 1 2 DGU t 79388 Vlanif10 0x0 Reset the IS IS process by using the GR method on Switch A SwitchA reset isis all NOTE The Switch restarts an IS IS process in GR mode only when GR is enabled for the IS IS process Run the display fib command on Switch A and view the FIB table to check whether GR works normally If GR works normally the FIB table does not change and ...

Page 360: ... l Configuration file of Switch A sysname SwitchA vlan batch 10 isis 1 graceful restart graceful restart interval 150 is level level 1 network entity 10 0000 0000 0001 00 interface Vlanif10 ip address 100 1 1 1 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 return l Configuration file of Switch B sysname SwitchB vlan batch 20 isis ...

Page 361: ...ts between Switch A and Switch B l Switch A Switch B and Switch C run IS IS l BFD is configured to detect the IS IS neighbor relationship between Switch A and Switch B When the link between Switch A and Switch B is faulty BFD can fast detect the default and report it to IS IS Figure 6 8 Networking diagram for configuring static BFD for IS IS SwitchA SwitchB SwitchC XGE0 0 1 100 1 1 1 24 XGE0 0 1 1...

Page 362: ...long to Quidway system view Quidway sysname SwitchA SwitchA vlan batch 10 SwitchA interface xgigabitethernet 0 0 1 SwitchA XGigabitEthernet0 0 1 port hybrid pvid vlan 10 SwitchA XGigabitEthernet0 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit The configurations of Switch B and Switch C are similar to the configuration of Switch A and are not mentioned here Step 2 Configure an ...

Page 363: ...ntries to Switch B and Switch C SwitchA display isis route Route information for ISIS 1 ISIS 1 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 100 1 1 0 24 10 NULL Vlanif10 Direct D L 100 2 1 0 24 20 NULL Vlanif10 100 1 1 2 A L Flags D Direct A Added to URT L Advertised in LSPs S IGP Shortcut U Up Down Bit Set Step 4 Configure BFD Enable BFD on Switch A and co...

Page 364: ...tch B to simulate a link fault SwitchB Vlanif10 shutdown On Switch A the following log information and debugging information are displayed It indicates that IS IS deletes the neighbor relationship with Switch B according to the fault reported by BFD Sep 12 2007 11 32 18 RT2 01ISIS 4 PEER_DOWN_BFDDOWN l IS IS process id 1 nei ghbor 2222 2222 2222 is down on the interface GE1 0 0 because BFD node is...

Page 365: ...network entity aa 2222 2222 2222 00 interface Vlanif10 ip address 100 1 1 2 255 255 255 0 isis enable 1 isis bfd static shutdown interface Vlanif30 ip address 100 2 1 1 255 255 255 0 isis enable 1 bfd btoa bind peer ip 100 1 1 1 interface Vlanif10 discriminator local 2 discriminator remote 1 commit interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGig...

Page 366: ...ch A and Switch B When the link between Switch A and Switch B fails BFD can quickly detect the fault and notify IS IS of the fault therefore the traffic is transmitted on the standby link Figure 6 9 Networking diagram for configuring the dynamic BFD Switch A SwitchB SwitchC XGE0 0 2 3 3 3 1 24 XGE0 0 2 3 3 3 2 24 XGE0 0 3 172 16 1 1 24 XGE0 0 1 1 1 1 1 24 XGE0 0 1 1 1 1 2 24 XGE0 0 1 2 2 2 2 24 XG...

Page 367: ...ion multiple on Switch A and Switch B Procedure Step 1 Configure VLANs that interfaces belong to Quidway system view Quidway sysname Switch A SwitchA vlan batch 10 20 SwitchA interface xgigabitethernet 0 0 1 SwitchA XGigabitEthernet0 0 1 port hybrid pvid vlan 10 SwitchA XGigabitEthernet0 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit SwitchA interface xgigabitethernet 0 0 2 Sw...

Page 368: ...0000 0003 00 SwitchC isis 1 quit SwitchC interface vlanif 10 SwitchC Vlanif10 isis enable 1 SwitchC Vlanif10 quit SwitchC interface vlanif 50 SwitchC Vlanif50 isis enable 1 SwitchC Vlanif50 quit After the preceding configurations are complete use the display isis peer command You can view that the neighboring relationship is set up between Switch A and Switch B and that between Switch A and Switch...

Page 369: ...tchA isis 1 quit Enable BFD of the IS IS process on Switch B SwitchB bfd SwitchB bfd quit SwitchB isis SwitchB isis 1 bfd all interfaces enable SwitchB isis 1 quit Enable BFD of the IS IS process on Switch C SwitchC bfd SwitchC bfd quit SwitchC isis SwitchC isis 1 bfd all interfaces enable SwitchC isis 1 quit After the preceding configurations are complete run the display isis bfd session all comm...

Page 370: ...xample SwitchB display isis bfd session all BFD session information for ISIS 1 Peer System ID 0000 0000 0001 Interface Vlanif20 TX 100 BFD State up Peer IP Address 3 3 3 1 RX 100 LocDis 8192 Local IP Address 3 3 3 2 Multiplier 4 RemDis 8192 Type L2 Diag No diagnostic information Peer System ID 0000 0000 0003 Interface Vlanif50 TX 100 BFD State up Peer IP Address 2 2 2 1 RX 100 LocDis 8192 Local IP...

Page 371: ... batch 10 20 bfd isis 1 is level level 2 bfd all interfaces enable network entity 10 0000 0000 0001 00 interface Vlanif10 ip address 1 1 1 1 255 255 255 0 isis enable 1 interface Vlanif20 ip address 3 3 3 1 255 255 255 0 isis enable 1 isis cost 5 isis bfd enable isis bfd min tx interval 100 min rx interval 100 detect multiplier 4 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid...

Page 372: ... l Configuration file of Switch C sysname SwitchC vlan batch 10 50 bfd isis 1 is level level 2 bfd all interfaces enable network entity 10 0000 0000 0003 00 interface Vlanif10 ip address 1 1 1 2 255 255 255 0 isis enable 1 interface Vlanif50 ip address 2 2 2 1 255 255 255 0 isis enable 1 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEtherne...

Page 373: ...terface IP address SwitchA XGigabitEthernet0 0 1 VLANIF 10 10 1 2 64 SwitchB XGigabitEthernet0 0 1 VLANIF 20 10 2 2 64 SwitchC XGigabitEthernet0 0 1 VLANIF 10 10 1 1 64 SwitchC XGigabitEthernet0 0 2 VLANIF 20 10 2 1 64 SwitchC XGigabitEthernet0 0 3 VLANIF 30 30 1 64 SwitchD XGigabitEthernet0 0 1 VLANIF 30 30 2 64 SwitchD XGigabitEthernet0 0 2 VLANIF 40 20 1 64 Configuration Roadmap The configurati...

Page 374: ...witch A The detailed configurations are not mentioned here Quidway system view Quidway sysname SwitchA SwitchA ipv6 SwitchA interface vlanif 10 SwitchA Vlanif10 ipv6 enable SwitchA Vlanif10 ipv6 address 10 1 2 64 Step 3 Configure IS IS Configure Switch A SwitchA isis 1 SwitchA isis 1 is level level 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 SwitchA isis 1 ipv6 enable SwitchA isis 1 quit ...

Page 375: ... 3ED2 1 A Flags D Direct A Added to URT L Advertised in LSPs S IGP Shortcut U Up Down Bit Set Display the IS IS neighbors of Switch C SwitchC display isis peer verbose Peer information for ISIS 1 System Id Interface Circuit Id State HoldTime Type PRI 0000 0000 0001 Vlanif10 0000 0000 0003 01 Up 24s L1 MT IDs supported 0 UP Local MT IDs 0 Area Address es 10 Peer IPv6 Address es FE80 996B 0 9419 1 U...

Page 376: ... 0001 00 COST 10 IPV6 10 2 64 COST 10 IPV6 10 1 64 COST 10 Total LSP s 3 In TLV Leaking Route By LSPID Self LSP Self LSP Extended ATT Attached P Partition OL Overload Level 2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT P OL 0000 0000 0003 00 00 0x00000017 0x61b4 771 157 0 0 0 SOURCE 0000 0000 0003 00 NLPID IPV6 AREA ADDR 10 INTF ADDR V6 30 1 INTF ADDR V6 10 2 1 INTF ADDR V6 10 1...

Page 377: ...ile of Switch B sysname SwitchB vlan batch 20 ipv6 isis 1 is level level 1 network entity 10 0000 0000 0002 00 ipv6 enable topology standard interface Vlanif20 ipv6 enable ipv6 address 10 2 2 64 isis ipv6 enable 1 interface XGigabitEthernet 0 0 1 port hybrid pvid vlan 20 port hybrid untagged vlan 20 return l Configuration file of Switch C sysname SwitchC vlan batch 10 20 30 ipv6 isis 1 network ent...

Page 378: ... 30 port hybrid untagged vlan 30 return l Configuration file of Switch D sysname SwitchD vlan batch 30 40 ipv6 isis 1 is level level 2 network entity 20 0000 0000 0004 00 ipv6 enable topology standard interface Vlanif40 ipv6 enable ipv6 address 20 1 64 isis ipv6 enable 1 interface Vlanif30 ipv6 enable ipv6 address 30 2 64 isis ipv6 enable 1 interface XGigabitEthernet 0 0 2 port hybrid pvid vlan 40...

Page 379: ...routes after filtering routes to be advertised and modifies route attributes to direct network traffic 7 6 Configuring BGP to Receive Routes BGP is used to transmit routing information BGP can filter received routes to accept only the expected routes and can modify route attributes to direct network traffic 7 7 Configuring BGP Route Aggregation Configuring BGP Route Aggregation on a device can red...

Page 380: ...eer regardless of whether there are default routes in the local routing table This greatly reduces the number of routes on the network 7 15 Configuring BGP Load Balancing Configuring BGP load balancing better utilizes network resources and reduces network congestion 7 16 Configuring the BGP Next Hop Delayed Response Configuring the BGP next hop delayed response can minimize traffic loss during rou...

Page 381: ...anced l BGP supports Classless Inter Domain Routing CIDR l BGP transmits only the updated routes when routes are being updated This reduces the bandwidth occupied by BGP for route distribution Therefore BGP is applicable to the Internet where a large number of routes are transmitted l BGP eliminates routing loops by adding AS path information to BGP routes l BGP provides rich routing policies to f...

Page 382: ... AS_CONFED_SET are not included in the AS_Path length l An AS_SET counts as 1 no matter how many ASs are in the set l After the bestroute as path ignore command is run the AS_Path attributes of routes are not compared in the route selection process 5 Prefers the route with the highest Origin type IGP is higher than EGP and EGP is higher than Incomplete 6 Prefers the route with the lowest Multi Exi...

Page 383: ...based on the following policies l When there are multiple active routes the BGP speaker advertises only the optimal route to its peer l The BGP speaker advertises only the preferred routes to its peer l The BGP speaker advertises the routes learned from EBGP peers to all BGP peers including EBGP peers and IBGP peers except the peers that advertise these routes l The BGP speaker does not advertise ...

Page 384: ...ASs in a confederation Route Summarization On a large scale network the BGP routing table is large You can configure route summarization to reduce the size of the routing table Route summarization is the process of consolidating multiple routes into one single advertisement After route summarization is configured BGP advertises only the summarized route rather than all specific routes to its peers...

Page 385: ... non clients and an RR and between all non clients Confederation Confederation is another method of dealing with increasing IBGP connections in an AS It divides an AS into several sub ASs IBGP connections are established between IBGP peers within each sub AS and EBGP connections are established between sub ASs For BGP speakers outside a confederation sub ASs in the same confederation are invisible...

Page 386: ...w attributes are optional non transitive Therefore the BGP speakers that do not support the multiprotocol capability will ignore the two attributes and do not advertise the information to peers Address Family BGP uses address families to distinguish different network layer protocols For the values of address families see RFC 1700 Assigned Numbers The S6700 supports multiple MP BGP extensions such ...

Page 387: ...ting fast convergence of BGP routes BGP Security l The S6700 authenticates BGP peers by using MD5 and Key Chain preventing packet fraud or unauthorized packet modification l Generalized TTL Security Mechanism GTSM checks TTL values to defend against attacks GTSM checks whether or not the TTL value in the IP header is within a specified range protecting the router against attacks and improving syst...

Page 388: ...P view These commands are described in the BGP IPv4 unicast address family view in configuration files Pre configuration Tasks Before configuring basic BGP functions complete the following task l Configuring link layer protocol parameters and IP addresses for interfaces to ensure that the link layer protocol on the interfaces is Up Data Preparation To configure basic BGP functions you need the fol...

Page 389: ...ely neighboring to each other Such BGP peers establish a BGP peer relationship by using a logical link Using loopback interface addresses to set up BGP peer relationships improves the stability of BGP connections and therefore is recommended IBGP peer relationships are established between the devices within an AS EBGP peer relationships are established between the devices in different ASs Procedur...

Page 390: ...figure an EBGP peer 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run peer ipv4 address as number as number The IP address of a peer and the number of the AS where the peer resides are specified The number of the AS where the specified peer resides must be different from that of the local AS The IP address of the specified peer can be one of the fol...

Page 391: ...scription for a peer simplifies network management End 7 3 4 Configuring BGP to Import Routes BGP can import routes from other protocols When routes are imported from a dynamic routing protocol the process IDs of the routing protocol must be specified Context BGP itself cannot discover routes Instead it imports routes discovered by other protocols such as an IGP or the static routing protocol into...

Page 392: ... Run default route imported BGP is configured to import default routes To import default routes run both the default route imported command and the import route command If only the import route command is used no default route can be imported In addition the default route imported command is used to import only the default routes that exist in the local routing table l Configure BGP to import rout...

Page 393: ...g info verbose command to check log information of a specified BGP peer l Run the display bgp routing table ipv4 address mask mask length command to check BGP routes End 7 4 Configuring BGP Route Attributes BGP has many route attributes Configuring route attributes can change route selection results 7 4 1 Establishing the Configuration Task Before configuring BGP route attributes familiarize yours...

