manualshive.com logo in svg

Brocade Communications Systems ICX 7250 series, Руководство по настройке

Поделиться
Скачать
Brocade Communications Systems ICX 7250 series Скачать руководство пользователя страница 31

NOTE

You must save the configuration to the startup-config file and reload the software after changing the RARP cache size to place
the change into effect.

Dynamic ARP inspection

For enhanced network security, you can configure the Brocade device to inspect and keep track of Dynamic Host Configuration Protocol
(DHCP) assignments.

Dynamic ARP Inspection (DAI) enables the Brocade device to intercept and examine all ARP request and response packets in a subnet
and discard packets with invalid IP-to-MAC address bindings. DAI can prevent common man-in-the-middle (MiM) attacks such as ARP
cache poisoning, and disallow mis-configuration of client IP addresses.

DAI allows only valid ARP requests and responses to be forwarded and supports Multi-VRFs with overlapping address spaces. For more
information on DAI, refer to the 

Brocade FastIron Security Configuration Guide

.

ARP poisoning

ARP provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address. Before a host can talk
to another host, it must map the IP address to a MAC address first. If the host does not have the mapping in its ARP table, it creates an
ARP request to resolve the mapping. All computers on the subnet will receive and process the ARP requests, and the host whose IP
address matches the IP address in the request will send an ARP reply.

An ARP poisoning attack can target hosts, switches, and routers connected to the Layer 2 network by poisoning the ARP caches of
systems connected to the subnet and by intercepting traffic intended for other hosts on the subnet. For instance, a malicious host can
reply to an ARP request with its own MAC address, thereby causing other hosts on the same subnet to store this information in their ARP
tables or replace the existing ARP entry. Furthermore, a host can send gratuitous replies without having received any ARP requests. A
malicious host can also send out ARP packets claiming to have an IP address that actually belongs to another host (for example, the
default router). After the attack, all traffic from the device under attack flows through the attacker computer and then to the router, switch,
or host.

Dynamic ARP Inspection

Dynamic ARP Inspection (DAI) allows only valid ARP requests and responses to be forwarded.

A Brocade device on which DAI is configured does the following:

Intercepts ARP packets received by the system CPU

Inspects all ARP requests and responses received on untrusted ports

Verifies that each of the intercepted packets has a valid IP-to-MAC address binding before updating the local ARP table, or
before forwarding the packet to the appropriate destination

Drops invalid ARP packets

When you enable DAI on a VLAN, by default, all member ports are untrusted. You must manually configure trusted ports. In a typical
network configuration, ports connected to host ports are untrusted. You configure ports connected to other switches or routers as trusted.

DAI inspects ARP packets received on untrusted ports, as shown in the figure below. DAI carries out the inspection based on IP-to-MAC
address bindings stored in a trusted binding database. For the Brocade device, the binding database is the ARP table and the DHCP
snooping table, which supports DAI, DHCP snooping, and IP Source Guard. To inspect an ARP request packet, DAI checks the source IP

Dynamic ARP inspection

Brocade FastIron Layer 3 Routing Configuration Guide

53-1003903-04

31

Содержание ICX 7250 series

Страница 1: ...Supporting FastIron Software Release 8 0 40a CONFIGURATION GUIDE Brocade FastIron Layer 3 Routing Configuration Guide 53 1003903 04 20 December 2016...

Страница 2: ...Brocade FastIron Layer 3 Routing Configuration Guide 2 53 1003903 04...

Страница 3: ...28 Ingress ARP packet priority 28 Displaying the ARP table 29 Reverse Address Resolution Protocol configuration 29 How RARP Differs from BootP and DHCP 29 Disabling RARP 30 Creating static RARP entrie...

Страница 4: ...onfiguring UDP broadcast and IP helper parameters 78 Configuring IP parameters Layer 2 switches 80 Configuring the management IP address and specifying the default gateway 80 Configuring Domain Name S...

Страница 5: ...connectivity on a Layer 3 switch 132 Enabling IPv6 routing 132 IPv6 configuration on each router interface 132 Configuring IPv4 and IPv6 protocol stacks 135 IPv6 over IPv4 tunnels 136 IPv6 over IPv4 t...

Страница 6: ...hanging the IPv6 MTU 157 Static neighbor entries configuration 157 Limiting the number of hops an IPv6 packet can traverse 158 IPv6 source routing security enhancements 158 TCAM space configuration 15...

Страница 7: ...s 194 Changing the route loop prevention method 195 Suppressing RIP route advertisement on a VRRP or VRRPE backup interface 196 Configuring RIP route filters using prefix lists and route maps 196 Sett...

Страница 8: ...hronization limitations 226 Interface synchronization 226 Standby module operations 226 Neighbor database 227 LSA database 227 OSPFv2 distribute list 227 Configuring an OSPFv2 distribution list using...

Страница 9: ...marization 251 OSPFv3 over VRF 251 OSPFv3 graceful restart helper 251 OSPFv3 non stop routing 252 IPsec for OSPFv3 252 IPsec for OSPFv3 configuration 253 IPsec for OSPFv3 considerations 253 Configurin...

Страница 10: ...s 286 Memory configuration options obsoleted by dynamic memory 286 Basic configuration tasks required for BGP4 286 Enabling BGP4 on the device 286 Changing the device ID 287 Setting the local AS numbe...

Страница 11: ...ribute errors 344 Error logs 344 Configuring route flap dampening 344 Globally configuring route flap dampening 345 Using a route map to configure route flap dampening for a specific neighbor 346 Remo...

Страница 12: ...he IP route table 395 Clearing traffic counters 395 Clearing diagnostic buffers 396 BGP4 397 BGP4 overview 397 BGP global mode 397 IPv6 unicast address family 398 BGP4 neighbors 399 BGP4 peer groups 3...

Страница 13: ...rfaces 435 Configuring MD5 authentication on VRRP interfaces 436 Abdicating VRRP master device status 437 Tracked ports and track priority with VRRP and VRRP E 439 Tracking ports and setting the VRRP...

Страница 14: ...3 statistics 465 Clearing VRRPv3 statistics 466 VRRP Ev3 Overview 466 Enabling an IPv6 VRRP Ev3 device 467 Displaying and clearing VRRP Ev3 statistics 468 Multi VRF 471 Multi VRF overview 471 FastIron...

Страница 15: ...describes features that may not be currently available Contact a Brocade sales office for information on feature and product availability Export of technical data contained in this document may requir...

Страница 16: ...Brocade FastIron Layer 3 Routing Configuration Guide 16 53 1003903 04...

Страница 17: ...fies CLI output Identifies command syntax examples Command syntax conventions Bold and italic text identify command syntax components Delimiters and operators define groupings of parameters and their...

Страница 18: ...software or data DANGER A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you Safety labels are also attached directly to products to warn...

Страница 19: ...tact your OEM Solution Provider for all of your product support needs OEM Solution Providers are trained and certified by Brocade to support Brocade products Brocade provides backline support for issu...

Страница 20: ...Brocade FastIron Layer 3 Routing Configuration Guide 20 53 1003903 04...

Страница 21: ...ing allows you to automatically deploy devices with management IP addresses and file upgrades DHCP auto provisioning in the Brocade FastIron DHCP Configuration Guide DHCP client link layer option You...

Страница 22: ...tandalone command reference for the FastIron platforms In the Brocade FastIron Command Reference the command pages are in alphabetical order and follow a standard format to present syntax parameters m...

Страница 23: ...op router toward its destination or to a default route or default network route if the IP route table does not contain a route to the packet destination In each case the Layer 3 switch must encapsulat...

Страница 24: ...e IP address of Device B is not sufficient the MAC address is also required ARP supplies the MAC address Rate limiting ARP packets You can limit the number of ARP packets the Brocade device accepts du...

Страница 25: ...ro aging is disabled and entries do not age out NOTE Host devices connected to an ICX 7750 that also have a valid IP address and reply periodically to the arp request are not timed out even if no traf...

Страница 26: ...config interface ethernet 5 device config if e1000 5 ip proxy arp enable To again disable IP proxy ARP on an interface enter the following command device config interface ethernet 5 device config if...

Страница 27: ...E You must save the configuration to the startup config file and reload the software after changing the static ARP table size to place the change into effect Syntax system max ip static arp num The nu...

Страница 28: ...eader and the sender hardware address in the ARP body must be the same This validation is performed for the ARP request and response packets When the source MAC validation is enabled the packets with...

Страница 29: ...will use the Layer 3 switch for booting A RARP entry consists of the following information The entry number The entry sequence number in the RARP table The MAC address of the boot client The IP addre...

Страница 30: ...such as the following device config rarp 1 0000 0054 2348 10 53 4 2 This command creates a RARP entry for a client with MAC address 0000 0054 2348 When the Layer 3 switch receives a RARP request from...

Страница 31: ...an reply to an ARP request with its own MAC address thereby causing other hosts on the same subnet to store this information in their ARP tables or replace the existing ARP entry Furthermore a host ca...

Страница 32: ...collected from snooping DHCP packets when DHCP snooping is enabled on VLANs DHCP snooping entries are stored in a different table and are not part of the ARP table The status of an ARP entry is either...

Страница 33: ...nspection is disabled by default and the trust setting for ports is by default untrusted Configuring an inspection ARP entry Static ARP and static inspection ARP entries must be configured for hosts o...

Страница 34: ...You can deploy multiple VRFs on a Brocade Ethernet switch Each VLAN having a Virtual Ethernet VE interface is assigned to a VRF You can enable DAI on individual VLANs and assign any interface as the A...

Страница 35: ...vrf vrf name Displaying ARP inspection status and ports To display the ARP inspection status for a VLAN and the trusted or untrusted port enter the following command device show ip arp inspection vlan...

Страница 36: ...Brocade FastIron Layer 3 Routing Configuration Guide 36 53 1003903 04...

Страница 37: ...rrently throughout the world IPv4 uses a 32 bit addressing system and is represented in a 4 byte dotted decimal format x x x x IP configuration overview Brocade Layer 2 switches and Layer 3 switches s...

Страница 38: ...faces GRE tunnels Each IP address on a Layer 3 switch must be in a different subnet You can have only one interface that is in a given subnet For example you can configure IP addresses 192 168 1 1 24...

Страница 39: ...ving interface 1 If a deny filter on the interface denies the packet the Layer 3 switch discards the packet and performs no further processing except generating a Syslog entry and SNMP message if logg...

Страница 40: ...entry to forward subsequent packets from the same source to the same destination If the running config does not contain an IP access policy for the packet the software creates a new entry in the forwa...

Страница 41: ...h to a destination When the software receives paths from more than one of the sources listed above the software compares the administrative distance of each path and selects the path with the lowest a...

Страница 42: ...nation is reached is also listed as well as the VLAN and Layer 4 QoS priority associated with the destination if applicable NOTE You cannot add static entries to the IP forwarding cache although you c...

Страница 43: ...Virtual Router Redundancy Protocol VRRP A standard router redundancy protocol based on RFC 2338 You can use VRRP to configure Brocade Layer 3 switches and third party routers to back up IP interfaces...

Страница 44: ...file To save configuration changes to the startup config file enter the write memory command from the Privileged EXEC level of any configuration level of the CLI To save the configuration changes usi...

Страница 45: ...device receives more ARP packets than you specify the device drops additional ARP packets for the remainder of the one second interval Disabled ARP age The amount of time the device keeps a MAC addre...

Страница 46: ...ts router interfaces to directly attached hosts You can enable or disable the protocol and change the following protocol parameters Forwarding method broadcast or multicast Hold time Maximum advertise...

Страница 47: ...d Maximum IP load sharing paths The maximum number of equal cost paths across which the Layer 3 switch is allowed to distribute traffic Four Origination of default routes You can enable a router to or...

Страница 48: ...into the non forwarding state the device waits for the configured time before notifying the Layer 3 protocols of the VE down event NOTE Available on the VE interface only Delay time is not configured...

Страница 49: ...IP helper addresses allow the router to forward requests for certain UDP applications from a client on one subnet to a server on another subnet None configured Basic IP parameters and defaults Layer...

Страница 50: ...t can pass before being discarded Each router decreases a packet TTL by 1 before forwarding the packet If decreasing the TTL causes the TTL to be 0 the router drops the packet instead of forwarding it...

Страница 51: ...er to Configuring IP addresses to add IP addresses then enable and configure the route exchange protocols as described in other chapters of this guide If you are configuring a Layer 2 switch refer to...

Страница 52: ...dress 10 45 6 1 255 255 255 0 You also can enter the IP address and mask in CIDR format as follows device config if 1 1 1 ip address 10 45 6 1 24 Syntax no ip address ip addr ip mask ospf ignore ospf...

Страница 53: ...ecify from 1 to the maximum number of virtual interfaces supported on the device To display the maximum number of virtual interfaces supported on the device enter the show default values command The m...

Страница 54: ...w on a virtual routing interface When configuring IP Follow the primary virtual routing interface should not have ACL or DoS Protection configured It is recommended that you create a dummy virtual rou...

Страница 55: ...an IPV4 broadcast scheme the following subnets can be configured 10 10 10 1 Subnet for directed broadcast Network number 1 10 10 10 0 Subnet for network address Network number 0 In a point to point li...

Страница 56: ...rnet 1 3 1 RouterB config if e1000 1 3 1 ip address 10 2 2 1 24 Router C RouterC config interface ethernet 1 3 1 RouterC config if e1000 1 3 1 ip address 10 2 2 2 24 Displaying information for a 31 bi...

Страница 57: ...s sent to the first DNS server If the host name is not resolved it is sent to the second DNS server If a match is found a response is sent back to the client with the host IP address If no match is fo...

Страница 58: ...1 newyork com domain is already defined on the Layer 3 switch you need to enter only the host name NYC02 as noted in the following example device traceroute nyc02 Syntax traceroute vrf vrf host ip add...

Страница 59: ...on In this case the destination device is directly connected to the Layer 3 switch The MAC address of the next hop gateway toward the packet destination An Ethernet broadcast address The entire IP pac...

Страница 60: ...cted to a server that uses jumbo frames and two other ports connected to clients that can support the jumbo frames increase the MTU only on those three ports Leave the MTU size on the other ports at t...

Страница 61: ...ip mtu 1000 device config if 1 1 5 write memory device config if 1 1 5 end device reload Syntax no ip mtu num The num variable specifies the MTU Ethernet II packets can hold IP packets from 576 throu...

Страница 62: ...ck interfaces the default router ID is the lowest numbered IP interface configured on the device If you prefer you can explicitly set the router ID to any valid IP address The IP address cannot be in...

Страница 63: ...following sections show the syntax for specifying a single source IP address for specific packet types Telnet packets To specify the lowest numbered IP address configured on a virtual interface as the...

Страница 64: ...ice config ip tftp source interface ve 1 The commands in this example configure virtual interface 1 assign IP address 10 0 0 3 24 to the interface then designate the interface s address as the source...

Страница 65: ...pback num venum Configuring delay time for notifying VE down event When all the ports in the VLAN go into an inactive state for example the non forwarding state the device notifies the Layer 3 protoco...

Страница 66: ...hops an IP packet originated by the Layer 3 switch can travel through Each device capable of forwarding IP that receives the packet decrements decreases the packet TTL by one If a device receives a p...

Страница 67: ...o pass through only the listed routers If the Layer 3 switch receives a strict source routed packet but cannot reach the next hop interface specified by the packet the Layer 3 switch discards the pack...

Страница 68: ...ation and reload the software to place this configuration change into effect Syntax no ip broadcast zero Disabling ICMP messages Brocade devices are enabled to reply to ICMP echo messages and send ICM...

Страница 69: ...s not change the Brocade device ability to forward packets Disabling ICMP Unreachable messages prevents the device from generating or forwarding the Unreachable messages To disable all ICMP Unreachabl...

Страница 70: ...an use the default network route as a default route instead When the software uses the default network route it also uses the default network route s next hop gateway as the gateway of last resort Thi...

Страница 71: ...e route table enter the following command at any level of the CLI device show ip route Total number of IP routes 2 Start index 1 B BGP D Connected R RIP S Static O OSPF Candidate default Destination N...

Страница 72: ...t paths to the same destination from different sources such as between static IP routes OSPF and BGP4 The value of the administrative distance is determined by the source of the route The Layer 3 swit...

Страница 73: ...he IP route table the cost can increase during the redistribution due to settings in redistribution filters Static route OSPF and BGP4 load sharing IP load sharing and load sharing for BGP4 routes are...

Страница 74: ...aring paths enter a command such as the following device config ip load sharing 6 Syntax no ip load sharing num The num variable specifies the number of paths and can be from 2 through 8 depending on...

Страница 75: ...next header The software selects a path based on a calculation involving the maximum number of load sharing paths allowed and the actual number of paths to the destination network This is the default...

Страница 76: ...f ECMP paths and the value range can be from 8 through 32 This command is supported only on the Brocade ICX 7750 You must save the configuration and reload the device for the maximum ECMP value change...

Страница 77: ...interface is independent of the interval on other IRDP enabled interfaces The default maximum message interval is 600 seconds The default minimum message interval is 450 seconds Hold time Each Router...

Страница 78: ...f the maxadvertinterval parameter The preference number parameter specifies the IRDP preference level of this Layer 3 switch If a host receives Router Advertisements from multiple routers the host sel...

Страница 79: ...connected to the clients for the application The Layer 3 switch cannot forward the requests unless you configure the helper address To enable the forwarding of NTP broadcasts enter the following comma...

Страница 80: ...t forward client broadcast request to a server within the network To forward a client broadcast request when the client and server are on the same network configure an IP helper with unicast option on...

Страница 81: ...config ip default gateway 10 45 6 1 Syntax ip default gateway ip addr NOTE When configuring an IP address on a Layer 2 switch that has multiple VLANs make sure the configuration includes a designated...

Страница 82: ...t to trace the route from a Brocade Layer 2 switch to a remote server identified as NYC02 on domain newyork com Because the newyork com domain is already defined on the Layer 2 switch you need to ente...

Страница 83: ...ves the packet decrements decreases the packet TTL by one If a router receives a packet with a TTL of 1 and reduces the TTL to zero the router drops the packet The default TTL is 64 You can change the...

Страница 84: ...ides a way to encapsulate arbitrary packets payload packet inside of a transport protocol and transmit them from one tunnel endpoint to another The payload is encapsulated in a GRE packet The resultin...

Страница 85: ...191 describes a method for dynamically discovering the maximum transmission unit MTU of an arbitrary internet path When a FastIron device receives an IP packet that has its Do not Fragment DF bit set...

Страница 86: ...ted on VLANs that do not have VE ports Whenever multiple IP addresses are configured on a tunnel source the primary address of the tunnel is always used for forming the tunnel connections Therefore ca...

Страница 87: ...nterface Not assigned Optional tasks Change the maximum transmission unit MTU value for the tunnel interface 1476 bytes or 9192 bytes jumbo mode Change the number of GRE tunnels supported on the devic...

Страница 88: ...ace The tunnel source address should be one of the router IP addresses configured on a physical loopback or VE interface through which the other end of the tunnel is reachable To configure the source...

Страница 89: ...llowing device config interface tunnel 1 device config tnif 1 tunnel destination 131 108 5 2 Syntax no tunnel destination ip address The ip address variable is the destination IP address being configu...

Страница 90: ...erface device config ip route 131 108 5 0 24 10 0 8 1 device config ip route 10 10 2 0 24 tunnel 1 Syntax no ip route ip address tunnel tunnel ID The ip address variable is the IP address of the tunne...

Страница 91: ...that is supported for an interface tunnel For example if the system max value is reduced it is possible that the configured interfaces may be rejected after a system reload Configuring GRE link keepa...

Страница 92: ...ng and re enabling PMTUD PMTUD is enabled by default To disable it enter the following command device config tnif 1 tunnel path mtu discovery disable To re enable PMTUD after it has been disabled ente...

Страница 93: ...SM on a GRE tunnel interface enter commands such as the following device config interface tunnel 10 device config tnif 10 ip pim sparse Syntax no ip pim sparse Use the no form of the command to disabl...

Страница 94: ...0 24 tunnel 1 Configuring point to point GRE tunnel for Router B device config interface ethernet 1 5 1 device config if e1000 1 5 1 ip address 131 108 5 2 24 device config exit device config interfac...

Страница 95: ...ns refer to FastIron Command Reference Syntax show ip route The show ip interface tunnel command displays the link status and IP address configuration for an IP tunnel interface as shown in the follow...

Страница 96: ...th MTU will expire Indicates the time after which the learned PMTU expires This line is displayed only when a PMTU is dynamically learned The show ip tunnel traffic command displays the link status of...

Страница 97: ...w ip pim interface show ip pim nbr show ip pim mcache show ip pim flow show statistics show ip mtu NOTE All other show commands that are supported currently for Ethernet VE and IP loopback interfaces...

Страница 98: ...point on port e 2 egresses and re ingresses as native multicast traffic on the loopback port e 4 and is then forwarded to the outbound interface e 1 device show statistics Port In Packets Out Packets...

Страница 99: ...el interface The bandwidth for IP interfaces feature can be used to Query the bandwidth for an interface Help OSPF avoid generating numerous LSAs while updating the cost value for a VE interface due t...

Страница 100: ...he fixed port bandwidth as outlined in the Changing the reference bandwidth for the cost on OSPFv2 interfaces on page 232 section When the interface bandwidth feature is enabled OSPF calculates the co...

Страница 101: ...10 tagged ethernet 1 1 1 4 Enter the router interface ve command and specify a value to create a virtual interface as the routing interface for the VLAN device config vlan 10 router interface ve 10 Cr...

Страница 102: ...specific tunnel interface device configure terminal device config interface tunnel 2 device config tnif 2 tunnel mode gre ip device config tnif 2 tunnel source 10 0 0 1 device config tnif 2 tunnel des...

Страница 103: ...VE interface must be unique within the same VLAN There is a maximum number of IP interfaces 248 on which an IP MAC address can be configured and the number of VRRP virtual interfaces that can be supp...

Страница 104: ...le and then reload the software to place the change into effect The Layer 3 system parameter limits for FastIron IPv6 models are automatically adjusted by the system and cannot be manually modified Di...

Страница 105: ...r disabling routing protocols This section describes how to enable or disable routing protocols For complete configuration information about the routing protocols refer to the respective chapters in t...

Страница 106: ...evice write memory device reload To re enable Layer 2 switching on a Layer 3 switch enter the following commands device config no route only device config exit device write memory device reload Syntax...

Страница 107: ...CPU and if the checksum is correct it forwards the packet To set disable hardware ip checksum check for all ports enter the following command device disable hw ip checksum check disable ip header che...

Страница 108: ...s not affect how information is displayed in the Web Management Interface To enable CIDR format for displaying network masks entering the following command at the global CONFIG level of the CLI device...

Страница 109: ...router id The 32 bit number that uniquely identifies the Brocade router By default the router ID is the numerically lowest IP interface configured on the router enabled The IP related protocols that...

Страница 110: ...K Method Status Protocol Ethernet 1 1 1 10 95 6 173 YES NVRAM up up Ethernet 1 1 2 10 3 3 3 YES manual up up Loopback 1 10 2 3 4 YES NVRAM down down Syntax show ip interface ethernet unit slot port lo...

Страница 111: ...ICMP redirect enabled proxy arp disabled ip arp age 10 minutes No Helper Addresses are configured No inbound ip access list is set No outgoing ip access list is set Displaying ARP entries You can disp...

Страница 112: ...The num entries to skipparameter lets you display the table beginning with a specific entry number NOTE The entry numbers in the ARP cache are not related to the entry numbers for static ARP table ent...

Страница 113: ...rs let you restrict the display to entries for a specific IP address and network mask Specify the IP address masks in standard decimal mask format for example 255 255 0 0 The mac addressxxxx xxxx xxxx...

Страница 114: ...xample to begin displaying the cache at row 10 enter the following command device show ip cache 9 The show ip cache command displays the following information TABLE 17 CLI display of IP forwarding cac...

Страница 115: ...he Type field indicating the route is to a directly connected device Here is an example of how to use the static option To display only the static IP routes enter the following command device show ip...

Страница 116: ...is Layer 3 switch R The route was learned from RIP S The route is a static route The route and next hop gateway are resolved through the ip default network setting O The route is an OSPF route Unless...

Страница 117: ...0 unrecognized 0 bad version 0 bad addr family 0 bad req format 0 bad metrics 0 bad resp format 0 resp not from rip port 0 resp from loopback 0 packets rejected The show ip traffic command displays th...

Страница 118: ...ages sent or received by the device addr mask reply The number of Address Mask Replies messages sent or received by the device irdp advertisement The number of ICMP Router Discovery Protocol IRDP Adve...

Страница 119: ...IP version was either invalid or is not supported by this device bad addr family The number of RIP packets dropped because the value in the Address Family Identifier field of the packet header was inv...

Страница 120: ...t TFTP access Displaying ARP entries To display the entries the Layer 2 switch has placed in its ARP cache enter the show arp command from any level of the CLI This command shows the total number of A...

Страница 121: ...1 current active tcbs 4 tcbs allocated 0 tcbs freed 0 tcbs protected 0 active opens 0 passive opens 0 failed attempts 0 active resets 0 passive resets 0 input errors 27 in segments 24 out segments 0...

Страница 122: ...essages sent or received by the device addr mask reply The number of Address Mask Replies messages sent or received by the device irdp advertisement The number of ICMP Router Discovery Protocol IRDP A...

Страница 123: ...tomer support in segments The number of TCP segments received by the device out segments The number of TCP segments sent by the device retransmission The number of segments that this device retransmit...

Страница 124: ...Brocade FastIron Layer 3 Routing Configuration Guide 124 53 1003903 04...

Страница 125: ...bits which provides more unique IP addresses to support increasing number of network devices An IPv6 address comprise 8 fields of 16 bit hexadecimal values separated by colons The following figure sho...

Страница 126: ...bes global site local and link local addresses and the topologies in which they are used Multicast addresses support a scope field which IPv6 address types describes TABLE 23 IPv6 address types Addres...

Страница 127: ...prefix of FE80 10 1111 1110 10 and a 64 bit interface ID The 128 bit IPv6 address is then subjected to duplicate address detection to ensure that the address is unique on the link If desired you can...

Страница 128: ...for the host to use the new addresses only you can configure the lifetime parameters appropriately using the ipv6 nd prefix advertisement command During this transition the old prefix is removed from...

Страница 129: ...name Configures an IPv6 domain name X X ipv6 dns server address Configures an IPv6 DNS server address X X ipv6 enable Enables IPv6 on an interface X X ipv6 hop limit Sets the IPv6 hop limit X ipv6 icm...

Страница 130: ...6 tcp Displays information about IPv6 TCP sessions X X show ipv6 traffic Displays IPv6 packet counters X X show ipv6 tunnel Displays information about IPv6 tunnels X X snmp client ipv6 Restricts SNMP...

Страница 131: ...lowing at the Global CONFIG level device config ipv6 address 2001 DB8 12D 1300 240 D0FF FE48 4000 1 64 Syntax ipv6 address ipv6 prefix prefix length You must specify the ipv6 prefix parameter in hexad...

Страница 132: ...r the no form of this command IPv6 configuration on each router interface To forward IPv6 traffic on a router interface the interface must have an IPv6 address or IPv6 must be explicitly enabled By de...

Страница 133: ...001 DB8 12d 1300 64 and the interface ID 240 D0FF FE48 4672 and enable IPv6 on Ethernet interface 1 3 1 Syntax ipv6 address ipv6 prefix prefix length You must specify the ipv6 prefix parameter in hexa...

Страница 134: ...computed address which in the case of physical and VE interfaces is derived from a global MAC address all physical and VE interfaces will have the same MAC address To override a link local address tha...

Страница 135: ...outing To disable IPv6 traffic globally on the router enter the no form of this command Syntax ip address ip address sub net mask secondary You must specify the ip address parameter using 8 bit values...

Страница 136: ...6 protocol stacks section in the Brocade FastIron Layer 3 Routing Configuration Guide IPv6 over IPv4 tunnel configuration notes The local tunnel configuration must include both source and destination...

Страница 137: ...specify a loopback VE or interface also specify the loopback VE or number respectively Syntax no tunneldestination ipv4 address Specify the ipv4 address parameter using 8 bit values in dotted decimal...

Страница 138: ...by a tunnel interface Note that this is the number of packets received by the CPU It does not include the number of packets processed in hardware Packet Sent The number of packets sent by a tunnel int...

Страница 139: ...Pv6 addresses on its interfaces but does not have full IPv6 routing enabled on it Configuring IPv6 management ACLs When you enter the ipv6 access list command the Brocade device enters the IPv6 Access...

Страница 140: ...device open the SSH client program and specify the IPv6 address of the device For more information about configuring SSH on the Brocade device refer to SSH2 and SCP chapter in the Brocade FastIron Se...

Страница 141: ...ived Traceroute requests display all responses of a minimum TTL of 1 second and a maximum TTL of 30 seconds In addition if there are multiple equal cost routes to the destination the Brocade device di...

Страница 142: ...Syntax web client ipv6 ipv6 address the ipv6 address you specify must be in hexadecimal format using 16 bit values between colons as documented in RFC 2373 Configuring name to IPv6 address resolution...

Страница 143: ...such as an Ethernet interface you must also specify the port number of the interface If you specify a virtual interface such as a VE you must specify the number associated with the VE The source ipv6...

Страница 144: ...such as the following device config log host ipv6 2000 2383 e0bb 4 128 Syntax log host ipv6 ipv6 address udp port num The ipv6 address must be in hexadecimal using 16 bit values between colons as doc...

Страница 145: ...y Disabling IPv6 on a Layer 2 switch IPv6 is enabled by default in the Layer 2 switch code If desired you can disable IPv6 on a global basis on a device running the switch code To do so enter the foll...

Страница 146: ...seconds output from the show run command does not include the setting of the ipv6 icmp error interval command because the setting is the default Also if you configure the interval value to a number th...

Страница 147: ...advertisement messages Brocade uses seconds as the unit of measure instead of milliseconds If you add a port to a port based VLAN and the port has IPv6 neighbor discovery configuration the system will...

Страница 148: ...v6 address immediately instead of awaiting the next periodic router advertisement message Because a host at system startup typically does not have a unicast IPv6 address the source address in the rout...

Страница 149: ...efault value use the no form of this command For the interval between neighbor solicitation messages and the value for the retrans timer in router advertisements specify a number from 0 4294967295 mil...

Страница 150: ...e max range value The min range value can be a number between 3 75 x max range value The max range value parameter specifies the maximum number of seconds allowed between sending unsolicited multicast...

Страница 151: ...an include the following flags Managed Address Configuration This flag indicates to hosts on a local link if they should use the stateful autoconfiguration feature to get IPv6 addresses for their inte...

Страница 152: ...on IPv6 RA and sends it periodically to the IPv6 host or as a response to the router solicitations To configure IPv6 RA preference for the IPv6 router use the ipv6 nd router preference in the interfa...

Страница 153: ...all the traffic will be redirected through the invalid host and is vulnerable to man in the middle attacks The ND inspection validates all the IPv6 packets carrying neighbor discovery messages by che...

Страница 154: ...discarded ND inspection follows CPU based packet forwarding and thus the neighbor discovery messages in the ND inspection enabled VLAN may get discarded depending on the CPU load The neighbor discover...

Страница 155: ...he IPv6 packets that carry neighbor discovery messages on untrusted ports Validates the source IP addresses and the source MAC addresses of the intercepted packets against the IP to MAC address bindin...

Страница 156: ...ernet 1 1 1 device config if e1000 1 1 1 ipv6 neighbor inspection trust Syslog message for ND inspection The following table lists the syslog message related to ND inspection TABLE 27 Syslog message r...

Страница 157: ...A port that has a statically assigned IPv6 entry cannot be added to a VLAN NOTE Static neighbor configurations will be cleared on secondary ports when a LAG is formed For example to add a static entry...

Страница 158: ...es enter the following command device config no ipv6 icmp source route Syntax no ipv6 icmp source route Use the ipv6 icmp source route form of the command to enable the ICMP error messages TCAM space...

Страница 159: ...space is allocated automatically for IPv6 routing information TCAM space allocations for IPv4 and IPv6 routes and other entities can be modified by configuring the number of IPv4 route entries Differe...

Страница 160: ...M space is allocated automatically for IPv6 routing information TCAM space allocations for GRE tunnels can be modified using manual configuration Different devices have different amounts of TCAM space...

Страница 161: ...cache entries 10 IPv6 Address Next Hop Port 1 2001 DB8 2 LOCAL tunnel 2 2 2001 DB8 106 LOCAL ethe 1 3 2 3 2001 DB8 110 DIRECT ethe 1 3 2 4 2001 DB8 46a 1 LOCAL ethe 1 3 2 5 2001 DB8 2e0 52ff fe99 9737...

Страница 162: ...Routing Protocols R RIP O OSPF Interface Status Routing Global Unicast Address Ethernet 1 3 3 down down R Ethernet 1 3 5 down down Ethernet 1 3 17 up up 2017 c017 101 64 Ethernet 1 3 19 up up 2019 c01...

Страница 163: ...cast address es if one or more are configured for the interface Joined group address es The multicast address es that a router interface listens for and recognizes MTU The setting of the maximum trans...

Страница 164: ...neighbor Possible states are as follows INCOMPLETE Address resolution of the entry is being performed REACH The static forward path to the neighbor is functioning properly REACH The forward path to th...

Страница 165: ...route types The following table lists the information displayed by the show ipv6 route command TABLE 35 IPv6 route table fields Field Description Number of entries The number of entries in the IPv6 r...

Страница 166: ...between the current and previous updates received from a router Hops The default value that should be included in the Hop Count field of the IPv6 header for outgoing IPv6 packets The hops value appli...

Страница 167: ...g for a matching connection request after having sent a connection request SYN RECEIVED Waiting for a confirming connection request acknowledgment after having both received and sent a connection requ...

Страница 168: ...taking place The remote port number parameter is the local port number over which a TCP connection is taking place This display shows the following information TABLE 39 Specific IPv6 TCP connection fi...

Страница 169: ...xceeded 0 param prob 1 echo req 2 echo reply 0 mem query 0 mem report 0 mem red 0 router soli 2423 router adv 3754 nei soli 102 nei adv 0 redirect 0 error 0 can not send error 0 too freq Sent Errors 0...

Страница 170: ...ipient is not a member of a multicast group no buffer The number of IPv6 packets dropped because there is no buffer available forward cache miss The number of IPv6 packets received for which there is...

Страница 171: ...router address The number of Address errors sent by the router no port The number of No Port errors sent by the router pkt too big The number of Packet Too Big errors sent by the router time exceed t...

Страница 172: ...nterface type For example to remove entries for IPv6 address 2000 e0ff 1 enter the following command at the Privileged EXEC level or any of the Config levels of the CLI device clear ipv6 cache 2000 e0...

Страница 173: ...s from the IPv6 route table You can clear all IPv6 routes or only those routes associated with a particular IPv6 prefix from the IPv6 route table and reset the routes For example to clear IPv6 routes...

Страница 174: ...Brocade FastIron Layer 3 Routing Configuration Guide 174 53 1003903 04...

Страница 175: ...ther default routes to the destination are not available Statically configured route You can add routes directly to the route table When you add a route to the IP route table you are creating a static...

Страница 176: ...IP load balancing When you add multiple IP static routes for the same destination to different next hop gateways and the routes each have the same metric and administrative distance the Layer 3 switch...

Страница 177: ...next hop ip addr ethernet unit slot port ve num tunnel tunnel id metric distance num name static route name tag tag num or Syntax ip route vrf vrf name dest ip addr mask bits next hop ip addr ethernet...

Страница 178: ...e independently applied on a per VRF basis This command causes the resolution of static route next hop using routes learned from one of the following protocols bgp both iBGP and eBGP routes are used t...

Страница 179: ...enter the static route as configured Proceed to enter the new name instead of the previous name Refer to the following example Static IP route with the original name abc device config ip route 10 22...

Страница 180: ...default route device config ip route next hop enable default Syntax no ip route next hop enable default NOTE This command can be independently applied on a per VRF basis This command works independen...

Страница 181: ...re multiple static IP routes to the same destination for the following benefits IP load sharing If you configure more than one static route to the same destination and the routes have different next h...

Страница 182: ...itch prefers the static route over other routes to the destination This feature is especially useful for the following configurations These are not the only allowed configurations but they are typical...

Страница 183: ...The interface based static route has a lower metric than the standard static route As a result the Layer 3 switch always prefers the interface based route when the route is available However if the in...

Страница 184: ...null route The metric for the null route is 3 which is higher than the metric for the standard static route If the standard static route is unavailable the software uses the null route To configure a...

Страница 185: ...01 DB8 0 32 and a next hop gateway with the link local address fe80 1 that the Layer 3 switch can access through Ethernet interface 1 3 1 enter the following command device config ipv6 route 2001 DB8...

Страница 186: ...Pv6 static route table that have the same destination The metric applies only to routes that the Layer 3 switch has already placed in the IPv6 static route table The administrative distance is a value...

Страница 187: ...hop for a static route the tunnel must already be configured if the destination is a non default VRF In contrast a tunnel can be designated as the next hop in the default VRF before it is configured...

Страница 188: ...Brocade FastIron Layer 3 Routing Configuration Guide 188 53 1003903 04...

Страница 189: ...lder route is replaced with the newer one The new path is then included in the updates sent to other RIP routers including Brocade devices RIP routers including Brocade devices also can modify a route...

Страница 190: ...er learns through another protocol and then distributes into RIP Disabled Redistribution metric RIP assigns a RIP metric cost to each external route redistributed from another routing protocol into RI...

Страница 191: ...d the route Poison reverse The device assigns a cost of 16 infinite or unreachable to a route before advertising it on the same interface as the one on which the device learned the route NOTE Enabling...

Страница 192: ...nt the device from using a specific port for routes learned though that port by setting its metric to 16 The in keyword applies to routes the port learns from RIP neighbors The out keyword applies to...

Страница 193: ...ch is found the Brocade device stops evaluating the route against the route map instances Route maps can contain match statements and set statements Each route map contains a permit or deny action for...

Страница 194: ...earning and advertising parameters By default a Brocade device learns routes from all its RIP neighbors and advertises RIP routes to those neighbors You can configure the following learning and advert...

Страница 195: ...from all neighbors except the ones you explicitly permit Thus to deny learning from a specific neighbor but allow all other neighbors you must add a filter that allows learning from all neighbors Mak...

Страница 196: ...interface in RIP advertisements As a result other routers receive multiple paths for the backed up interface and might sometimes unsuccessfully use the path to the Backup rather than the path to the...

Страница 197: ...the prefix list to routes the Brocade device learns from its neighbor on the interface Out is for Outbound filtering It applies the prefix list to routes the Brocade device advertises to its neighbor...

Страница 198: ...35 The default is 120 seconds Displaying RIP Information To display RIP filters enter the following command at any CLI level device show ip rip RIP Summary Default port 520 Administrative distance is...

Страница 199: ...is on poison reverse is off Default routes not accepted Metric offset Inbound 1 Metric offset Outbound 0 Prefix List Inbound Not set Prefix List Outbound Not set Route map Inbound Not set Route map Ou...

Страница 200: ...on for ve 20 enter the following command device show running config interface ve 20 interface ve 20 ip ospf area 1 ip rip v1 only ip rip poison reverse ip address 10 2 0 1 24 Displaying CPU utilizatio...

Страница 201: ...ks The command lists the usage statistics for the previous five second one minute five minute and fifteen minute intervals Displaying CPU utilization statistics Brocade FastIron Layer 3 Routing Config...

Страница 202: ...Brocade FastIron Layer 3 Routing Configuration Guide 202 53 1003903 04...

Страница 203: ...B into the main IPv6 route table Configuring RIPng To configure RIPng you must enable RIPng globally on the Brocade device and on individual device interfaces The following configuration tasks are opt...

Страница 204: ...t of time in seconds after which a route is removed from the routing table 120 seconds You can adjust these timers for RIPng Before doing so keep the following caveats in mind If you adjust these RIPn...

Страница 205: ...pdates sent from Ethernet interface 1 3 1 enter the following commands device config interface ethernet 1 3 1 device config if e100 1 3 1 ipv6 rip default information only To originate IPv6 default ro...

Страница 206: ...ge the metric offset for incoming routes learned by Ethernet interface 1 3 1 to one and the metric offset for outgoing routes advertised by the interface to three enter the following commands device c...

Страница 207: ...g ipv6 router rip device config ripng router distribute list prefix list 2001routes in Syntax no distribute list prefix list name in out The name parameter indicates the name of the prefix list genera...

Страница 208: ...ion RIPng routing table Displaying RIPng configuration To display RIPng configuration information enter the show ipv6 rip command at any CLI level device show ipv6 rip IPv6 rip enabled port 521 Admini...

Страница 209: ...4 2da e 2 1 23 RIP metric 2 tag 0 timers aging 50 Syntax show ipv6 rip route ipv6 prefix prefix length ipv6 address The ipv6 prefix prefix length parameters restrict the display to the entries for the...

Страница 210: ...Png OSPF OSPFv3 routes are redistributed into RIPng Metric number The cost of the route The number parameter indicates the number of hops to the destination Tag number The tag value of the route Timer...

Страница 211: ...SPFv2 overview Open Shortest Path First Version 2 OSPFv2 is a link state routing protocol that uses link state advertisements LSAs to update neighboring routers about a router s interfaces Each router...

Страница 212: ...ve either a direct or indirect link to an OSPF backbone area also known as area 0 or area 0 0 0 0 Each ABR maintains a separate topological database for each area the router is in Each topological dat...

Страница 213: ...n broadcast and non broadcast multi access NBMA networks the Designated Router and Backup Designated Router become adjacent to all other routers attached to the network In a network with no designated...

Страница 214: ...PF Autonomous System AS In some cases multiple ASBRs in an AS can originate equivalent LSAs The LSAs are equivalent when they have the same cost the same next hop and the same destination The device o...

Страница 215: ...domain into the OSPF AS while the other ASBRs flush the equivalent AS External LSAs from their databases As a result the overall volume of route advertisement traffic within the AS is reduced and the...

Страница 216: ...nnected to it and inter area routing happens by way of routers connected to the backbone area and to their own associated areas The backbone area is the logical and physical structure for the OSPF dom...

Страница 217: ...into a stub area by configuring the device to stop sending type 3 LSAs into the area You can disable the summary LSAs to create a TSA when you are configuring the stub area or after you have configure...

Страница 218: ...he ABR generates a default type 7 LSA into the NSSA Link state advertisements Brocade devices support the following types of LSAs which are described in RFC 2328 and 3101 Router link Network link Summ...

Страница 219: ...e parameters from the router with the physical connection be aware that the router ID is the IP address of the router requiring a logical connection to the backbone NOTE By default a device s router I...

Страница 220: ...you configure an address range the range takes effect immediately All the imported routes are summarized according to the configured address range Imported routes that have already been advertised and...

Страница 221: ...nge one or both of the timers NOTE If you want to change only one of the timers for example the SPF delay timer you must specify the new value for this timer as well as the current value of the SPF ho...

Страница 222: ...te information When appendix E is supported the device generates the link state ID for a network as the following steps 1 Does an LSA with the network address as its ID already exist No Use the networ...

Страница 223: ...n RFC 3137 This feature provides a user with the ability to gracefully introduce and remove an OSPFv2 device from the network by controlling when the data traffic can start and stop flowing through th...

Страница 224: ...lliseconds will be observed If a topology change occurs during the hold time of 300 milliseconds the hold time is doubled to 600 milliseconds If a topology change event occurs during the 600 milliseco...

Страница 225: ...ghbor information are synchronized to the standby module using the NSR synchronization library and IPC mechanism to transmit and receive packets Link state database synchronization To ensure non stop...

Страница 226: ...tate 2way or full MD5 information Neighbor priority Synchronization limitations If a neighbor device is inactive for 30 seconds and if the standby module takes over in another 10 seconds the neighbor...

Страница 227: ...tly installed into the LSDB OSPFv2 distribute list A distribution list can be configured to explicitly deny specific routes from being eligible for installation in the IP route table By default all OS...

Страница 228: ...OSPFv2 database device config ip access list 100 deny ip 10 31 39 0 0 0 0 255 any device config ip access list 100 permit ip any any device config router ospf device config ospf router area 0 device c...

Страница 229: ...containing the set distance clause The other OSPFv2 route route 3 which does not match the relevant instance continues to have the default OSPFv2 administrative distance of 110 OSPFv2 route redistribu...

Страница 230: ...is 4 equal cost paths but you can specify from 2 to 8 paths On the ICX 7750 device the value range for the maximum number of load sharing paths is from 2 through 32 which is controlled by the system...

Страница 231: ...mple If the costs are the same the device now has four equal cost paths to R1 To allow the device to load share among the equal cost routes enable IP load sharing Four equal cost OSPF paths are suppor...

Страница 232: ...bps port 10 All other port speeds 1 You can change the reference bandwidth The following formula is used to calculate the cost Cost reference bandwidth interface speed If the resulting cost is less th...

Страница 233: ...Fv2 on a device Consider the following when enabling OSPFv2 on a device If a device is to operate as an ASBR you must enable the ASBR capability at the system level Redistribution must be enabled on d...

Страница 234: ...device config ospf router area 1 1 1 1 nssa 1 Configuring a summary address for the NSSA If you want the ABR that connects the NSSA to other areas to summarize the routes in the NSSA before translati...

Страница 235: ...fig router ospf device config ospf router area 40 stub 99 no summary Assigning an area range Ranges for an area can be assigned Ranges allow a specific IP address and mask to represent a range of IP a...

Страница 236: ...loopback interface to an area with the IP address of 10 5 0 0 device configure terminal device config interface loopback 2 device config lbif 2 ip ospf area 10 5 0 0 Configuring virtual links If an Ar...

Страница 237: ...outer area 1 device1 config ospf router area 1 virtual link 10 2 2 2 ABR2 device2 configure terminal device2 config router ospf device2 config ospf router area 1 device2 config ospf router area 2 devi...

Страница 238: ...e disabled on a routing device 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the router ospf command to enter OSPF router configuration m...

Страница 239: ...restart command using the helper disable keyword to disable the GR helper device config ospf router graceful restart helper disable The following example disables the GR helper device configure termin...

Страница 240: ...metric router lsa on startup 85 This example configures an OSPFv2 device to advertise a maximum metric for 85 seconds after a restart before advertising with a normal metric device configure terminal...

Страница 241: ...SPFv2 on a device If you disable OSPFv2 the device removes all the configuration information for the disabled protocol from the running configuration Moreover when you save the configuration to the st...

Страница 242: ...onfiguration mode device configure terminal 2 Enter the no router ospf command to disable OSPFv2 on the device device config no router ospf The following example disables OSPFv2 on a device device con...

Страница 243: ...Fv2 the version that IPv4 supports except for the following enhancements Support for IPv6 addresses and prefixes Ability to configure several IPv6 addresses on a device interface While OSPFv2 runs per...

Страница 244: ...eceive external link state advertisements LSAs Stub OSPFv3 devices within a stub area cannot send or receive External LSAs In addition OSPF devices in a stub area must use a default route to the area...

Страница 245: ...n to a previously configured area the device flushes all the summary LSAs it has generated as an ABR from the area NOTE Stub areas and TSAs apply only when the device is configured as an Area Border R...

Страница 246: ...e 9 For more information about these LSAs refer to RFC 5340 Virtual links All ABRs must have either a direct or indirect link to an OSPFv3 backbone area 0 or 0 0 0 0 If an ABR does not have a physical...

Страница 247: ...h the area ID value The neighbor router is the router ID IPv4 address of the router that is physically connected to the backbone when assigned from the router interface requiring a logical connection...

Страница 248: ...n any of the OSPFv3 interfaces in the transit area the virtual links in the transit area do not operate The automatically selected IPv6 global address is updated whenever the previously selected IPv6...

Страница 249: ...the device is flushed Default routes generated by other OSPFv3 devices are not affected If you re enable the default route origination the change takes effect immediately and you do not need to reload...

Страница 250: ...rative distance You can specify unique default administrative distances for the following OSPFv3 route types Intra area routes Inter area routes External routes NOTE The choice of routes within OSPFv3...

Страница 251: ...n filters to routes first and then applies them to the address ranges NOTE If you disable redistribution all the aggregate routes are flushed along with other imported routes NOTE Only imported type 5...

Страница 252: ...ed to one of the IPv6 addresses on the device or to an IPv6 multicast address Packets that are only forwarded by the line card do not receive IPsec scrutiny Brocade devices support the following compo...

Страница 253: ...ions and security policies based on certain user specified parameters Refer to the FastIron Command Reference for more information on user specified parameters The system creates a security associatio...

Страница 254: ...device device configure terminal device config ip router id 10 11 12 13 Enabling OSPFv3 When OSPFv3 is enabled on a device the device enters OSPFv3 router configuration mode Several commands can then...

Страница 255: ...en rd 100 200 4 Enter the ip router id command to specify the router ID device config vrf green ip router id 10 11 12 14 5 Enter the address family ipv6 command to enter IPv6 address family configurat...

Страница 256: ...gned by IP address device configure terminal device config ip router id 10 11 12 13 device config ipv6 router ospf device config ospf6 router area 0 device config ospf6 router area 10 1 1 1 Assigning...

Страница 257: ...fig vrf red rd 100 200 device config vrf red ip router id 10 11 12 13 device config vrf red address family ipv6 device config vrf red ipv6 device config vrf red ipv6 exit device config ipv6 router osp...

Страница 258: ...1 ipv6 ospf area 0 device config vif 1 exit device config interface ve 2 device config vif 2 ipv6 address 2001 db8 93e8 cc00 2 device config vif 2 ipv6 ospf area 1 Assigning a stub area OSPFv3 areas...

Страница 259: ...iguring virtual links If an Area Border Router ABR does not have a physical link to a backbone area a virtual link can be configured between that ABR and another device within the same area that has a...

Страница 260: ...device1 config ospf6 router area 1 device1 config ospf6 router area 1 virtual link 10 2 2 2 ABR2 device2 configure terminal device2 config ip router id 10 2 2 2 device2 config ipv6 router ospf device2...

Страница 261: ...mers The Shortest Path First SPF delay and hold time can be modified 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the ipv6 router ospf c...

Страница 262: ...default type 1 external route with a metric of 2 is created and advertised The following example creates and advertises a default route with a metric of 2 and a type 1 external route device configure...

Страница 263: ...pf6 router distance external 100 The administrative distance for external routes is changed from the default to 100 The following example changes the default administrative distances for intra area ro...

Страница 264: ...uter ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 globally device config ipv6 router ospf 3 Enter the default passive interface command to mark all interfaces passive by de...

Страница 265: ...he GR helper with strict LSA checking device configure terminal device config ipv6 router ospf device config ospf6 router graceful restart helper strict lsa checking Configuring IPsec on an OSPFv3 are...

Страница 266: ...authentication protocol you must enter the esp keyword NOTE Ensure that OSPFv3 areas are assigned All device interfaces must be assigned to one of the defined areas on an OSPFv3 router When an interfa...

Страница 267: ...link device config ospf6 router area 1 virtual link 10 1 1 1 authentication ipsec spi 512 esp sha1 no encrypt 1134567890223456789012345678901234567890 IPsec is configured on the specified virtual lin...

Страница 268: ...ow ipsec statistics IPSecurity Statistics secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs 2 secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs 2 IPSecurity Packet Statistics secEspTotalInPkts 20 ips...

Страница 269: ...ulation executed 15 times Pending outgoing LSA count 0 Authentication key rollover interval 300 seconds Number of areas in this router is 3 Router is operating as ABR Router is operating as ASBR Redis...

Страница 270: ...3 80000004 799 5b06 64 Yes 0 0 0 200 Rtr 0 192 168 98 111 800002ea 823 cb7b 56 Yes 0 0 0 200 Rtr 0 192 168 98 213 800001c7 799 8402 56 Yes 0 0 0 200 Net 1156 192 168 98 111 80000004 823 b2d2 32 Yes 0...

Страница 271: ...ge Cksum Len Sync N A Extn 2 192 168 98 71 80000258 132 a3ff 32 Yes Bits E T Metric 1 Prefix Options Referenced LSType 0 Prefix 0 Tag 1 10 The following example of the show ipv6 ospf database command...

Страница 272: ...tes 2001 192 111 42 111 Destination Cost E2Cost Tag Flags Dis IA 2001 192 111 42 111 128 1 0 0 00000007 110 Next_Hop_Router Outgoing_Interface Adv_Router fe80 768e f8ff fe3e 1800 e 4 3 1 10 168 98 111...

Страница 273: ...and to maintain loop free routing An AS is a collection of networks that share the same routing and administration characteristics For example a corporate Intranet consisting of several networks unde...

Страница 274: ...tination A BGP4 route consists of the following information Network number prefix A value made up of the network mask bits and an IP address for example 10 215 129 0 18 indicates a network mask of 18...

Страница 275: ...if BGP4 as path ignore is configured 6 If the AS path lengths are the same prefer the path with the lowest origin type From low to high route origin types are valued as follows IGP is lowest EGP is h...

Страница 276: ...the following BGP4 version Indicates the version of the protocol that is in use on the device BGP4 version 4 supports Classless Interdomain Routing CIDR and is the version most widely used in the Int...

Страница 277: ...e if a device configured to perform BGP4 routing has already sent the latest route information to peers in UPDATE messages the device does not send more UPDATE messages Instead BGP4 devices send KEEPA...

Страница 278: ...arding diminishes route flapping and provides continuous service during a system restart switchover failover or hitless OS upgrade During such events routes remain available between devices BGP4 resta...

Страница 279: ...cess operates effectively when implemented for the following processes that involve the intentional switching of the active status from one management module to another System Reload When a device und...

Страница 280: ...le failover or system reload if an incoming TCP packet contains an MD5 digest and no matching TCP session is found the device attempts to find a matching BGP4 peer based on the IP address If a BGP4 pe...

Страница 281: ...associated with ISP B changes to AS 100 If Customer C cannot or does not want to change their configuration or peering relationship with ISP B a peer with Local AS configured with the value 200 can be...

Страница 282: ...and activation for BGP4 BGP4 is disabled by default Follow the steps below to enable BGP4 1 Enable the BGP4 protocol 2 Set the local AS number NOTE You must specify the local AS number for BGP4 to be...

Страница 283: ...GP4 configuration from the startup configuration When you save the startup configuration file after disabling the protocol all of the BGP4 configuration information for the disabled protocol is remove...

Страница 284: ...ional Aggregate routes in the BGP4 route table into CIDR blocks Optional Configure the device as a BGP4 route reflector Optional Configure the device as a member of a BGP4 confederation Optional Chang...

Страница 285: ...e confederation parameters Disable or re enable load sharing Change the maximum number of load sharing paths Change other load sharing parameters Define route flap dampening parameters Add change or n...

Страница 286: ...GP4 neighbors send or receive full BGP route tables the number of BGP neighbors the memory can support is less than in configurations where the neighbors send smaller route tables Memory configuration...

Страница 287: ...owing device config ip router id 10 157 22 26 Syntax no ip router id ip addr The ip addr can be any valid unique IP address NOTE You can specify an IP address used for an interface on the Brocade devi...

Страница 288: ...communicate with a BGP4 neighbor A loopback interface adds stability to the network by working around route flap problems that can occur due to unstable links between the device and neighbors Loopbac...

Страница 289: ...list string in out remote as as number remove private as route map in out map name route reflector client send community shutdown generate rib out soft reconfiguration inbound timers keep alive num h...

Страница 290: ...ice denies the route To change the default behavior configure the last filter as permit any any NOTE The address filter must already be configured ebgp btsh enables GTSM protection for the specified n...

Страница 291: ...device should list itself as the next hop in updates sent to the specified neighbor This option is disabled by default password string specifies an MD5 password for securing sessions between the devic...

Страница 292: ...neighbor By default the device does not send the community attribute shutdown administratively shuts down the session with this neighbor Shutting down the session lets you configure the neighbor and...

Страница 293: ...PRESSED F FILTERED Prefix Next Hop Metric LocPrf Weight Status 1 10 1 44 0 24 10 2 0 1 1 101 32768 BLS AS_PATH Route is not advertised to any peers To override the summary only parameter and allow a s...

Страница 294: ...vice config bgp neighbor 10 10 200 102 password test The BGP4 configuration commands appear in the following format as a result of the show ip bgp configuration command device show ip bgp configuratio...

Страница 295: ...at the global CONFIG level of the CLI NOTE The command also displays SNMP community strings in clear text in the output of the show snmp server command Displaying neighbor information To display IPv6...

Страница 296: ...pv6 parameter clears information for ipv6 address family The vpnv4 parameter clears information for VPNV4 address family The vrf parameter clears information for a VRF instance The neighbor parameter...

Страница 297: ...To configure a peer group enter commands such as the following at the BGP4 configuration level device config bgp router neighbor PeerGroup1 peer group device config bgp router neighbor PeerGroup1 desc...

Страница 298: ...e peer group name parameter specifies the peer group name NOTE You must add the peer group before you can add neighbors to it Administratively shutting down a session with a BGP4 neighbor You can prev...

Страница 299: ...ers keep alive 30 hold time 90 Syntax no timers keep alive num hold time num For each keyword num indicates the number of seconds The Keep Alive Time can be 0 65535 The Hold Time can be 0 or 3 65535 1...

Страница 300: ...no fast external fallover Changing the maximum number of paths for BGP4 Multipath load sharing Multipath load sharing enables the device to balance traffic to a route across multiple equal cost paths...

Страница 301: ...destination the software adds the additional path to the BGP4 route table and the IP route table Changing the maximum number of shared BGP4 paths To change the maximum number of BGP4 shared paths ente...

Страница 302: ...config bgp maximum paths ebgp Syntax no maximum paths ebgp num The number variable specifies the number of equal cost multipath EBGP routes that will be selected The range is 2 to 8 If the value is s...

Страница 303: ...s the local preference Local preference indicates a degree of preference for a route relative to other routes BGP4 neighbors can send the local preference value as an attribute of a route in an UPDATE...

Страница 304: ...path or a static route path By default the software performs only one lookup for the next hop IP address for the BGP4 route If the next hop lookup does not result in a valid next hop IP address or th...

Страница 305: ...considered unreachable by the device The IP route table entry for the next hop gateway for the BGP4 route s next hop gateway 10 0 0 1 24 is shown here device show ip route 10 0 0 1 Total number of IP...

Страница 306: ...10 0 0 0 255 255 255 0 0 0 0 0 1 1 1 1 D AS_PATH 65001 4355 1 1 This lookup results in an IGP route that is a directly connected route As a result the BGP4 route destination is now reachable through...

Страница 307: ...r a command such as the following device config bgp router distance 200 200 200 Syntax no distance external distance internal distance local distance The external distance sets the EBGP distance and c...

Страница 308: ...ommand output to show what you have actually configured The following example shows a running configuration with the first as enforcement items for global peer group and neighbor in bold device config...

Страница 309: ...AS information in the paths For example if the device receives UPDATES for the same route from neighbors in three autonomous systems the device can compare the MEDs of all the paths together instead...

Страница 310: ...n cluster All members of the cluster must be in the same AS The cluster ID can be any number from 1 4294967295 or an IP address The default is the device ID expressed as a 32 bit number NOTE If the cl...

Страница 311: ...D attribute value that is the same as the ID of the device the device discards the route and does not advertise it By discarding the route the device prevents a routing loop The first time a route is...

Страница 312: ...n is not required between clients If you need to disable route reflection between clients enter the no client to client reflection command When this feature is disabled route reflection does not occur...

Страница 313: ...through 65535 These are private autonomous system numbers and BGP4 devices do not propagate these AS numbers to the Internet FIGURE 30 Example BGP4 confederation In this example four devices are confi...

Страница 314: ...ier 10 deviceA config bgp router confederation peers 64512 64513 deviceA config bgp router write memory Syntax no local as num The num parameter with the local as command indicates the AS number for t...

Страница 315: ...10 157 24 0 24 enter the following command device config bgp aggregate address 10 157 0 0 255 255 0 0 Syntax no aggregate address ip addr ip mask as set summary only suppress map map name advertise m...

Страница 316: ...graceful restart Syntax no graceful restart Configuring timers for BGP4 Restart optional You can optionally configure the following timers to change their values from the default values Restart Timer...

Страница 317: ...time 900 Syntax no graceful restart purge time seconds The seconds variable sets the maximum time before a restarting device cleans up stale routes Possible values are 1 3600 seconds The default value...

Страница 318: ...address to an unused network address 10 199 1 1 3 Set the local preference to a value higher than any possible internal or external local preference 50 4 Complete the route map by setting origin to I...

Страница 319: ...as 100 device config bgp router redistribute static route map blockuser device config bgp router exit The following configuration defines the specific next hop address and sets the local preference to...

Страница 320: ...t Cost Type 1 10 0 0 40 29 DIRECT eth 1 3 7 1 1 S 2 10 0 0 192 27 DIRECT eth 1 3 7 1 1 S 3 10 0 14 0 23 DIRECT eth 1 3 7 1 1 S device Device 1 and 2 Show ip route static output for device 1 and device...

Страница 321: ...ble redistribution of all OSPF routes and directly attached routes into BGP4 enter the following commands device config router bgp device config bgp router redistribute ospf device config bgp router r...

Страница 322: ...tributing OSPF external routes To configure the device to redistribute OSPF external type 1 routes enter the following command device config bgp router redistribute ospf match external1 Syntax no redi...

Страница 323: ...le the device to redistribute BGP4 routes into OSPF and RIP enter the following command device config bgp router bgp redistribute internal Syntax no bgp redistribute internal To disable redistribution...

Страница 324: ...his ACL To configure the AS path match clauses in a route map use the match as path command The regular expression parameter specifies the AS path information you want to permit or deny to routes that...

Страница 325: ...ing For example the following regular expression matches on an AS path that begins with 3 3 A dollar sign matches on the end of an input string For example the following regular expression matches on...

Страница 326: ...ckslash as a string character enter two slashes For example to filter on AS path strings containing a backslash enter the backslash portion of the regular expression as device config bgp router ip as...

Страница 327: ...mber internet The Internet community no export The community of sub autonomous systems within a confederation Routes with this community can be exported to other sub autonomous systems within the same...

Страница 328: ...value or le value you specify must meet the following condition length ge value le value 81 If you do not specify ge ge value or le le value the prefix list matches only on the exact network prefix yo...

Страница 329: ...ast match statement in the last instance of the route map to permit any any If there is no match statement the software considers the route to be a match For route maps that contain address filters AS...

Страница 330: ...t the device applies the match and set clauses associated with this route map instance The num parameter specifies the instance of the route map you are defining To delete a route map enter a command...

Страница 331: ...e to the specified value The tagtag value parameter compares the route tag to the specified tag value The protocol bgp static network parameter matches on BGP4 static network routes The protocol bgp e...

Страница 332: ...ing Syntax no match ip next hop prefix list name The string parameter with the first command specifies an IP ACL and can be a number from 1 through 199 or the ACL name if it is a named ACL To configur...

Страница 333: ...tches However a route containing communities 23 45 57 68 and 12 34 or communities 23 45 57 68 12 34 and no export does not match To match the route communities must be the same as those in exactly one...

Страница 334: ...ic type type 1 type 2 external metric type internal next hop ip addr origin igp incomplete tag weight num The as path prependnum num parameter adds the specified AS numbers to the front of the AS path...

Страница 335: ...e IP route table instead of changing the value in the BGP4 route table The weight num parameter sets the weight for the route The range for the weight value is 0 through 4294967295 Setting a BGP4 rout...

Страница 336: ...mmunity list ACL Using a table map to set the tag value Route maps that contain set statements change values in routes when the routes are accepted by the route map For inbound route maps route maps t...

Страница 337: ...the neighbor to receive ORFs from the neighbor or both The neighbor uses the ORFs you send as outbound filters when it sends routes to the device Likewise the device uses the ORFs it receives from the...

Страница 338: ...end the current session but sends the prefix list to the neighbor in the next route refresh message NOTE Make sure cooperative filtering is enabled on the device and on the neighbor before you send th...

Страница 339: ...autonomous system numbers AS4s AS4s are supported by default You can specify and view AS4s by default and using the enable facility described in this section However not all devices in a network are a...

Страница 340: ...enabling AS4s for a neighbor or a peer group you can also use the combination of the capability keyword and the optional enable or disable keyword to disable this feature in a specific case where the...

Страница 341: ...e local AS number The local autonomous system number ASN identifies the autonomous system where the BGP4 device resides Normally AS4s are sent only to a device peer group or neighbor that is similarly...

Страница 342: ...from the neighbor or the routes sent to the neighbor If you do not specify in or out the device performs a soft refresh in both options soft in performs one of the following actions on inbound routes...

Страница 343: ...following command sequences show how to enable the different notations for AS4s and how these notations appear in the output display To see ASNs in asplain use the show ip bgp command device config s...

Страница 344: ...attribute length 3 entire AS4_PATH ignored Attribute flag error ignore the AS4_PATH SYSLOG Sep 9 19 02 03 11 mu2 BGP From Peer 192 168 1 1 received invalid AS4_PATH attribute flag 0x40 entire AS4_PAT...

Страница 345: ...s Reuse threshold Specifies the minimum penalty a route can have and still be suppressed by the device If the route penalty falls below this value the device un suppresses the route and can use it aga...

Страница 346: ...ap that explicitly enables dampening Use a set clause within the route map to enable dampening When you associate this route map with a specific neighbor the route map enables dampening for all routes...

Страница 347: ...and clearing route flap dampening statistics The software provides many options for displaying and clearing route flap statistics Displaying route flap dampening statistics To display route dampening...

Страница 348: ...he device Flaps The number of flaps the route has experienced Since The amount of time since the first flap of this route Reuse The amount of time remaining until this route will be un suppressed and...

Страница 349: ...ou to select a sub address family which is the type of routes for the configuration Specify unicast routes TABLE 49 IPv4 BGP4 commands for different configuration levels Command Global iPv4 and IPv6 I...

Страница 350: ...xit an address family configuration level enter the following command device config bgp exit address family device config bgp Syntax no exit address family BGP route reflector A BGP device selects a p...

Страница 351: ...ries for Interior Gateway Protocol IGP routes because the IGP routes are required by BGP4 to resolve BGP4 next hop entries If the RTM is not able to reserve enough entries for IGP routes BGP4 RIB rout...

Страница 352: ...ame number of preferred BGP4 routes will be reinstalled in the RTM 4 Perform the following step to exit the BGP4 unicast family configuration device config bgp ipv4u exit address family Syntax exit ad...

Страница 353: ...nd the BGP4 route is now considered the best BGP4 route even though the route is not installed in the RTM Because the rib route limit command was configured to allow for only 300 000 routes in the RTM...

Страница 354: ...or and if configured apply maxas limit in in the following order 1 Neighbor value 2 Peer group value 3 Global value In a case where a neighbor has no maximum AS limit a peer group has a value of 3 con...

Страница 355: ..._CONFED_SET 4 1 2 3 AS_CONFED_SEQUENCE 3 4 AS_SET 1 5 6 7 AS_SEQ 2 8 9 attribute length 9 Exceeded internal memory limit NOTE The device generates a log message one time every two minutes Because of t...

Страница 356: ...4 network route and the BGP4 static network route are mutually exclusive They cannot be configured with the same prefix and mask When you configure a route using the static network command BGP4 automa...

Страница 357: ...r group If you specify a neighbor IP address you are configuring that individual neighbor If you specify a peer group name you are configuring a peer group Dynamic route filter update Routing protocol...

Страница 358: ...propriate steps are taken to apply the new or updated filter to existing routes Filter update delay and BGP The filter changes update delay command applies remove only to changes of filters that are a...

Страница 359: ...ig bgp router neighbor 192 168 9 210 ebgp btsh Syntax no neighbor ip addr peer group name ebgp btsh NOTE For GTSM protection to work properly it must be enabled on both the device and the neighbor Dis...

Страница 360: ...of the confederation in which the device resides Confederation Peers The numbers of the local autonomous systems contained in the confederation This list matches the confederation peer list you config...

Страница 361: ...how ip bgp neighborip addr command the TCP receiver queue value will be greater than 0 indicates that the session has gone down and the software is clearing or removing routes indicates that the inbou...

Страница 362: ...ltihop neighbor 10 102 1 1 update source loopback 1 neighbor 192 168 2 1 remote as 100 neighbor 10 200 2 2 remote as 400 neighbor 2001 db8 1 1 remote as 200 neighbor 2001 db8 1 2 remote as 400 neighbo...

Страница 363: ...vice accepted and installed in the BGP4 route table Filtered or Kept Number of routes that were filtered out but were retained in memory for use by the soft reconfiguration feature Filtered Number of...

Страница 364: ...for Statistics for the times the device has run out of BGP4 memory for the neighbor during the current BGP4 session Receiving Update Messages The number of times UPDATE messages were discarded because...

Страница 365: ...e neighbor These fields are described in detail in section 3 2 of RFC 793 Transmission Control Protocol Functional Specification Syntax show ip bgp neighbors ip addr advertised routes detail ip add ma...

Страница 366: ...IP Address The IP address of the neighbor AS The AS the neighbor is in EBGP or IBGP Whether the neighbor session is an IBGP session an EBGP session or a confederation EBGP session EBGP The neighbor i...

Страница 367: ...ghbor before deciding that the neighbor is not operational PeerGroup The name of the peer group the neighbor is in if applicable Multihop EBGP Whether this option is enabled for the neighbor RouteRefl...

Страница 368: ...Identifier Unsupported Optional Parameter Authentication Failure Unacceptable Hold Time Unsupported Capability UPDATE Message Error Malformed Attribute List Unrecognized Well known Attribute Missing...

Страница 369: ...work Field Malformed AS Path Unspecified Hold Timer Expired Finite State Machine Error Cease Unspecified Notification Received Refer to details for the field Notification Sent TCP Connection state The...

Страница 370: ...at the device retransmitted because they were not acknowledged UnAckSeq The current acknowledged sequence number IRcvSeq The initial receive sequence number for the session RcvNext The next sequence n...

Страница 371: ...prefix For information about the fields in this display refer to Displaying summary route information on page 372 The fields in this display also appear in the show ip bgp display Displaying the best...

Страница 372: ...following at the Privileged EXEC level of the CLI device show ip bgp peer group STR 1 BGP peer group is STR Address family IPV4 Unicast activate Address family IPV4 Multicast no activate Address famil...

Страница 373: ...table that are EBGP routes Displaying VRF instance information To display VRF instance information enter a command such as the following at the Privileged EXEC level of the CLI device show ip bgp vrf...

Страница 374: ...ameter filters the display using the specified community ACL The community list option lets you display routes that match a specific community filter The detail option lets you display more details ab...

Страница 375: ...any level of the CLI device show ip bgp routes not installed best Searching for matching routes use C to quit Status A AGGREGATE B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I...

Страница 376: ...H S SUPPRESSED F FILTERED s STALE Prefix Next Hop MED LocPrf Weight Status 1 10 3 4 0 24 192 168 4 106 100 0 BE AS_PATH 65001 4355 1 1221 Last update to IP routing table 0h12m1s 1 path s installed Gat...

Страница 377: ...received from the neighbor are the best BGP4 routes to their destinations but were not installed in the IP route table because the device received better routes from other sources such as OSPF RIP or...

Страница 378: ...The network prefix and mask length Status The route status which can be one or more of the following A AGGREGATE The route is an aggregate route for multiple networks B BEST BGP4 has determined that t...

Страница 379: ...route IGP is preferred over EGP and both are preferred over INCOMPLETE Weight The value this device associates with routes from a specific neighbor For example if the device receives routes to the sam...

Страница 380: ...4 route table Next Hop The IP address of the next hop device for routes that have this set of attributes Metric The cost of the routes that have this set of attributes Origin The source of the route i...

Страница 381: ...5 0 0 0 192 168 13 2 1 1 1 0 B 10 0 1 1 255 255 128 0 192 168 13 2 1 1 1 0 B 10 1 0 0 255 255 0 0 0 0 0 0 1 1 1 1 D 10 10 11 0 255 255 255 0 0 0 0 0 1 2 24 1 D 10 2 97 0 255 255 255 0 192 168 13 2 1 1...

Страница 382: ...best route among those in the BGP4 route table to the route destination d This route is currently dampened and thus unusable h The route has a history of flapping and is unreachable now The route has...

Страница 383: ...ved GracefulRestartCapability Received Restart Time 120 sec Restart bit 0 afi safi 1 1 Forwarding bit 0 GracefulRestartCapability Sent Restart Time 120 sec Restart bit 0 afi safi 1 1 Forwarding bit 1...

Страница 384: ...As path attribute count 1 Outbound Policy Group ID 1 Use Count 1 TCP Connection state ESTABLISHED flags 00000044 0 0 Maximum segment size 1460 TTL check 0 value 0 rcvd 64 Byte Sent 148 Received 203 Lo...

Страница 385: ...e from the neighbor the state changes to ESTABLISHED If the message is a Notification the state changes to IDLE ESTABLISHED BGP4 is ready to exchange Update messages with the neighbor If there is more...

Страница 386: ...ngth Error Invalid ORIGIN Attribute Invalid NEXT_HOP Attribute Last Connection Reset Reason continued Reasons described in the BGP specifications continued Optional Attribute Error Invalid Network Fie...

Страница 387: ...t capability Peer negotiated IPV6 unicast capability Peer configured for IPV4 unicast routes Peer configured for IPV6 unicast routes Neighbor AS4 Capability Negotiation Shows the state of the device s...

Страница 388: ...BGP4 TCP session with the neighbor Remote host Shows the IPv4 address of the neighbor Remote port Shows the TCP port the neighbor is using for the BGP4 TCP session with the device ISentSeq Shows the i...

Страница 389: ...configuration AS4s appear in the display of a running configuration as shown device show ip bgp config Current BGP configuration router bgp local as 7701000 confederation identifier 120000 confederati...

Страница 390: ...or You also can clear and reset the BGP4 routes that have been installed in the IP route table Using soft reconfiguration The soft reconfiguration feature applies policy changes without resetting the...

Страница 391: ...device show ip bgp filtered routes Searching for matching routes use C to quit Status A AGGREGATE B BEST b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH m NOT I...

Страница 392: ...b NOT INSTALLED BEST C CONFED_EBGP D DAMPED E EBGP H HISTORY I IBGP L LOCAL M MULTIPATH S SUPPRESSED F FILTERED Prefix Next Hop MED LocPrf Weight Status 1 10 3 0 0 8 192 168 4 106 100 0 BE AS_PATH 650...

Страница 393: ...routes affected by the new or changed filters to the neighbor The soft in and soft out parameters specify whether you want to refresh the routes received from the neighbor or sent to the neighbor sof...

Страница 394: ...nder Refresh Req indicate how many dynamic refreshes have been sent to and received from the neighbor The statistic is cumulative across sessions device config bgp show ip bgp neighbor 10 4 0 2 1 IP A...

Страница 395: ...llowing command device clear ip bgp neighbor all Syntax clear ip bgp neighbor all ip addr peer group name as num soft outbound soft in out The all ip addr peer group name and as num parameters specify...

Страница 396: ...hbors If you clear the buffer containing the first 400 bytes of the last packet that contained errors all the bytes are changed to zeros The Last Connection Reset Reason field of the BGP4 neighbor tab...

Страница 397: ...es NOTE The implementation of BGP4 supports the advertising of routes among different address families However it supports BGP4 unicast routes only it does not currently support BGP4 multicast routes...

Страница 398: ...tion level provides access to commands that allow you to configure BGP4 unicast routes The commands that you enter at this level apply only to the IPv6 unicast address family BGP4 supports the IPv6 ad...

Страница 399: ...n also be configured using a global address The global IPv6 address of a neighbor in a remote AS must be added and the neighbor should be activated in the IPv6 address family configuration mode using...

Страница 400: ...ateway If this second lookup results in an IGP path the software considers the BGP4 route to be valid and adds it to the IPv6 route table Otherwise the device performs another lookup on the next hop I...

Страница 401: ...re not in the RTM using the always propagate command BGP4 route aggregation A device can be configured to aggregate routes in a range of networks into a single IPv6 prefix By default a device advertis...

Страница 402: ...t a prefix list from a neighbor and apply the prefix list to locally configured ORFs The local peer exchanges the ORF capability in send mode with a remote peer for a prefix list that is configured as...

Страница 403: ...eful restart GR allows for restarts where neighboring devices participate in the restart helping to ensure that no route and topology changes occur in the network for the duration of the restart The G...

Страница 404: ...config bgp ipv6u neighbor 2001 db8 93e8 cc00 1 activate The following example configures a neighbor using a global IPv6 address device configure terminal device config router bgp device config bgp ro...

Страница 405: ...ing example configures a neighbor using a link local address and configures a route map to set up a global next hop for packets destined for the neighbor device configure terminal device config router...

Страница 406: ...s the peer group device configure terminal device config router bgp device config bgp router local as 1000 device config bgp router neighbor mypeergroup1 peer group device config bgp router neighbor m...

Страница 407: ...device config bgp router neighbor 10 0 0 1 peer group p1 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor p1 activate Importing routes into BGP4 Routes can be expl...

Страница 408: ...he local BGP4 route table device configure terminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u default information originate Advertising the...

Страница 409: ...le BGP routing device config router bgp 3 Enter the address family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode device config bgp router address fa...

Страница 410: ...4 Enter the cluster id command and specify a value to change the cluster ID of a device from the default device ID device config bgp router cluster id 321 The following example changes the cluster ID...

Страница 411: ...mode device configure terminal 2 Enter the router bgp command to enable BGP routing device config router bgp 3 Enter the address family command and specify the ipv6 and unicast keywords to enter IPv6...

Страница 412: ...terminal device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u maximum paths use load sharing Configuring a route map for BGP4 prefixes Route maps can...

Страница 413: ...prefixlist seq 10 permit 2001 db8 32 device config route map myroutemap permit 10 device config route map myroutemap match ipv6 address prefix list myprefixlist device config route map myroutemap exit...

Страница 414: ...pecify the in keyword to filter the incoming route updates from a specified BGP neighbor device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 prefix list myprefixlist in 6 Do one of the following Ent...

Страница 415: ...gp command to enable BGP routing device config router bgp 3 Enter the local as command to configure the autonomous system number ASN in which your device resides device config bgp router local as 6552...

Страница 416: ...a BGP community ACL and sets the BGP community attributes in a route map instance device configure terminal device config ip community list extended 1 permit 1 2 23 device config route map ComRmap per...

Страница 417: ...device config bgp ipv6u neighbor fe80 4398 ab30 45de 1 route map in ComRmap 13 Enter the neighbor ipv6 address send community command to enable the sending of standard and extended attributes in updat...

Страница 418: ...ts neighbors and peers when it is performing a restart 1 Enter the configure terminal command to access global configuration mode device configure terminal 2 Enter the router bgp command to enable BGP...

Страница 419: ...bgp device config bgp router local as 1 device config bgp router neighbor 1000 1 remote as 2 device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 1000 1 activate devi...

Страница 420: ...device config router bgp device config bgp router address family ipv6 unicast device config bgp ipv6u neighbor 2001 db8 e0ff 783a 4 allowas in 3 Displaying BGP4 statistics Various show ipv6 bgp comman...

Страница 421: ...egmentNum 0 Neighboring As 0 Source As 0 Address 0x1205c7cc Hash 365 0x01000000 Links 0x00000000 0x00000000 Reference Counts 1 0 1 Magic 2 This example shows information about two route attribute entr...

Страница 422: ...000 3 22 abc 1 0 8 128 2001 700 122 57 57 100 0 BE AS_PATH 7000 322 6 57 7000 3 22 abc 1 0 a 128 2001 700 122 57 57 100 0 BE AS_PATH 7000 322 This example shows general BGP4 route information 5 Enter...

Страница 423: ...o not have to be entered in this order 1 Enter the show ipv6 bgp neighbors command device show ipv6 bgp neighbors Total number of BGP Neighbors 2 IP Address 2001 1 AS 2 EBGP RouterID 192 0 0 1 VRF def...

Страница 424: ...d device show ipv6 bgp neighbor last packet with error Total number of BGP Neighbors 67 1 IP Address 153 2 Last error BGP4 0 bytes hex dump of packet that contains error This example shows information...

Страница 425: ...tes The clear ipv6 bgp dampening command is entered to reactivate all suppressed BGP4 routes The show ipv6 bgp dampened paths command is re entered to verify that the suppressed BGP4 routes have been...

Страница 426: ...hat there are no suppressed routes device config bgp router exit device config exit device show ipv6 bgp dampened paths device clear ipv6 bgp dampening device show ipv6 bgp dampened paths Configuring...

Страница 427: ...ndancy Protocol VRRP is an election protocol that provides redundancy to routers within a Local Area Network LAN VRRP was designed to eliminate a single point of failure in a static default route envi...

Страница 428: ...works reconfiguring default gateways is impractical Configuring a VRRP virtual router on Router 1 and Router 2 provides a redundant path for the hosts VRRP allows you to provide alternate router paths...

Страница 429: ...ress The device on which the virtual IP address is assigned becomes the VRRP owner and this device responds to packets addressed to any of the IP addresses in the virtual router group The owner device...

Страница 430: ...available the backup router with the highest priority a configurable value becomes the new master By default routers are given a priority of 100 VRRP hold timer The hold timer delays the preemption of...

Страница 431: ...terfaces do not use authentication neither does VRRP For example if you configure your device interfaces to use a simple password to authenticate traffic VRRP uses the same simple password and VRRP pa...

Страница 432: ...l packets are IP type 112 reserved for VRRP and they are sent to the VRRP multicast address 224 0 0 18 VRRP E Control packets are UDP packets destined to port 8888 and they are sent to the all router...

Страница 433: ...vrrp 3 Configure the Ethernet interface link for Router 1 device config interface ethernet 1 1 6 4 Configure the IP address of the interface device config if e1000 1 1 6 ip address 10 53 5 1 24 5 Assi...

Страница 434: ...y device that is designated as a backup VRRP device For each VRRP virtual routing instance there is one master device and all other devices are backups For example Router 2 in Figure 34 on page 433 is...

Страница 435: ...inal device config router vrrp device config interface ethernet 1 1 5 device config if e1000 1 1 5 ip address 10 53 5 3 24 device config if e1000 1 1 5 ip vrrp vrid 1 device config if e1000 1 1 5 vrid...

Страница 436: ...pe is simple text authentication A show running config command with appropriate parameters will actually display the password The output verifies the type of authentication Configuring MD5 authenticat...

Страница 437: ...example enables MD5 authentication on Ethernet interface 1 1 6 and verifies the authentication type device configure terminal device config router vrrp device config interface ethernet 1 1 6 device co...

Страница 438: ...ssociated with the VRID device config if e1000 1 1 6 vrid 1 owner priority 99 6 Verify the abdication of the master device using the show ip vrrp command device config if e1000 1 1 6 vrid 1 show ip vr...

Страница 439: ...the interface For VRRP if the interface goes down the device priority is set to the priority value and another backup device with a higher priority assumes the role of master For VRRP E if the interfa...

Страница 440: ...e assumes the role of the master device regardless of the setting for the preempt parameter In VRRP E preemption is disabled by default In situations where a new backup device is to be added with a hi...

Страница 441: ...ets destined for the IPv4 or IPv6 VRID addresses Troubleshooting network connections to the VRRP nonowner master device is difficult unless accept mode is enabled NOTE The accept mode functionality en...

Страница 442: ...vrid 1 accept mode 8 Exit configuration mode and return to privileged EXEC mode device conf if e1000 1 1 5 vrid 1 end 9 Verify that accept mode is enabled device show ip vrrp vrid 1 Interface 1 1 5 au...

Страница 443: ...ng example suppresses RIP advertisements for the backed up interface device configure terminal device config router rip device config rip router use vrrp path VRRP Ev2 overview VRRP Extended VRRP E is...

Страница 444: ...onfigured for the same virtual router ID VRID must be on the same subnet device config if e1000 1 1 5 ip address 10 53 5 3 24 5 Assign the device to VRID 1 device config if e1000 1 1 5 ip vrrp extende...

Страница 445: ...rt path forwarding The VRRP E Extension for Server Virtualization feature allows Brocade devices to bypass the VRRP E master router and directly forward packets to their destination through interfaces...

Страница 446: ...l servers between Host Server 1 and Host Server 2 Short path forwarding with revert priority Revert priority is used to dynamically enable or disable VRRP E short path forwarding If short path forward...

Страница 447: ...RP E virtual router ID to the device device config vif 10 ip vrrp extended vrid 5 In this example VRRP E group configuration mode is entered 6 Enter the backup command with a priority value to configu...

Страница 448: ...ent tracked port up state changes NOTE If you change the backup priority of a VRRP E backup router to be higher than the priority of the original master device the slow start timer will not work The o...

Страница 449: ...ure your network with Layer 3 protocols using OSPF and RIP 1 On Router B and Router C in the diagram apply the example configurations 2 The software selects Router C as the master VRRP E device becaus...

Страница 450: ...rwarding activate Displaying VRRPv2 information Various show commands can be used to display statistical and summary information about VRRP and VRRP E configurations Before displaying VRRP information...

Страница 451: ...h invalid authentication type 0 received packets with authentication type mismatch 0 received packets with authentication failures 0 received packets dropped by owner 0 received packets with ttl error...

Страница 452: ...e show ip vrrp statistics ethernet 1 1 5 Interface 1 1 5 VRID 2 number of transitions to backup state 0 number of transitions to master state 0 total number of vrrp packets received 0 received backup...

Страница 453: ...nd it also supports IPv4 addresses for dual stack networks configured with VRRP or VRRP E VRRPv3 is compliant with RFC 5798 The benefit of implementing VRRPv3 is faster switchover to backup devices th...

Страница 454: ...ice config ipv6 unicast routing 3 Globally enable IPv6 VRRP device config ipv6 router vrrp 4 Configure the Ethernet interface link for the owner device device config ipv6 vrrp router interface etherne...

Страница 455: ...When implementing IPv6 VRRPv3 across a network with devices from other vendors be aware of a potential interoperability issue Brocade has implemented IPv6 VRRPv3 functionality to comply with RFC 5798...

Страница 456: ...nfig if e1000 1 1 4 vrid 2 ipv6 address fe80 768e f8ff fe2a 0099 device config if e1000 1 1 4 vrid 2 ipv6 address fd2b 2 device config if e1000 1 1 4 vrid 2 activate Enabling an IPv4 VRRPv3 owner devi...

Страница 457: ...g Enabling an IPv4 VRRPv3 backup device VRRPv3 supports IPv4 sessions as well as IPv6 sessions To configure a VRRPv3 session for IPv4 assign a virtual router group with the VRRP version set to 3 This...

Страница 458: ...if e1000 1 1 5 vrid 1 version 3 device config if e1000 1 1 5 vrid 1 ip address 10 53 5 1 device config if e1000 1 1 5 vrid 1 activate VRRP router 1 for this interface is activating Tracked ports and...

Страница 459: ...6 vrid 1 track port ethernet 1 2 4 priority 20 The priority value is used when a tracked port goes down and the new priority is set to this value Ensure that the priority value is lower than the prior...

Страница 460: ...able VRRP device config router vrrp 3 Configure the Ethernet interface link device config interface ethernet 1 1 5 4 Configure the IP address of the interface All devices configured for the same virtu...

Страница 461: ...new checksum method for both IPv4 and IPv6 sessions and this version 3 checksum computation is enabled by default To accommodate third party devices that still use a VRRPv2 style checksum for IPv4 VRR...

Страница 462: ...n a Brocade device device configure terminal device config router vrrp device config interface ethernet 1 2 4 device config if e1000 1 2 4 ip vrrp vrid 14 device config if e1000 1 2 4 vrid 14 version...

Страница 463: ...erface When IPv6 link local address auto generation is configured for IPv6 VRRP a virtual IPv6 link local address is generated automatically using the EUI 64 result of the virtual MAC address The virt...

Страница 464: ...nfigure the global IPv6 address of the interface device config vif 3 ipv6 address fd3b 3 64 5 Assign the device to virtual router ID VRID 2 device config vif 3 ipv6 vrrp vrid 2 NOTE You can assign a V...

Страница 465: ...nd to display IPv6 VRRPv3 configuration information device config show ipv6 vrrp Total number of VRRP routers defined 1 Interface 1 1 3 auth type no authentication VRID 13 index 2 interface 1 1 3 stat...

Страница 466: ...0 received proxy neighbor solicitation packets dropped 0 received ipv6 packets dropped 0 Clearing VRRPv3 statistics VRRPv3 session counters can be cleared using a CLI command Ensure that VRRPv3 is co...

Страница 467: ...3 device config ipv6 router vrrp extended 3 Configure the Ethernet interface link device config ipv6 vrrpe router interface ethernet 1 1 7 4 Configure the IPv6 address of the interface All devices con...

Страница 468: ...config if e1000 1 1 7 vrid 4 activate VRRP E router 4 for this interface is activating Displaying and clearing VRRP Ev3 statistics Several show commands can display statistical information about IPv6...

Страница 469: ...al mac dddd eeee ffff configured priority 100 current priority 100 track priority 5 hello interval 1 sec backup hello interval 60 sec advertise backup disabled dead interval 0 ms preempt mode true vir...

Страница 470: ...Brocade FastIron Layer 3 Routing Configuration Guide 470 53 1003903 04...

Страница 471: ...s an input customer interface to a unique VPN instance The router maintains a different VRF table for each VPN instance on that PE router Multiple input interfaces may also be associated with the same...

Страница 472: ...with different VRFs Virtual interfaces Loopback interfaces Tunnel interfaces The tunnel can belong to any user defined VRF but the tunnel source and tunnel destination are restricted to the default VR...

Страница 473: ...ble lists commands that configure system max values at the global level TABLE 60 Commands for configuring system max values Command Description ip vrf Configures maximum VRF instances supported by the...

Страница 474: ...ecause the device does not support VRF The following table provides relevant values for the ICX 7250 TABLE 63 Configuration limits for ICX 7250 devices Configuration Min Default Max ip route 4096 1200...

Страница 475: ...stem max ip route default vrf 9000 system max ip6 route default vrf 5120 system max ip route vrf 500 system max ip6 route vrf 500 Additional features to support Multi VRF In addition to basic features...

Страница 476: ...fer to the FastIron Ethernet Switch Security Configuration Guide DHCP snooping Dynamic Host Configuration Protocol DHCP snooping enables a Brocade device to filter untrusted DHCP IPv4 or IPv6 packets...

Страница 477: ...5120 100 100 device config 2 Change the maximum number of routes save the configuration and reload the device device config system max ip route default vrf 10000 Total max configured ipv4 routes are...

Страница 478: ...ecure device config vlan 10 tagged e 1 1 1 3 Repeat the previous step on the corresponding interface on the peer device Configuring a VRF instance Do the following to configure a VRF instance A device...

Страница 479: ...onfigured 2 Status Codes A active D pending deletion I inactive Name Default RD vrf v4 v6 Routes Interfaces corporate 11 11 A A I 0 guest 10 10 A A I 0 Total number of IPv4 unicast route for all non d...

Страница 480: ...on this interface have been removed have been removed 4 Configure an IPv4 address and mask on the VE interface device config vif 10 ip address 192 168 1 254 24 5 Enable OSPF Area 0 device config vif...

Страница 481: ...as in the following example device show vrf green VRF green default RD 1 1 Table ID 1 IP Router Id 1 1 1 1 Interfaces ve111 ve211 ve311 ve1116 ve2115 Address Family IPv4 Max Routes 5500 Number of Unic...

Страница 482: ...will be removed from port 1 7 1 The port will be returned to default VRF To delete an IPv4 or IPv6 address family from a VRF instance use the no form of the address family command All configuration r...

Страница 483: ...mand configured a router does not respond to ARP requests for IP addresses in the same subnet as the incoming ports The local proxy arp command permits the router to respond to ARP requests for IP add...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды