246
Step Command
Remarks
2.
Enter BGP IPv6 unicast
address family view,
BGP-VPN IPv6 unicast
address family view, or BGP
IPv6 multicast address family
view.
•
Enter BGP IPv6 unicast address
family view:
a.
bgp
as-number
b.
address-family ipv6
[
unicast
]
•
Enter BGP-VPN IPv6 unicast address
family view:
a.
bgp
as-number
b.
ip vpn-instance
vpn-instance-name
c.
address-family ipv6
[
unicast
]
•
Enter BGP IPv6 multicast address
family view:
a.
bgp
as-number
b.
address-family ipv6 multicast
N/A
3.
Specify the maximum
number of BGP ECMP routes
for load balancing.
balance
number
By default, load balancing is
disabled.
Configuring IPsec for IPv6 BGP
Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication
for IPv6 BGP packets exchanged between BGP peers.
When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A
encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully
receives and de-encapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A and
learns IPv6 BGP routes from Device A. If Device B receives but fails to de-encapsulate the packet, or
receives a packet not protected by IPsec, it discards the packet.
To configure IPsec for IPv6 BGP packets (IPv6 unicast/multicast address family):
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure an IPsec transform
set and a manual IPsec
profile.
See
Security Configuration Guide
.
By default, no IPsec transform set or
manual IPsec profile exists.
3.
Enter BGP view or BGP-VPN
instance view.
•
Enter BGP view:
bgp
as-number
•
Enter BGP-VPN instance view:
a.
bgp
as-number
b.
ip vpn-instance
vpn-instance-name
Use either method.
4.
Apply the IPsec profile to an
IPv6 BGP peer or peer group.
peer
{
group-name
|
ipv6-address
}
ipsec-profile
profile-name
By default, no IPsec profile is
configured for any IPv6 BGP peer
or peer group.
This command supports only IPsec
profiles in manual mode.