Page 394: ... following tasks l Configuring IP addresses for interfaces to ensure IP connectivity between neighboring nodes l Configuring Basic BGP Functions Data Preparation To configure BGP route attributes you need the following data No Data 1 AS number 2 BGP preference value 3 Local_Pref value 4 MED value 7 4 2 Configuring the BGP Preference Setting the BGP preference can affect route selection between BGP...

Page 395: ...nt preference values can be set for these three types of routes In addition a routing policy can also be used to set the preferences for the routes that match the policy The routes that do not match the policy use the default preference NOTE At present the peer route policy command cannot be used to set the BGP preference End 7 4 3 Configuring Preferred Values for BGP Routes After preferred values...

Page 396: ...ue Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family unicast The IPv4 unicast address family view is displayed Step 4 Run default local preference preference A default Local_Pref attribute is set for the local device End 7 4 5 Configuring MED Attributes for BGP Routes The MED attribute equals a metric used in an ...

Page 397: ...t ASs Perform the following steps on a BGP device 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run ipv4 family unicast The IPv4 unicast address family view is displayed 4 Run compare different as med The MED values of routes from different ASs are compared By default the BGP device compares the MED values of only routes from different peers in the ...

Page 398: ...e route to an IBGP peer By default a device does not change the next hop address of a route learned from an EBGP peer before forwarding the route to IBGP peers The next hop address of a route advertised by an EBGP peer to this device is the address of the EBGP peer After being forwarded to IBGP peers this route cannot become an active route because the next hop is unreachable The relevant ASBR mus...

Page 399: ...t hop address of a route imported from an IGP before advertising the route to an IBGP peer By default a device changes the next hop address of a route imported from an IGP to the address of the interface connecting the device to its peer when advertising the route to an IBGP peer End 7 4 7 Configuring AS_Path Attributes for Routes The AS_Path attribute is used to prevent rooting loops and control ...

Page 400: ... not to compare AS_Path attributes of routes in the route selection process Perform the following steps on a BGP device 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run ipv4 family unicast The IPv4 unicast address family view is displayed 4 Run bestroute as path ignore BGP is configured to ignore AS_Path attributes of routes during route selection ...

Page 401: ... The BGP view is displayed 3 Run ipv4 family vpn instance vpn instance name The BGP VPN instance IPv4 address family view is displayed 4 Run peer ipv4 address group name substitute as AS number replacement is enabled l Configure the AS_Path attribute to carry only public AS numbers A route advertised by a BGP device to its peer usually carries an AS number The AS number may be public or private Pu...

Page 402: ...s complete Procedure l Run the display bgp paths as regular expression command to check information about AS_Path attributes of routes l Run the display bgp routing table different origin as command to check information about routes that have the same destination address but different source AS numbers l Run the display bgp routing table regular expression as regular expression command to check in...

Page 403: ... be advertised need to be filtered in order to direct routes to specific ASs Filters can be used to filter routes to be advertised by BGP BGP can filter routes to be advertised to a specific peer or peer group Pre configuration Tasks Before configuring BGP to advertise routes complete the following task l Configuring Basic BGP Functions Data Preparation To configure BGP to advertise routes you nee...

Page 404: ...r routes to a network segment If a large number of routes that do not have the same prefix need to be filtered configuring an IP prefix list to filter the routes is very complex An IP prefix list can be used as a matching condition of a route policy or used in the filter policy ip prefix ip prefix name export protocol process id command or the peer group name ipv4 address ip prefix ip prefix name ...

Page 405: ...the BGP routing table of each device on a network is large configuring an ACL or an IP prefix list to filter BGP routes may be complicated and make it difficult to maintain new routes NOTE If the AS_Path information of a summarized route is lost the AS_Path filter cannot be used to filter the summarized route but can still be used to filter the specific routes from which the summarized route is de...

Page 406: ...ied in a filter The relationship between theses rules is OR This means that if a route meets one of the matching rules the route matches the AS_Path filter NOTE For details on a regular expression see the S6700 Series Ethernet Switches Configuration Guide Basic Configurations l Configure a community filter A BGP community attribute is used to identify a group of routes with the same properties Rou...

Page 407: ...y filter basic extcomm filter num basic basic extcomm filter name deny permit rt as number nn ipv4 address nn 1 16 command To configure an advanced extcommunity filter run the ip extcommunity filter adv extcomm filter num advanced adv extcomm filter name deny permit regular expression command Multiple entries can be defined in an extcommunity filter The relationship between the entries is OR This ...

Page 408: ...TE The S6700 considers that each unmatched route fails to match the route policy by default If more than one node is defined in a route policy at least one of them must be in permit mode 3 Optional Perform the following operations as needed to configure if match clauses for current nodes of the route policy if match clauses are used to filter routes If no if match clause is specified all routes wi...

Page 409: ...ibutes are specified in one community filter none of them can be deleted For more information see the S6700 Series Ethernet Switches Command Reference To delete all community attributes from a BGP route run the apply community none command To set community attributes for a BGP route run the apply community community number aa nn 1 32 internet no advertise no export no export subconfed additive com...

Page 410: ...ed using the import route BGP command and local routes advertised using the network BGP command NOTE If an ACL has been referenced in the filter policy command but no VPN instance is specified in the ACL rule BGP will filter routes including public and private network routes in all address families If a VPN instance is specified in the ACL rule only the data traffic from the VPN instance will be f...

Page 411: ...e BGP connections temporarily BGP route refresh allows the system to refresh a BGP routing table dynamically without tearing down any BGP connection if routing policies are changed l If a device s peer supports route refresh the refresh bgp command can be used on the device to softly reset the BGP connection with the peer and update the BGP routing table l If a device s peer does not support route...

Page 412: ...r The BGP view is displayed 3 Run ipv4 family unicast The IPv4 unicast address family view is displayed 4 Run peer ipv4 address group name keep all routes The device is configured to store all the routing updates received from its peers or peer groups By default the device stores only the routing updates that are received from peers or peer groups and match a configured import policy After this co...

Page 413: ...tistics command to check information about routes advertised by a BGP device to its peers End 7 6 Configuring BGP to Receive Routes BGP is used to transmit routing information BGP can filter received routes to accept only the expected routes and can modify route attributes to direct network traffic 7 6 1 Establishing the Configuration Task Before configuring BGP to receive routes familiarize yours...

Page 414: ...licy and number of the route policy s node 7 6 2 Configuring BGP Filters BGP filters can be used to filter routes to be received Context Filters are needed to filter routes to flexibly receive routes Currently six filters are available for BGP l Access Control List ACL l IP Prefix List l AS_Path filter l Community filter l Extcommunity filter l Route Policy Procedure l Configure an ACL An ACL is a...

Page 415: ...gth greater equal value less equal value 32 If only greater equal is specified the prefix range is greater equal value 32 If only less equal is specified the prefix range is mask length less equal value An IPv4 prefix list is identified by its name and each IP prefix list can contain multiple entries Each entry is identified by an index number and can specify a matching range in the form of a netw...

Page 416: ... is configured An AS_Path filter uses a regular expression to define matching rules A regular expression consists of the following parts Metacharacter defines matching rules General character defines matching objects Table 7 2 Metacharacters Metacharacter Description Escape character Matches any single character except n including spaces An asterisk indicates that there are 0 1 or any number of th...

Page 417: ...ed to be advertised to any other AS whereas AS external routes need to be advertised to other ASs These AS external routes have different prefixes as a result an IP prefix list is inapplicable and may come from different ASs as a result an AS_Path filter is inapplicable You can set a community attribute value for these AS internal routes and another community attribute value for these AS external ...

Page 418: ...oute policy route policy name permit deny node node A node is configured for a route policy and the view of the route policy is displayed A route policy consists of multiple nodes For example the route policy route policy example permit node 10 command specifies node 10 and the route policy route policy example deny node 20 command specifies node 20 The two nodes belong to the route policy specifi...

Page 419: ...ity filter comm filter name whole match To match the extended community attribute of BGP routes run the if match extcommunity filter basic extcomm filter num adv extcomm filter num 1 16 basic extcomm filter name advanced extcomm filter name command The operations in Step 3 can be performed in any order A node may have multiple if match clauses or no if match clause NOTE The relationship between th...

Page 420: ...nce preference command To set the Origin attribute for a BGP route run the apply origin igp egp as number incomplete command To set a preferred value for a BGP route run the apply preferred value preferred value command To set dampening parameters for an EBGP route run the apply dampening half life reach reuse suppress ceiling command The operations in Step 4 can be performed in any order A node m...

Page 421: ...t address family view is displayed 4 Perform any of the following configurations to configure the BGP device to filter the routes received from a specific peer or peer group To filter routes based on an ACL run the peer ipv4 address group name filter policy acl number acl name acl name import command To filter routes based on an IP prefix list run the peer ipv4 address group name ip prefix ip pref...

Page 422: ...Route refresh is enabled By default route refresh is enabled If route refresh is enabled on all BGP switches and the import policy of the local switch is changed the local switch sends a route refresh message to peers or peer groups After receiving the message the peers or peer groups resend routing information to the local BGP switch This enables the local switch to dynamically refresh its BGP ro...

Page 423: ... If the peer keep all routes command is run on the switch the sessions between the switch and its peers will not be reestablished but the refresh bgp command does not take effect on the switch End 7 6 5 Checking the Configuration After configuring BGP route reception you can view the imported routes matching a specified filter Prerequisites The BGP route reception configurations are complete Proce...

Page 424: ...s Storing the routing table consumes a large number of memory resources and transmitting and processing routing information consume lots of network resources Configuring route aggregation can reduce the size of a routing table prevent specific routes from being advertised and minimize the impact of route flapping on network performance BGP route aggregation and routing policies enable BGP to effec...

Page 425: ...sed Aggregated routes carry the atomic aggregate attribute not the community attributes of specific routes suppress policy is used to suppress the advertisement of specified routes The if match clause of route policy can be used to filter routes to be suppressed Only the routes matching the policy will be suppressed and the other routes will still be advertised The peer route policy command can al...

Page 426: ...ves the route advertisement efficiency Based on the ASs where peers reside peer groups are classified as follows l IBGP peer group The peers of an IBGP peer group are in the same AS l Pure EBGP peer group The peers of a pure EBGP peer group are in the same external AS l Mixed EBGP peer group The peers of a mixed EBGP peer group are in different external ASs If a function is configured on a peer an...

Page 427: ... the device will attempt to establish a peer relationship with this peer and set the AS number of this peer to the AS number of the peer group When creating an IBGP peer group you do not need to specify the AS number After configuring a peer group you can configure BGP functions for the peer group By default all peers in a peer group inherit the entire configuration of the peer group The inherited...

Page 428: ...his peer to the AS number of the peer group After configuring a peer group you can configure BGP functions for the peer group By default all peers in a peer group inherit the entire configuration of the peer group The inherited configuration can be overridden if you directly configure commands for the peer End 7 8 4 Creating Mixed EBGP Peer Groups If multiple EBGP peers exist in different ASs addi...

Page 429: ...he BGP peer group configurations are complete Procedure l Run the display bgp peer ipv4 address verbose command to check detailed information about BGP peers l Run the display bgp group group name command to check information about BGP peer groups NOTE This command is applied only to devices on which BGP peer groups are created If a peer group is specified in this command detailed information abou...

Page 430: ... deploy RRs you only need to configure the RR functionality on switches and do not need to change configurations on other devices In this regard deploying RRs is easier and more flexible than deploying confederations Pre configuration Tasks Before configuring a BGP RR complete the following task l Configuring Basic BGP Functions Data Preparation To configure a BGP RR you need the following data No...

Page 431: ... address group name reflect client The switch is specified as an RR and its clients are configured To add more clients repeat the step reflect client configured in an address family is valid only in this address family and cannot be inherited by other address families Configuring reflect client in a specified address family is recommended End 7 9 3 Optional Disabling Route Reflection Between Clien...

Page 432: ... the Cluster ID for a Route Reflector If several RRs are deployed in a cluster assigning the same cluster ID to them can prevent route loops Context A backup RR is usually deployed in an AS to prevent a fault on an RR from causing the clients and non clients unable to receive routing information This backup RR improves network reliability As shown in Figure 7 1 RR1 and RR2 are configured as backup...

Page 433: ... that the local cluster ID is already on the cluster list RR2 discards the route NOTE Using a cluster list prevents route loops between RRs within an AS Perform the following steps on each switch that is running BGP Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family unicast The IPv4 unicast address family view is ...

Page 434: ...mission Perform the following steps on the switch that is running BGP Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family unicast The IPv4 unicast address family view is displayed Step 4 Run bgp rib only route policy route policy name BGP route delivery to the IP routing table is disabled The routes preferred by BG...

Page 435: ...P connections are established between devices in each sub AS and full mesh EBGP connections are established between devices in different sub ASs Compared with RRs confederations facilitate IGP extensions Pre configuration Tasks Before configuring a BGP confederation complete the following tasks l Configuring link layer protocol parameters for interfaces to ensure that the link layer protocol on th...

Page 436: ...played 3 Run confederation nonstandard The switchs are configured to be compatible with the nonstandard AS confederation By default the configured confederation accords with RFC 3065 End Checking the Configuration After a confederation is configured you can check whether the configuration is correct l Run the display bgp peer ipv4 address verbose command to check detailed information about BGP pee...

Page 437: ...d Routing Policies A routing policy that references a community attribute needs to be configured before the community attribute is advertised Procedure Step 1 Run system view The system view is displayed Step 2 Run route policy route policy name permit deny node node A node is configured for a routing policy and the view of the routing policy is displayed Step 3 Optional Configure filtering condit...

Page 438: ...munity use a routing policy to define the community attribute and apply the routing policy to the routes to be advertised For details on routing policy configurations see the chapter Routing Policy Configuration Step 5 Run one of the following commands as needed to configure a BGP device to advertise community attributes to its peer or peer group l To configure the BGP device to send a standard co...

Page 439: ...ion on large scale networks Frequent network changes affect the establishment and maintenance of BGP peer relationships affecting the BGP network convergence speed The route dampening and triggered update functions of BGP suppress frequent route changes to a certain extent but cannot minimize the impact of network flapping on BGP connections You can configure BGP timers disabling rapid EBGP connec...

Page 440: ...an quickly detect the status of interfaces used to establish EBGP connections If the interface status is changed frequently rapid EBGP connection reset can be disabled As a result direct EBPG sessions will not be reestablished and deleted as interface alternates between Up and Down This implements rapid network convergence l BGP tracking BGP tracking can speed up network convergence by adjusting t...

Page 441: ...ecific peer or peer group takes precedence over that configured for all peers or peer groups Procedure l Configure a BGP ConnectRetry timer for all peers or peer groups Perform the following steps on a BGP switch 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run timer connect retry connect retry time A BGP ConnectRetry timer is configured for all pe...

Page 442: ...uced This reduces loads of switches If the Keepalive time is too long BGP is unable to detect link status changes in a timely manner This is unhelpful for implementing rapid BGP network convergence and may cause many packets to be lost CAUTION Changing timer values using the timer command or the peer timer command interrupts BGP peer relationships between switches Therefore exercise caution before...

Page 443: ...s of both peers is taken as the hold time value The smaller of one third of the hold time value and the locally configured keepalive time value is taken as the keepalive time value l Configure timers for a specific peer or peer group Perform the following steps on a BGP switch 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run peer ipv4 address group...

Page 444: ...p The MinRouteAdvertisementIntervalTimer configured for a peer takes precedence over the MinRouteAdvertisementIntervalTimer configured for a peer group End 7 12 5 Disabling Fast Reset of EBGP Connections Disabling rapid EBGP connection reset can prevent repeated reestablishment and deletion of EBGP sessions in the event of route flapping This speeds up BGP network convergence Context Rapid EBGP co...

Page 445: ...d BGP network convergence End 7 12 6 Enabling BGP Tracking BGP tracking can be used to adjust the interval between peer unreachability discovery and connection interruption This suppresses BGP peer relationship flapping caused by route flapping and improves BGP network stability Context BGP can be configured to detect peer relationship status changes in order to implement rapid BGP convergence BFD...

Page 446: ...ver the IGP will not delete routes received by the device As a result the BGP peer relationship will not be interrupted even through BGP tracking does not take effect l If BGP peers have negotiated the GR capability and one of the peers performs an active standby switchover the delay time values on the BGP peers must be greater than the GR time Otherwise the BGP peer relationship will be interrupt...

Page 447: ...f IBGP routes are dampened dampening parameters vary on different devices and the forwarding tables are inconsistent Pre configuration Tasks Before configuring BGP route dampening complete the following task l Configuring Basic BGP Functions Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family unicast The IPv4 unica...

Page 448: ...g routing information consume lots of network resources If a device needs to send multiple routes to its peer the device can be configured to send only a default route with the local address as the next hop address to its peer regardless of whether there are default routes in the local routing table This greatly reduces the number of routes on the network and the consumption of memory resources on...

Page 449: ... set the BGP device changes attributes of a default route based on the specified route policy If conditional route match all ipv4 address1 mask1 mask length1 1 4 is set the BGP device sends a default route to the peer only when all specified routes exist in the local routing table If conditional route match any ipv4 address2 mask2 mask length2 1 4 is set the local device sends a default route to t...

Page 450: ...r load balancing For details on how to modify attributes of BGP routes see Configuring BGP Route Attributes l Use multiple paths for load balancing In this method multiple equal cost routes need to be configured for traffic load balancing NOTE Equal cost BGP routes can be generated for traffic load balancing only when the first8 route attributes described in Route Selection Policies for Load Balan...

Page 451: ...s only EBGP routes carry out load balancing This means that load balancing cannot be implemented among IBGP and EBGP routes with the same destination address 5 Optional Run load balancing as path ignore The switch is configured not to compare the AS Path attributes of the routes to be used for load balancing By default the switch compares the AS Path attributes of the routes to be used for load ba...

Page 452: ...the load balancing as path ignore command is run the switch no longer compares the AS Path attributes of the routes to be used for load balancing Therefore exercise caution when using this command l The load balancing as path ignore and bestroute as path ignore commands are mutually exclusive End Checking the Configuration After the BGP load balancing configurations are complete you can run the fo...

Page 453: ...ecting that the route to PE1 is unreachable After BGP convergence is complete the RR selects the route advertised by PE2 and sends the route to PE3 PE3 then reselects a route and sends a route update message to CE1 Traffic forwarding is restored to the normal state After the BGP next hop delayed response is enabled on PE3 PE3 does not need to delete the route or instruct CE1 to delete the route Th...

Page 454: ...you can run the following command to check the previous configuration l Run the display current configuration configuration bgp include nexthop recursive lookup delay command to view information about the delay in responding to a next hop change 7 17 Configuring BFD for BGP BFD for BGP speeds up fault detection and therefore increases the route convergence speed Applicable Environment As technolog...

Page 455: ... the Huawei and non Huawei devices is recommended Pre configuration Tasks Before configuring BFD for BGP complete the following task l Configuring Basic BGP Functions Data Preparation To configure BFD for BGP you need the following data No Data 1 IP address of the BGP peer or name of the peer group for which BFD needs to be configured 2 BFD parameters including the minimum and maximum intervals fo...

Page 456: ...l for transmitting BFD packets Remotely configured interval for receiving BFD packets Actual interval for the local device to receive BFD packets max Remotely configured interval for transmitting BFD packets Locally configured interval for receiving BFD packets and Local detection period Actual interval for receiving BFD packets x Remotely configured BFD detection multiplier For example l On the l...

Page 457: ...FD session between BGP peers 7 18 Configuring BGP Security Authentication can be implemented during the establishment of a TCP connection to enhance BGP security 7 18 1 Establishing the Configuration Task Before configuring BGP security familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the data required for the configuration This will help you com...

Page 458: ...h CPU usage GTSM checks whether or not the TTL value in the IP header is within a specified range protecting the switch against attacks and improving system security NOTE l The S6700 supports GTSM l GTSM supports only unicast addresses therefore the GTSM function must be configured on all the switchs configured with BGP Pre configuration Tasks Before configuring BGP security complete the following...

Page 459: ...both start and end with symbols because these symbols are used to identify types of old and new passwords during an upgrade End 7 18 3 Configuring BGP GTSM The GTSM function protects devices by checking whether the TTL value in the IP header is within a pre defined range Procedure l Adjust GTSM Perform the following steps on two devices that establish a BGP peer relationship 1 Run system view The ...

Page 460: ...on a GTSM enabled switch 1 Run system view The system view is displayed 2 Run gtsm default action drop pass The default action to be taken on the packets that do not match a GTSM policy is Drop By default the action to be taken on the packets that do not match the GTSM policy is pass NOTE If the default action is configured but no GTSM policy is configured GTSM does not take effect l Configure the...

Page 461: ...e refresh changes you need to reset BGP connections to validate the configuration To reset BGP connections run the following reset commands in the user view Procedure l To validate the new configurations run the reset bgp all command in the user view to reset all BGP connections l To validate the new configurations run the reset bgp as number command in the user view to reset the BGP connection be...

Page 462: ... view to clear the dampened routes and advertise the suppressed routes l Run the reset bgp ipv4 address flap info command in the user view to clear the statistics of route flapping End 7 20 Configuration Examples This section provides several configuration examples of BGP 7 20 1 Example for Configuring Basic BGP Functions Networking Requirements As shown in Figure 7 4 all Switches run BGP An EBGP ...

Page 463: ... roadmap is as follows 1 Set up IBGP peer relationships between SwitchB SwitchC and SwitchD 2 Create an EBGP peer relationship between SwitchA and SwitchB 3 Advertise routes through the network command on SwitchA and check the routing tables of SwitchA SwitchB and SwitchC 4 Configure BGP on SwitchB to import direct routes and check the routing tables of SwitchA and SwitchC Data Preparation To comp...

Page 464: ...it 4 Create an EBGP peer relationship Configure SwitchA SwitchA bgp 65008 SwitchA bgp router id 1 1 1 1 SwitchA bgp peer 200 1 1 1 as number 65009 Configure SwitchB SwitchB bgp 65009 SwitchB bgp peer 200 1 1 2 as number 65008 SwitchB bgp quit Check the status of BGP connections SwitchB display bgp peer BGP local router ID 2 2 2 2 Local AS number 65009 Total number of peers 3 Peers in established s...

Page 465: ...Total Number of Routes 1 Network NextHop MED LocPrf PrefVal Path Ogn i 8 0 0 0 200 1 1 2 0 100 0 65008i From the routing table you can view that SwitchC has learned the route to the destination 8 0 0 0 in AS 65008 but the next hop 200 1 1 2 is unreachable Therefore this route is invalid 6 Configure BGP to import direct routes Configure SwitchB SwitchB vlan 65009 SwitchB bgp ipv4 family unicast Swi...

Page 466: ...l 254 time 31 ms Reply from 8 1 1 1 bytes 56 Sequence 4 ttl 254 time 16 ms Reply from 8 1 1 1 bytes 56 Sequence 5 ttl 254 time 31 ms 8 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 16 31 47 ms Configuration Files l Configuration file of SwitchA sysname SwitchA vlan batch 10 50 interface Vlanif10 ip address 200 1 1 2 255 255 255 0 interface...

Page 467: ...ation import route direct peer 9 1 1 2 enable peer 9 1 3 2 enable peer 200 1 1 2 enable return l Configuration file of SwitchC sysname SwitchC vlan batch 20 40 interface Vlanif20 ip address 9 1 3 2 255 255 255 0 interface Vlanif40 ip address 9 1 2 1 255 255 255 0 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 20 interface XGigabitEthernet0 0 2 port link type trunk ...

Page 468: ...9 peer 9 1 2 1 as number 65009 ipv4 family unicast undo synchronization peer 9 1 1 1 enable peer 9 1 2 1 enable return 7 20 2 Example for Configuring AS Path Filter Networking Requirements As shown in Figure 7 5 EBGP connections are set up between Switch A Switch B and Switch C Configure the AS Path filter on Switch B AS 20 thus does not advertises routes of AS 30 to AS 10 or advertise routes of A...

Page 469: ...figuration Roadmap The configuration roadmap is as follows 1 Configure EBGP connections between Switch A and Switch B Switch B and Switch C and Switch C and Switch A and import direct routes 2 Configure the AS Path on Switch B and apply the filtering rule Data Preparation To complete the configuration you need the following data l The router ID of Switch A is1 1 1 1 and the number of its AS is 10 ...

Page 470: ...s number 30 SwitchA bgp peer 200 1 2 2 as number 20 SwitchA bgp import route direct Configure Switch B SwitchB bgp 20 SwitchB bgp router id 2 2 2 2 SwitchB bgp peer 200 1 2 1 as number 10 SwitchB bgp peer 200 1 3 2 as number 30 SwitchB bgp import route direct SwitchB bgp quit Configure Switch C SwitchC bgp 30 SwitchC bgp router id 3 3 3 3 SwitchC bgp peer 200 1 3 1 as number 20 SwitchC bgp peer 20...

Page 471: ... the passing of routes carrying AS 10 SwitchB ip as path filter 2 deny _10_ SwitchB ip as path filter 2 permit Apply the AS Path filter on two outbound interfaces of Switch B SwitchB bgp 20 SwitchB bgp peer 200 1 2 1 as path filter 1 export SwitchB bgp peer 200 1 3 2 as path filter 2 export SwitchB bgp quit Step 5 Check the routing table advertised by Switch B and you can find that the advertised ...

Page 472: ...ernal s suppressed S Stale Origin i IGP e EGP incomplete Total Number of Routes 2 Network NextHop MED LocPrf PrefVal Path Ogn 200 1 2 0 200 1 2 2 0 0 20 200 1 3 0 200 1 2 2 0 0 20 Similarly the BGP routing table of Switch A does not have the two routes SwitchA display bgp routing table BGP Local router ID is 1 1 1 1 Status codes valid best d damped h history i internal s suppressed S Stale Origin ...

Page 473: ...5 0 interface Vlanif20 ip address 200 1 2 2 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bgp 20 router id 2 2 2 2 peer 200 1 2 1 as number 10 peer 200 1 3 2 as number 30 ipv4 family unicast undo synchronization import route direct peer 200 1 2 1 enable peer 2...

Page 474: ...GP Networking Requirements As shown in Figure 7 6 OSPF is used inside AS 65009 An EBGP peer relationship is set up between SwitchA and SwitchB SwitchC runs OSPF instead of BGP Figure 7 6 Networking diagram for configuring BGP to interact with an IGP XGE0 0 2 XGE0 0 1 Switch A XGE0 0 1 XGE0 0 2 XGE0 0 2 Switch B AS65008 AS65009 XGE0 0 1 Switch C Switch Interface VLANIF Interface IP Address SwitchA ...

Page 475: ...interface belongs The configuration details are not mentioned here 2 Assign an IP address to each VLANIF interface The configuration details are not mentioned here 3 Configure OSPF Configure SwitchB SwitchB ospf 1 SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 9 1 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 quit Configure SwitchC SwitchC ospf 1 SwitchC ospf 1 area 0 Sw...

Page 476: ...fib Routing Tables Public Destinations 7 Routes 7 Destination Mask Proto Pre Cost Flags NextHop Interface 8 1 1 0 24 O_ASE 150 1 D 9 1 1 1 Vlanif20 9 1 1 0 24 Direct 0 0 D 9 1 1 2 Vlanif20 9 1 1 2 32 Direct 0 0 D 127 0 0 1 InLoopBack0 9 1 2 0 24 Direct 0 0 D 9 1 2 1 Vlanif40 9 1 2 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0...

Page 477: ... 255 255 0 interface Vlanif30 ip address 8 1 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 30 bgp 65008 router id 1 1 1 1 peer 3 1 1 1 as number 65009 ipv4 family unicast undo synchronization network 8 1 1 0 255 255 255 0 peer 3 1 1 1 enable return l Configuration ...

Page 478: ...rt trunk allow pass vlan 20 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 40 ospf 1 area 0 0 0 0 network 9 1 1 0 0 0 0 255 network 9 1 2 0 0 0 0 255 return 7 20 4 Example for Configuring BGP Load Balancing and the MED Networking Requirements As shown in Figure 7 7 all Switches run BGP SwitchA resides in AS 65008 Both SwitchB and SwitchC reside in AS 65009 EBGP run...

Page 479: ... 2 Configure load balancing and the MED on SwitchA and check the routing table Data Preparation To complete the configuration you need the following data l The VLAN ID of each interface is shown in Figure 7 7 l The IP address of each VLANIF interface is shown in Figure 7 7 l The router IDs of SwitchA is 1 1 1 1 the number of the AS where it resides is 65008 and the number of routes for load balanc...

Page 480: ...splay bgp routing table BGP Local router ID is 1 1 1 1 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Total Number of Routes 2 Network NextHop MED LocPrf PrefVal Path Ogn 9 1 1 0 24 200 1 1 1 0 0 65009i 200 1 2 1 0 0 65009i You can view that there are two valid routes to the destination 9 1 1 0 24 The route whose next hop is 200 1 1 1 is th...

Page 481: ...5009i You can view that the MED of route with the next hop as 200 1 1 1 SwitchB is 100 and the MED of the route with the next hop as 200 1 2 1 is 0 Therefore the route with the smaller MED is selected Configuration Files l Configuration file of SwitchA sysname SwitchA vlan batch 10 20 interface Vlanif10 ip address 200 1 1 2 255 255 255 0 interface Vlanif20 ip address 200 1 2 2 255 255 255 0 interf...

Page 482: ... route policy 10 permit node 10 apply cost 100 return l Configuration file of SwitchC sysname SwitchC vlan batch 20 30 interface Vlanif10 ip address 200 1 2 1 255 255 255 0 interface Vlanif30 ip address 9 1 1 2 255 255 255 0 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 20 interface XGigabitEthernet0 0 2 port link type trunk port trunk allow pass vlan 30 bgp 65009...

Page 483: ...tchA XGigabitEthernet0 0 2 VLANIF 20 200 1 2 1 24 SwitchB XGigabitEthernet0 0 2 VLANIF 20 200 1 2 2 24 SwitchB XGigabitEthernet0 0 3 VLANIF 30 200 1 3 1 24 SwitchC XGigabitEthernet0 0 3 VLANIF 30 200 1 3 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure the EBGP connections between Switch A and Switch B and between Switch B and Switch C 2 Configure the routing policy o...

Page 484: ... 1 24 SwitchA Vlanif20 quit The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA and are not mentioned here Step 3 Configure EBGP Configure Switch A SwitchA bgp 10 SwitchA bgp router id 1 1 1 1 SwitchA bgp peer 200 1 2 2 as number 20 SwitchA bgp ipv4 family unicast SwitchA bgp af ipv4 network 9 1 1 0 255 255 255 0 SwitchA bgp af ipv4 quit Configure Switch B SwitchB...

Page 485: ... community no export SwitchA route policy quit Apply routing policies SwitchA bgp 10 SwitchA bgp ipv4 family unicast SwitchA bgp af ipv4 peer 200 1 2 2 route policy comm_policy export SwitchA bgp af ipv4 peer 200 1 2 2 advertise community Check the routing table of Switch B SwitchB display bgp routing table 9 1 1 0 BGP local router ID 2 2 2 2 Local AS number 20 Paths 1 available 1 best 1 select BG...

Page 486: ... node 10 apply community no export return l Configuration file of Switch B sysname SwitchB vlan batch 20 30 interface Vlanif20 ip address 200 1 2 2 255 255 255 0 interface Vlanif30 ip address 200 1 3 1 255 255 255 0 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface XGigabitEthernet0 0 3 port hybrid pvid vlan 30 port hybrid untagged vlan 30 bgp 20 route...

Page 487: ...h G and Switch H are the clients of cluster 2 It is required that the peer groups be used to simplify configuration and management Figure 7 9 Networking diagram for configuring a BGP RR SwitchA SwitchB SwitchD XGE0 0 1 XGE0 0 1 XGE0 0 2 XGE0 0 3 XGE0 0 2 XGE0 0 3 XGE0 0 1 XGE0 0 2 XGE0 0 4 XGE0 0 4 XGE0 0 3 XGE0 0 1 XGE0 0 2 XGE0 0 1 XGE0 0 2 XGE0 0 5 XGE0 0 1 XGE0 0 1 XGE0 0 1 AS 65010 Cluster1 C...

Page 488: ...configuration roadmap is as follows 1 Establish IBGP connections between the client and the RR and between the non client and the RR 2 Configure route reflection on Switch B and Switch C specify the client and check the routes Data Preparation To complete the configuration you need the following data l ID of the VLAN that each interface belongs to as shown in Figure 7 9 l IP address of each VLANIF...

Page 489: ...h IBGP connections between the clients and the RR and between the non clients and the RR The configuration details are not mentioned here Step 4 Configure Switch A to advertise the local network route 9 1 1 0 24 The configuration details are not mentioned here Step 5 Configure the RR Configure Switch B SwitchB bgp 65010 SwitchB bgp router id 2 2 2 2 SwitchB bgp group in_rr internal SwitchB bgp pee...

Page 490: ...255 255 0 interface Vlanif30 ip address 10 1 3 2 255 255 255 0 interface Vlanif100 ip address 9 1 1 1 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface XGigabitEthernet0 0 3 port hybrid pvid vlan 100 port hybrid untagged vlan 100 bgp 65010 router id 1 1 ...

Page 491: ...10 1 4 2 as number 65010 peer 10 1 4 2 group in_rr peer 10 1 5 2 as number 65010 peer 10 1 5 2 group in_rr ipv4 family unicast undo synchronization undo reflect between clients reflector cluster id 1 peer 10 1 1 2 enable peer 10 1 2 2 enable peer in_rr enable peer in_rr reflect client peer 10 1 4 2 enable peer 10 1 4 2 group in_rr peer 10 1 5 2 enable peer 10 1 5 2 group in_rr return l Configurati...

Page 492: ... 2 group in_rr peer 10 1 9 2 as number 65010 peer 10 1 9 2 group in_rr ipv4 family unicast undo synchronization reflector cluster id 2 peer 10 1 2 1 enable peer 10 1 3 2 enable peer in_rr enable peer in_rr reflect client peer 10 1 7 2 enable peer 10 1 7 2 group in_rr peer 10 1 8 2 enable peer 10 1 8 2 group in_rr peer 10 1 9 2 enable peer 10 1 9 2 group in_rr return l Configuration file of Switch ...

Page 493: ...ween the three Switches in AS 65001 Figure 7 10 Networking diagram for configuring a BGP confederation SwitchE XGE0 0 4 XGE0 0 3 XGE0 0 1 XGE0 0 2 XGE0 0 5 XGE0 0 1 XGE0 0 1 XGE0 0 1 XGE0 0 1 XGE0 0 2 XGE0 0 2 XGE0 0 1 XGE0 0 2 SwitchA SwitchF AS 100 AS 200 AS 65002 AS 65003 AS 65001 SwitchB SwitchC SwitchD Switch Interface VLANIF interface IP address SwitchA XGigabitEthernet0 0 1 VLANIF 10 10 1 1...

Page 494: ...umbers of AS 200 are 65001 65002 and 65003 Procedure Step 1 Create VLANs and add interfaces to the corresponding VLANs Quidway system view Quidway sysname SwitchA SwitchA vlan batch 10 20 30 40 60 SwitchA interface xgigabitethernet 0 0 1 SwitchA XGigabitEthernet0 0 1 port hybrid pvid vlan 10 SwitchA XGigabitEthernet0 0 1 port hybrid untagged vlan 10 SwitchA XGigabitEthernet0 0 1 quit SwitchA inter...

Page 495: ... 65001 SwitchA bgp router id 1 1 1 1 SwitchA bgp confederation id 200 SwitchA bgp confederation peer as 65002 65003 SwitchA bgp peer 10 1 1 2 as number 65002 SwitchA bgp peer 10 1 2 2 as number 65003 SwitchA bgp ipv4 family unicast SwitchA bgp af ipv4 peer 10 1 1 2 next hop local SwitchA bgp af ipv4 peer 10 1 2 2 next hop local SwitchA bgp af ipv4 quit SwitchA bgp quit Configure Switch B SwitchB b...

Page 496: ...v4 quit SwitchF bgp quit Step 6 Verify the configuration Check the BGP routing table of Switch B SwitchB display bgp routing table BGP Local router ID is 2 2 2 2 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Total Number of Routes 1 Network NextHop MED LocPrf PrefVal Path Ogn i 9 1 1 0 24 10 1 1 1 0 100 0 65001 100i SwitchB display bgp rou...

Page 497: ...t select active pre 255 Not advertised to any peers yet End Configuration Files l Configuration file of Switch A sysname SwitchA vlan batch 10 20 30 40 60 interface Vlanif10 ip address 10 1 1 1 255 255 255 0 interface Vlanif20 ip address 10 1 2 1 255 255 255 0 interface Vlanif30 ip address 10 1 3 1 255 255 255 0 interface Vlanif40 ip address 10 1 4 1 255 255 255 0 interface Vlanif60 ip address 200...

Page 498: ...nable return l Configuration file of Switch B sysname SwitchB vlan batch 10 interface Vlanif10 ip address 10 1 1 2 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 bgp 65002 router id 2 2 2 2 confederation id 200 confederation peer as 65001 65003 peer 10 1 1 1 as number 65001 ipv4 family unicast undo synchronization peer 10 1 1 1 enable return l C...

Page 499: ...number 65001 ipv4 family unicast undo synchronization peer 10 1 3 1 enable peer 10 1 5 2 enable return l Configuration file of Switch E sysname SwitchE vlan batch 40 50 interface Vlanif40 ip address 10 1 4 2 255 255 255 0 interface Vlanif50 ip address 10 1 5 2 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface XGigabitEthernet0 0 2 port hy...

Page 500: ...ing BFD for BGP Networking Requirements As shown in Figure 7 11 Switch A belongs to AS 100 and Switch B and Switch C belong to AS 200 EBGP connections are established between Switch A and Switch B and betweenSwitch A and Switch C Service flow is transmitted on the active link Switch A Switch B The link Switch A Switch C Switch B acts as the standby link Use BFD to detect the BGP peer relationship ...

Page 501: ...SwitchC XGigabitEthernet0 0 2 VLANIF 30 9 1 1 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Configure basic BGP functions on each switch 2 Configure MED attributes to control the route selection 3 Enable BFD on Switch A and Switch B Data Preparation To complete the configuration you need the following data l Router IDs and AS numbers of Switch A Switch B and Switch C l Peer ...

Page 502: ...number 100 SwitchC bgp peer 200 1 2 1 ebgp max hop SwitchC bgp peer 9 1 1 1 as number 200 SwitchC bgp network 9 1 1 0 255 255 255 0 SwitchC bgp quit Check the status of BGP peer relationships on Switch A The command output shows that the BGP peer relationships are in the Established state SwitchA display bgp peer BGP local router ID 1 1 1 1 Local AS number 100 Total number of peers 2 Peers in esta...

Page 503: ...1 1 2 bfd enable SwitchA bgp peer 200 1 1 2 bfd min tx interval 100 min rx interval 100 detect multiplier 4 Enable BFD on Switch B Set the minimum intervals for transmitting and receiving BFD packets to 100 ms and the local detection multiplier to 4 SwitchB bfd SwitchB bfd quit SwitchB bgp 200 SwitchB bgp peer 200 1 1 1 bfd enable SwitchB bgp peer 200 1 1 1 bfd min tx interval 100 min rx interval ...

Page 504: ... 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 bgp 100 router id 1 1 1 1 peer 200 1 1 2 as number 200 peer 200 1 1 2 bfd min tx interval 100 min rx interval 100 detect multiplier 4 peer 200 1 1 2 bfd enable peer 200 1 2 2 as number 200 ipv4 family unicast undo syn...

Page 505: ... 255 255 255 0 peer 9 1 1 2 enable peer 200 1 1 1 enable peer 200 1 1 1 route policy 10 export route policy 10 permit node 10 apply cost 100 return l Configuration file of Switch C sysname SwitchC router id 3 3 3 3 vlan batch 10 30 bfd interface Vlanif10 ip address 200 1 2 2 255 255 255 0 interface Vlanif30 ip address 9 1 1 2 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 p...

Page 506: ... 3 3 9 32 EBGP IBGP IBGP IBGP SwitchB SwitchC SwitchD switch Interface VLANIF interface IP address SwitchA XGigabitEthernet0 0 1 VLANIF 10 10 1 1 1 24 SwitchB XGigabitEthernet0 0 1 VLANIF 10 10 1 1 2 24 SwitchB XGigabitEthernet0 0 2 VLANIF 20 20 1 1 1 24 SwitchC XGigabitEthernet0 0 1 VLANIF 20 20 1 1 2 24 SwitchC XGigabitEthernet0 0 2 VLANIF 30 20 1 2 1 24 SwitchD XGigabitEthernet0 0 1 VLANIF 30 2...

Page 507: ...if10 ip address 10 1 1 1 24 SwitchA Vlanif10 quit The configurations of Switch B Switch C and Switch D are similar to the configuration of SwitchA and are not mentioned here Step 3 Configure OSPF The configuration details are not mentioned here Step 4 Configure an IBGP connection Configure Switch B SwitchB bgp 20 SwitchB bgp router id 2 2 2 9 SwitchB bgp peer 3 3 3 9 as number 20 SwitchB bgp peer ...

Page 508: ...lue of valid ttl hops is 1 Configure GTSM on Switch A SwitchA bgp peer 10 1 1 2 valid ttl hops 1 Configure GTSM of the EBGP connection on Switch B SwitchB bgp peer 10 1 1 1 valid ttl hops 1 Check the GTSM configuration SwitchB display bgp peer 10 1 1 1 verbose BGP Peer is 10 1 1 1 remote AS 10 Type EBGP link BGP version 4 Remote router ID 1 1 1 9 Update group ID 2 BGP current state Established Up ...

Page 509: ... GTSM of the IBGP connection on Switch C SwitchC bgp peer 2 2 2 9 valid ttl hops 1 View the GTSM configuration SwitchB display bgp peer 3 3 3 9 verbose BGP Peer is 3 3 3 9 remote AS 20 Type IBGP link BGP version 4 Remote router ID 3 3 3 9 Update group ID 1 BGP current state Established Up for 00h54m36s BGP current event KATimerExpired BGP last state OpenConfirm BGP Peer Up count 1 Received total r...

Page 510: ...r 3 3 3 9 valid ttl hops 1 Check the GTSM configuration SwitchC display bgp peer 4 4 4 9 verbose BGP Peer is 4 4 4 9 remote AS 20 Type IBGP link BGP version 4 Remote router ID 4 4 4 9 Update group ID 1 BGP current state Established Up for 00h56m06s BGP current event KATimerExpired BGP last state OpenConfirm BGP Peer Up count 1 Received total routes 0 Received active routes total 0 Advertised total...

Page 511: ... 4 Remote router ID 4 4 4 9 Update group ID 0 BGP current state Established Up for 00h57m48s BGP current event RecvKeepalive BGP last state OpenConfirm BGP Peer Up count 1 Received total routes 0 Received active routes total 0 Advertised total routes 0 Port Local 53714 Remote 179 Configured connect retry Time 32 sec Configured Active Hold Time 180 sec Keepalive Time 60 sec Received Active Hold Tim...

Page 512: ... all packets match the GTSM policy SwitchB display gtsm statistics all GTSM Statistics Table SlotId Protocol Total Counters Drop Counters Pass Counters 0 BGP 17 0 17 0 BGPv6 0 0 0 0 OSPF 0 0 0 0 LDP 0 0 0 If the host simulates the BGP packets of Switch A to attack Switch B the packets are discarded because their TTL value is not 255 when reaching Switch B In the GTSM statistics of Switch B the num...

Page 513: ...t interface LoopBack0 peer 10 1 1 1 as number 10 peer 10 1 1 1 valid ttl hops 1 ipv4 family unicast undo synchronization import route ospf 1 peer 3 3 3 9 enable peer 3 3 3 9 next hop local peer 4 4 4 9 enable peer 4 4 4 9 next hop local peer 10 1 1 1 enable ospf 1 area 0 0 0 0 network 20 1 1 0 0 0 0 255 network 2 2 2 9 0 0 0 0 return l Configuration file of Switch C sysname SwitchC vlan batch 20 3...

Page 514: ...vlan batch 30 interface Vlanif30 ip address 20 1 2 2 255 255 255 0 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 30 port hybrid untagged vlan 30 interface LoopBack0 ip address 4 4 4 9 255 255 255 255 bgp 20 router id 4 4 4 9 peer 2 2 2 9 as number 20 peer 2 2 2 9 valid ttl hops 2 peer 2 2 2 9 connect interface LoopBack0 peer 3 3 3 9 as number 20 peer 3 3 3 9 valid ttl hops 1 peer 3 3 3 9 c...

Page 515: ...Controlling the Advertising and Receiving of BGP4 Routing Information BGP4 can perform routing policies on or filter only the routes to be advertised to a certain peer 8 6 Configuring Parameters of a Connection Between BGP4 Peers By setting parameters of a connection between BGP4 peers you can adjust and optimize the BGP4 network performance 8 7 Configuring BGP4 Tracking On a network where BFD is ...

Page 516: ...a BGP4 confederation can simplify the management of routing policies and improve the efficiency of route advertisement 8 13 Configuring BGP4 Security To improve BGP4 security you can perform TCP connection authentication 8 14 Maintaining BGP4 Maintaining BGP4 involves resetting a BGP4 connection and clearing BGP4 statistics 8 15 Configuration Examples This section provides several configuration ex...

Page 517: ...local address of the next hop BGP4 can be applied to an IPv6 network by using the BGP attribute of multiple protocol extension The message and routing mechanisms of BGP remain unaltered 8 2 BGP4 Features Supported by the S6700 The system supports various BGP4 features including load balancing route aggregation route dampening community route reflector confederation BGP4 accounting 6PE BFD for BGP4...

Page 518: ...and IPv6 addresses for interfaces to make link layers of the interfaces Up Data Preparation To configure BGP4 you need the following data No Data 1 Local AS number and Router ID 2 IPv6 address and AS number of the peer 3 Optional Interfaces that set up the BGP4 session 8 3 2 Starting a BGP Process Starting a BGP4 process is a prerequisite for configuring basic BGP4 functions When starting a BGP4 p...

Page 519: ...witch on which the IBGP connection needs to be set up 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run peer ipv6 address group name as number as number The peer address and the AS where the peer resides are configured The AS number of the specified peer must be the same as the local AS number When the IPv6 address of a specified peer is a loopback ...

Page 520: ...the local AS number If the IP address of the specified peer is that of a loopback interface on the reachable peer or that of a sub interface on the directly connected peer you need to complete the task of Configuring the Local Interfaces Used for BGP4 Connections to ensure that the peer is correctly established 4 Run peer ipv6 address group name ebgp max hop hop count The maximum number of hops in...

Page 521: ...Used for BGP4 Connections When establishing BGP4 peer relationship between two devices through various links you need to specify the local interface during the setup of a BGP4 session on the devices Context Do as follows on the BGP4 router Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run peer ipv6 address group name connect...

Page 522: ...nfiguring these attributes you can change BGP4 routing policies 8 4 1 Establishing the Configuration Task Before controlling BGP4 route selection familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment You can change the BGP4 routing policie...

Page 523: ... of multiple BGP4 routers l AS_Path attribute After the AS_Path attribute is configured the route with a shorter AS path is selected Pre configuration Tasks Before configuring BGP4 route attributes complete the following tasks l Configuring Basic BGP4 Functions Data Preparation To configure BGP4 route attributes you need the following data No Data 1 AS number 2 Protocol priority 3 Local_Pref 4 MED...

Page 524: ...with the largest preferred value is selected when multiple routes to the same destination exist in the BGP4 routing table Context Do as follows on the BGP4 router Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed Step 4 Run peer group name ipv4 address...

Page 525: ...pv6 family unicast The BGP IPv6 unicast address family view is displayed Step 4 Run default local preference preference The default Local_Pref of the local router is configured End 8 4 5 Configuring the MED Attribute The MED attribute serves as the metric used by an IGP After MED attributes are set EBGP peers select the route with the smallest MED value for the traffic that enters an AS Context Do...

Page 526: ...ouped together and after comparison an optimal route is selected for the group The group optimal route is then compared with optimal routes from other groups to determine the final optimal route This mode of route selection ensures that the sequence in which routes are received is no longer relevant to the result of route selection l Run bestroute med none as maximum The maximum MED value is used ...

Page 527: ...splayed 2 Run bgp as number The BGP view is displayed 3 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed 4 Run nexthop recursive lookup route policy route policy name The next hop iteration based on the specified routing policy is enabled By default the next hop iteration based on the specified routing policy is disabled The next hop iteration based on the specified ro...

Page 528: ...is displayed 2 Run bgp as number The BGP view is displayed 3 Run peer ipv6 address group name fake as fake as number The fake AS number is set You can hide the actual AS number of the local switch by using this command EBGP peers in other ASs can only see this fake AS number That is peers in other ASs need to specify the number of the AS where the local peer resides as this fake AS number NOTE Thi...

Page 529: ...r ipv4 address ipv6 address group name advertise ext community switchs are configured to advertise the extended community attribute to a peer group l Applying the Routing Policies to the Advertised Routing Information Do as follows on the BGP4 switch 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run ipv6 family unicast The BGP IPv6 unicast address f...

Page 530: ...n the display bgp ipv6 routing table community aa nn 1 29 internet no advertise no export no export subconfed whole match command to check routing information about the specified BGP4 community l Run the display bgp ipv6 routing table community filter community filter name basic community filter number whole match advanced community filter number command to check information about the routes match...

Page 531: ...ctions Data Preparation To control the advertising and receiving of BGP4 routing information you need the following data No Data 1 Name and process ID of the external route to be imported 2 Name of the filtering list used in the routing policies 3 Various parameters of route dampening including half life of a reachable route half life of an unreachable route threshold for freeing suppressed routes...

Page 532: ...outing table of a peer BGP4 supports automatic aggregation and manual aggregation Context Do as follows on the switch enabled with BGP4 Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv6 family unicast The IPv6 unicast address family view is displayed Step 4 Run aggregate ipv6 address prefix length as set attribute polic...

Page 533: ... the default routes from other protocols by using the import route command Step 5 Run import route protocol process id med med route policy route policy name BGP4 is configured to import routes of other protocols NOTE Specify the process ID when the routes of a dynamic routing protocol are imported Step 6 Run filter policy acl6 number acl6 name acl6 name ipv6 prefix ipv6 prefix name export protoco...

Page 534: ...r ipv6 address group name default route advertise route policy route policy name Default routes are advertised to peers or a peer group NOTE After the command peer default route advertise is run the switch sends a default route with the local address as the next hop to the specified peer regardless of whether there are default routes in the routing table End 8 5 6 Configuring the Policy for Advert...

Page 535: ...path filter number as path filter name export l Based on the prefix list Run peer ipv4 address ipv6 address group name ipv6 prefix ip prefix name export The commands in Step 4 can be run regardless of the order The outbound routing updates policies used by the members of a peer group can be different from that used by the group That is members of each peer group can select their policies when adve...

Page 536: ...d on the AS path list l peer ipv4 address ipv6 address group name ipv6 prefix ipv6 prefix name import BGP is configured to filter the routes based on the prefix list The commands in Steps 4 can be run regardless of the order The routes imported by BGP can be filtered and only those routes that meet certain conditions are received by BGP and added to the routing table The inbound routing policies u...

Page 537: ...The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed 4 Run peer ipv4 address ipv6 address group name keep all routes All route updates of the peers are kept After this command is run all the route updates of the specified peer are kept regardless of whether the filtering policies are used When the...

Page 538: ...GP4 network performance 8 6 1 Establishing the Configuration Task Before configuring parameters of a connection between BGP4 peers familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment After a BGP4 connection is set up between peers the pe...

Page 539: ...GP4 peer flapping This speeds up route convergence Pre configuration Tasks Before configuring the parameters of a connection between BGP4 peers complete the following tasks l Configuring Basic BGP4 Functions Data Preparation To configure the parameters of a connection between BGP4 peers you need the following data No Data 1 Values of the BGP4 timers 2 Interval for sending the update packets 3 BGP4...

Page 540: ...nnot be detected on time End 8 6 3 Setting the BGP4 ConnectRetry Interval You can speed up or slow down the establishment of BGP4 peer relationships to adapt the network changes by changing the BGP4 ConnectRetry interval Context When BGP4 initiates a TCP connection the ConnectRetry timer is stopped if the TCP connection is established successfully If the first attempt to establish a TCP connection...

Page 541: ...tRetry interval End 8 6 4 Checking the Configuration After parameters of a connection between BGP4 peers are configured you can check BGP4 peers and peer groups Prerequisites The configurations for parameters of a connection between BGP4 peers are complete Procedure l Run the display bgp ipv6 peer ipv4 address verbose command to check detailed information about the BGP4 peers l Run the display bgp...

Page 542: ... than that in a network enabled with BFD therefore BGP4 tracking cannot meet the requirement of voice services that demand high convergence speed Pre configuration Tasks Before configuring BGP4 tracking complete the following tasks l Configuring basic BGP4 functions Data Preparation To configure BGP4 tracking you need the following data No Data 1 Optional Delay for tearing down a connection 8 7 2 ...

Page 543: ...ice and the BGP peer will be torn down which leads to the failure of GR End 8 7 3 Checking the Configuration After BGP4 tracking is configured you can check the configuration of BGP4 tracking by viewing detailed information about the BGP peer or peer group Prerequisite All BGP4 tracking configurations are complete Checking the Configuration Run the following commands to check the previous configur...

Page 544: ...ing routes and upper limit of the penalty 8 8 2 Enabling BGP4 Route Dampening BGP4 route dampening can improve network stability You can flexibly use routing policies for route dampening Context Do as follows on the BGP4 switch Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv6 family unicast The BGP IPv6 unicast address...

Page 545: ...ers This may result in unbalanced traffic on different routes Either of the following methods can be used to address the problem of unbalanced traffic l Use BGP routing policies to allow traffic to be balanced For example use a routing policy to modify the Local_Pref AS_Path Origin and Multi Exit Discriminator MED attributes of BGP routes to direct traffic to different forwarding paths for load ba...

Page 546: ...te in load balancing and the number of EBGP routes to be used for load balancing is the same as the number of IBGP routes to be used for load balancing NOTE The maximum load balancing number command cannot be configured together with the maximum load balancing ebgp number or maximum load balancing ibgp number command When routes with the same destination addresses carry out load balancing on the p...

Page 547: ...pv6 routing table verbose command to view the IPv6 routing table View the routing information in the IPv6 routing table Quidway display ipv6 routing table Routing Table Public Destinations 9 Routes 12 Destination 1 PrefixLength 128 NextHop 1 Preference 0 Cost 0 Protocol Direct RelayNextHop TunnelID 0x0 Interface InLoopBack0 Flags D Destination 1 1 PrefixLength 128 NextHop 2001 2 Preference 255 Cos...

Page 548: ...s and thus improve the efficiency of route advertisement 8 10 1 Establishing the Configuration Task Before configuring a BGP4 peer group familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment A great number of peers exist in a large scale B...

Page 549: ...llows on the BGP4 switch Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run group group name internal A peer group is created Step 4 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed Step 5 Run peer group name enable The peer group is enabled Step 6 Run peer ipv6 address group group name The IPv6 p...

Page 550: ...ame external A pure EBGP peer group is configured Step 4 Run peer group name as number as number The AS number of the peer group is set Step 5 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed Step 6 Run peer group name enable The peer group is enabled Step 7 Run peer ipv6 address group group name The IPv6 peer is added to the peer group After an EBGP peer is added to t...

Page 551: ...peer ipv6 address as number as number The AS number of the IPv6 peer is set Step 5 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed Step 6 Run peer group name enable The peer group is enabled Step 7 Run peer ipv6 address group group name The IPv6 peers created are added to this peer group After an EBGP peer is added to the peer group the system automatically enables ea...

Page 552: ...lp you complete the configuration task quickly and accurately Applicable Environment To ensure the connectivity between IBGP peers inside an AS you need to establish full meshed IBGP peers When there are many IBGP peers establishing a full meshed network costs a lot The route reflector or the confederation can be used to solve this problem Pre configuration Tasks Before configuring a BGP4 route re...

Page 553: ...s that serve as its clients End 8 11 3 Optional Disabling a Route Reflection Between Clients If the clients of a route reflector are fully meshed you can disable route reflection between clients to reduce the cost Context Do as follows on the BGP4 switch Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv6 family unicast T...

Page 554: ...e system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv6 family unicast The BGP IPv6 unicast address family view is displayed Step 4 Run reflector cluster id cluster id The cluster ID of the route reflector is set TIP When there are multiple route reflectors in a cluster you can use the command to configure all the route reflectors in this cluster with the same...

Page 555: ... the configuration task quickly and accurately Applicable Environment The confederation is a method of handling the abrupt increase of IBGP connections in an AS The confederation divides an AS into multiple sub ASs In each sub AS IBGP peers can be full meshed or be configured with a route reflector EBGP connections are set up between sub ASs Pre configuration Tasks Before configuring a BGP4 confed...

Page 556: ...th 4 byte AS numbers cannot exist in the same confederation Otherwise routing loops may occur because AS4_Path does not support confederations l Configuring the Compatibility of a Confederation 1 Run system view The system view is displayed 2 Run bgp as number The BGP view is displayed 3 Run confederation nonstandard The compatibility of the confederation is configured When the confederation of ot...

Page 557: ...ation however does not authenticate BGP4 packets Instead it sets MD5 authentication passwords for TCP connections and the authentication is then completed by TCP If the authentication fails TCP connections cannot be established Pre configuration Tasks Before configuring BGP4 security complete the following task l Configuring Basic BGP4 Functions Data Preparation Before configure BGP4 security you ...

Page 558: ... an old password Neither of them can be both configured at the beginning and end of a plain text password The BGP MD5 authentication and BGP Keychain authentication are mutually exclusive End 8 13 3 Configuring Basic BGP4 GTSM Functions The GTSM mechanism protects a router by checking whether the TTL value in the IP header is in a pre defined range Procedure l Configuring Basic BGP4 GTSM Functions...

Page 559: ...on drop pass The default action is configured for the packets that do not match the GTSM policy By default the packets that do not match the GTSM policy can pass the filtering NOTE If only the default action is configured and the GTSM policy is not configured GTSM does not take effect End 8 13 4 Checking the Configuration After BGP4 network security is configured you can check authentication infor...

Page 560: ... all the BGP4 connections l To validate the new configuration run the reset bgp ipv6 as number command in the user view to reset the BGP 4 connections between the peers in a specified AS l To validate the new configuration run the reset bgp ipv6 ipv4 address ipv6 address group group name command in the user view to reset the BGP 4 connections with the specified peer or peer group l To validate the...

Page 561: ...GP4 Functions Networking Requirements As shown in Figure 8 1 there are two ASs 65008 and 65009 Switch A belongs to AS 65008 and Switch B Switch C and Switch D belong to AS 65009 BGP4 is required to be used to exchange routing information between the two ASs Figure 8 1 Networking diagram for configuring basic BGP4 functions SwitchA XGE0 0 2 VLANIF20 8 1 64 SwitchB SwitchC SwitchD AS 65008 AS 65009 ...

Page 562: ...itch B Switch C and Switch D are similar to the configuration of Switch A and are not mentioned here Step 2 Enable the IPv6 forwarding capability and assign an IPv6 address for each interface The following is the configuration of Switch A The configurations of other Switches are similar to the configuration of Switch A and are not mentioned here Quidway system view Switch A ipv6 Switch A interface...

Page 563: ...4 Configure Switch B Switch B bgp 65009 Switch B bgp peer 10 2 as number 65008 Switch B bgp ipv6 family unicast Switch B bgp af ipv6 peer 10 2 enable Switch B bgp af ipv6 network 10 64 View the status of the BGP4 peers Switch B display bgp ipv6 peer BGP local router ID 2 2 2 2 Local AS number 65009 Total number of peers 3 Peers in established state 3 Peer V AS MsgRcvd MsgSent OutQ Up Down State Pr...

Page 564: ...route from AS 65009 AS 65008 and AS 65009 can exchange their routing information End Configuration Files l Configuration file of Switch A sysname Switch A ipv6 vlan batch 10 20 interface Vlanif10 ipv6 enable ipv6 address 8 1 64 interface Vlanif20 ipv6 enable ipv6 address 10 2 64 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 10 port hybrid untagged vlan 10 interface XGigabitEthernet0 0 2 po...

Page 565: ...net0 0 2 port hybrid pvid vlan 20 port hybrid untagged vlan 20 interface XGigabitEthernet0 0 3 port hybrid pvid vlan 30 port hybrid untagged vlan 30 bgp 65009 router id 2 2 2 2 peer 9 1 2 as number 65009 peer 9 3 2 as number 65009 peer 10 2 as number 65008 ipv4 family unicast undo synchronization ipv6 family unicast undo synchronization network 9 1 64 network 9 3 64 network 10 64 peer 9 1 2 enable...

Page 566: ...nable return l Configuration file of Switch D sysname Switch D ipv6 vlan batch 40 50 interface Vlanif40 ipv6 enable ipv6 address 9 1 2 64 interface Vlanif50 ipv6 enable ipv6 address 9 2 2 64 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 40 port hybrid untagged vlan 40 interface XGigabitEthernet0 0 2 port hybrid pvid vlan 50 port hybrid untagged vlan 50 bgp 65009 router id 4 4 4 4 peer 9 1 ...

Page 567: ...4 SwitchB SwitchC SwitchD AS 100 AS 200 XGE0 0 1 VLANIF10 100 1 96 100 2 96 VLANIF20 XGE0 0 2 X G E 0 0 1 X G E 0 0 2 XG E0 0 1 XG E0 0 1 V L A N I F 3 0 V L A N I F 3 0 V L A N I F 4 0 V L A N I F 4 0 1 0 1 2 9 6 1 0 1 1 9 6 1 0 2 1 9 6 1 0 2 2 9 6 Device name Interface VLANIF interface IP address Switch A XGE0 0 1 VLANIF 10 1 1 64 Switch A XGE0 0 2 VLANIF 20 100 1 96 Switch B XGE0 0 2 VLANIF 20 ...

Page 568: ...urations of other Switches are similar to the configuration of Switch A and are not mentioned here Quidway system view Switch A ipv6 Switch A interface vlanif 10 Switch A Vlanif10 ipv6 enable Switch A Vlanif10 ipv6 address 1 1 64 Switch A interface vlanif 20 Switch A Vlanif20 ipv6 enable Switch A Vlanif20 ipv6 address 100 1 96 Step 3 Configure the basic BGP4 functions Configure Switch A Switch A b...

Page 569: ...ent View the routing table of Switch B Switch B display bgp ipv6 routing table BGP Local router ID is 2 2 2 2 Status codes valid best d damped h history i internal s suppressed S Stale Origin i IGP e EGP incomplete Total Number of Routes 6 Network 1 PrefixLen 64 NextHop 100 1 LocPrf MED 0 PrefVal 0 Label Path Ogn 100 i Network 100 PrefixLen 96 NextHop LocPrf MED 0 PrefVal 0 Label Path Ogn Network ...

Page 570: ...efVal 0 Label Path Ogn i The routing tables show that Switch D and Switch B have learned the routing information advertised by Switch A from Switch C End Configuration Files l Configuration file of Switch A sysname Switch A ipv6 vlan batch 10 20 interface Vlanif10 ipv6 enable ipv6 address 1 1 64 interface Vlanif20 ipv6 enable ipv6 address 100 1 96 interface XGigabitEthernet0 0 1 port hybrid pvid v...

Page 571: ...rid untagged vlan 20 bgp 200 router id 2 2 2 2 peer 100 1 as number 100 peer 101 1 as number 200 ipv4 family unicast undo synchronization ipv6 family unicast undo synchronization network 100 96 network 101 96 peer 100 1 enable peer 101 1 enable return l Configuration file of Switch C sysname Switch C ipv6 vlan batch 30 40 interface Vlanif30 ipv6 enable ipv6 address 101 1 96 interface Vlanif40 ipv6...

Page 572: ...flect client return l Configuration file of Switch D sysname Switch D ipv6 vlan batch 40 interface Vlanif40 ipv6 enable ipv6 address 102 2 96 interface XGigabitEthernet0 0 1 port hybrid pvid vlan 40 port hybrid untagged vlan 40 bgp 200 router id 4 4 4 4 peer 102 1 as number 200 ipv4 family unicast undo synchronization ipv6 family unicast undo synchronization network 102 96 peer 102 1 enable return...

Page 573: ...ring the Policy for Exchanging Routes Between MBGP Peers By configuring a proper route exchange policy you can control the routing information exchanged between MBGP peers 9 6 Configuring MBGP Route Attributes MBGP has many route attributes You can change MBGP route selection by setting these attributes 9 7 Configuring MBGP Route Dampening Configuring MBGP dampening can suppress the unstable MBGP ...

Page 574: ...P NOTE This chapter describes the configuration of MP BGP applied to multicast that is MBGP configuration For the details of MP BGP refer to the chapter BGP Configuration in the S6700 Series Ethernet Switches Configuration Guide IP Routing 9 2 MBGP Features Supported by the S6700 You can configure such features as load splitting route aggregation route dampening community attributes and route refl...

Page 575: ...can exchange routing information only after they have successfully set up a BGP peer relationship Context NOTE If the two switches that plan to set up the MBGP peer relationship have set up a BGP connection skip the section Do as follows on the two switches between which the MBGP peer relationship needs to be set up Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as nu...

Page 576: ...stem view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family multicast The BGP IPv4 multicast address family view is displayed Step 4 Run peer ipv4 address group name enable MBGP is enabled on the original BGP peer or peer group The original BGP peer becomes an MBGP peer The parameters of the command are explained as follows l group name specifie...

Page 577: ...t of the route reflector The parameters of the command are explained as follows l group name specifies the name of an MBGP peer group l ipv4 address specifies the IP address of a remote MBGP peer Step 5 Optional Run reflector cluster id cluster id The cluster ID of the route reflector is configured By default the route reflector uses its switch ID as the cluster ID cluster id Specifies the cluster...

Page 578: ...e routes to be advertised The network command is used to advertise the exactly matched routes To be specific the command can be used to advertise the routes only with the exactly matched address prefix and mask If the mask is not designated the routes are exactly matched based on the natural network segment Step 5 Run import route protocol process id med med route policy route policy name The rout...

Page 579: ...l Run the display bgp multicast network command to check the routing information to be advertised by MBGP through network command l Run the display bgp multicast routing table network mask mask length longer prefixes command to check the MBGP routing table End 9 4 Configuring the Policy for Advertising MBGP Routes You can configure a route advertisement policy to determine which routing informatio...

Page 580: ...group 3 Name of the routing policy 4 Addresses and masks of the local routes that need to be aggregated 9 4 2 Optional Configuring the Next Hop of a Route as the Local Address Configuring the next hop of a route as the local address is applicable to IBGP peers Context Do as follows on the switch configured with an MBGP peer NOTE The configuration is optional and is valid only for IBGP peer or peer...

Page 581: ... Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family multicast The BGP IPv4 multicast address family view is displayed Step 4 MBGP supports the following two ways of local route aggregation l Automatic aggregation aggregates the routes imported by MBGP locally Run summary automatic The automatic aggregation of the subnet routes is configured l Manual aggregation aggregates ro...

Page 582: ...is displayed Step 4 Run peer group name ipv4 address default route advertise route policy route policy name A default route is advertised to a remote MBGP peer or peer group The parameters of the command are explained as follows l group name specifies an MBGP peer group l ipv4 address specifies the IP address of a remote MBGP peer l route policy route policy name specifies the routing policy that ...

Page 583: ...vertises the community attribute Step 5 Optional Run peer ipv4 address group name advertise ext community The local peer is configured to advertise the extended community attribute to an MBGP peer group or a remote MBGP peer By default the local peer does not advertise the extended community attribute The parameters of this command are explained as follows l group name specifies the name of an MBG...

Page 584: ...mand are explained as follows l group name specifies an MBGP peer group l ipv4 address specifies the IP address of a remote MBGP peer End 9 4 7 Checking the Configuration After the policy for advertising MBGP routes is configured you can check information about MBGP routing information Prerequisites The configurations of the policy for advertising MBGP routes are complete Procedure l Run the displ...

Page 585: ...configuration tasks and required data This can help you complete the configuration task quickly and accurately Applicable Environment Based on the actual network users can configure the related route exchange polices to control the routing information transmitted between MBGP peers For a switch configured with MBGP the routes exchanged between peers are classified into the following types l import...

Page 586: ... displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family multicast The BGP IPv4 multicast address family view is displayed Step 4 Run filter policy acl number acl name acl name ip prefix ip prefix name import MBGP routing policy is configured to filter the received routes The parameters of the command are explained as follows l acl number and acl name acl name specifies...

Page 587: ...R or RIP you need to set process id End 9 5 3 Configuring the Route Filtering Policy Based on Route policy By configuring an MBGP route policy you can flexibly filter routes Context Do as follows on the switch configured with an MBGP peer NOTE The configuration is optional By default the route filtering policy based on route policy is not configured Procedure Step 1 Run system view The system view...

Page 588: ...d on the ACL is not configured Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family multicast The BGP IPv4 multicast address family view is displayed Step 4 Run peer ipv4 address group name filter policy acl number acl name acl name import export The MBGP routing policy based on the ACL is configured to control the ...

Page 589: ...mport export The MBGP routing policy based on the AS Path list is configured to control the route exchange with a specified remote MBGP route The parameters of the command are explained as follows l group name specifies an MBGP peer group l ipv4 address specifies the IP address of a remote MBGP peer l as path filter number and as path filter name specifies the AS Path list l import filters the rou...

Page 590: ...ss of a remote MBGP peer l ip prefix name specifies the IP prefix list l import filters the routes sent by a specified remote MBGP peer or peer group Only the routes that pass the filtering are received l export filters the routes sent to a specified remote MBGP peer or peer group Only the routes that pass the filtering are sent End 9 5 7 Configuring the Maximum Number of Routes Received from Peer...

Page 591: ...timeout timer for reestablishing the connection automatically after the number of routes exceeds the limit times specifies the value of the timer l If the three parameters are not set the peer relationship is disconnected The switch retries setting up a connection after 30 seconds An alarm is generated and recorded in the log End 9 5 8 Checking the Configuration After the policy for exchanging rou...

Page 592: ...tributes MBGP has many route attributes You can change MBGP route selection by setting these attributes 9 6 1 Establishing the Configuration Task Before configuring MBGP Route Attributes familiarize yourself with the applicable environment pre configuration tasks and required data This can help you complete the configuration task quickly and accurately Applicable Environment MBGP has many route at...

Page 593: ...ticast address family view is displayed Step 4 Run peer group name ipv4 address preferred value value The preferred value is set for a route learnt from an MBGP peer group or a remote MBGP peer The route with the greatest preferred value is selected as the route to a specified network The parameters of the command are explained as follows l group name specifies the name of an MBGP peer group l ipv...

Page 594: ...nce of the route learned from an IBGP peer l local specifies the preference of the local originated route l route policy route policy name specifies the routing policy The configuration is applicable to the specific routes that meet certain matching conditions End 9 6 4 Configuring the Local Pref of an MBGP Route The Local_Pref attribute is used to determine the optimal route to the destination wh...

Page 595: ...o determine the route for the traffic entering the AS The route with the smallest MED value is selected Context Do as follows on the switch configured with an MBGP peer NOTE The configuration is optional When an MBGP switch obtains multiple routes with the same destination but different next hops from different EBGP peers the route with the smallest MED value is preferred if other conditions of th...

Page 596: ... together and after comparison an optimal route is selected for the group The group optimal route is then compared with optimal routes from other groups to determine the final optimal route This mode of route selection ensures that the sequence in which routes are received is no longer relevant to the result of route selection l Run bestroute med none as maximum When the MED value of a route is lo...

Page 597: ...play bgp multicast routing table command to check the routes of the MBGP routing table l Run the display bgp multicast routing table statistics command to check the statistics of the MBGP routing table End 9 7 Configuring MBGP Route Dampening Configuring MBGP dampening can suppress the unstable MBGP routing information 9 7 1 Establishing the Configuration Task Before configuring MBGP route dampeni...

Page 598: ...alid only for EBGP routes By default the default values of dampening parameters are used Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ipv4 family multicast The BGP IPv4 multicast address family view is displayed Step 4 Run dampening half life reach reuse suppress ceiling route policy route policy name The dampening para...

Page 599: ...the display bgp multicast routing table dampened command to check MBGP dampened routes l Run the display bgp multicast routing table dampening parameter command to check MBGP route dampening parameters l Run the display bgp multicast routing table flap info network address mask longer match mask length longer match as path filter as path filter number as path filter name regular expression as regu...

Page 600: ...rm the action before you use the command Procedure l Run the reset bgp multicast dampening ipv4 address mask mask length command in the user view to clear the MBGP routing information l Run the reset bgp multicast flap info ipv4 address mask length mask as path filter as path filter number as path filter name regrexp regrexp command in the user view to clear the information about the MBGP route fl...

Page 601: ...cast acl acl number ip prefix ip prefix name peer peer address receive send verbose command in the user view to enable the debugging of MBGP update packets End 9 9 Configuration Examples MBGP configuration examples are provided including networking requirements and diagram configuration roadmap and configuration notes 9 9 1 Example for Configuring Basic MBGP Functions Networking Requirements As sh...

Page 602: ...300 193 1 1 2 24 LoopBack0 2 2 2 2 32 Switch C XGE 0 0 1 Vlanif400 195 1 1 1 24 XGE 0 0 2 Vlanif102 22 22 22 1 24 XGE 0 0 3 Vlanif300 193 1 1 1 24 LoopBack0 3 3 3 3 32 Switch D XGE 0 0 1 Vlanif400 195 1 1 2 24 XGE 0 0 2 Vlanif200 194 1 1 1 24 LoopBack0 4 4 4 4 32 Configuration Roadmap The configuration roadmap is as follows 1 Configure the IP addresses for the interfaces on each Switch to ensure i...

Page 603: ...pBack interfaces of each other Configure the switches to dynamically update routes through a unicast routing protocol OSPF process 1 is adopted in the configuration and the procedure is not mentioned here Step 2 Configure BGP enable the MBGP protocol and configure the MBGP peers Configure BGP and the MBGP peer on Switch A SwitchA bgp 100 SwitchA bgp peer 192 1 1 2 as number 200 SwitchA bgp ipv4 fa...

Page 604: ...gp af multicast import route ospf 1 SwitchB bgp af multicast quit SwitchB bgp quit Configure the routes to be advertised on Switch C The configuration of Switch D is similar to the configuration of Switch C and is not mentioned here SwitchC bgp 200 SwitchC bgp ipv4 family multicast SwitchC bgp af multicast import route direct SwitchC bgp af multicast import route ospf 1 SwitchC bgp af multicast qu...

Page 605: ...1 1 255 255 255 255 SwitchA LoopBack0 pim sm SwitchA LoopBack0 quit SwitchA pim SwitchA pim c bsr LoopBack 0 SwitchA pim c rp LoopBack 0 SwitchA pim quit Configure Switch B SwitchB interface LoopBack 0 SwitchB LoopBack0 ip address 2 2 2 2 255 255 255 255 SwitchB LoopBack0 pim sm SwitchB LoopBack0 quit SwitchB pim SwitchB pim c bsr LoopBack 0 SwitchB pim c rp LoopBack 0 SwitchB quit Step 6 Configur...

Page 606: ...ip between switches For example the following information shows the MBGP peer relationship on Switch B SwitchB display msdp brief MSDP Peer Brief Information Configured Up Listen Connect Shutdown Down 1 1 0 0 0 0 Peer s Address State Up Down time AS SA Count Reset Count 192 1 1 1 Up 00 07 17 100 1 0 End Configuration Files l Configuration file of Switch A sysname SwitchA vlan batch 100 to 101 mult...

Page 607: ...lanif300 ip address 193 1 1 2 255 255 255 0 pim sm interface XGigabitEthernet0 0 1 port hybrid tagged vlan 100 interface XGigabitEthernet0 0 2 port hybrid tagged vlan 200 interface XGigabitEthernet0 0 3 port hybrid tagged vlan 300 interface LoopBack0 ip address 2 2 2 2 255 255 255 255 pim sm pim c bsr LoopBack 0 c rp LoopBack 0 ospf 1 area 0 0 0 0 network 193 1 1 0 0 0 0 255 network 194 1 1 0 0 0 ...

Page 608: ...1 1 1 255 255 255 0 pim sm interface XGigabitEthernet0 0 1 port hybrid tagged vlan 400 interface XGigabitEthernet0 0 2 port hybrid tagged vlan 102 interface XGigabitEthernet0 0 3 port hybrid tagged vlan 300 interface LoopBack0 ip address 3 3 3 3 255 255 255 255 pim sm ospf 1 area 0 0 0 0 network 193 1 1 0 0 0 0 255 network 195 1 1 0 0 0 0 255 network 3 3 3 3 0 0 0 0 bgp 200 peer 193 1 1 2 as numbe...

Page 609: ...e LoopBack0 ip address 4 4 4 4 255 255 255 255 pim sm ospf 1 area 0 0 0 0 network 194 1 1 0 0 0 0 255 network 195 1 1 0 0 0 0 255 network 4 4 4 4 0 0 0 0 bgp 200 peer 194 1 1 2 as number 200 peer 195 1 1 1 as number 200 ipv4 family unicast undo synchronization peer 194 1 1 2 enable peer 195 1 1 1 enable ipv4 family multicast undo synchronization import route direct import route ospf 1 peer 194 1 1...

Page 610: ...of routing policies to routing protocols you can filter the received routes 10 6 Applying Filters to Advertised Routes By applying the related filters of routing policies to routing protocols you can filter advertised routes 10 7 Applying Filters to Imported Routes By applying the related filters of routing policies to routing protocols you can filter imported routes 10 8 Controlling the Valid Tim...

Page 611: ...isement reception and import Differences Between Routing Policy and PBR Different from the forwarding by searching the Forwarding information base FIB according to the destination address of a packet Policy based routing PBR is a route selection mechanism based on policies set by users PBR supports the information based on the source address and the length of a packet PBR selects routes according ...

Page 612: ...ntified by index numbers in an ascending order When a route matches an entry the system does not search the next entry matching the route For the detailed configuration refer to Configuring the IP Prefix List l AS Path Filter Border Gateway Protocol BGP routing information packet includes an autonomous system AS path domain The AS Path filter specifies the matching condition for the AS path domain...

Page 613: ...f the Routing Policy The routing policy is used in the following situations l Import routes that meet the matching rules through filters when a routing protocol imports routes discovered by other protocols l Filter routes that a routing protocol advertises or receives Only the routes that meet the matching rules are received or advertised For the configuration of routing policy applications refer ...

Page 614: ...he range of the prefix is mask length less equal value An IPv4 prefix list is identified by its list name Each prefix list contains multiple entries Each entry can independently specify the matching range in the form of the network prefix and identify it with an index number For example the following shows an IPv4 prefix list named abcd ip ip prefix abcd index 10 permit 1 0 0 0 8 ip ip prefix abcd...

Page 615: ... equal value 128 If only greater equal is specified the range of the prefix is greater equal value 128 if only less equal is specified the range of the prefix is prefix length less equal value An IPv6 prefix list is identified by its list name Each prefix list can include multiple entries Each entry can independently specify the matching range in the form of the network prefix and identify it with...

Page 616: ...cy familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment A Route Policy is used to match routes or certain route attributes and to change these attributes when the matching rules are met A Route Policy consists of multiple nodes Each node ...

Page 617: ...ter permit specifies a node in a Route Policy in permit mode If a route matches the node the switch performs actions defined by the apply clauses and the matching is complete Otherwise the route continues to match the next nod l The parameter deny specifies a node in a Route Policy in deny mode In deny mode the apply clauses are not used If a route entry matches all the if match clauses of the nod...

Page 618: ...licy route policy name permit deny node node The Route Policy view is displayed Step 3 Run the following command as required l Run if match acl acl number acl name The ACL is configured to match the routes l Run if match cost cost The cost is set to match the routes l Run if match interface interface type interface number The outbound interface is configured to match the routes l Run if match ip n...

Page 619: ...r A node can have multiple or no if match clauses NOTE l For the same node in a route policy the relationship between if match clauses is AND The route must meet all the matching rules before the actions defined by the apply clauses are performed In the if match route type and if match interface commands the relationship between the if match clauses is OR In other commands the relationship between...

Page 620: ...s level 1 level 1 2 level 2 The route level of IS IS is set l Run apply ospf backbone stub area The area of the OSPF that routes are imported into is set l Run apply preference preference The preference of the routing protocol is set The smaller the preference value the higher the preference l Run apply tag tag The tag of the route is set The commands in Step 3 can be used regardless of the order ...

Page 621: ...col generates routes based on the routing table The filters affect the routes received from the neighbor and the routes to be sent to the neighbor Link state protocol A link state protocol generates routes based on the Link State Database The filter policy command does not affect the Link State Advertisements LSAs or the integrity of the LSDB Therefore the effect on the commands of filter policy i...

Page 622: ...p prefix name gateway ip prefix name import interface type interface number The filtering policy is configured for routes received by RIP The filter policy is configured in the RIP process If routes are filtered based on an interface you can configure only one route policy based on the interface at a time If no interface is specified the system considers the configured route policy as the global r...

Page 623: ...at runs IS IS Procedure Step 1 Run system view The system view is displayed Step 2 Run isis process id vpn instance vpn instance name An IS IS process is enabled and the IS IS view is displayed Step 3 Run filter policy acl number acl name acl name ip prefix ip prefix name route policy route policy name import You can configure IS IS to filter the received routes to be added to the IP routing table...

Page 624: ...v4 unicast address family view is displayed 4 Run peer group name ipv4 address filter policy acl number acl name acl name import The filtering policy is configured for routes received from peers or peer groups End 10 5 6 Checking the Configuration After filters are applied to the received routes you can check information about the routing table of each protocol Prerequisites The configurations for...

Page 625: ...g policy you need to import the filters to the protocols l Filtering the advertised routes Use the filter policy command in the protocol view and import an ACL or an IP prefix list to filter the advertised routes Only the routes that meet the matching rules are advertised The filter policy export command is used to filter the advertised routes For the DV protocol and the link state protocol the pr...

Page 626: ...tised routes you need the following data No Data 1 Name of the IP prefix list 2 Name of the ACL 3 Name of the Route Policy and node number 10 6 2 Filtering Routes Advertised by RIP By applying filters you can control the advertisement of RIP routes Context Do as follows on the switch that runs RIP Procedure Step 1 Run system view The system view is displayed Step 2 Run rip process id A RIP process...

Page 627: ... system view is displayed Step 2 Run ospf process id An OSPF process is enabled and the OSPF view is displayed Step 3 Run filter policy acl number acl name acl name ip prefix ip prefix name export protocol process id The filtering policy is configured to filter the imported routes when these routes are advertised by OSPF End 10 6 4 Filtering Routes Advertised by IS IS By applying filters you can c...

Page 628: ...mported by BGP only the routes that meet matching rules can be added to the BGP local routing table and advertised to the BGP peers If protocol is specified only the routes of the specified protocol are filtered If the parameter is not specified all the routes advertised by BGP are filtered including the imported routes and the local routes advertised through the network command NOTE The filter po...

Page 629: ...mmand to check information about the OSPF routing table l Run the display isis process id route command to check information about the ISIS routing table l Run the display bgp routing table command to check information about the BGP routing table l Run the display ip routing table command to check information about the public IPv4 routing table Run the display ip routing table command on the neigh...

Page 630: ...dvertised NOTE l BGP has powerful filtering functions For details of BGP configuration refer to BGP Configuration l You can run the filter policy command and the import route command with different parameters for RIP OSPF IS IS and BGP For details refer to related configurations Pre configuration Tasks Before applying filters to imported routes complete the following tasks l Configuring the IP Pre...

Page 631: ...ocedure Step 1 Run system view The system view is displayed Step 2 Run ospf process id An OSPF process is enabled and the OSPF view is displayed Step 3 Run import route limit limit number bgp permit ibgp direct unr rip process id rip static isis process id isis ospf process id ospf cost cost type type tag tag route policy route policy name The external routes are imported End 10 7 4 Applying Route...

Page 632: ... tag tag route policy route policy name level 1 level 2 level 1 2 command to import the external routes End 10 7 5 Applying Route Policy to Routes Imported by BGP By applying filters you can control the import of BGP routes Context Do as follows on the switch that runs BGP Procedure Step 1 Run system view The system view is displayed Step 2 Run bgp as number The BGP view is displayed Step 3 Run ip...

Page 633: ...policy when modifying the routing policy 10 8 1 Establishing the Configuration Task Before configuring the delay for applying a routing policy familiarize yourself with the applicable environment complete the pre configuration tasks and obtain the required data This can help you complete the configuration task quickly and accurately Applicable Environment In actual applications when the configurat...

Page 634: ...gure the delay for applying a routing policy Context Do as follows on the switch on which the delay for applying routing policy needs to be changed Procedure Step 1 Run system view The system view is displayed Step 2 Run route policy change notify delay delay time The delay for applying the routing policy is set The delay ranges from 1 to 180 in seconds By default the RM immediately notifies the p...

Page 635: ...Maintaining the Routing Policy Maintaining routing policies involves clearing the statistics of the IP prefix list and debugging routing policies Context CAUTION The statistics of IP prefix lists cannot be restored after being cleared Exercise caution when running this command By default the statistics of IP prefix lists are not cleared Procedure l Run reset ip ip prefix ip prefix name command in ...

Page 636: ... 1 1 24 SwitchB XGE 0 0 1 VLANIF 10 192 168 1 2 24 SwitchB XGE 0 0 2 VLANIF 20 192 168 2 1 24 SwitchB XGE 0 0 3 VLANIF 30 192 168 3 1 24 SwitchC XGE 0 0 1 VLANIF 20 192 168 2 2 24 SwitchD XGE 0 0 1 VLANIF 30 192 168 3 2 24 Configuration Roadmap The configuration roadmap is as follows 1 Create the ID of the VLAN to which each interface belongs 2 Assign an IP address to each VLANIF interface 3 Confi...

Page 637: ... area 0 0 0 0 quit SwitchB ospf 1 quit Configure Switch C SwitchC ospf SwitchC ospf 1 area 0 SwitchC ospf 1 area 0 0 0 0 network 192 168 2 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit Configure Switch D SwitchD ospf SwitchD ospf 1 area 0 SwitchD ospf 1 area 0 0 0 0 network 192 168 3 0 0 0 0 255 SwitchD ospf 1 area 0 0 0 0 quit SwitchD ospf 1 quit 4 Configure five static routes ...

Page 638: ...le Route Flags R relay D download to fib Routing Tables Public Destinations 11 Routes 11 Destination Mask Proto Pre Cost Flags NextHop Interface 127 0 0 0 8 Direct 0 0 D 127 0 0 1 InLoopBack0 127 0 0 1 32 Direct 0 0 D 127 0 0 1 InLoopBack0 192 168 1 0 24 Direct 0 0 D 192 168 1 2 Vlanif10 192 168 1 2 32 Direct 0 0 D 127 0 0 1 Vlanif10 192 168 2 0 24 Direct 0 0 D 192 168 2 1 Vlanif20 192 168 2 1 32 ...

Page 639: ...atic 172 1 16 0 255 255 255 0 NULL0 ip route static 172 1 17 0 255 255 255 0 NULL0 ip route static 172 1 18 0 255 255 255 0 NULL0 ip route static 172 1 19 0 255 255 255 0 NULL0 ip route static 172 1 20 0 255 255 255 0 NULL0 return l Configuration file of Switch B sysname SwitchB vlan batch 10 20 30 interface Vlanif10 ip address 192 168 1 2 255 255 255 0 interface Vlanif20 ip address 192 168 2 1 25...

Page 640: ...terface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 30 ospf 1 area 0 0 0 0 network 192 168 3 0 0 0 0 255 return 10 10 2 Example for Applying a Routing Policy to Imported Routes Networking Requirements As shown in Figure 10 2 Switch B exchanges routing information with Switch A through OSPF and with Switch C through IS IS Switch B is required to import IS IS routes into OS...

Page 641: ...Switch A and Switch B and import IS IS routes 5 Configure a routing policy on Switch B and apply the routing policy when OSPF imports IS IS routes and verify the routes Data Preparation To complete the configuration you need the following data l The IS IS level of Switch C is Level 2 The system ID is ID 0000 0000 0001 The IS IS level of Switch B is Level 2 The system ID is ID 0000 0000 0002 The ar...

Page 642: ...a 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchA ospf 1 area 0 0 0 0 quit SwitchA ospf 1 quit Configure Switch B enable OSPF and import IS IS routes SwitchB ospf SwitchB ospf 1 area 0 SwitchB ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchB ospf 1 area 0 0 0 0 quit SwitchB ospf 1 import route isis 1 SwitchB ospf 1 quit Check the OSPF routing table of Switch A You can view the imported rout...

Page 643: ...n address as 172 17 1 0 24 is 100 and the tag of the route with the destination address as 172 17 2 0 24 is 20 Other routing attributes do not change SwitchA display ospf routing OSPF Process 1 with Router ID 192 168 1 1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 192 168 1 0 24 1 Stub 192 168 1 1 192 168 1 1 0 0 0 0 Routing for ASEs Destination Cost Type Tag Ne...

Page 644: ...0 0 0 255 route policy isis2ospf permit node 10 if match ip prefix prefix a apply cost 100 route policy isis2ospf permit node 20 if match acl 2002 apply tag 20 ip ip prefix prefix a index 10 permit 172 17 1 0 24 return l Configuration file of Switch C sysname SwitchC vlan batch 20 30 40 50 isis 1 is level level 2 network entity 10 0000 0000 0001 00 interface Vlanif20 ip address 192 168 2 1 255 255...

Page 645: ...t trunk allow pass vlan 30 interface XGigabitEthernet0 0 3 port link type trunk port trunk allow pass vlan 40 interface XGigabitEthernet0 0 4 port link type trunk port trunk allow pass vlan 50 return S6700 Series Ethernet Switches Configuration Guide IP Routing 10 Routing Policy Configuration Issue 01 2012 03 15 Huawei Proprietary and Confidential Copyright Huawei Technologies Co Ltd 626 ...

Page 646: ...ng static routes the Routing Information Protocol RIP the Open Shortest Path First OSPF the Intermediate System to Intermediate System IS IS and BGP 11 3 Configuring a VPN Instance This section describes how to configure a VPN instance 11 4 Configuring a Route Multi Instance Between an MCE and a Site This section describes how to configure static routes RIP OSPF IS IS and BGP between an MCE and a ...

Page 647: ...ersification of user services and higher requirements on the security multiple VPNs are required in a private network in most cases and services of different VPNs need to be isolated In this case using a CE for each VPN increases the device expenditure and maintenance cost the security of data cannot be ensured if multiple VPNs share a CE and a route forwarding table As shown in Figure 11 2 MCE ca...

Page 648: ...der P A backbone router that is located in an SP network A P device is not directly connected to CEs The P devices only need the basic MPLS forwarding capability without maintaining information about a VPN l Site A group of IP systems with IP connectivity between each other Their connectivity need not be implemented through an SP network The site is connected to the SP network through a CE or an M...

Page 649: ...MCE in a site and adding the interface connected to the MCE on the device to the VLAN Data Preparation To configure a VPN instance you need the following data No Data 1 Name of the VPN instance 2 Route Distinguisher RD of the VPN instance 3 Optional Description of the VPN instance 4 Optional Maximum number of routes supported by the VPN instance 5 ID of the VLAN corresponding to the VPN instance 1...

Page 650: ...cription command to configure the description for the VPN instance By default no description is configured for a VPN instance The description is similar to that of the host name and interface which can be used to record information about the relationship between a VPN instance and a VPN Step 6 Optional Run the routing table limit number alert percent simply alert command to set the maximum number ...

Page 651: ...e VPN instance l Interface configured correctly 11 4 Configuring a Route Multi Instance Between an MCE and a Site This section describes how to configure static routes RIP OSPF IS IS and BGP between an MCE and a site For configuring a route multi instance between an MCE and a site 11 4 2 Optional Configuring a Static Route Between an MCE and a Site to 11 4 6 Optional Configuring BGP Between an MCE...

Page 652: ...ute importing 5 Optional IS IS process number Network Entity Title NET of the IS IS process number of the VLANIF interface bound to the VPN instance type and process number of the routing protocol run between an MCE and a PE type and value of the cost of the imported route administrative tag of the imported route and level of the routing table for storing the imported route 6 Optional Autonomous S...

Page 653: ...process id cost cost route policy route policy name command to import routes from other routing protocols If another routing protocol is run between an MCE and a PE in this VPN you need to perform this step End 11 4 4 Optional Configuring OSPF Between an MCE and a Site Context Do as follows on the MCE You need to configure only routing protocols on a device in a site Procedure Step 1 Run the syste...

Page 654: ...ace By default IS IS is disabled on a VLANIF interface Step 4 Run the quit command to return to the system view Step 5 Run the isis process id vpn instance vpn instance name command to create an IS IS process used by a VPN instance and enter the IS IS view Step 6 Run the network entity net command to configure a NET By default no NET is configured for an IS IS process Step 7 Run the import route p...

Page 655: ... the site because the routing update carries the AS number In this case you need to configure BGP to allow routing loops End 11 4 7 Checking the Configuration Run the display ip routing table vpn instance command on the MCE If you can view the route to the local VPN in the display it means that the configuration succeeds 11 5 Configuring a Route Multi Instance Between an MCE and a PE This section ...

Page 656: ...un between an MCE and a site cost of the imported route metric of the imported route tag in the external LSA of the imported route and name of the routing policy during route importing 5 Optional IS IS process number NET of the IS IS process number of the VLANIF interface bound to the VPN instance type and process number of the routing protocol run between an MCE and a site type and value of the c...

Page 657: ... RIP view Step 3 Run the network network address command to enable RIP routes on the network segment where the IP address of the VLANIF interface bound to the VPN instance belongs Step 4 Optional Run the import route static direct rip ospf isis process id cost cost route policy route policy name command to import routes from other routing protocols If another routing protocol is run between an MCE...

Page 658: ...enter the system view Step 2 Run the interface vlanif vlan id command to enter the view of the VLANIF interface bound to the VPN instance Step 3 Run the isis enable process id command to enable IS IS on the VLANIF interface By default IS IS is disabled on a VLANIF interface Step 4 Run the isis process id vpn instance vpn instance name command to create an IS IS process used by a VPN instance and e...

Page 659: ...ion Run the display ip routing table vpn instance on the PE and you can find the routes to the local VPN 11 6 MCE Configuration Examples This section provides several configuration examples of MCE 11 6 1 Example for Configuring MCE Networking Requirements As shown in Figure 11 3 the networking is as follows l CE1 CE2 CE3 and CE4 are edge devices of the VPN l CE1 and CE3 belong to a VPN instance na...

Page 660: ...and configure VPN instances on the MCE and PE2 3 Configure the OSPF route multi instance on the MCE and PE2 Data Preparation To complete the configuration you need the following data l VLANs between the MCE PE2 CE3 and CE4 as shown in Figure 11 3 l IP addresses of VLANIF interfaces as shown in Figure 11 3 Configuration Procedure 1 Create VLANs on the MCE PE2 CE3 and CE4 and add the interfaces conn...

Page 661: ...ow pass vlan 10 CE3 XGigabitEthernet0 0 1 quit Create a VLAN on CE4 The configuration on CE4 is similar to that on CE3 and is not mentioned here Add an interface to the VLAN on CE4 The configuration on CE4 is similar to that on CE3 and is not mentioned here 2 Create and configure VPN instances Create VPN instances on the MCE MCE ip vpn instance vpna MCE vpn instance vpna route distinguisher 100 1 ...

Page 662: ... 0 0 0 quit PE2 ospf 200 quit Configure the OSPF route multi instance on the MCE MCE ospf 100 vpn instance vpna MCE ospf 100 area 0 MCE ospf 100 area 0 0 0 0 network 172 19 0 0 0 0 255 255 MCE ospf 100 area 0 0 0 0 network 192 168 2 0 0 0 0 255 MCE ospf 100 area 0 0 0 0 quit MCE ospf 100 quit MCE ospf 200 vpn instance vpnb MCE ospf 200 area 0 MCE ospf 200 area 0 0 0 0 network 172 18 0 0 0 0 255 25...

Page 663: ...interface XGigabitEthernet0 0 3 port link type trunk port trunk allow pass vlan 10 interface XGigabitEthernet0 0 4 port link type trunk port trunk allow pass vlan 20 ospf 100 vpn instance vpna area 0 0 0 0 network 172 19 0 0 0 0 255 255 network 192 168 2 0 0 0 0 255 ospf 200 vpn instance vpnb area 0 0 0 0 network 172 18 0 0 0 0 255 255 network 192 168 1 0 0 0 0 255 return l Configuration file of P...

Page 664: ...s on configuring BGP or MPLS IP VPN refer to manuals of corresponding devices l Configuration file of CE3 sysname CE3 vlan batch 10 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 10 return l Configuration file of CE4 sysname CE4 vlan batch 20 interface XGigabitEthernet0 0 1 port link type trunk port trunk allow pass vlan 20 return S6700 Series Ethernet Switches Con...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands