manualshive.com logo in svg

H3C S5500-EI series, Руководство по настройке

Поделиться
Скачать
H3C S5500-EI series Скачать руководство пользователя страница 289

 

272 

Applying IPsec policies for RIPng 

To protect routing information and defend attacks, RIPng supports using an IPsec policy to authenticate 

protocol packets.  
Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A 

device uses the SPI carried in a received packet to match against the configured IPsec policy. If they 

match, the device accepts the packet; otherwise, it discards the packet and will not establish a neighbor 

relationship with the sending device.   
You can configure an IPsec policy for a RIPng process or interface. The IPsec policy configured for a 

process applies to all packets in the process. The IPsec policy configured on an interface applies to 
packets on the interface. If an interface and its process each have an IPsec policy configured, the 

interface uses its own IPsec policy.  

Configuration prerequisites 

Before applying an IPsec policy for RIPng, complete following tasks: 

 

Create an IPsec proposal 

 

Create an IPsec policy 

For more information about IPsec policy configuration, see 

Security Configuration Guide

.  

Configuration procedure 

Follow these steps to apply an IPsec policy in a process: 

To do… 

Use the command… 

Remarks 

Enter system view 

system-view 

 

Enter RIPng view  

ripng 

process-id

 ]

 

 

Apply an IPsec policy in the process 

enable ipsec-policy

 

policy-name

 

Required 
Not configured by default 

 

Follow these steps to apply an IPsec policy on an interface: 

To do… 

Use the command… 

Remarks 

Enter system view 

system-view 

 

Enter interface view 

interface

 

interface-type 

interface-number

 

 

Apply an IPsec policy on the 
interface 

ripng ipsec-policy

 

policy-name

 

Required 
Not configured by default 

 

 

NOTE: 

An IPsec policy used for RIPng can only be in manual mode. For more information, see 

Security 

Configuration Guide. 

 

Содержание S5500-EI series

Страница 1: ...H3C S5500 EI S5500 SI Switch Series Layer 3 IP Routing Configuration Guide Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 2210 Document version 6W100 20110915...

Страница 2: ...re Secware Storware NQA VVG V2 G Vn G PSPT XGbus N Bus TiGem InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the...

Страница 3: ...ntions About the S5500 EI S5500 SI documentation set Obtaining documentation Technical support Documentation feedback Audience This documentation is intended for Network planners Field technical suppo...

Страница 4: ...n this documentation set Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that y...

Страница 5: ...ric network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a route...

Страница 6: ...es and configuration procedures Command references Provide a quick reference to all available commands Operations and maintenance H3C Series Ethernet Switches Login Password Recovery Manual Helps you...

Страница 7: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...

Страница 8: ...ples 12 Basic static route configuration example 12 Static route FRR configuration example 14 BFD for static routes configuration example direct session 16 BFD for static routes configuration example...

Страница 9: ...tion in BFD echo packet mode 48 Configuring BFD for RIP bidirectional detection in BFD control packet mode 51 Troubleshooting RIP 54 No RIP updates received 54 Route oscillation occurred 54 OSPF confi...

Страница 10: ...2 Enabling message logging 93 Enabling the advertisement and reception of opaque LSAs 93 Configuring OSPF to give priority to receiving and processing hello packets 93 Configuring the LSU transmit rat...

Страница 11: ...e IS IS hello multiplier 153 Configuring a DIS priority for an interface 153 Disabling an interface from sending or receiving IS IS packets 154 Enabling an interface to send small hello packets 154 Co...

Страница 12: ...group 210 Configuring BGP route distribution reception filtering policies 210 Enabling BGP and IGP route synchronization 211 Limiting prefixes received from a peer or peer group 212 Configuring BGP ro...

Страница 13: ...260 Features of IPv6 static routes 260 Default IPv6 route 260 Configuring an IPv6 static route 260 Configuration prerequisites 260 Configuration procedure 260 Displaying and maintaining IPv6 static r...

Страница 14: ...n NBMA or P2MP neighbor 287 Configuring OSPFv3 routing information control 287 Configuration prerequisites 287 Configuring OSPFv3 route summarization 288 Configuring OSPFv3 inbound route filtering 288...

Страница 15: ...direct eBGP connection 332 Configuring a description for an IPv6 peer or peer group 332 Disabling session establishment to an IPv6 peer or peer group 332 Logging IPv6 peer or peer group state changes...

Страница 16: ...configuration task list 365 Defining filters 365 Prerequisites 365 Defining an IP prefix list 365 Defining an AS path list 366 Defining a community list 366 Defining an extended community list 367 Con...

Страница 17: ...MCE and a PE 399 Configuring an MCE 399 Configuring VPN instances 399 Configuring routing on an MCE 401 Configuration prerequisites 402 Configuring routing between MCE and VPN site 402 Configuring rou...

Страница 18: ...es the path information that guides the forwarding of packets Routes can be divided into the following categories by destination Network route The destination is a network The subnet mask is less than...

Страница 19: ...n the destination address and the network mask yields the address of the destination network For example if the destination address is 129 102 8 10 and the mask 255 255 0 0 the address of the destinat...

Страница 20: ...n This chapter focuses on unicast routing protocols For more information about multicast routing protocols see IP Multicast Configuration Guide Routing preference Different routing protocols can find...

Страница 21: ...The next hops of some BGP routes except eBGP routes and static routes may not be directly connected The outgoing interface to reach the next hop must be available Route recursion is used to find the o...

Страница 22: ...stance name statistics begin exclude include regular expression Available in any view Clear statistics for the routing table reset ip routing table statistics protocol vpn instance vpn instance name p...

Страница 23: ...begin exclude include regular expression Available in any view Display IPv6 routing statistics display ipv6 routing table vpn instance vpn instance name statistics begin exclude include regular expre...

Страница 24: ...he network administrator can configure a default route with both the destination and mask being 0 0 0 0 The router forwards any packet whose destination address fails to match any entry in the routing...

Страница 25: ...ese steps to configure a static route To do Use the command Remarks Enter system view system view ip route static dest address mask mask length next hop address track track entry number interface type...

Страница 26: ...A dynamic routing protocol notifies BFD of its neighbor information BFD uses such information to establish sessions with neighbors by sending BFD control packets Static routing has no neighbor discov...

Страница 27: ...iew system view Configure the source address of echo packets bfd echo source ip ip address Required Not configured by default ip route static dest address mask mask length interface type interface num...

Страница 28: ...ddress of echo packets bfd echo source ip ip address Required Not configured by default Configure static route FRR ip route static vpn instance vpn instance name fast reroute route policy route policy...

Страница 29: ...tem view SwitchA ip route static 0 0 0 0 0 0 0 0 1 1 4 2 Configure two static routes on Switch B SwitchB system view SwitchB ip route static 1 1 2 0 255 255 255 0 1 1 4 1 SwitchB ip route static 1 1 3...

Страница 30: ...0 0 127 0 0 1 InLoop0 127 0 0 0 8 Direct 0 0 127 0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 1 1 6 0 24 Direct 0 0 1 1 6 1 Vlan100 1 1 6 1 32 Direct 0 0 127 0 0 1 InLoop0 Use the ping com...

Страница 31: ...face on the switches Details not shown Configure static routes on Switch S Switch A and Switch D so that Switch S can reach Loopback 0 on Switch D and Switch D can reach Loopback 0 on Switch S Configu...

Страница 32: ...ion SwitchS display ip routing table 4 4 4 4 verbose Routing Table Public Summary Count 1 Destination 4 4 4 4 32 Protocol Static Process ID 0 Preference 60 Cost 0 IpPrecedence QosLcId NextHop 13 13 13...

Страница 33: ...P addresses for the interfaces Details not shown 2 Configure BFD Configure static routes on Switch A and enable BFD control packet mode for the static route through the Layer 2 switch SwitchA system v...

Страница 34: ...n Mask Proto Pre Cost NextHop Interface 120 1 1 0 24 Static 60 0 12 1 1 2 Vlan10 Direct Routing table Status Inactive Summary Count 1 Destination Mask Proto Pre Cost NextHop Interface 120 1 1 0 24 Sta...

Страница 35: ...subnet 121 1 1 0 24 on Switch B and static routes to subnets 120 1 1 0 24 and 121 1 1 0 24 on both Switch C and Switch D Enable BFD so that when the link between Switch A and Switch B through Switch D...

Страница 36: ...121 1 1 0 24 vlan interface 13 13 1 1 2 preference 65 SwitchB quit Configure static routes on Switch C SwitchC system view SwitchC ip route static 120 1 1 0 24 vlan interface 13 13 1 1 1 SwitchC ip ro...

Страница 37: ...s 1 1 1 9 2 2 2 9 Loop1 Ctrl Sta UP DOWN Diag 1 Oct 10 10 18 18 672 2010 SwitchA BFD 7 EVENT Send sess down Msg Src 1 1 1 9 Dst 2 2 2 9 Loop1 Ctrl instance 0 protocol STATIC Display the static route i...

Страница 38: ...unreachable Because of this RIP is not suitable for large sized networks RIP prevents routing loops by implementing the split horizon and poison reverse functions RIP routing table A RIP router has a...

Страница 39: ...routing table Triggered updates A router advertises updates once the metric of a route is changed instead of after the update period expires to speed up network convergence Operation of RIP The follo...

Страница 40: ...Pv1 message format Command Type of message 1 indicates request which is used to request all or part of the routing information from the neighbor 2 indicates response which contains all or part of the...

Страница 41: ...formation when plain text authentication is adopted or including key ID MD5 authentication data length and sequence number when MD5 authentication is adopted NOTE RFC 1723 only defines plain text auth...

Страница 42: ...ring inbound or outbound route filtering Optional Configuring a priority for RIP Optional Configuring RIP route control Configuring RIP route redistribution Optional Configuring RIP timers Optional Co...

Страница 43: ...g RIP then those configurations will take effect after RIP is enabled RIP runs only on the interfaces residing on the specified networks Specify the network after enabling RIP to validate RIP on a spe...

Страница 44: ...d can receive RIPv1 broadcasts and RIPv1 unicasts With RIPv2 configured a multicast interface sends RIPv2 multicasts and can receive RIPv2 unicasts broadcasts and multicasts With RIPv2 configured a br...

Страница 45: ...and the route s metric in the routing table is not changed The inbound additional metric is added to the metric of a received route before the route is added into the routing table and the route s met...

Страница 46: ...Enter system view system view Enter RIP view rip process id vpn instance vpn instance name Disable RIPv2 automatic route summarization undo summary Required Enabled by default Return to system view q...

Страница 47: ...dvertise a default route To do Use the command Remarks Enter system view system view Enter RIP view rip process id vpn instance vpn instance name Enable RIP to advertise a default route default route...

Страница 48: ...lters outgoing routes including routes redistributed with the import route command Configuring a priority for RIP Multiple IGP protocols can run in a router If you want RIP routes to have a higher pri...

Страница 49: ...asic functions Configuring RIP timers You can change the RIP network convergence speed by adjusting RIP timers Follow these steps to configure RIP timers To do Use the command Remarks Enter system vie...

Страница 50: ...rip poison reverse Required Disabled by default Configuring the maximum number of load balanced routes This task allows you to implement load balancing over multiple equal cost RIP routes Follow thes...

Страница 51: ...instance vpn instance name Enable source IP address check on incoming RIP messages validate source address Optional Enabled by default NOTE The source IP address check feature should be disabled if t...

Страница 52: ...d because the neighbor may receive both the unicast and multicast or broadcast of the same routing information If a specified neighbor is not directly connected then disable the source address check o...

Страница 53: ...affic recovery time Figure 9 Network diagram for RIP FRR In Figure 9 after you enable FRR on Router B RIP designates a backup next hop using a routing policy when a network failure is detected Packets...

Страница 54: ...only when both ends have routes to send and BFD is enabled on the receiving interface Single hop detection in BFD echo packet mode Follow these steps to configure BFD for RIP single hop detection in...

Страница 55: ...rmation display rip process id vpn instance vpn instance name begin exclude include regular expression Display all active routes in RIP database display rip process id database begin exclude include r...

Страница 56: ...RIP T TRIP P Permanent A Aging S Suppressed G Garbage collect Peer 192 168 1 2 on Vlan interface100 Destination Mask Nexthop Cost Tag Flags Sec 10 0 0 0 8 192 168 1 2 1 0 RA 11 The output shows that R...

Страница 57: ...d for 10 2 1 0 24 and 1 1 1 1 0 24 and Switch A cannot learn routes destined for 12 3 1 0 24 and 16 4 1 0 24 Configure a filtering policy on Switch B to filter out the route 10 2 1 1 24 from RIP 100 m...

Страница 58: ...nfigure route redistribution On Switch B configure RIP 200 to redistribute direct routes and routes from RIP 100 SwitchB rip 200 SwitchB rip 200 import route rip 100 SwitchB rip 200 import route direc...

Страница 59: ...0 0 127 0 0 1 InLoop0 Configuring an additional metric for a RIP interface Network requirements In the following figure RIP is enabled on all the interfaces of Switch A Switch B Switch C Switch D and...

Страница 60: ...cost 0 nexthop 1 1 1 1 Rip interface 1 1 2 0 24 cost 0 nexthop 1 1 2 1 Rip interface 1 1 3 0 24 cost 1 nexthop 1 1 1 2 1 1 4 0 24 cost 1 nexthop 1 1 2 2 1 1 5 0 24 cost 2 nexthop 1 1 1 2 1 1 5 0 24 co...

Страница 61: ...igure route summarization on Switch C and advertise only the summary route 10 0 0 0 8 reducing the routing table size of Switch D Figure 13 Network diagram Configuration procedure 1 Configure IP addre...

Страница 62: ...f 1 Display the routing table information of Switch D SwitchD display ip routing table Routing Tables Public Destinations 10 Routes 10 Destination Mask Proto Pre Cost NextHop Interface 10 1 1 0 24 RIP...

Страница 63: ...int200 13 13 13 1 24 Vlan int200 13 13 13 2 24 Vlan int100 12 12 12 2 24 Vlan int101 24 24 24 2 24 Vlan int101 24 24 24 4 24 Loop 0 4 4 4 4 32 Link A Link B Configuration procedure 1 Configure IP addr...

Страница 64: ...outing Table Public Summary Count 1 Destination 4 4 4 4 32 Protocol RIP Process ID 1 Preference 100 Cost 1 IpPrecedence QosLcId NextHop 13 13 13 2 Interface vlan200 BkNextHop 12 12 12 2 BkInterface vl...

Страница 65: ...of the route is the interface connected to the Layer 2 switch Configure BFD so that when the link between Switch C and the Layer 2 switch fails BFD can quickly detect the link failure and notify it to...

Страница 66: ...chA quit 4 Configure a static route on Switch C SwitchC ip route static 100 1 1 1 24 null 0 5 Verify the configuration Display the BFD session information of Switch A SwitchA display bfd session Total...

Страница 67: ...Echo Src IP Address 192 168 1 1 Src IFIndex4 Nbr IP Address 192 168 1 2 Display the BFD information of Switch A Switch A has deleted the neighbor relationship with Switch C and no output information...

Страница 68: ...erface connected to Switch B Configure BFD so that when the link between Switch B and Switch C fails BFD can quickly detect the link failure and notify it to RIP and the BFD session goes down In respo...

Страница 69: ...bfd session init mode active SwitchA interface vlan interface 100 SwitchA Vlan interface100 bfd min transmit interval 500 SwitchA Vlan interface100 bfd min receive interval 500 SwitchA Vlan interface...

Страница 70: ...0 BkInterface RelyNextHop 0 0 0 0 Neighbor 192 168 1 2 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLabel NULL State Active Adv Age 00h00m47s Tag 0 Destination 100 1 1 0 24 Protocol RIP Process ID 2 Pr...

Страница 71: ...e 100 Cost 2 IpPrecedence QosLcId NextHop 192 168 3 2 Interface vlan interface 300 BkNextHop 0 0 0 0 BkInterface RelyNextHop 0 0 0 0 Neighbor 192 168 3 2 Tunnel ID 0x0 Label NULL BKTunnel ID 0x0 BKLab...

Страница 72: ...he routing table Analysis In the RIP network make sure that all the same timers within the entire network are identical and have logical relationships between them For example the timeout timer value...

Страница 73: ...table sizes Equal cost multi path ECMP routing Supports multiple equal cost routes to a destination Routing hierarchy Supports a four level routing hierarchy that prioritizes routes into intra area in...

Страница 74: ...ginated for broadcast and NBMA networks by the designated router flooded throughout a single area only This LSA contains the list of routers connected to the network Network Summary LSA Type 3 LSA ori...

Страница 75: ...routers rather than links A network segment or a link can only reside in one area An OSPF interface must be specified to belong to its attached area as shown in Figure 17 Figure 17 Area based OSPF net...

Страница 76: ...configured on a physical interface The two ABRs on the virtual link unicast OSPF packets to each other and the OSPF routers in between convey these OSPF packets as normal IP packets Stub area A stub a...

Страница 77: ...ng these Type 7 LSAs the NSSA ABR translates them to Type 5 LSAs and then advertises the Type 5 LSAs to Area 0 The ASBR of Area 2 redistributes RIP routes in Type 5 LSAs into the OSPF routing domain H...

Страница 78: ...ABR and the backbone area can be physical or logical 3 Backbone router At least one interface of a backbone router must reside in the backbone area All ABRs and internal routers in area 0 are backbone...

Страница 79: ...Access When the link layer protocol is Frame Relay ATM or X 25 OSPF considers the network type as NBMA by default OSPF packets are unicast on a NBMA network P2MP point to multipoint By default OSPF co...

Страница 80: ...igure 23 solid lines are Ethernet physical links and dashed lines represent OSPF adjacencies In the network with the DR and BDR only seven adjacencies are needed Figure 23 DR and BDR in a network DR B...

Страница 81: ...a ID ID of the area where the advertising router resides Checksum Checksum of the message AuType Authentication type ranging from 0 to 2 corresponding to non authentication simple plaintext authentica...

Страница 82: ...neighbors Rtr Pri Router priority A value of 0 means the router cannot become the DR or BDR RouterDeadInterval Time before declaring a silent router down If two routers have different dead intervals t...

Страница 83: ...to 0 if the packet is the last DD packet It is set to 1 if more DD packets are to follow MS Master Slave The Master Slave bit When set to 1 it indicates that the router is the master during the databa...

Страница 84: ...e LSA LSU packet LSU Link State Update packets are used to send the requested LSAs to the peer Each packet carries a collection of LSAs Figure 29 LSU packet format Version 4 Router ID Area ID Checksum...

Страница 85: ...was originated An LSA ages in the LSDB added by 1 per second but does not age during transmission LS type Type of the LSA Link state ID The contents of this field depend on the LSA s type LS sequence...

Страница 86: ...pe Type Link type A value of 1 indicates a point to point link to a remote router a value of 2 indicates a link to a transit network a value of 3 indicates a link to a stub network and a value of 4 in...

Страница 87: ...nated by ABRs Except for the Link state ID field the formats of Type 3 and 4 summary LSAs are identical Figure 34 Summary LSA format Major fields of the Summary LSA are as follows Link state ID For a...

Страница 88: ...sed destination E External Metric The type of the external metric value which is set to 1 for type 2 external routes and set to 0 for type 1 external routes See Route types for a description of extern...

Страница 89: ...ched to a network segment must be identical OSPF Graceful Restart Graceful Restart GR ensures the continuity of packet forwarding when a routing protocol restarts or an active standby switchover occur...

Страница 90: ...meters such as the hello interval LSA delay timer and SPF calculation interval You can also configure them as needed OSPF routers should be configured on an area basis Wrong configurations may cause c...

Страница 91: ...LSDB Optional Enabling compatibility with RFC 1583 Optional Logging neighbor state changes Optional Configuring OSPF network management Optional Enabling message logging Optional Enabling the adverti...

Страница 92: ...akes effect locally and has no influence on packet exchange between routers Two routers having different process IDs can exchange packets OSPF support for VPNs enables an OSPF process to run in a spec...

Страница 93: ...he AS edge as a stub area by configuring the stub command on all the routers attached to the area In this way Type 5 LSAs will not be flooded within the stub area reducing the routing table size The A...

Страница 94: ...ce name Enter area view area area id Configure the area as an NSSA area nssa default route advertise no import route no summary translate always translator stability interval value Required Not config...

Страница 95: ...ult The following are examples of how you can change the network type of an interface as needed When an NBMA network becomes fully meshed through address mapping any two routers in the network have a...

Страница 96: ...nnot find neighbors via broadcasting hello packets you must specify neighbors and their router priorities A router priority of 0 means the router does not have the DR election right A router priority...

Страница 97: ...e interface type interface number Configure the OSPF network type for the interface as P2MP ospf network type p2mp unicast Required By default the network type of an interface depends on the link laye...

Страница 98: ...routers improving route calculation speed on routers For example there are three internal routes in an area 19 1 1 0 24 19 1 2 0 24 and 19 1 3 0 24 By configuring route summarization on the ABR the t...

Страница 99: ...gured by default Configuring OSPF inbound route filtering NOTE For more information about IP prefix list and routing policy see the chapter Routing policy configuration OSPF calculates routes by using...

Страница 100: ...alue 100 Mbps Interface bandwidth Mbps If the calculated cost is greater than 65535 the value of 65535 is used If the calculated cost is less than 1 the value of 1 is used If the cost value is not con...

Страница 101: ...ks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance vpn instance name Configure the maximum number of load balanced routes maximum load balancing maximum...

Страница 102: ...tributed routes before advertisement filter policy acl number ip prefix ip prefix name export protocol process id Optional Not configured by default NOTE Only active routes can be redistributed Use th...

Страница 103: ...1000 the default tag is 1 and default type of redistributed routes is Type 2 Advertising a host route Follow these steps to advertise a host route To do Use the command Remarks Enter system view syst...

Страница 104: ...ter system view system view Enter interface view interface interface type interface number Specify the hello interval ospf timer hello seconds Optional The hello interval defaults to 10 seconds on P2P...

Страница 105: ...ese steps to configure SPF calculation interval To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id vpn instance vpn instance name Specify t...

Страница 106: ...maximum interval initial interval incremental interval Optional By default the maximum interval is 5 seconds the minimum interval is 0 milliseconds and the incremental interval is 5000 milliseconds N...

Страница 107: ...r have large costs that they will not send packets to the stub router for forwarding as long as another route with a smaller cost exists Follow these steps to configure a router as a stub router To do...

Страница 108: ...rface MTU into DD packets To do Use the command Remarks Enter system view system view Enter interface view interface interface type interface number Enable the interface to add its MTU into DD packets...

Страница 109: ...nges log peer change Optional Enabled by default Configuring OSPF network management With trap generation enabled OSPF generates traps to report important events Traps fall into the following levels L...

Страница 110: ...paque LSAs Follow these steps to enable the advertisement and reception of opaque LSAs To do Use the command Remarks Enter system view system view Enter OSPF view ospf process id router id router id v...

Страница 111: ...t Optional By default an OSPF interface sends up to three LSU packets every 20 milliseconds Enabling OSPF ISPF When a network topology is changed Incremental Shortest Path First ISPF allows the system...

Страница 112: ...tem view system view Configure the source address of echo packets bfd echo source ip ip address Required Not configured by default Enter OSPF view ospf process id router id router id vpn instance vpn...

Страница 113: ...OSPF GR Restarter Follow these steps to configure the standard IETF OSPF GR Restarter To do Use the command Remarks Enter system view system view Enable OSPF and enter its view ospf process id router...

Страница 114: ...tion and advertisement opaque capability enable Required Not enabled by default Configure the neighbors for which the router can serve as a GR Helper graceful restart help acl number prefix prefix lis...

Страница 115: ...ol packet bidirectional detection Follow these steps to enable BFD control packet bidirectional detection on an OSPF interface To do Use the command Description Enter system view system view Enter int...

Страница 116: ...isplay ospf process id peer statistics begin exclude include regular expression Display next hop information display ospf process id nexthop begin exclude include regular expression Display routing ta...

Страница 117: ...pf process id process graceful restart Re enable OSPF route redistribution reset ospf process id redistribution Available in user view OSPF configuration examples NOTE These examples only cover comman...

Страница 118: ...spf 1 area 1 SwitchC ospf 1 area 0 0 0 1 network 10 2 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 network 10 4 1 0 0 0 0 255 SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit Configure Switch D Switc...

Страница 119: ...10 4 1 0 24 13 Stub 10 2 1 2 10 4 1 1 0 0 0 1 10 5 1 0 24 14 Inter 10 1 1 2 10 3 1 1 0 0 0 0 10 1 1 0 24 2 Transit 10 1 1 1 10 2 1 1 0 0 0 0 Total Nets 5 Intra Area 3 Inter Area 2 ASE 0 NSSA 0 Displa...

Страница 120: ...SE 0 NSSA 0 On Switch D ping the IP address 10 4 1 1 to check connectivity SwitchD ping 10 4 1 1 PING 10 4 1 1 56 data bytes press CTRL_C to break Reply from 10 4 1 1 bytes 56 Sequence 2 ttl 253 time...

Страница 121: ...isplay the ABR ASBR information of Switch D SwitchD display ospf abr asbr OSPF Process 1 with Router ID 10 5 1 1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10 3 1 1...

Страница 122: ...ion is established between Switch B and Switch C Switch B and Switch C are configured to redistribute OSPF routes and direct routes into BGP and BGP routes into OSPF Switch B is configured with route...

Страница 123: ...network 10 1 1 0 0 0 0 255 SwitchD ospf 1 area 0 0 0 0 network 10 3 1 0 0 0 0 255 SwitchD ospf 1 area 0 0 0 0 quit Configure Switch E SwitchE system view SwitchE ospf SwitchE ospf 1 area 0 SwitchE osp...

Страница 124: ...0 0 0 8 on Switch B and advertise it SwitchB ospf 1 asbr summary 10 0 0 0 8 Display the OSPF routing table of Switch A SwitchA display ip routing table Routing Tables Public Destinations 5 Routes 5 D...

Страница 125: ...import route static SwitchD ospf 1 quit Display ABR ASBR information on Switch C SwitchC display ospf abr asbr OSPF Process 1 with Router ID 10 4 1 1 Routing Table to ABR and ASBR Type Destination Are...

Страница 126: ...spf 1 area 0 0 0 1 stub SwitchC ospf 1 area 0 0 0 1 quit SwitchC ospf 1 quit Display OSPF routing information on Switch C SwitchC display ospf routing OSPF Process 1 with Router ID 10 4 1 1 Routing Ta...

Страница 127: ...Nets 3 Intra Area 2 Inter Area 1 ASE 0 NSSA 0 NOTE After this configuration routing entries on the stub router are further reduced containing only one default external route Configuring an OSPF NSSA...

Страница 128: ...re the nssa command with the keyword no summary on Switch A to reduce the routing table size on NSSA switches On other NSSA switches you only need to configure the nssa command Display OSPF routing in...

Страница 129: ...1 Type2 1 10 3 1 1 10 2 1 1 Total Nets 6 Intra Area 2 Inter Area 3 ASE 1 NSSA 0 NOTE The output shows that on Switch D an external route imported from the NSSA area Configuring OSPF DR election Networ...

Страница 130: ...system view SwitchD router id 4 4 4 4 SwitchD ospf SwitchD ospf 1 area 0 SwitchD ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 SwitchD ospf 1 area 0 0 0 0 quit SwitchD ospf 1 return Display OSPF n...

Страница 131: ...an interface 1 SwitchC Vlan interface1 ospf dr priority 2 SwitchC Vlan interface1 quit Display neighbor information on Switch D SwitchD display ospf peer verbose OSPF Process 1 with Router ID 4 4 4 4...

Страница 132: ...168 1 1 BDR 192 168 1 3 MTU 0 Dead timer due in 39 sec Neighbor is up for 00 01 40 Authentication Sequence 0 Router ID 2 2 2 2 Address 192 168 1 2 GR State Normal State 2 Way Mode None Priority 0 DR 1...

Страница 133: ...2 has no direct connection to Area 0 and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C After configuration Switch B can learn...

Страница 134: ...SwitchC ospf 1 area 0 0 0 2 quit SwitchC ospf 1 quit Configure Switch D SwitchD system view SwitchD ospf 1 router id 4 4 4 4 SwitchD ospf 1 area 2 SwitchD ospf 1 area 0 0 0 2 network 10 3 1 0 0 0 0 2...

Страница 135: ...witch B has learned the route 10 3 1 0 24 to Area 2 Configuring OSPF Graceful Restart Network requirements As shown in Figure 45 Switch A Switch B and Switch C that belong to the same autonomous syste...

Страница 136: ...able out of band resynchronization SwitchA ospf 100 graceful restart SwitchA ospf 100 return Configure Switch B as the GR Helper enable the link local signaling capability and the out of band re synch...

Страница 137: ...OB Progress timer for neighbor 192 1 1 2 OSPF 100 deleted OOB Progress timer for neighbor 192 1 1 2 OSPF 100 Gr Wait Timeout timer fired OSPF 100 deleted GR wait timer OSPF 100 deleted GR Interval tim...

Страница 138: ...1 3 0 24 10 4 1 2 On Switch C configure OSPF to redistribute static routes SwitchC ospf 1 SwitchC ospf 1 import route static SwitchC ospf 1 quit Display the OSPF routing table of Switch A SwitchA dis...

Страница 139: ...2 Direct 0 0 127 0 0 1 InLoop0 10 2 1 0 24 Direct 0 0 10 2 1 1 Vlan200 10 2 1 1 32 Direct 0 0 127 0 0 1 InLoop0 10 3 1 0 24 OSPF 10 4 10 1 1 2 Vlan100 10 4 1 0 24 OSPF 10 13 10 2 1 2 Vlan200 10 5 1 0...

Страница 140: ...Switch D Switch A Loop 0 1 1 1 1 32 Vlan int100 12 12 12 1 24 Vlan int200 13 13 13 1 24 Vlan int200 13 13 13 2 24 Vlan int100 12 12 12 2 24 Vlan int101 24 24 24 2 24 Vlan int101 24 24 24 4 24 Loop 0...

Страница 141: ...itchD bfd echo source ip 4 4 4 4 SwitchD ip ip prefix abc index 10 permit 1 1 1 1 32 SwitchD route policy frr permit node 10 SwitchD route policy if match ip prefix abc SwitchD route policy apply fast...

Страница 142: ...BFD for OSPF Network requirements As shown in Figure 48 OSPF is enabled on Switch A Switch B and Switch C that are reachable to each other at the network layer After the link over which Switch A and...

Страница 143: ...0 0 0 0 quit SwitchB ospf 1 quit SwitchB interface vlan interface 13 SwitchB Vlan interface13 ospf cost 2 SwitchB Vlan interface13 quit Configure Switch C SwitchC system view SwitchC ospf SwitchC osp...

Страница 144: ...120 1 1 0 verbose Routing Table Public Summary Count 2 Destination 120 1 1 0 24 Protocol OSPF Process ID 0 Preference 0 Cost 2 IpPrecedence QosLcId NextHop 192 168 0 100 Interface Vlan interface10 BkN...

Страница 145: ...1 0 100 vlan10 0 50673831 SwitchA BFD 8 SCM Sess 10 1 0 102 10 1 0 100 vlan10 Oper Delete 0 50673832 SwitchA BFD 8 SCM Delete send packet timer 0 50673833 SwitchA BFD 8 SCM Delete session entry 0 506...

Страница 146: ...mation using the display ospf peer command 2 Display OSPF interface information using the display ospf interface command 3 Ping the neighbor router s IP address to check connectivity 4 Check OSPF time...

Страница 147: ...rmation about area configuration using the display current configuration configuration ospf command If more than two areas are configured at least one area is connected to the backbone 5 In a Stub are...

Страница 148: ...to a router End system ES Refers to a host system in TCP IP ISO defines the ES IS protocol for communication between an ES and an IS An ES does not participate in the IS IS processing Routing domain...

Страница 149: ...area merging partitioning and switching 3 System ID A system ID identifies a host or router uniquely It has a fixed length of 48 bits 6 bytes The system ID of a device can be generated from the Router...

Страница 150: ...th Level 1 and Level 1 2 routers in the same area The LSDB maintained by the Level 1 router contains the local area routing information It directs the packets destined for an outside area to the neare...

Страница 151: ...ous Level 2 and Level 1 2 routers which can reside in different areas Figure 51 IS IS topology 2 NOTE The IS IS backbone does not need to be a specific area Both the Level 1 and Level 2 routers use th...

Страница 152: ...tem DIS The Level 1 and Level 2 DISs are elected respectively You can assign different priorities for different level DIS elections The higher a router s priority is the more likely the router becomes...

Страница 153: ...header format Intradomain routing protocol discriminator Reserved Version R ID length Version Protocol ID extension Length indicator Maximum area address R R PDU type No of Octets 1 1 1 1 1 1 1 1 Maj...

Страница 154: ...1 LAN IIHs and the Level 2 routers use the Level 2 LAN IIHs The P2P IIHs are used on point to point networks Figure 55 illustrates the hello packet format in broadcast networks where the blue fields...

Страница 155: ...iority and LAN ID fields in the LAN IIH the P2P IIH has a Local Circuit ID field LSP packet format The Link State PDU LSP carries link state information LSP involves two types Level 1 LSP and Level 2...

Страница 156: ...a L1 L1 router for L1 LSPs only it indicates that the router generating the LSP is connected to multiple areas OL LSDB Overload Indicates that the LSDB is not complete because the router has run out...

Страница 157: ...PSNP CSNP covers the summary of all LSPs in the LSDB to synchronize the LSDB between neighboring routers On broadcast networks CSNP is sent by the DIS periodically 10s by default On point to point ne...

Страница 158: ...ifferent CLVs Code 1 to 10 of CLV are defined in ISO 10589 code 3 and 5 are not shown in the table and others are defined in RFC 1 195 Table 3 CLV name and the corresponding PDU type CLV Code Name PDU...

Страница 159: ...esponses from neighbors The GR Restarter then synchronizes the LSDB with all GR capable neighbors calculates routes updates its routing table and forwarding table and removes stale routes The IS IS ro...

Страница 160: ...LSP fragment is advertised by a virtual system identified by an additional system ID 2 Operation modes The LSP fragment extension feature operates in the following modes Mode 1 Applicable to a networ...

Страница 161: ...ISO IS IS Routing Protocol ISO 9542 ES IS Routing Protocol ISO 8348 Ad2 Network Services Access Points RFC 1 195 Use of OSI IS IS for Routing in TCP IP and Dual Environments RFC 2763 Dynamic Hostname...

Страница 162: ...small hello packets Optional Configuring LSP parameters Optional Configuring SPF parameters Optional Assigning a high priority to IS IS routes Optional Setting the LSDB overload bit Optional Configuri...

Страница 163: ...erent levels because the routers do not need to maintain two identical LSDBs Configure the IS level as Level 2 on all routers in an IP network for scalability For an interface of a Level 1 or Level 2...

Страница 164: ...rface is broadcast NOTE You can only perform this configuration for a broadcast network with only two attached routers Configuring IS IS routing information control Configuration prerequisites Before...

Страница 165: ...y a cost for the interface isis cost value level 1 level 2 Optional No cost is specified for the interface by default Configuring a global IS IS cost Follow these steps to configure a global IS IS cos...

Страница 166: ...Specify a priority for IS IS preference route policy route policy name preference Required 15 by default Configuring the maximum number of equal cost routes If multiple equal cost routes reach the sa...

Страница 167: ...vertise a default route To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Advertise a default route default route advertise ro...

Страница 168: ...rithm to calculate the shortest path tree with itself as the root and installs the routes into the IS IS routing table By referencing a configured ACL IP prefix list or routing policy you can filter t...

Страница 169: ...l 1 filter policy acl number ip prefix ip prefix name route policy route policy name tag tag Required Disabled by default NOTE If a filter policy is specified only routes passing it can be advertised...

Страница 170: ...a neighbor must miss before declaring the router is down isis timer holding multiplier value level 1 level 2 Optional 3 by default NOTE On a broadcast link Level 1 and Level 2 hello packets are adver...

Страница 171: ...ulated into frames Any two IS IS neighboring routers must negotiate a common MTU To avoid sending big hellos for saving bandwidth enable the interface to send small hello packets without CLVs Follow t...

Страница 172: ...interval second wait interval level 1 level 2 Optional 2 seconds by default 3 Specify LSP sending intervals If a change occurs in the LSDB IS IS advertises the changed LSP to neighbors You can specif...

Страница 173: ...vergence Follow these steps to enable LSP flash flooding To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Enable LSP flash fl...

Страница 174: ...s To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Assign a high priority to IS IS routes priority high ip prefix prefix name...

Страница 175: ...a static system ID to host name mapping To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn instance vpn instance name Configure a system ID to host name...

Страница 176: ...the terminal for display Enhancing IS IS network security To enhance the security of an IS IS network you can configure IS IS authentication IS IS authentication involves neighbor relationship authent...

Страница 177: ...t have the same authentication mode and password Follow these steps to configure area authentication To do Use the command Remarks Enter system view system view Enter IS IS view isis process id vpn in...

Страница 178: ...capability for IS IS graceful restart Required Disabled by default Set the Graceful Restart interval graceful restart interval timer Required 300 seconds by default The Graceful Restart interval is se...

Страница 179: ...Introduction When a link fails the packets on the path are discarded or a routing loop occurs until IS IS completes the routing convergence based on the new network topology You can enable IS IS fast...

Страница 180: ...n about the apply fast reroute backup interface command and routing policy configurations see the chapter Routing policy configuration Follow these steps to configure IS IS FRR To do Use the command R...

Страница 181: ...brief process id vpn instance vpn instance name begin exclude include regular expression Available in any view Display the status of IS IS debug switches display isis debug switches process id vpn ins...

Страница 182: ...nce name begin exclude include regular expression Available in any view Display IS IS statistics display isis statistics level 1 level 1 2 level 2 process id vpn instance vpn instance name begin exclu...

Страница 183: ...lan interface200 quit Configure Switch C SwitchC system view SwitchC isis 1 SwitchC isis 1 network entity 10 0000 0000 0003 00 SwitchC isis 1 quit SwitchC interface vlan interface 100 SwitchC Vlan int...

Страница 184: ...display isis lsdb Database information for ISIS 1 Level 1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT P OL 0000 0000 0001 00 00 0x00000006 0xdb60 988 68 0 0 0 0000 0000 0002 00 00 0...

Страница 185: ...0 0 0 0000 0000 0004 00 00 0x0000003c 0xd647 1194 84 0 0 0 0000 0000 0004 01 00 0x00000002 0xec96 1007 55 0 0 0 Self LSP Self LSP Extended ATT Attached P Partition OL Overload Display the IS IS routin...

Страница 186: ...2 168 0 0 24 10 NULL Vlan300 Direct D L 10 1 1 0 24 10 NULL Vlan100 Direct D L 10 1 2 0 24 10 NULL Vlan200 Direct D L 172 16 0 0 16 20 NULL Vlan300 192 168 0 2 R Flags D Direct R Added to RM L Adverti...

Страница 187: ...tails not shown 2 Enable IS IS Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 SwitchA isis 1 quit SwitchA interface vlan interface 100 SwitchA...

Страница 188: ...State Up HoldTime 21s Type L1 L1L2 PRI 64 System Id 0000 0000 0003 Interface Vlan interface100 Circuit Id 0000 0000 0003 01 State Up HoldTime 27s Type L1 PRI 64 System Id 0000 0000 0002 Interface Vla...

Страница 189: ...e100 isis dis priority 100 SwitchA Vlan interface100 quit Display IS IS neighbors of Switch A SwitchA display isis peer Peer information for ISIS 1 System Id 0000 0000 0002 Interface Vlan interface100...

Страница 190: ...tate Up HoldTime 7s Type L1 PRI 100 SwitchC display isis interface Interface information for ISIS 1 Interface Vlan interface100 Id IPV4 State IPV6 State MTU Type DIS 001 Up Down 1497 L1 L2 No No Displ...

Страница 191: ...terfaces Details not shown 2 Configure IS IS basic functions Configure Switch A SwitchA system view SwitchA isis 1 SwitchA isis 1 is level level 1 SwitchA isis 1 network entity 10 0000 0000 0001 00 Sw...

Страница 192: ...0004 00 SwitchD isis 1 quit SwitchD interface interface vlan interface 300 SwitchD Vlan interface300 isis enable 1 SwitchD Vlan interface300 quit Display IS IS routing information on each switch Switc...

Страница 193: ...1 ISIS 1 IPv4 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 192 168 0 0 24 10 NULL VLAN300 Direct D L 10 1 1 0 24 20 NULL VLAN300 192 168 0 1 R 10 1 2 0 24 20...

Страница 194: ...tised in LSPs U Up Down Bit Set ISIS 1 IPv4 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 10 1 1 0 24 10 NULL VLAN100 Direct D L 10 1 2 0 24 10 NULL VLAN200 Dir...

Страница 195: ...estart SwitchA isis 1 graceful restart interval 150 SwitchA isis 1 return Configurations for Switch B and Switch C are similar therefore details are not shown 3 Verify the configuration After Router A...

Страница 196: ...d configure IS IS Follow Figure 67 to configure the IP address and subnet mask of each interface on the switches Details not shown Configure IS IS on the switches ensuring that Switch S Switch A and S...

Страница 197: ...SIS 1 ISIS 1 IPv4 Level 1 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 12 12 12 0 24 10 NULL vlan100 Direct D L 22 22 22 22 32 10 NULL Loop0 Direct D 14 14 14 0 32 10...

Страница 198: ...in LSPs U Up Down Bit Set ISIS 1 IPv4 Level 2 Forwarding Table IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags 14 14 14 0 24 10 NULL vlan200 Direct D L 44 44 44 44 32 10 NULL Loop0 Direct...

Страница 199: ...op or to designate a backup next hop by using a referenced routing policy Method I Enable IS IS FRR to automatically calculate a backup next hop Configure Switch S SwitchS system view SwitchS bfd echo...

Страница 200: ...Count 1 Destination 4 4 4 4 32 Protocol ISIS Process ID 1 Preference 10 Cost 10 IpPrecedence QosLcId NextHop 13 13 13 2 Interface Vlan interface200 BkNextHop 12 12 12 2 BkInterface Vlan interface100 R...

Страница 201: ...ng the routing domain Figure 69 Network diagram for IS IS authentication configuration Configuration procedure 1 Configure IP addresses for interfaces Details not shown 2 Configure IS IS basic functio...

Страница 202: ...interface100 isis authentication mode md5 eRg SwitchA Vlan interface100 quit SwitchC interface vlan interface 100 SwitchC Vlan interface100 isis authentication mode md5 eRg SwitchC Vlan interface100 q...

Страница 203: ...etwork requirements As shown in Figure 70 IS IS is enabled on Switch A Switch B and Switch C that are reachable to each other at the network layer After the link over which Switch A and Switch B commu...

Страница 204: ...isis SwitchC isis 1 network entity 10 0000 0000 0003 00 SwitchC isis 1 quit SwitchC interface vlan interface 11 SwitchC Vlan interface11 isis enable SwitchC Vlan interface11 quit SwitchC interface vl...

Страница 205: ...Process ID 0 Preference 0 Cost 2 IpPrecedence QosLcId NextHop 192 168 0 100 Interface Vlan interface10 BkNextHop 0 0 0 0 BkInterface RelyNextHop 0 0 0 0 Neighbor 0 0 0 0 Tunnel ID 0x0 Label NULL BKTu...

Страница 206: ...hA ISIS 4 ADJLOG ISIS 1 ADJCHANGE Adjacency To 0000 0000 0002 vlan10 DOWN Level 1 Adjacency clear Aug 8 14 54 05 370 2008 SwitchA ISIS 6 ISIS ISIS 1 BFD Success to send msg Msg type 1 delete session I...

Страница 207: ...only incremental updates and is applicable to advertising a great amount of routing information on the Internet Eliminates routing loops completely by adding AS path information to BGP route advertis...

Страница 208: ...irst message sent by each side is an open message for peer relationship establishment Figure 72 BGP open message format Major fields of the BGP open message are as follows Version This one byte unsign...

Страница 209: ...a variable length field that contains a list of withdrawn IP prefixes Total path attribute length Total length of the path attributes field in bytes A value of 0 indicates that no NLRI field is prese...

Страница 210: ...s and be included in every Update message Routing information errors occur without this attribute Well known discretionary Can be recognized by all BGP routers and optionally included in every Update...

Страница 211: ...attribute 2 AS_PATH AS_PATH is a well known mandatory attribute This attribute identifies the autonomous systems through which routing information carried in this Update message has passed When a rou...

Страница 212: ...dress of its sending interface When sending a received route to an eBGP peer a BGP speaker sets the NEXT_HOP for the route to the address of the sending interface When sending a route received from an...

Страница 213: ...cates the priority of a BGP router LOCAL_PREF is used to determine the best route for traffic leaving the local AS When a BGP router obtains from several iBGP peers multiple routes to the same destina...

Страница 214: ...elect the route learned from eBGP confederation or iBGP in turn 8 Select the route with the smallest next hop metric 9 Select the route with the shortest CLUSTER_LIST 10 Select the route with the smal...

Страница 215: ...or BGP load balancing In the above figure Router D and Router E are iBGP peers of Router C Router A and Router B both advertise a route destined for the same destination to Router C If load balancing...

Страница 216: ...acket to Router C through route recursion Router C is unaware of the route 8 0 0 0 8 so it discards the packet Figure 81 iBGP and IGP synchronization For this example if synchronization is enabled and...

Страница 217: ...ecrease to half of the suppress value after a period of time This period is called Half life When the value decreases to the reusable threshold value the route is added into the routing table and adve...

Страница 218: ...lients need not be established A router that is neither a route reflector nor a client is a non client which as shown in Figure 83 must establish BGP sessions to the route reflector and other non clie...

Страница 219: ...nfederation is as follows When changing an AS into a confederation you must reconfigure your routers The topology is changed In large scale BGP networks both route reflector and confederation can be u...

Страница 220: ...HOP and AGGREGATOR AGGREGATOR contains the IP address of the speaker generating the summary route They are all carried in updates To support multiple network layer protocols BGP 4 puts information abo...

Страница 221: ...oup Optional Injecting a local network Configuring BGP route redistribution Required Use at least one approach Controlling route generation Enabling default route redistribution into BGP Optional Conf...

Страница 222: ...P confederation Optional Configuring BGP GR Optional Enabling trap Optional Enabling logging of peer state changes Optional Configuring BFD for BGP Optional Configuring BGP basic functions NOTE This s...

Страница 223: ...r as number command default ipv4 unicast Optional Enabled by default Enable a peer peer ip address enable Optional Enabled by default Configure a description for a peer peer group peer group name ip a...

Страница 224: ...up Direct physical links must be available between eBGP peers If they are not use the peer ebgp max hop command to establish a TCP connection over multiple hops between two peers Follow these steps to...

Страница 225: ...nfigure BGP to filter routing information from specific routing protocols The origin attribute of routes redistributed using the import route command is INCOMPLETE Follow these steps to configure BGP...

Страница 226: ...zation modes Manual summary routes have a higher priority than automatic ones Configure automatic route summarization After automatic route summarization is configured BGP summarizes redistributed IGP...

Страница 227: ...o do Use the command Remarks Enter system view system view Enter BGP view bgp as number Advertise a default route to a peer or peer group peer group name ip address default route advertise route polic...

Страница 228: ...uting table The members of a peer group can have different route reception filtering policies from the peer group Follow these steps to configure BGP route reception filtering policies To do Use the c...

Страница 229: ...If the number is reached the router breaks down the BGP connection to the peer peer group name ip address route limit prefix number percentage value Specify the maximum number of prefixes that can be...

Страница 230: ...nfigure a shortcut route network ip address mask mask length short cut Optional By default an eBGP route received has a priority of 255 Configuring BGP route attributes Configuration prerequisites BGP...

Страница 231: ...sed to determine the best route for traffic leaving the local AS When a BGP router obtains from several iBGP peers multiple routes to the same destination but with different next hops it considers the...

Страница 232: ...Because Router B has a smaller router ID the route learned from it is optimal Network NextHop MED LocPrf PrefVal Path Ogn i 10 0 0 0 2 2 2 2 50 0 300e i 3 3 3 3 50 0 200e When Router D learns network...

Страница 233: ...tion peers bestroute med confederation Optional Not enabled by default NOTE The MED attributes of routes from confederation peers are not compared if their AS path attributes contain AS numbers that d...

Страница 234: ...it as the next hop for routes sent to an iBGP peer or peer group This is done regardless of whether the peer next hop local command is configured Follow these steps to configure the next hop attribute...

Страница 235: ...u can configure Router A to specify a fake AS number of 2 for created connections to eBGP peers or peer groups In this way these eBGP peers still think Router A is in AS 2 and need not change their co...

Страница 236: ...ip address substitute as Required Not configured by default CAUTION Improper AS number substitution configuration may cause route loops use this command with caution Remove private AS numbers from upd...

Страница 237: ...interval and holdtime depend on the following cases If the holdtime settings on the local and peer routers are different the smaller one is used If the keepalive interval is 0 and the negotiated holdt...

Страница 238: ...ip address route update interval interval Optional The intervals for sending the same update to an iBGP peer and an eBGP peer default to 15 seconds and 30 seconds respectively Configuring BGP soft res...

Страница 239: ...xport import Required NOTE If the BGP peer does not support route refresh and the peer keep all routes command is not configured for it you need to decide whether to manually disconnect the peer to le...

Страница 240: ...led on the peer send receive both The ORF receiving capability is enabled locally and the ORF sending capability is enabled on the peer both both Both the ORF sending and receiving capabilities are en...

Страница 241: ...tions BGP employs TCP as the transport protocol To increase security configure BGP to perform MD5 authentication when establishing a TCP connection The two parties must have the same password configur...

Страница 242: ...are accessible to each other at the network layer Configuring BGP peer groups A peer group is a group of peers with the same route selection policy In a large scale network many peers may use the same...

Страница 243: ...add a peer into it with an AS number specified Follow these steps to configure an eBGP peer group using the first approach To do Use the command Remarks Enter system view system view Enter BGP view bg...

Страница 244: ...it into the peer group Peers added in the group can have different AS numbers Configuring BGP community A BGP community is a group of destinations with the same characteristics It has no geographical...

Страница 245: ...Required Not configured by default Enable route reflection between clients reflect between clients Optional Enabled by default Configure the cluster ID of the route reflector reflector cluster id clu...

Страница 246: ...n ID confederation id as number Required Not configured by default Specify peering sub ASs in the confederation confederation peer as as number list Required Not configured by default Configure confed...

Страница 247: ...l 4 traps to report important events The generated traps are sent to the information center of the device The trap output rules whether to output the traps and the output direction are determined acco...

Страница 248: ...ail If GR capability is enabled for BGP use BFD with caution If GR and BFD are both enabled do not disable BFD during a GR process otherwise GR may fail For BFD configuration see High Availability Con...

Страница 249: ...display bgp routing table different origin as begin exclude include regular expression Display BGP routing flap statistics display bgp routing table flap info regular expression as regular expression...

Страница 250: ...basic configuration Network requirements In Figure 90 run eBGP between Switch A and Switch B and iBGP between Switch B and Switch C so that Switch C can access the network 8 1 1 0 24 connected to Rou...

Страница 251: ...ospf 1 area 0 0 0 0 quit SwitchC ospf 1 quit SwitchC display bgp peer BGP local router ID 3 3 3 3 Local AS number 65009 Total number of peers 1 Peers in established state 1 Peer AS MsgRcvd MsgSent Out...

Страница 252: ...ship with Switch A Display the BGP routing table on Switch A SwitchA display bgp routing table Total Number of Routes 1 BGP Local router ID is 1 1 1 1 Status codes valid VPNv4 best best d damped h his...

Страница 253: ...route to 3 1 1 0 24 Configure Switch B SwitchB bgp 65009 SwitchB bgp import route direct Display the BGP routing table on Switch A SwitchA display bgp routing table Total Number of Routes 4 BGP Local...

Страница 254: ...s 56 Sequence 4 ttl 254 time 2 ms Reply from 8 1 1 1 bytes 56 Sequence 5 ttl 254 time 2 ms 8 1 1 1 ping statistics 5 packet s transmitted 5 packet s received 0 00 packet loss round trip min avg max 2...

Страница 255: ...A SwitchA system view SwitchA bgp 65008 SwitchA bgp router id 1 1 1 1 SwitchA bgp peer 3 1 1 1 as number 65009 SwitchA bgp network 8 1 1 0 24 SwitchA bgp quit Configure Switch B SwitchB bgp 65009 Swit...

Страница 256: ...0 1 32 Direct 0 0 127 0 0 1 InLoop0 5 Verification Use ping for verification SwitchA ping a 8 1 1 1 9 1 2 1 PING 9 1 2 1 56 data bytes press CTRL_C to break Reply from 9 1 2 1 bytes 56 Sequence 1 ttl...

Страница 257: ...configure BGP to advertise network 8 1 1 0 24 to Switch B and Switch C so that Switch B and Switch C can access the internal network connected to Switch A On Switch B establish an eBGP connection with...

Страница 258: ...1 0 255 255 255 0 SwitchC bgp quit SwitchC ip route static 2 2 2 2 32 9 1 1 1 Display the BGP routing table on Switch A SwitchA display bgp routing table Total Number of Routes 3 BGP Local router ID...

Страница 259: ...l Path Ogn 8 1 1 0 24 0 0 0 0 0 0 i 9 1 1 0 24 3 1 1 1 0 0 65009i 3 1 2 1 0 0 65009i The route 9 1 1 0 24 has two next hops 3 1 1 1 and 3 1 2 1 both of which are marked with a greater than sign indica...

Страница 260: ...Configure Switch C SwitchC system view SwitchC bgp 30 SwitchC bgp router id 3 3 3 3 SwitchC bgp peer 200 1 3 1 as number 20 SwitchC bgp quit Display the BGP routing table on Switch B SwitchB display b...

Страница 261: ...Display the routing table on Switch B SwitchB display bgp routing table 9 1 1 0 BGP local router ID 2 2 2 2 Local AS number 20 Paths 1 available 1 best BGP routing table entry information of 9 1 1 0...

Страница 262: ...itch B SwitchB system view SwitchB bgp 200 SwitchB bgp router id 2 2 2 2 SwitchB bgp peer 192 1 1 1 as number 100 SwitchB bgp peer 193 1 1 1 as number 200 SwitchB bgp peer 193 1 1 1 next hop local Swi...

Страница 263: ...p MED LocPrf PrefVal Path Ogn 1 0 0 0 192 1 1 1 0 0 100i Display the BGP routing table on Switch D SwitchD display bgp routing table Total Number of Routes 1 BGP Local router ID is 200 1 2 1 Status co...

Страница 264: ...1 1 2 24 Switch B Vlan int200 10 1 1 2 24 Vlan int600 9 1 1 1 24 Switch C Vlan int300 10 1 2 2 24 Configuration procedure 1 Configure IP addresses for interfaces Details not shown 2 Configure BGP conf...

Страница 265: ...ederation id 200 SwitchD bgp peer 10 1 3 1 as number 65001 SwitchD bgp peer 10 1 5 2 as number 65001 SwitchD bgp quit Configure Switch E SwitchE system view SwitchE bgp 65001 SwitchE bgp router id 5 5...

Страница 266: ...100 Origin igp Attribute value MED 0 localpref 100 pref val 0 pre 255 State valid external confed best Not advertised to any peers yet Display the BGP routing table on Switch D SwitchD display bgp ro...

Страница 267: ...ween Switch A and Switch C are eBGP connections Between Switch B and Switch D and between Switch D and Switch C are iBGP connections OSPF is the IGP protocol in AS 200 Configure routing policies makin...

Страница 268: ...s Configure Switch A SwitchA system view SwitchA bgp 100 SwitchA bgp peer 192 1 1 2 as number 200 SwitchA bgp peer 193 1 1 2 as number 200 Inject network 1 0 0 0 8 to the BGP routing table on Switch A...

Страница 269: ...B SwitchA bgp 100 SwitchA bgp peer 193 1 1 2 route policy apply_med_50 export SwitchA bgp peer 192 1 1 2 route policy apply_med_100 export SwitchA bgp quit Display the BGP routing table on Switch D Sw...

Страница 270: ...1 0 0 0 193 1 1 1 0 200 0 100i i 192 1 1 1 0 100 0 100i Route 1 0 0 0 8 from Switch D to Switch C is the optimal BGP GR configuration Network requirements All switches run BGP in Figure 97 Between Sw...

Страница 271: ...r interfaces Details not shown Configure the iBGP connection SwitchC system view SwitchC bgp 65009 SwitchC bgp router id 3 3 3 3 SwitchC bgp peer 9 1 1 1 as number 65009 Enable GR capability for BGP S...

Страница 272: ...A system view SwitchA bgp 100 SwitchA bgp peer 3 0 2 2 as number 200 SwitchA bgp peer 2 0 2 2 as number 200 SwitchA bgp quit When the two links between Switch A and Switch C are both up Switch C adopt...

Страница 273: ...onfigure BFD parameters you can use default BFD parameters instead Configure Switch A SwitchA bfd session init mode active SwitchA interface vlan interface 100 Configure the minimum interval for trans...

Страница 274: ...e 100 and Switch C s VLAN interface 101 and that BFD runs properly Display BGP peer information on Switch C and you can see that Switch C has established two BGP neighborships with Switch A SwitchC di...

Страница 275: ...l Sta UP DOWN Diag 1 Nov 5 11 42 24 172 2009 SwitchC BGP 5 BGP_STATE_CHANGED 3 0 1 1 state is changed from ESTABLISHED to IDLE Nov 5 11 42 24 187 2009 SwitchC RM 6 RMDEBUG BGP_BFD Recv BFD DOWN msg Sr...

Страница 276: ...nd to check that the peer s AS number is correct 2 Use the display bgp peer command to check that the peer s IP address is correct 3 If a loopback interface is used check that the loopback interface i...

Страница 277: ...Their major difference lies in the destination and next hop addresses IPv6 static routes use IPv6 addresses whereas IPv4 static routes use IPv4 addresses Default IPv6 route An IPv6 static route with a...

Страница 278: ...ic route you must specify the next hop address Displaying and maintaining IPv6 static routes To do Use the command Remarks Display IPv6 static route information display ipv6 routing table protocol sta...

Страница 279: ...5 1 Configure a default IPv6 static route on Switch C SwitchC system view SwitchC ipv6 SwitchC ipv6 route static 0 5 2 3 Configure the IPv6 addresses and gateways for hosts Configure the IPv6 addresse...

Страница 280: ...ty with the ping command SwitchA ping ipv6 3 1 PING 3 1 56 data bytes press CTRL_C to break Reply from 3 1 bytes 56 Sequence 1 hop limit 254 time 63 ms Reply from 3 1 bytes 56 Sequence 2 hop limit 254...

Страница 281: ...tly connected routers is 1 When the hop count is greater than or equal to 16 the destination network or host is unreachable By default the routing update is sent every 30 seconds If the router receive...

Страница 282: ...at The following are types of RTEs in RIPng Next hop RTE Defines the IPv6 address of a next hop IPv6 prefix RTE Describes the destination IPv6 address route tag prefix length and metric in the RIPng r...

Страница 283: ...outer checks the validity of the response before adding the route to its routing table such as whether the source IPv6 address is the link local address and whether the port number is correct The resp...

Страница 284: ...cess id vpn instance vpn instance name Required Not created by default Return to system view quit Enter interface view interface interface type interface number Enable RIPng on the interface ripng pro...

Страница 285: ...ify an inbound routing additional metric ripng metricin value Optional 0 by default Specify an outbound routing additional metric ripng metricout value Optional 1 by default Configuring RIPng route su...

Страница 286: ...iguring a priority for RIPng Any routing protocol has its own protocol priority used for optimal route selection You can set a priority for RIPng manually The smaller the value the higher the priority...

Страница 287: ...e the following defaults 30 seconds for the update timer 180 seconds for the timeout timer 120 seconds for the suppress timer 120 seconds for the garbage collect timer NOTE When adjusting RIPng timers...

Страница 288: ...ields With zero field check on RIPng packets enabled if such a field contains a non zero value the entire RIPng packet is discarded If you are sure that all packets are trustworthy disable the zero fi...

Страница 289: ...sec policy configured the interface uses its own IPsec policy Configuration prerequisites Before applying an IPsec policy for RIPng complete following tasks Create an IPsec proposal Create an IPsec po...

Страница 290: ...exclude include regular expression Available in any view Reset a RIPng process reset ripng process id process Available in user view Clear statistics of a RIPng process reset ripng process id statist...

Страница 291: ...ace200 quit SwitchC interface vlan interface 500 SwitchC Vlan interface500 ripng 1 enable SwitchC Vlan interface500 quit SwitchC interface vlan interface 600 SwitchC Vlan interface600 ripng 1 enable S...

Страница 292: ...ripng 1 filter policy 2000 export Display routing tables of Switch B and Switch A SwitchB display ripng 1 route Route Flags A Aging S Suppressed G Garbage collect Peer FE80 20F E2FF FE23 82F5 on Vlan...

Страница 293: ...itchA ripng 100 SwitchA ripng 100 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ripng 100 enable SwitchA Vlan interface100 quit SwitchA interface vlan interface 200 SwitchA Vlan...

Страница 294: ...0 Destination 2 64 Protocol Direct NextHop 2 1 Preference 0 Interface Vlan200 Cost 0 Destination 2 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination FE80 10 Protocol Di...

Страница 295: ...BFF FE01 1C02 Preference 100 Interface Vlan100 Cost 4 Destination FE80 10 Protocol Direct NextHop Preference 0 Interface NULL0 Cost 0d Configuring RIPng IPsec policies Network requirements In the fol...

Страница 296: ...l tran1 transform esp SwitchA ipsec proposal tran1 esp encryption algorithm des SwitchA ipsec proposal tran1 esp authentication algorithm sha1 SwitchA ipsec proposal tran1 quit SwitchA ipsec policy po...

Страница 297: ...ipsec proposal tran1 encapsulation mode transport SwitchC ipsec proposal tran1 transform esp SwitchC ipsec proposal tran1 esp encryption algorithm des SwitchC ipsec proposal tran1 esp authentication...

Страница 298: ...g OSPFv3 and OSPFv2 have the following differences OSPFv3 runs on a per link basis and OSPFv2 runs on a per IP subnet basis OSPFv3 supports multiple instances per link but OSPFv2 does not OSPFv3 ident...

Страница 299: ...a route to another autonomous system A default route can be described by an AS external LSA Link LSA A router originates a separate Link LSA for each attached link Link LSAs have link local flooding...

Страница 300: ...s GR timer If a failure to establish adjacencies occurs during a GR the device will be in the GR process for a long time To avoid this configure the GR timer for the device to exit the GR process when...

Страница 301: ...bling OSPFv3 complete the following tasks Make neighboring nodes accessible with each other at the network layer Enable IPv6 packet forwarding Enabling OSPFv3 To enable an OSPFv3 process on a router y...

Страница 302: ...reas exchange routing information through the backbone area The backbone and non backbone areas including the backbone itself must be contiguous In practice necessary physical links may not be availab...

Страница 303: ...virtual link vlink peer router id hello seconds retransmit seconds trans delay seconds dead seconds instance instance id Required NOTE Both ends of a virtual link are ABRs that must be configured with...

Страница 304: ...mode specify the link local IP addresses of their neighbors because these interfaces cannot find neighbors through broadcasting hello packets You can also specify DR priorities for neighbors Follow t...

Страница 305: ...To do Use the command Remarks Enter system view system view Enter OSPFv3 view ospfv3 process id Configure inbound route filtering filter policy acl number ipv6 prefix ipv6 prefix name import Required...

Страница 306: ...enabling load balancing among these routes can improve link utilization Follow these steps to configure the maximum number of load balanced routes To do Use the command Remarks Enter system view syst...

Страница 307: ...ault route using the default route advertise command Because OSPFv3 is a link state routing protocol it cannot directly filter LSAs to be advertised You must filter redistributed routes first Routes t...

Страница 308: ...d seconds instance instance id Optional Defaults to 40 seconds on P2P broadcast interfaces Configure the LSA retransmission interval ospfv3 timer retransmit interval instance instance id Optional Defa...

Страница 309: ...MTU check for DD packets ospfv3 mtu ignore instance instance id Required Not ignored by default Disable interfaces from receiving and sending OSPFv3 packets Follow these steps to disable interfaces fr...

Страница 310: ...ion after a master slave switchover a GR Restarter running OSPFv3 must complete the following tasks Keep the GR Restarter forwarding entries stable during reboot Establish all adjacencies and obtain c...

Страница 311: ...s Before a BFD session is established it is in the down state In this state BFD control packets are sent at an interval of no less than one second to reduce BFD control packet traffic After the BFD se...

Страница 312: ...er the virtual link If an interface and its area each have an IPsec policy configured the interface uses its own IPsec policy If a virtual link and area 0 each have an IPsec policy configured the virt...

Страница 313: ...ix link network router grace link state id originate router router id total begin exclude include regular expression Display OSPFv3 LSDB statistics display ospfv3 lsdb statistic begin exclude include...

Страница 314: ...tatistics display ospfv3 statistic begin exclude include regular expression Display the GR status of the specified OSPFv3 process display ospfv3 process id graceful restart status begin exclude includ...

Страница 315: ...1 area 1 SwitchB Vlan interface200 quit Configure Switch C SwitchC system view SwitchC ipv6 SwitchC ospfv3 SwitchC ospfv3 1 router id 3 3 3 3 SwitchC ospfv3 1 quit SwitchC interface vlan interface 100...

Страница 316: ...Switch D SwitchD display ospfv3 routing E1 Type 1 external route IA Inter area route I Intra area route E2 Type 2 external route Selected route OSPFv3 Router with ID 4 4 4 4 Process 1 Destination 200...

Страница 317: ...2001 1 64 Type IA Cost 3 NextHop FE80 F40D 0 93D0 1 Interface Vlan400 Destination 2001 2 64 Type I Cost 1 NextHop directly connected Interface Vlan400 Destination 2001 3 64 Type IA Cost 4 NextHop FE80...

Страница 318: ...108 Network diagram Configuration procedure 1 Configure IPv6 addresses for interfaces Details not shown 2 Configure OSPFv3 basic functions Configure Switch A SwitchA system view SwitchA ipv6 SwitchA...

Страница 319: ...ace Instance ID 2 2 2 2 1 2 Way DROther 00 00 36 Vlan200 0 3 3 3 3 1 Full Backup 00 00 35 Vlan100 0 4 4 4 4 1 Full DR 00 00 33 Vlan200 0 Display neighbor information on Switch D The neighbor states ar...

Страница 320: ...shutdown commands on interfaces to restart DR and BDR election Details not shown Display neighbor information on Switch A Switch C becomes the BDR SwitchA display ospfv3 peer OSPFv3 Area ID 0 0 0 0 P...

Страница 321: ...uter id 1 1 1 1 SwitchA ospfv3 1 quit SwitchA interface vlan interface 100 SwitchA Vlan interface100 ospfv3 1 area 2 SwitchA Vlan interface100 quit SwitchA interface vlan interface 200 SwitchA Vlan in...

Страница 322: ...0 Cost 0 Destination 3 64 Protocol Direct NextHop 3 2 Preference 0 Interface Vlan300 Cost 0 Destination 3 2 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 4 64 Protoco...

Страница 323: ...300 Cost 0 Destination 3 2 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 4 64 Protocol Direct NextHop 4 1 Preference 0 Interface Vlan400 Cost 0 Destination 4 1 128 Pr...

Страница 324: ...e100 quit Enable OSPFv3 on Switch B and set the router ID to 2 2 2 2 By default GR helper is enabled on Switch B SwitchB system view SwitchB ipv6 SwitchB ospfv3 1 SwitchB ospfv3 1 router id 2 2 2 2 Sw...

Страница 325: ...lan int10 2001 1 64 Switch B Vlan int10 2001 2 64 Vlan int11 2001 2 1 64 Vlan int13 2001 3 2 64 Switch C Vlan int11 2001 2 2 64 Vlan int13 2001 3 1 64 Configuration procedure 1 Configure IP addresses...

Страница 326: ...re BFD parameters SwitchA bfd session init mode active SwitchA interface vlan interface 10 SwitchA Vlan interface10 ospfv3 bfd enable SwitchA Vlan interface10 bfd min transmit interval 500 SwitchA Vla...

Страница 327: ...rocessID 0 Interface Vlan interface11 Protocol OSPFv3 State Invalid Adv Cost 2 Tunnel ID 0x0 Label NULL Age 4515sec Enable BFD debugging on Switch A SwitchA debugging bfd scm SwitchA debugging bfd eve...

Страница 328: ...elayNextHop Tag 0H Neighbor ProcessID 0 Interface Vlan interface11 Protocol OSPFv3 State Invalid Adv Cost 2 Tunnel ID 0x0 Label NULL Age 4610sec Configuring OSPFv3 IPsec policies Network requirements...

Страница 329: ...orithm to SHA1 create an IPsec policy named policy001 specify the manual mode for it reference IPsec proposal tran1 set the SPIs of the inbound and outbound SAs to 12345 and the keys for the inbound a...

Страница 330: ...algorithm des SwitchB ipsec proposal tran2 esp authentication algorithm sha1 SwitchB ipsec proposal tran2 quit SwitchB ipsec policy policy002 10 manual SwitchB ipsec policy manual policy002 10 propos...

Страница 331: ...uration OSPFv3 traffic between Switches A B and C is protected by IPsec Troubleshooting OSPFv3 configuration No OSPFv3 neighbor relationship established Symptom No OSPF neighbor relationship can be es...

Страница 332: ...th the stub area Solution 1 Use the display ospfv3 peer command to display OSPFv3 neighbors 2 Use the display ospfv3 interface command to display OSPFv3 interface information 3 Use the display ospfv3...

Страница 333: ...LSP The TLVs include the following IPv6 Reachability Defines the prefix metric of routing information to indicate network reachability and has a type value of 236 0xEC IPv6 Interface Address Same as...

Страница 334: ...do Use command to Remarks Enter system view system view Enter IS IS view isis process id Define the priority for IPv6 IS IS routes ipv6 preference route policy route policy name preference Optional 15...

Страница 335: ...dvertisement If a protocol is specified only routes redistributed from the routing protocol are filtered for advertisement For information about ACL see ACL and QoS Configuration Guide For information...

Страница 336: ...regular expression Available in any view Display the mapping table between the host name and system ID display isis name table process id vpn instance vpn instance name begin exclude include regular e...

Страница 337: ...rk diagram Configuration procedure 1 Configure IPv6 addresses for interfaces Details not shown 2 Configure IPv6 IS IS Configure Switch A SwitchA system view SwitchA ipv6 SwitchA isis 1 SwitchA isis 1...

Страница 338: ...300 isis ipv6 enable 1 SwitchC Vlan interface300 quit Configure Switch D SwitchD system view SwitchD ipv6 SwitchD isis 1 SwitchD isis 1 is level level 2 SwitchD isis 1 network entity 20 0000 0000 0004...

Страница 339: ...e Destination PrefixLen 0 Flag R Cost 10 Next Hop FE80 200 FF FE0F 4 Interface Vlan200 Destination 2001 1 PrefixLen 64 Flag D L Cost 10 Next Hop FE80 200 FF FE0F 4 Interface Vlan200 Destination 2001 2...

Страница 340: ...ace Vlan200 Destination 2001 3 PrefixLen 64 Flag D L Cost 10 Next Hop Direct Interface Vlan300 Destination 2001 4 1 PrefixLen 128 Flag R Cost 10 Next Hop FE80 20F E2FF FE3E FA3D Interface Vlan300 Flag...

Страница 341: ...ailure and notify IPv6 IS IS of the failure Then Switch A and Switch B communicate through Switch C Figure 114 Network diagram Device Interface IPv6 address Device Interface IPv6 address Switch A Vlan...

Страница 342: ...hC isis 1 ipv6 enable SwitchC isis 1 quit SwitchC interface vlan interface 11 SwitchC Vlan interface11 isis ipv6 enable 1 SwitchC Vlan interface11 quit SwitchC interface vlan interface 13 SwitchC Vlan...

Страница 343: ...64 on Switch A and you can see that Switch A and Switch B communicate through the Layer 2 switch SwitchA display ipv6 routing table 2001 4 0 64 verbose Routing Table Summary Count 2 Destination 2001 4...

Страница 344: ...2009 SwitchA ISIS 4 ADJLOG ISIS 1 ADJCHANGE Adjacency To 0000 0000 0002 vlan10 DOWN Level 1 Circuit Down Aug 8 14 54 05 369 2009 SwitchA ISIS 4 ADJLOG ISIS 1 ADJCHANGE Adjacency To 0000 0000 0002 vla...

Страница 345: ...introducing Multiprotocol BGP MP BGP which is defined in RFC 2858 multiprotocol extensions for BGP 4 For brevity purposes MP BGP for IPv6 is called IPv6 BGP IPv6 BGP puts IPv6 network layer informati...

Страница 346: ...oup Optional Configuring outbound route filtering Optional Configuring inbound route filtering Optional Configuring IPv6 BGP and IGP route synchronization Optional Controlling route distribution and r...

Страница 347: ...e the command Remarks Enter system view system view Enter BGP view bgp as number Specify a router ID router id router id Optional Required if no IP addresses are configured for any interfaces Enter IP...

Страница 348: ...t and the command apply preferred value preferred value in the chapter Routing policy configuration commands Specifying the source interface for establishing TCP connections IPv6 BGP uses TCP as the t...

Страница 349: ...figured by default NOTE Direct links must be available between eBGP peers If not you can use the peer ebgp max hop command to establish a multi hop TCP connection in between However do not use this co...

Страница 350: ...te change logging for an IPv6 peer or peer group peer ipv6 group name ipv6 address log change Optional Enabled by default NOTE See Layer 3 IP Routing Command Reference for information about the log pe...

Страница 351: ...te ipv6 address prefix length as set attribute policy route policy name detail suppressed origin policy route policy name suppress policy route policy name Required Not configured by default Advertisi...

Страница 352: ...oup peer ipv6 group name ipv6 address ipv6 prefix ipv6 prefix name export Required Not specified by default NOTE IPv6 BGP advertises routes passing the specified policy to peers Using the protocol arg...

Страница 353: ...route s next hop If the next hop is reachable the IPv6 BGP router advertises the route to eBGP peers If the synchronization feature is configured in addition to the reachability check of the next hop...

Страница 354: ...bgp as number Enter IPv6 address family view ipv6 family Configure preference values for IPv6 BGP external internal and local routes preference external preference internal preference local preference...

Страница 355: ...med med value Optional Defaults to 0 Enable the comparison of MED for routes from different eBGP peers compare different as med Optional Not enabled by default Enable the comparison of MED for routes...

Страница 356: ...is sent nor holdtime is checked IPv6 BGP connection soft reset After modifying a route selection policy you must reset IPv6 BGP connections to make the new one take effect The current IPv6 BGP impleme...

Страница 357: ...ured using the timer command have lower priority than timers configured using the peer timer command The holdtime interval must be at least three times the keepalive interval Configuring IPv6 BGP soft...

Страница 358: ...rry ORF information in messages If yes it will further determine whether to carry non standard ORF information in the packets After completing the negotiation process and establishing the neighboring...

Страница 359: ...ports only 2 byte AS numbers the peer relationship cannot be established After you enable the 4 byte AS number suppression function the peer device can then process the Open message even though it doe...

Страница 360: ...y to BGP packets The MD5 authentication requires that the two parties have the same authentication mode and password to establish a TCP connection otherwise no TCP connection can be established due to...

Страница 361: ...a pure eBGP peer group and if not a mixed eBGP peer group In a peer group all members have a common policy Using the community attribute can make a set of IPv6 BGP routers in multiple ASs have the sam...

Страница 362: ...ate a pure eBGP peer group specify an AS number for the peer group If a peer was added into an eBGP peer group you cannot specify any AS number for the peer group Creating a mixed eBGP peer group Foll...

Страница 363: ...ystem view system view Enter BGP view bgp as number Enter IPv6 address family view ipv6 family Apply a routing policy to routes advertised to an IPv6 peer or peer group peer ipv6 group name ipv6 addre...

Страница 364: ...keepalive interval This mechanism makes the detection of a link failure rather slow and thus causes a large quantity of packets to be dropped especially when the failed link is a high speed link You...

Страница 365: ...uting table as path acl as path acl number begin exclude include regular expression Display IPv6 BGP routing information with the specified community attribute display bgp ipv6 routing table community...

Страница 366: ...internal export import Reset IPv6 BGP connections reset bgp ipv6 as number ipv4 address ipv6 address flap info all external group group name internal Available in user view Clearing IPv6 BGP informati...

Страница 367: ...pv6 quit SwitchB bgp quit Configure Switch C SwitchC system view SwitchC ipv6 SwitchC bgp 65009 SwitchC bgp router id 3 3 3 3 SwitchC bgp ipv6 family SwitchC bgp af ipv6 peer 9 3 1 as number 65009 Swi...

Страница 368: ...ished 9 1 2 65009 2 4 0 0 00 00 19 Established Display IPv6 peer information on Switch C SwitchC display bgp ipv6 peer BGP local router ID 3 3 3 3 Local AS number 65009 Total number of peers 2 Peers i...

Страница 369: ...B SwitchB system view SwitchB ipv6 SwitchB bgp 200 SwitchB bgp router id 2 2 2 2 SwitchB bgp ipv6 family SwitchB bgp af ipv6 peer 100 1 as number 100 SwitchB bgp af ipv6 peer 101 1 as number 200 Switc...

Страница 370: ...Switches B and C establish an eBGP relationship Configure IPsec policies on the switches to authenticate and encrypt protocol packets Figure 117 Network diagram Configuration procedure 1 Configure IP...

Страница 371: ...sec proposal tran1 transform esp SwitchA ipsec proposal tran1 esp encryption algorithm des SwitchA ipsec proposal tran1 esp authentication algorithm sha1 SwitchA ipsec proposal tran1 quit SwitchA ipse...

Страница 372: ...10 sa spi outbound esp 54321 SwitchB ipsec policy manual policy002 10 sa spi inbound esp 54321 SwitchB ipsec policy manual policy002 10 sa string key outbound esp gfedcba SwitchB ipsec policy manual p...

Страница 373: ...p quit 7 Verify the configuration Display detailed IPv6 BGP peer information SwitchB display bgp ipv6 peer verbose BGP Peer is 1 1 remote AS 65008 Type IBGP link BGP version 4 remote router ID 1 1 1 1...

Страница 374: ...Total 0 messages Update messages 0 Sent Total 0 messages Update messages 0 Maximum allowed prefix number 4294967295 Threshold 75 Minimum time between advertisement runs is 30 seconds Optional capabil...

Страница 375: ...P on Switch A Establish two iBGP connections between Switch A and Switch C SwitchA system view SwitchA bgp 200 SwitchA bgp ipv6 family SwitchA bgp af ipv6 peer 3001 3 as number 200 SwitchA bgp af ipv6...

Страница 376: ...6 peer 3001 3 bfd SwitchA bgp af ipv6 quit SwitchA bgp quit 4 Configure IPv6 BGP on Switch C SwitchC system view SwitchC bgp 200 SwitchC bgp ipv6 family SwitchC bgp af ipv6 peer 3000 1 as number 200 S...

Страница 377: ...3000ms Recv Pkt Num 57 Send Pkt Num 53 Hold Time 2200ms Connect Type Direct Running Up for 00 00 06 Auth mode none Protocol BGP6 Diag Info No Diagnostic The output shows that a BFD session is establi...

Страница 378: ...ure on Switch B Nov 5 11 42 24 172 2009 SwitchC BFD 5 BFD_CHANGE_FSM Sess 3001 3 3000 1 13 17 VLAN101 Ctrl Sta UP DOWN Diag 1 Nov 5 11 42 24 172 2009 SwitchC BGP 5 BGP_STATE_CHANGED 3000 1 state is ch...

Страница 379: ...ully Processing steps 1 Use the display current configuration command to check that the peer s AS number is correct 2 Use the display bgp ipv6 peer command to check that the peer s IPv6 address is cor...

Страница 380: ...Filters redistributed routes Modifies or sets the attributes of some routes Routing policy implementation To configure a routing policy you must do the following 1 Define some filters based on the at...

Страница 381: ...define its own match criteria A routing policy can comprise multiple nodes which are in logic OR relationship Each routing policy node is a match unit and a node with a smaller number is matched firs...

Страница 382: ...to match and is identified by an index number An item with a smaller index number is matched first If one item is matched the IP prefix list is passed and the routing information will not go to the n...

Страница 383: ...list You must define the permit 0 less equal 128 item following multiple deny items to allow other IPv6 routing information to pass For example the following configuration filters routes 2000 1 48 200...

Страница 384: ...origin 1 16 Required Not defined by default Configuring a routing policy A routing policy is used to filter routing information and modify attributes of matching routing information The match criteria...

Страница 385: ...t does not meet any node cannot pass the routing policy If all nodes of the routing policy are set with the deny keyword no routing information can pass it Defining if match clauses Follow these steps...

Страница 386: ...igured by default NOTE The if match clauses of a routing policy node are in logic AND relationship Routing information must satisfy all of its if match clauses before being executed with its apply cla...

Страница 387: ...uting apply extcommunity rt route target 1 16 additive soo site of origin additive Optional Not set by default for IPv4 routes apply ip address next hop ip address Optional Not set by default The sett...

Страница 388: ...rger that the current node number NOTE If you configure the same type of apply clauses that set different values including the apply community and apply extcommunity clauses with the additive keyword...

Страница 389: ...user view Routing policy configuration examples Applying a routing policy to IPv4 route redistribution Network requirements As shown in Figure 1 19 Switch B exchanges routing information with Switch A...

Страница 390: ...face200 quit 3 Configure OSPF and route redistribution Configure OSPF on Switch A SwitchA system view SwitchA ospf SwitchA ospf 1 area 0 SwitchA ospf 1 area 0 0 0 0 network 192 168 1 0 0 0 0 255 Switc...

Страница 391: ...tchB route policy isis2ospf permit node 20 SwitchB route policy if match acl 2002 SwitchB route policy apply tag 20 SwitchB route policy quit SwitchB route policy isis2ospf permit node 30 SwitchB rout...

Страница 392: ...and VLAN interface 200 SwitchA system view SwitchA ipv6 SwitchA interface vlan interface 100 SwitchA Vlan interface100 ipv6 address 10 1 32 SwitchA Vlan interface100 quit SwitchA interface vlan interf...

Страница 393: ...rface100 ripng 1 enable SwitchB Vlan interface100 quit Enable RIPng SwitchB ripng Display RIPng routing table information SwitchB ripng 1 display ripng 1 route Route Flags A Aging S Suppressed G Garba...

Страница 394: ...er id 2 2 2 2 SwitchB bgp peer 1 1 2 2 as number 300 Configure Switch C SwitchC system view SwitchC bgp 300 SwitchC bgp router id 3 3 3 3 SwitchC bgp peer 1 1 1 1 as number 100 SwitchC bgp peer 1 1 2...

Страница 395: ...D has learned routes 4 4 4 0 24 5 5 5 0 24 and 6 6 6 0 24 from AS 100 and 7 7 7 0 24 8 8 8 0 24 and 9 9 9 0 24 from AS 200 3 Configure Switch D to reject routes from AS 200 Configure AS_PATH list 1 S...

Страница 396: ...the IP prefix list must be configured as permit mode and at least one node in the routing policy must be configured as permit mode Solution 1 Use the display ip ip prefix command to display IP prefix...

Страница 397: ...PBR policy does not exist the matching packet is forwarded according to the routing table If a default next hop is configured in the PBR policy destination based routing takes precedence over PBR Usi...

Страница 398: ...clauses Table 7 Relationship between the match mode and the clauses Then If a packet In permit mode In deny mode Matches all the if match clauses on a policy node The apply clause is executed and the...

Страница 399: ...as the backup next hop Set default next hops apply ip address default next hop ip address track track entry number ip address track track entry number Optional You can specify two next hops at a time...

Страница 400: ...e routing table Configuring local PBR Only one policy can be referenced for local PBR Follow these steps to configure local PBR To do Use the command Remarks Enter system view system view Configure lo...

Страница 401: ...Configuring a QoS policy Follow these steps to configure traffic redirection To do Use the command Remarks Enter system view system view Create a class and enter class view traffic classifier tcl nam...

Страница 402: ...e type interface number Enter interface view or port group view Enter port group view port group manual port group name Use either command Settings in interface view take effect on the current interfa...

Страница 403: ...ts can pass the policy and then are forwarded according to the apply clauses if the permit keyword is specified for the node or are denied if the deny keyword is specified The packets will not go to t...

Страница 404: ...igure Node 5 of policy aaa to forward TCP packets to next hop 1 1 2 2 SwitchA policy based route aaa permit node 5 SwitchA pbr aaa 5 if match acl 3101 SwitchA pbr aaa 5 apply ip address next hop 1 1 2...

Страница 405: ...255 time 2 ms Reply from 1 1 3 2 bytes 56 Sequence 2 ttl 255 time 1 ms Reply from 1 1 3 2 bytes 56 Sequence 3 ttl 255 time 1 ms Reply from 1 1 3 2 bytes 56 Sequence 4 ttl 255 time 1 ms Reply from 1 1...

Страница 406: ...icy based route aaa permit node 5 SwitchA pbr aaa 5 if match acl 3101 SwitchA pbr aaa 5 apply ip address next hop 1 1 2 2 SwitchA pbr aaa 5 quit Apply the policy aaa to VLAN interface 1 1 SwitchA inte...

Страница 407: ...55 0 SwitchC Vlan interface20 quit Verification Configure the IP address of Host A as 10 1 10 0 20 24 and the gateway as 10 1 10 0 10 On Host A telnet to Switch B 1 1 2 2 that is directly connected to...

Страница 408: ...ehavior a in QoS policy a SwitchA qos policy a SwitchA qospolicy a classifier a behavior a SwitchA qospolicy a quit Apply QoS policy a to the incoming traffic of GigabitEthernet 1 0 1 SwitchA interfac...

Страница 409: ...chA traffic behavior a SwitchA behavior a redirect next hop 202 2 SwitchA behavior a quit Associate class a with behavior a in QoS policy a SwitchA qos policy a SwitchA qospolicy a classifier a behavi...

Страница 410: ...VPN routes and uses MPLS to forward VPN packets on service provider backbones MPLS L3VPN provides flexible networking modes excellent scalability and convenient support for MPLS QoS and MPLS TE The MP...

Страница 411: ...on When VPN traffic travels over the MPLS backbone the ingress PE functions as the ingress Label Switching Router LSR the egress PE functions as the egress LSR and P routers function as the transit LS...

Страница 412: ...ocess overlapping VPN routes If for example both VPN 1 and VPN 2 use addresses on the segment 10 1 10 10 0 24 and each advertise a route to the segment BGP selects only one of them which results in th...

Страница 413: ...ches the import target attribute of the VPN instance the PE adds the routes to the VPN routing table In other words VPN target attributes define which sites can receive VPN IPv4 routes and from which...

Страница 414: ...information according to the number of the interface receiving the information It then maintains the corresponding routing table accordingly You must also bind the interfaces to the VPNs on PE 1 in th...

Страница 415: ...n an OSPF route is imported to the BGP routing table as a BGP route on a PE some attributes of the OSPF route get lost When the BGP route is imported to the OSPF routing table on the remote CE not all...

Страница 416: ...the VPN routing entries on MCE devices to the routing table of the routing protocol running between MCE and PEs The following routing protocols can be used between MCE and PE devices for routing form...

Страница 417: ...es in the route calculation of the specified VPN After creating and configuring a VPN instance you associate the VPN instance with the interface for connecting different VPN sites Follow these steps t...

Страница 418: ...stance export route policy route policy Optional By default all VPN instance routes permitted by the export target attribute can be redistributed NOTE Only when BGP runs between the MCE and PE can the...

Страница 419: ...e static routes for a VPN instance ip route static vpn instance s vpn instance name 1 6 dest address mask mask length gateway address public interface type interface number gateway address vpn instanc...

Страница 420: ...hrough different OSPF processes ensuring the separation and security of VPN routes Follow these steps to configure OSPF between MCE and VPN site To do Use the command Remarks Enter system view system...

Страница 421: ...ecurity of VPN routes Follow these steps to configure IS IS between MCE and VPN site To do Use the command Remarks Enter system view system view Create an IS IS process for a VPN instance and enter IS...

Страница 422: ...refix ip prefix name export direct isis process id ospf process id rip process id static Optional By default BGP does not filter the routes to be advertised Configure a filtering policy to filter the...

Страница 423: ...sites 1 Configure the MCE Follow these steps to configure the MCE To do Use the command Remarks Enter system view system view Enter BGP view bgp as number Enter BGP VPN instance view ipv4 family vpn i...

Страница 424: ...stances Perform route configurations Redistribute VPN routes into the routing protocol running between the MCE and the PE Configuring static routing between MCE and PE Follow these steps to configure...

Страница 425: ...ps to configure OSPF between MCE and PE To do Use the command Remarks Enter system view system view Create an OSPF process for a VPN instance and enter OSPF view ospf process id router id router id vp...

Страница 426: ...isis process id vpn instance vpn instance name Required Configure a network entity title network entity net Required Not configured by default Redistribute the VPN routes import route isis process id...

Страница 427: ...import Optional By default BGP does not filter the received routes NOTE BGP runs within a VPN in the same way as it runs within a public network For more information about BGP see Layer 3 IP Routing C...

Страница 428: ...on changes you can use the soft reset function or reset BGP connections to make new configurations take effect Soft reset requires that BGP peers have route refreshment capability supporting Route Ref...

Страница 429: ...ance name paths as regular expression begin exclude include regular expression Available in any view Display information about BGP VPNv4 peers display bgp vpnv4 vpn instance vpn instance name peer gro...

Страница 430: ...path regexp Available in user view NOTE For commands to display information about a routing table see Layer 3 IP Routing Command Reference MCE configuration examples Using OSPF to advertise VPN routes...

Страница 431: ...E ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target 10 1 MCE vpn instance vpn1 quit MCE ip vpn instance vpn2 MCE vpn instance vpn2 route distinguishe...

Страница 432: ...N 1 directly and no routing protocol is enabled in VPN 1 Therefore you can configure static routes On VR 1 assign IP address 10 214 10 2 24 to the interface connected to MCE and 192 168 0 1 24 to the...

Страница 433: ...0 0 1 InLoop0 127 0 0 1 32 Direct 0 0 127 0 0 1 InLoop0 192 168 10 0 24 RIP 100 1 10 214 20 2 Vlan20 The output shows that the MCE has learned the private routes of VPN 2 The MCE maintains the routes...

Страница 434: ...ce PE1 vlan 40 PE1 vlan40 quit PE1 interface vlan interface 40 PE1 Vlan interface40 ip binding vpn instance vpn2 PE1 Vlan interface40 ip address 40 1 1 2 24 PE1 Vlan interface40 quit Configure the IP...

Страница 435: ...able of MCE The following output shows that PE 1 has learned the private route of VPN 2 through OSPF PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destinat...

Страница 436: ...t shown Configure OSPF on the MCE and bind OSPF process 10 with VPN instance vpn1 to learn the routes of VPN 1 MCE system view MCE ospf router id 10 214 10 3 10 vpn instance vpn1 MCE ospf 10 area 0 MC...

Страница 437: ...tion procedure is similar to that described in Using OSPF to advertise VPN routes to the PE Details not shown Start BGP process 100 on the MCE and enter the IPv4 address family view of VPN instance vp...

Страница 438: ...VPN 2 through BGP PE1 display ip routing table vpn instance vpn2 Routing Tables vpn2 Destinations 5 Routes 5 Destination Mask Proto Pre Cost NextHop Interface 40 1 1 0 24 Direct 0 0 40 1 1 2 Vlan40 40...

Страница 439: ...ork scenarios besides MPLS L3VPNs Creating a VPN instance A VPN instance is associated with a site It is a collection of the VPN membership and routing rules of its associated site A VPN instance does...

Страница 440: ...learned from a CE gets redistributed into BGP BGP associates it with a VPN target extended community attribute list which is usually the export target attribute of the VPN instance associated with th...

Страница 441: ...sable route redistribution between routing protocols to save system resources Configuring routing between IPv6 MCE and VPN site Configuring static routing between IPv6 MCE and VPN site An IPv6 MCE can...

Страница 442: ...te remote site routes advertised by the PE import route protocol process id allow ibgp cost cost route policy route policy name Required By default no route of any other routing protocol is redistribu...

Страница 443: ...ting Configuration Guide Configuring IPv6 IS IS between IPv6 MCE and VPN site An IPv6 IS IS process belongs to the public network or a single IPv6 VPN instance If you create an IPv6 IS IS process with...

Страница 444: ...h VPN instance on the IPv6 VPN sites If eBGP is used for route exchange you also can configure filtering policies to filter the received routes and the routes to be advertised 1 Configure the IPv6 MCE...

Страница 445: ...Pv6 MCE PE routing configuration includes these tasks Bind the IPv6 MCE PE interfaces to IPv6 VPN instances Perform routing configurations Redistribute IPv6 VPN routes into the routing protocol runnin...

Страница 446: ...onfiguration Guide Configuring OSPFv3 between IPv6 MCE and PE Follow these steps to configure OSPFv3 between IPv6 MCE and PE To do Use the command Remarks Enter system view system view Create an OSPFv...

Страница 447: ...ot specify the route level in the command the command will redistribute routes to the level 2 routing table by default Configure a filtering policy to filter the redistributed routes ipv6 filter polic...

Страница 448: ...an use the soft reset function or reset BGP connections to make new configurations take effect Soft reset requires that BGP peers have route refreshment capability supporting Route Refresh messages Us...

Страница 449: ...tistic statistic begin exclude include regular expression Available in any view Display the BGP VPNv6 routing information of a specified RD display bgp vpnv6 route distinguisher route distinguisher ro...

Страница 450: ...ces vpn1 and vpn2 and specify a RD and VPN targets for each VPN instance MCE system view MCE ip vpn instance vpn1 MCE vpn instance vpn1 route distinguisher 10 1 MCE vpn instance vpn1 vpn target 10 1 M...

Страница 451: ...1 PE1 vpn instance vpn2 vpn target 20 1 PE1 vpn instance vpn2 quit 2 Configure routing between the MCE and VPN sites The MCE is connected with VPN 1 directly and no routing protocol is enabled in VPN...

Страница 452: ...ce vpn1 Routing Table vpn1 Destinations 5 Routes 5 Destination 1 128 Protocol Direct NextHop 1 Preference 0 Interface InLoop0 Cost 0 Destination 2001 1 64 Protocol Direct NextHop 2001 1 1 Preference 0...

Страница 453: ...runk port and configure it to permit packets of VLAN 30 and VLAN 40 to pass with VLAN tags PE1 interface gigabitethernet 1 0 1 PE1 GigabitEthernet1 0 1 port link type trunk PE1 GigabitEthernet1 0 1 po...

Страница 454: ...process to VPN instance vpn1 and redistribute the IPv6 static route of VPN 1 MCE ospfv3 10 vpn instance vpn1 MCE ospf 10 router id 101 101 10 1 MCE ospf 10 import route static MCE ospf 10 quit Enable...

Страница 455: ...of the MCE The following output shows that PE 1 has learned the private route of VPN 2 through OSPFv3 PE1 display ipv6 routing table vpn instance vpn2 Routing Table vpn2 Destinations 5 Routes 5 Destin...

Страница 456: ...s 76 Configuring OSPF FRR 94 Configuring OSPF Graceful Restart 96 Configuring OSPF network types 78 Configuring OSPF route control 81 Configuring OSPFv3 area parameters 285 Configuring OSPFv3 GR 293 C...

Страница 457: ...amples 413 MCE overview 393 O OSPF configuration examples 100 OSPF configuration task list 73 OSPFv3 configuration examples 297 OSPFv3 configuration task list 283 Overview 422 P PBR configuration exam...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды