Page 1 H3C S5500-EI Series Ethernet Switches Operation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 20090108-C-1.01 Product Version: Release 2202...
Page 2 Copyright © 2008-2009, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C, , Aolynk,...
Page 3: About This Manual
About This Manual Organization H3C S5500-EI Series Ethernet Switches Operation Manual is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Service Loopback Ethernet Interface Link Aggregation Port Isolation Group DLDP LLDP Smart Link Monitor Link 01-Access VLAN GVRP QinQ BPDU Tunneling Volume...
Page 4 Volume Features Basic System Device File System Login Configuration Management Management MAC Address HTTP SNMP RMON Table Management System Information 07-System Maintaining and Track Center Volume Debugging VRRP Hotfix Cluster Automatic IRF Stack GR Overview Management Configuration Conventions The manual uses the following conventions: Command conventions Convention Description...
Page 5: Related Documentation
Symbols Convention Description Means reader be extremely careful. Improper operation may cause bodily injury. Means reader be careful. Improper operation may cause data loss or damage to equipment. Means an action or information that needs special attention to ensure successful configuration or good performance. Means a complementary description.
Page 6: Table Of Contents
Table of Contents 1 Obtaining the Documentation ··················································································································1-1 CD-ROMs Shipped with the Devices ······································································································1-1 H3C Website ···········································································································································1-1 Software Release Notes ·························································································································1-1 2 Product Features ·······································································································································2-1 Introduction to Product ····························································································································2-1 Feature Lists ···········································································································································2-1 3 Features······················································································································································3-1 Access Volume ·······································································································································3-1 IP Services Volume·································································································································3-4 IP Routing Volume ··································································································································3-5 Multicast Volume·····································································································································3-7 QoS Volume············································································································································3-9...
Page 7: Obtaining The Documentation
Obtaining the Documentation H3C Technologies Co., Ltd. provides various ways for you to obtain documentation, through which you can obtain the product documentations and those concerning newly added new features. The documentations are available in one of the following ways: CD-ROMs shipped with the devices H3C website Software release notes...
Page 8: Product Features
Product Features Introduction to Product H3C S5500-EI Series Ethernet Switches are Gigabit Ethernet switching products developed by Hangzhou H3C Technologies Co., Ltd. The S5500-EI series switches have abundant service features. They are designed as distribution and access devices for intranets and metropolitan area networks (MANs).
Page 9 Volume Features Mulitcast Multicast Routing IGMP Overview and Forwarding MSDP MBGP IGMP Snooping Multicast VLAN 04-Multicast IPv6 Multicast Volume Routing and IPv6 PIM IPv6 MBGP Forwarding IPv6 Multicast MLD Snooping VLAN 05-QoS Volume User Profile 802.1X HABP Authentication 06-Security Volume Portal Port Security IP Source Guard...
Page 10: Features
Features The following sections provide an overview of the main features of each module supported by the S5500-EI series. Access Volume Table 3-1 Features in Access volume Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface...
Page 11 Features Description In the use of fibers, link errors, namely unidirectional links, are likely to occur. DLDP is designed to detect such errors. This document describes: DLDP Introduction Enabling DLDP Setting DLDP Mode DLDP Setting the Interval for Sending Advertisement Packets Setting the DelayDown Timer Setting the Port Shutdown Mode Configuring DLDP Authentication...
Page 12 Features Description BPDU tunneling enables transparently transmission of customer network BPDU frames over the service provider network. This document describes: BPDU Tunneling Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames The VLAN mapping feature maps CVLAN tags to SVLAN tags. This document describes: VLAN Mapping Configuring One-to-One VLAN Mapping...
Page 13: Ip Services Volume
Features Description Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network monitoring and troubleshooting. This document describes: Port Mirroring Port Mirroring overview Local port mirroring configuration Remote port mirroring configuration IP Services Volume Table 3-2 Features in the IP Services volume...
Page 14: Ip Routing Volume
Features Description Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. This document describes: URPF URPF overview URPF configuration Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4).
Page 15 Features Description Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks. This document describes: RIP basic functions configuration RIP advanced functions configuration RIP network optimization configuration Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF.
Page 16: Multicast Volume
Features Description The IS-IS routing protocol supports multiple network protocols, including IPv6. IS-IS with IPv6 support is called IPv6 IS-IS dynamic routing protocol. This document describes: IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions Configuring IPv6 IS-IS Routing Information Control To support multiple network layer protocols, IETF extended BGP-4 by introducing IPv6 BGP.
Page 17 Features Description Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast members. This document describes: IGMP overview IGMP Configuring basic functions of IGMP Configuring IGMP performance parameters Configuring IGMP SSM Mapping Configuring IGMP Proxying PIM leverages the unicast routing table created by any unicast routing protocol to provide routing information for IP multicast.
Page 18: Qos Volume
Features Description As an IPv6 multicast extension of MP-BGP, IPv6 MBGP enables BGP to provide routing information for IPv6 multicast applications. This document describes: IPv6 MBGP Configuring IPv6 MBGP Basic Functions Configuring IPv6 MBGP Route Attributes Configuring a Large Scale IPv6 MBGP Network Multicast Listener Discovery Snooping (MLD Snooping) is an IPv6 multicast constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups.
Page 19 Features Description IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication. This document describes: 802.1x 802.1x overview 802.1x configuration 802.1x Guest-VLAN configuration On an HABP-capable switch, HABP packets can bypass 802.1x authentication and MAC authentication, allowing communication among switches in a cluster.
Page 20: System Volume
Features Description An ACL is used for identifying traffic based on a series of preset matching criteria. This document describes: ACL overview and ACL types ACL configuration System Volume Table 3-7 Features in the System volume Features Description Upon logging into a device, you can configure user interface properties and manage the system conveniently.
Page 21 Features Description Hypertext Transfer Protocol (HTTP) is used for transferring web page information across the Internet. This document describes: HTTP HTTP Configuration HTTPS Configuration Simple network management protocol (SNMP) offers a framework to monitor network devices through TCP/IP protocol suite. This document describes: SNMP overview SNMP...
Page 22 Features Description The track module is used to implement collaboration between different modules through established collaboration objects. The detection modules trigger the application modules to perform certain operations through the track module. This document describes: Track Track Overview Configuring Collaboration Between the Track Module and the Detection Modules Configuring Collaboration Between the Track Module and the Application Modules...
Page 23 Features Description Intelligent Resilient Framework (IRF) allows you to build an IRF stack, namely a united device, by interconnecting multiple devices through stack ports. You can manage all the devices in the IRF stack by managing the united device. This document describes: IRF Stack IRF Stack Overview IRF Stack Working Process...
Page 24 Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...
Page 25 Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...
Page 26 Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...
Page 27 Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...
Page 28 Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...
Page 29 Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol...
Page 30 Acronyms Full spelling Multicast Listener Discovery Protocol MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP...
Page 31 Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...
Page 32 Acronyms Full spelling Power over Ethernet Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return...
Page 33 Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active...
Page 34 Acronyms Full spelling Shortest Path First Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree...
Page 35 Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch...
Page 36: Manual Version
Access Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The Access Volume is organized as follows: Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface Ethernet Interface...
Page 37 Features Description To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group. Service Loopback This document describes: Group Introduction to Service Loopback Groups Configuring a Service Loopback Group In the use of fibers, link errors, namely unidirectional links, are likely to occur.
Page 38 Features Description As defined in IEEE802.1Q, 12 bits are used to identify a VLAN ID, so a device can support a maximum of 4094 VLANs. The QinQ feature extends the VLAN space by allowing Ethernet frames to travel across the service provider network with double VLAN tags.
Page 39 Features Description RRPP is a link layer protocol designed for Ethernet rings. RRPP can prevent broadcast storms caused by data loops when an Ethernet ring is healthy, and rapidly restore the communication paths between the nodes after a link is disconnected on the ring. This document describes: RRPP overview RRPP Configuring Master Node...
Page 40 Table of Contents 1 Ethernet Interface Configuration ·············································································································1-1 General Ethernet Interface Configuration ·······························································································1-1 Combo Port Configuration ···············································································································1-1 Basic Ethernet Interface Configuration····························································································1-1 Configuring Flow Control on an Ethernet Interface ·········································································1-2 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface ········1-3 Configuring Loopback Testing on an Ethernet Interface·································································1-3 Configuring a Port Group·················································································································1-4 Configuring Storm Suppression ······································································································1-4...
Page 41: Ethernet Interface Configuration
Ethernet Interface Configuration General Ethernet Interface Configuration Combo Port Configuration Introduction to Combo port A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding interface. For a Combo port, the electrical port and the corresponding optical port are TX-SFP multiplexed.
Page 42: Configuring Flow Control On An Ethernet Interface
Auto-negotiation mode (auto). Interfaces operating in this mode determine their duplex mode through auto-negotiation. Similarly, if you configure the transmission rate for an Ethernet interface by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a Gigabit Ethernet interface, you can specify the transmission rate by its auto-negotiation capacity.
Page 43: Configuring The Suppression Time Of Physical-Link-State Change On An Ethernet Interface
Follow these steps to enable flow control on an Ethernet interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Enable flow control flow-control Disabled by default Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface An Ethernet interface operates in one of the two physical link states: up or down.
Page 44: Configuring A Port Group
To do… Use the command… Remarks Optional Enable loopback testing loopback { external | internal } Disabled by default. As for the internal loopback test and external loopback test, if an interface is down, only the former is available on it; if the interface is shut down, both are unavailable. The speed, duplex, mdi, and shutdown commands are not applicable during loopback testing.
Page 45 The storm suppression ratio settings configured for an Ethernet interface may get invalid if you enable the storm constrain for the interface. For information about the storm constrain function, see Configuring the Storm Constrain Function on an Ethernet Interface. Follow these steps to set storm suppression ratios for one or multiple Ethernet interfaces: To do…...
Page 46: Setting The Interval For Collecting Ethernet Interface Statistics
Setting the Interval for Collecting Ethernet Interface Statistics Follow these steps to configure the interval for collecting interface statistics: To do… Use the command… Remarks Enter system view system-view — interface interface-type Optional Configure the interval interface-number for collecting interface The default interval for collecting statistics interface statistics is 300 seconds.
Page 47: Configuring The Mdi Mode For An Ethernet Interface
messages will be sent to the terminal, and the corresponding MAC address forwarding entries will be removed. Follow these steps to configure loopback detection: To do… Use the command… Remarks Enter system view system-view — Required Enable global loopback loopback-detection enable detection Disabled by default Optional...
Page 48: Testing The Cable On An Ethernet Interface
An Ethernet interface is composed of eight pins. By default, each pin has its particular role. For example, pin 1 and pin 2 are used for transmitting signals; pin 3 and pin 6 are used for receiving signals. You can change the pin roles through setting the MDI mode.
Page 49: Configuring The Storm Constrain Function On An Ethernet Interface
Configuring the Storm Constrain Function on an Ethernet Interface The storm constrain function suppresses packet storms in an Ethernet. With this function enabled on an interface, the system detects the multicast traffic, or broadcast traffic passing through the interface periodically and takes corresponding actions (that is, blocking or shutting down the interface and sending trap messages and logs) when the traffic detected exceeds the threshold.
Page 50: Displaying And Maintaining An Ethernet Interface
To do… Use the command… Remarks Optional Specify to send log when the By default, the system sends traffic detected exceeds the log when the traffic detected upper threshold or drops down storm-constrain enable log exceeds the upper threshold or below the lower threshold from drops down below the lower a point higher than the upper...
Page 51 To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about display loopback-detection Available in any view the loopback function display storm-constrain Display the information about...
Page 52 Table of Contents 1 Link Aggregation Configuration ··············································································································1-1 Overview ·················································································································································1-1 Basic Concepts of Link Aggregation ·······························································································1-1 Link Aggregation Modes··················································································································1-3 Load Sharing Mode of an Aggregation Group ················································································1-4 Link Aggregation Configuration Task List ·······························································································1-5 Configuring an Aggregation Group ·········································································································1-6 Configuring a Static Aggregation Group··························································································1-6 Configuring a Dynamic Aggregation Group·····················································································1-7 Configuring an Aggregate Interface ········································································································1-8 Configuring the Description of an Aggregate Interface ···································································1-8...
Page 53: Link Aggregation Configuration
Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups Displaying and Maintaining Link Aggregation Link Aggregation Configuration Examples Overview...
Page 54 Selected: a selected port can forward user traffic. Unselected: an unselected port cannot forward user traffic. The rate of an aggregate interface is the sum of the selected member ports’ rates. The duplex mode of an aggregate interface is consistent with that of the selected member ports. Note that all selected member ports use the same duplex mode.
Page 55: Link Aggregation Modes
Some configurations are called class-one configurations. Such configurations, for example, GVRP and MSTP, can be configured on aggregate interfaces and member ports but are not considered during operational key calculation. The change of a class-two configuration setting may affect the select state of link aggregation member ports and thus the ongoing service.
Page 56: Load Sharing Mode Of An Aggregation Group
Dynamic aggregation mode LACP is enabled on member ports in a dynamic aggregation group. In a dynamic aggregation group, A selected port can receive and transmit LACPDUs. An unselected port can receive and send LACPDUs only if it is up and with the same configurations as those on the aggregate interface.
Page 57: Link Aggregation Configuration Task List
The system sets the load sharing mode of an aggregation group as follows: When hardware resources are available, a link aggregation group with at least two selected ports operates in load sharing mode. The load sharing mode of a link aggregation group with only one selected port is non-load sharing mode.
Page 58: Configuring An Aggregation Group
Configuring an Aggregation Group The following ports cannot be assigned to an aggregation group: Stack ports, RRPP-enabled ports, MAC address authentication-enabled ports, port security-enabled ports, IP source guard-enabled ports, and 802.1x-enabled ports. You are recommended not to assign reflector ports of port mirroring to an aggregation group. For details about reflector ports, refer to Port Mirroring Configuration in the Access Volume.
Page 59: Configuring A Dynamic Aggregation Group
Configuring a Dynamic Aggregation Group Follow these steps to configure a Layer 2 dynamic aggregation group: To do... Use the command... Remarks Enter system view system-view — Optional By default, the system LACP priority is 32768. Set the system LACP lacp system-priority Changing the system LACP priority priority...
Page 60: Configuring An Aggregate Interface
Removing a dynamic aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful dynamic aggregation, ensure that the peer ports of the ports aggregated at one end are also aggregated.
Page 61: Shutting Down An Aggregate Interface
Follow these steps to enable linkUp/linkDown trap generation for an aggregate interface: To do... Use the command... Remarks Enter system view system-view — Optional snmp-agent trap enable Enable the trap function By default, linkUp/linkDown [ standard [ linkdown | linkup ] globally trap generation is enabled globally and on all interfaces.
Page 62: Displaying And Maintaining Link Aggregation
traffic as needed. For example, for Layer 3 traffic, you can use IP addresses as hash keys for load sharing calculation. Follow these steps to configure load sharing mode for link aggregation groups: To do... Use the command... Remarks Enter system view system-view —...
Page 63: Link Aggregation Configuration Examples
Link Aggregation Configuration Examples Layer 2 Static Aggregation Configuration Example Network requirements As shown in Figure 1-1, Device A and Device B are connected through their respective Ethernet ports GigabitEthernet1/0/1 to GigabitEthernet1/0/3. Aggregate the ports on each device to form a static link aggregation group, thus balancing outgoing traffic across the member ports.
Page 64: Layer 2 Dynamic Aggregation Configuration Example
Layer 2 Dynamic Aggregation Configuration Example Network requirements As shown in Figure 1-2, Device A and Device B are connected through their respective Ethernet ports GigabitEthernet1/0/1 to GigabitEthernet1/0/3. Aggregate the ports on each device to form a dynamic link aggregation group, thus balancing outgoing traffic across the member ports.
Page 65 Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group for a Single-Isolation-Group Device·····················································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...
Page 66: Port Isolation Configuration
Port Isolation Configuration When configuring port isolation, go to these sections for information you are interested in: Introduction to Port Isolation Configuring the Isolation Group for a Single-Isolation-Group Device Displaying and Maintaining Isolation Groups Port Isolation Configuration Example Introduction to Port Isolation Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs.
Page 67: Displaying And Maintaining Isolation Groups
Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group information on a display port-isolate group Available in any view single-isolation-group device Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.
Page 68 Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
Page 69 Table of Contents 1 Service Loopback Group Configuration ·································································································1-1 Overview ·················································································································································1-1 Functions of Service Loopback Groups ··························································································1-1 Port Configuration Prerequisites of Service Loopback Groups·······················································1-1 States of the Ports in a Service Loopback Group ···········································································1-2 Configuring a Service Loopback Group ··································································································1-2 Displaying and Maintaining Service Loopback Groups ··········································································1-3 Configuration Example····························································································································1-3...
Page 70: Service Loopback Group Configuration
Service Loopback Group Configuration When configuring a service loopback group, go to these sections for information you are interested in: Overview Configuring a Service Loopback Group Displaying and Maintaining Service Loopback Groups Configuration Example Overview The SFP+ subcards and GE subcards of the S5500-EI switches do not support service loopback groups.
Page 71: States Of The Ports In A Service Loopback Group
The port is not configured with MSTP, 802.1x, MAC address authentication, port security mode, packet filtering, Ethernet frame filtering, or IP source guard. Additionally, the member port of a service loopback group cannot be configured with any of the above-mentioned configurations. The port belongs to VLAN 1.
Page 72: Displaying And Maintaining Service Loopback Groups
You can change the service type of an existing service loopback group. For the change to be successful, you must ensure that the service group has not been referenced; the attributes of all member ports (if any) are not conflicting with the target service type; and no service loopback group has been created for the target service type, because only one service loopback group is allowed for a service type.
Page 73 Table of Contents 1 DLDP Configuration ··································································································································1-1 Overview ·················································································································································1-1 DLDP Introduction ···························································································································1-2 DLDP Fundamentals ·······················································································································1-2 DLDP Configuration Task List·················································································································1-8 Enabling DLDP········································································································································1-9 Setting DLDP Mode ································································································································1-9 Setting the Interval for Sending Advertisement Packets·······································································1-10 Setting the DelayDown Timer ···············································································································1-10 Setting the Port Shutdown Mode ··········································································································1-10 Configuring DLDP Authentication ·········································································································1-11 Resetting DLDP State ···························································································································1-11 Resetting DLDP State in System View··························································································1-12...
Page 74: Dldp Configuration
DLDP Configuration When performing DLDP configuration, go to these sections for information you are interested in: Overview DLDP Configuration Task List Enabling DLDP Setting DLDP Mode Setting the Interval for Sending Advertisement Packets Setting the DelayDown Timer Setting the Port Shutdown Mode Configuring DLDP Authentication Resetting DLDP State Displaying and Maintaining DLDP...
Page 75: Dldp Introduction
Figure 1-2 Unidirectional fiber link: a fiber not connected or disconnected Device A GE1/0/50 GE1/0/51 GE1/0/50 GE1/0/51 Device B DLDP Introduction Device Link Detection Protocol (DLDP) can detect the link status of a fiber cable or twisted pair. On detecting a unidirectional link, DLDP can shut down the related port automatically or prompt users to take measures as configured to avoid network problems.
Page 76 State Indicates… A port enters this state when: A unidirectional link is detected. Disable The contact with the neighbor in enhanced mode gets lost. In this state, the port does not receive or send packets other than DLDPDUs. A port in the Active, Advertisement, or Probe DLDP link state transits to this state rather than removes the corresponding neighbor entry and transits to the DelayDown Inactive state when it detects a port-down event.
Page 77 DLDP timer Description A device in the Active, Advertisement, or Probe DLDP link state transits to DelayDown state rather than removes the corresponding neighbor entry and transits to the Inactive state when it detects a port-down event. When a device transits to this state, the DelayDown timer is triggered. A DelayDown timer device in DelayDown state only responds to port-up events.
Page 78 Figure 1-3 A case for Enhanced DLDP mode In normal DLDP mode, only fiber cross-connected unidirectional links (as shown in Figure 1-1 ) can be detected. In enhanced DLDP mode, two types of unidirectional links can be detected. One is fiber cross-connected links (as shown in Figure 1-1).
Page 79 Table 1-4 DLDP packet types and DLDP states DLDP state Type of DLDP packets sent Active Advertisement packet with RSY tag Advertisement Normal Advertisement packet Probe Probe packet Disable Disable packet and RecoverProbe packet When a device transits from a DLDP state other than Inactive state or Disable state to Initial state, it sends Flush packets.
Page 80 Packet type Processing procedure If the corresponding neighbor entry does not exist, creates the neighbor entry, triggers the Entry timer, and transits to Probe state. If the neighbor information it carries conflicts with the corresponding locally Retrieves the maintained neighbor entry, drops the Echo packet neighbor packet.
Page 81: Dldp Configuration Task List
The DLDP down port sends out a RecoverProbe packet, which carries only information about the local port, every two seconds. Upon receiving the RecoverProbe packet, the remote end returns a RecoverEcho packet. Upon receiving the RecoverEcho packet, the local port checks whether neighbor information in the RecoverEcho packet is the same as the local port information.
Page 82: Enabling Dldp
To ensure unidirectional links can be detected, make sure these settings are the same on the both sides: DLDP state (enabled/disabled), the interval for sending Advertisement packets, authentication mode, and password. Keep the interval for sending Advertisement packets adequate to enable unidirectional links to be detected in time.
Page 83: Setting The Interval For Sending Advertisement Packets
Setting the Interval for Sending Advertisement Packets You can set the interval for sending Advertisement packets to enable unidirectional links to be detected in time. Follow these steps to set the interval for sending Advertisement packets: To do… Use the command… Remarks Enter system view system-view...
Page 84: Configuring Dldp Authentication
Manual mode. This mode applies to networks with low performance, where normal links may be treated as unidirectional links. It protects service packet transmission against false unidirectional links. In this mode, DLDP only detects unidirectional links and generates log and traps. The operations to shut down unidirectional link ports are accomplished by the administrator.
Page 85: Resetting Dldp State In System View
user-defined port shutdown mode. To enable the port to perform DLDP detect again, you can reset the DLDP state of the port in one of the following methods: If the port is shut down with the shutdown command manually, use the undo shutdown command on the port.
Page 86: Dldp Configuration Example
To do… Use the command… Remarks Clear the statistics on reset dldp statistics [ interface-type DLDP packets passing Available in user view interface-number ] through a port DLDP Configuration Example DLDP Configuration Example Network requirements Device A and Device B are connected through two fiber pairs, in which two fibers are cross-connected, as shown in Figure 1-4.
Page 87: Troubleshooting
[DeviceA] dldp work-mode enhance # Set the port shutdown mode as auto mode. [DeviceA] dldp unidirectional-shutdown auto # Enable DLDP globally. [DeviceA] dldp enable # Check the information about DLDP. [DeviceA] display dldp DLDP global status : enable DLDP interval : 6s DLDP work-mode : enhance DLDP authentication-mode : none...
Page 88 Analysis: The problem can be caused by the following. The intervals for sending Advertisement packets on Device A and Device B are not the same. DLDP authentication modes/passwords on Device A and Device B are not the same. Solution: Make sure the interval for sending Advertisement packets, the authentication mode, and the password on Device A and Device B are the same.
Page 89 Table of Contents 1 LLDP Configuration···································································································································1-1 Introduction to LLDP ·······························································································································1-1 Overview··········································································································································1-1 LLDP Fundamental··························································································································1-1 TLV Types ·······································································································································1-2 Protocols and Standards ·················································································································1-4 LLDP Configuration Task List ·················································································································1-4 Performing Basic LLDP Configuration ····································································································1-4 Enabling LLDP·································································································································1-4 Setting LLDP Operating Mode ········································································································1-5 Configuring LLDPDU TLVs ·············································································································1-6 Enable LLDP Polling························································································································1-7 Configuring the Parameters Concerning LLDPDU Sending ···························································1-7 Configuring the Encapsulation Format for LLDPDUs ·············································································1-8...
Page 90: Lldp Configuration
LLDP Configuration When configuring LLDP, go to these sections for information you are interested in: Introduction to LLDP LLDP Configuration Task List Performing Basic LLDP Configuration Configuring the Encapsulation Format for LLDPDUs Configuring the Encapsulation Format of the Management Address Configuring CDP Compatibility Configuring LLDP Trapping Displaying and Maintaining LLDP...
Page 91: Tlv Types
To enable the neighboring devices to be informed of the existence of a device or an LLDP operating mode change (from the disable mode to TxRx mode, or from the Rx mode to Tx mode) timely, a device can invoke the fast sending mechanism. In this case, the interval to send LLDPDUs changes to one second.
Page 92 Type Description Remarks Port Description TLV Carries Ethernet port description System Name TLV Carries device name System Description TLV Carries system description System Capabilities TLV Carries information about system capabilities Carries the management address, the Optional to corresponding port number, and OID (object LLDP identifier).
Page 93: Protocols And Standards
Extended power-via-MDI TLV, which carries the information about the power supply capability of the current device. Hardware revision TLV, which carries the hardware version of an MED device. Firmware revision TLV, which carries the firmware version of an MED device. Software revision TLV, which carries the software version of an MED device.
Page 94: Setting Lldp Operating Mode
To do… Use the command… Remarks Enter system view system-view — Required Enable LLDP globally lldp enable By default, LLDP is enabled globally. Enter Ethernet interface interface-type Either of the two is required. interface view interface-number Enter Configuration performed in Ethernet Ethernet interface view applies to the current interface...
Page 95: Configuring Lldpdu Tlvs
Configuring LLDPDU TLVs Follow these steps to configure LLDPDU TLVs: To do… Use the command… Remarks Enter system view system-view — Optional Set the TTL multiplier lldp hold-multiplier value 4 by default. Enter Either of the two is required. Ethernet interface interface-type Configuration performed in Enter...
Page 96: Enable Lldp Polling
To enable MED related LLDP TLV sending, you need to enable LLDP-MED capabilities TLV sending first. Conversely, to disable LLDP-MED capabilities TLV sending, you need to disable the sending of other MED related LLDP TLVs. To disable MAC/PHY configuration/status TLV sending, you need to disable LLDP-MED capabilities TLV sending first.
Page 97: Configuring The Encapsulation Format For Lldpdus
To do… Use the command… Remarks Optional Set the delay period to send lldp timer tx-delay value LLDPDUs 2 seconds by default To enable local device information to be updated on neighboring devices before being aged out, make sure the interval to send LLDPDUs is shorter than the TTL of the local device information. Setting the number of the LLDPDUs to be sent when a new neighboring device is detected Follow these steps to set the number of the LLDPDUs to be sent when a new neighboring device is detected...
Page 98: Configuring The Encapsulation Format Of The Management Address
The configuration does not apply to LLDP-CDP packets, which use only SNAP encapsulation. Configuring the Encapsulation Format of the Management Address LLDP encapsulates the management address in the form of numbers or strings in management address TLVs and then advertises it. By default, management addresses are encapsulated in the form of numbers in TLVs.
Page 99: Configuration Prerequisites
TLV for the IP phones to configure the voice VLAN automatically. Thus, the voice traffic is confined in the configured voice VLAN to be differentiated from other types of traffic. CDP-compatible LLDP operates in one of the follows two modes: TxRx where CDP packets can be transmitted and received.
Page 100: Displaying And Maintaining Lldp
Follow these steps to configure LLDP trap: To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Either of the two is required. interface view interface-number Configuration performed in Enter Ethernet interface view applies Ethernet to the current port only;...
Page 101: Configuration Procedure
Figure 1-1 Network diagram for LLDP configuration GE1/0/1 GE1/0/2 Switch A GE1/0/1 MED设备 Switch B Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, setting the LLDP operating mode to [SwitchA] interface gigabitethernet1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...
Page 102 Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1] : Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors...
Page 103: Cdp-Compatible Lldp Configuration Example
Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2] : Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No...
Page 104 # Configure the link type of the ports to be trunk and enable the voice VLAN feature on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/2] quit...
Page 105 Table of Contents 1 Smart Link Configuration ·························································································································1-1 Smart Link Overview ·······························································································································1-1 Terminology·····································································································································1-1 Operating Mechanism of Smart Link ·······························································································1-2 Configuring a Smart Link Device ············································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuring a Smart Link Device·····································································································1-3 Smart Link Device Configuration Example······················································································1-4 Configuring an Associated Device ··········································································································1-5 Configuring an Associated Device ··································································································1-5 Associated Device Configuration Example ·····················································································1-6 Displaying and Maintaining Smart Link···································································································1-6...
Page 106: Smart Link Configuration
Smart Link Configuration When configuring Smart Link, go to these sections for information that you are interested in: Smart Link Overview Configuring a Smart Link Device Configuring an Associated Device Displaying and Maintaining Smart Link Smart Link Configuration Examples Smart Link Overview Smart Link is a feature developed to address the slow convergence issue with the Spanning Tree Protocol (STP).
Page 107: Operating Mechanism Of Smart Link
Master port Master port is a port role in a smart link group. When both ports in a smart link group are up, the master port preferentially transits to the forwarding state. Once the master port fails, the slave port takes over to forward traffic.
Page 108: Configuring A Smart Link Device
Uplink traffic-triggered MAC address learning, where update is triggered by uplink traffic. This mechanism is applicable to environments with devices not supporting smart link, including devices of other vendors’. Flush update where a Smart Link-enabled device updates its information by transmitting flush messages over the backup link to its upstream devices.
Page 109: Smart Link Device Configuration Example
To do… Use the command… Remarks Required protected-vlan By default, no Configure protected VLANs for the reference-instance protected VLAN is smart link group instance-id-list configured for a smart link group. In smart link group port interface-type view interface-number master Specify the Required master port for In Ethernet...
Page 110: Configuring An Associated Device
Configure VLAN 20 for flush update. Configuration procedure <Sysname> system-view [Sysname] vlan 20 [Sysname-vlan20] quit [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] undo stp enable [Sysname-GigabitEthernet1/0/1] port link-type trunk [Sysname-GigabitEthernet1/0/1] port trunk permit vlan 20 [Sysname-GigabitEthernet1/0/1] quit [Sysname] interface gigabitethernet 1/0/2 [Sysname-GigabitEthernet1/0/2] undo stp enable [Sysname-GigabitEthernet1/0/2] port link-type trunk [Sysname-GigabitEthernet1/0/2] port trunk permit vlan 20 [Sysname-GigabitEthernet1/0/2] quit...
Page 111: Associated Device Configuration Example
Configure all the control VLANs to receive flush messages. If no control VLAN is specified for processing flush messages, the device forwards the received flush messages directly without processing them. Make sure that the receive control VLAN is the same as the transmit control VLAN configured on the Smart Link device.
Page 112 Figure 1-2 Network diagram for single smart link group configuration Device A GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/1 Device B Device D GE1/0/2 GE1/0/2 GE1/0/3 GE1/0/3 GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1 Device C Device E Configuration procedure Configuration on Device C # Create smart link group 1. <DeviceC>...
Page 113: Multiple Smart Link Groups Load Sharing Configuration Example
[DeviceE-smlk-group1] port gigabitethernet1/0/2 master [DeviceE-smlk-group1] port gigabitethernet1/0/1 slave # Configure VLAN 1 as the transmit control VLAN. [DeviceE-smlk-group1] flush enable Configuration on Device B # Configure VLAN 1 as the receive control VLAN for GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3. <DeviceB>...
Page 114 The traffic of VLAN 1 through VLAN 200 on Device C are dually uplinked to Device A by Device B and Device D. Implement load sharing to uplink the traffic of VLAN 1 through VLAN 100 and the traffic of VLAN 101 through VLAN 200 over different links to Device A. Implement dual link backup on Device C: the traffic of VLANs 1 through 100 (mapped to MSTI 0) is uplinked to Device A by Device B;...
Page 115 # Configure protected VLANs for smart link group 1. [DeviceC-smlk-group1] protected-vlan reference-instance 0 # Configure GigabitEthernet 1/0/1 as the master port and GigabitEthernet 1/0/2 as the slave port. [DeviceC-smlk-group1] port gigabitethernet1/0/1 master [DeviceC-smlk-group1] port gigabitethernet1/0/2 slave # Enable role preemption. [DeviceC-smlk-group1] preemption mode role # Configure VLAN 10 as the transmit control VLAN of smart link group 1.
Page 116 [DeviceD-GigabitEthernet1/0/1] smart-link flush enable control-vlan 10 101 [DeviceD-GigabitEthernet1/0/1] quit [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan 1 to 200 [DeviceD-GigabitEthernet1/0/2] smart-link flush enable control-vlan 10 101 Configuration on Device A # Configure VLAN 10 and VLAN 101 as the receive control VLANs of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
Page 117 Table of Contents 1 Monitor Link Configuration ······················································································································1-1 Overview ·················································································································································1-1 Terminology·····································································································································1-1 How Monitor Link Works··················································································································1-1 Configuring Monitor Link ·························································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Monitor Link Configuration Example ·······························································································1-2 Displaying and Maintaining Monitor Link ································································································1-3 Monitor Link Configuration Example ·······································································································1-3...
Page 118: Monitor Link Configuration
Monitor Link Configuration When configuring monitor link, go to these sections for information you are interested in: Overview Configuring Monitor Link Displaying and Maintaining Monitor Link Monitor Link Configuration Example Overview Monitor link is a port collaboration function used to enable a device to be aware of the up/down state change of the ports on an indirectly connected link.
Page 119: Configuring Monitor Link
Do not manually shut down or bring up the downlink ports in a monitor link group. Configuring Monitor Link Configuration Prerequisites Before assigning a port to a monitor link group, make sure the port is not the member port of any aggregation group or service loopback group.
Page 120: Displaying And Maintaining Monitor Link
Configuration procedure <Sysname> system-view [Sysname] monitor-link group 1 [Sysname-mtlk-group1] port gigabitethernet 1/0/1 uplink [Sysname-mtlk-group1] port gigabitethernet 1/0/2 downlink Displaying and Maintaining Monitor Link To do… Use the command… Remarks Display monitor link display monitor-link group Available in any view group information { group-id | all } Monitor Link Configuration Example Network requirements...
Page 121 [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] undo stp enable [DeviceC-GigabitEthernet1/0/1] quit [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] undo stp enable [DeviceC-GigabitEthernet1/0/2] quit [DeviceC] smart-link group 1 # Configure the smart link group to protect all the VLANs mapped to MSTIs 0 through 32. [DeviceC-smlk-group1] protected-vlan reference-instance 0 to 32 # Configure GigabitEthernet 1/0/1 as the master port and GigabitEthernet 1/0/2 as the slave port.
Page 122 [DeviceD-mtlk-group1] port gigabitethernet 1/0/1 uplink [DeviceD-mtlk-group1] port gigabitethernet 1/0/2 downlink # Configure VLAN 1 as the control VLAN for receiving flush messages on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. [DeviceD-mtlk-group1] quit [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] smart-link flush enable [DeviceD-GigabitEthernet1/0/1] quit [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] smart-link flush enable...
Page 123 Table of Contents 1 VLAN Configuration ··································································································································1-1 Introduction to VLAN ·······························································································································1-1 VLAN Overview ·······························································································································1-1 VLAN Fundamentals ·······················································································································1-2 Types of VLAN ································································································································1-3 Configuring Basic VLAN Settings ···········································································································1-3 Configuring Basic Settings of a VLAN Interface ·····················································································1-4 Port-Based VLAN Configuration ·············································································································1-5 Introduction to Port-Based VLAN ····································································································1-5 Assigning an Access Port to a VLAN ······························································································1-6 Assigning a Trunk Port to a VLAN···································································································1-7 Assigning a Hybrid Port to a VLAN ·································································································1-8...
Page 124: Vlan Configuration
VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...
Page 125: Vlan Fundamentals
Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.
Page 126: Types Of Vlan
The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.
Page 127: Configuring Basic Settings Of A Vlan Interface
As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.
Page 128: Port-Based Vlan Configuration
Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.
Page 129: Assigning An Access Port To A Vlan
Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. Otherwise, the system prompts error information. For information about voice VLAN, refer to Voice VLAN Configuration. The local and remote ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
Page 130: Assigning A Trunk Port To A Vlan
To do… Use the command… Remarks Assign one or a group of Required access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN In interface or port group view Follow these steps to assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: To do…...
Page 131: Assigning A Hybrid Port To A Vlan
To do… Use the command… Remarks Enter system view system-view — Enter Required interface interface-type Ethernet Use either command. interface-number interface view In Ethernet interface view, the subsequent configurations Enter Layer-2 interface bridge-aggregation aggregate apply to the current port. interface-number interface view port group...
Page 132 To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Required interface view interface-number Use either command. In Ethernet interface view, Enter Layer-2 interface bridge-aggregation subsequent aggregate interface-number configurations apply to the interface view current port. Enter In port group view, the interface...
Page 133: Mac-Based Vlan Configuration
MAC-Based VLAN Configuration Introduction to MAC-Based VLAN MAC-based VLANs group VLAN members by MAC address. They only apply to untagged frames. When receiving an untagged frame, the device looks up the list of MAC-to-VLAN mappings based on the MAC address of the frame for a match. If a match is found, the system forwards the frame in the corresponding VLAN.
Page 134: Protocol-Based Vlan Configuration
To do... Use the command... Remarks Enter Use either command. interface interface-type Ethernet Enter In Ethernet interface view, the interface-number interface view Ethernet subsequent configurations interface apply only to the current port; view or in port group view, the Enter port port-group manual port group subsequent configurations...
Page 135: Configuring A Protocol-Based Vlan
Configuring a Protocol-Based VLAN Follow these steps to configure a protocol-based VLAN: To do… Use the command… Remarks Enter system view system-view — Required If the specified VLAN does Enter VLAN view vlan vlan-id not exist, this command creates the VLAN first. protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc |...
Page 136: Ip Subnet-Based Vlan Configuration
Do not configure both the dsap-id and ssap-id arguments in the protocol-vlan command as 0xe0 or 0xff when configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively.
Page 137: Displaying And Maintaining Vlan
To do… Use the command… Remarks Required The IP network segment or IP ip-subnet-vlan Associate an IP subnet with the address to be associated with [ ip-subnet-index ] ip current VLAN a VLAN cannot be a multicast ip-address [ mask ] network segment or a multicast address.
Page 138: Vlan Configuration Example
To do... Use the command… Remarks display interface Display VLAN interface vlan-interface Available in any view information [ vlan-interface-id ] Display hybrid ports or trunk display port { hybrid | trunk } Available in any view ports on the device display mac-vlan { all | dynamic | mac-address Display MAC address-to-VLAN...
Page 139 Figure 1-4 Network diagram for port-based VLAN configuration Configuration procedure Configure Device A # Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100. <DeviceA> system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit [DeviceA] vlan 100 [DeviceA-vlan100] vlan 6 to 50 Please wait...
Page 140 Flow-control is not enabled The Maximum Frame Length is 9216 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 100 Mdi type: auto Link delay is 0(sec) Port link-type: trunk VLAN passing : 2, 6-50, 100 VLAN permitted: 2, 6-50, 100 Trunk port encapsulation: IEEE 802.1q Port priority: 0...
Page 141: Isolate-User-Vlan Configuration
Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.
Page 142 Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.
Page 143: Displaying And Maintaining Isolate-User-Vlan
Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.
Page 144 [DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.
Page 145 gigabitethernet 1/0/2 gigabitethernet 1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: gigabitethernet 1/0/1 gigabitethernet 1/0/5...
Page 146: Voice Vlan Configuration
00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense.
Page 147: Voice Vlan Assignment Modes
Voice VLAN Assignment Modes A port can be assigned to a voice VLAN in one of the following two modes: In automatic mode, the system matches the source MAC addresses in the untagged packets sent when the IP phone is powered on against the OUI addresses. If a match is found, the system automatically assigns the port to the voice VLAN, issues ACL rules and configures the packet precedence.
Page 148: Security Mode And Normal Mode Of Voice Vlans
If an IP phone sends tagged voice traffic and its connecting port is configured with 802.1X authentication and guest VLAN, you should assign different VLAN IDs for the voice VLAN, the default VLAN of the connecting port, and the 802.1X guest VLAN. The default VLANs for all ports are VLAN 1.
Page 149: Setting A Port To Operate In Automatic Voice Vlan Assignment Mode
Setting a Port to Operate in Automatic Voice VLAN Assignment Mode Follow these steps to set a port to operate in automatic voice VLAN assignment mode: To do... Use the command... Remarks Enter system view system-view — Optional 1440 minutes by default. The voice VLAN aging time Set the voice VLAN aging time voice vlan aging minutes...
Page 150 To do... Use the command... Remarks Enter system view system-view — Optional Enable the voice VLAN security voice vlan security enable mode Enabled by default. Optional By default, each voice VLAN voice vlan mac-address oui Add a recognizable OUI has default OUI addresses mask oui-mask [ description address configured.
Page 151: Displaying And Maintaining Voice Vlan
Displaying and Maintaining Voice VLAN To do... Use the command... Remarks Display the voice VLAN state display voice vlan state Available in any view Display the OUI addresses display voice vlan oui Available in any view currently supported by system Voice VLAN Configuration Examples Automatic Voice VLAN Mode Configuration Example Network requirements...
Page 152 Avaya phone 0011-1100-0000 ffff-ff00-0000 IP phone A 0011-2200-0000 ffff-ff00-0000 IP phone B 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current states of voice VLANs. <DeviceA> display voice vlan state...
Page 153: Manual Voice Vlan Assignment Mode Configuration Example
Maximum of Voice VLANs: 16 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE ----------------------------------------------- GigabitEthernet1/0/1 AUTO GigabitEthernet1/0/2 AUTO Manual Voice VLAN Assignment Mode Configuration Example Network requirements Create VLAN 2 and configure it as a voice VLAN permitting only voice traffic to pass through.
Page 154 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes...
Page 155 Table of Contents 1 GVRP Configuration ··································································································································1-1 Introduction to GVRP ······························································································································1-1 GARP···············································································································································1-1 GVRP···············································································································································1-3 Protocols and Standards ·················································································································1-4 GVRP Configuration Task List ················································································································1-4 Configuring GVRP Functions··················································································································1-4 Configuring GARP Timers·······················································································································1-5 Displaying and Maintaining GVRP··········································································································1-6 GVRP Configuration Examples···············································································································1-7 GVRP Configuration Example I·······································································································1-7 GVRP Configuration Example II······································································································1-8 GVRP Configuration Example III·····································································································1-9...
Page 156: Gvrp Configuration
GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...
Page 157 Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...
Page 158: Gvrp
GARP message format Figure 1-1 GARP message format Figure 1-1 illustrates the GARP message format. Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message ––...
Page 159: Protocols And Standards
about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.
Page 160: Configuring Garp Timers
To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface view, interface view or Layer interface interface-type Required Layer 2 2 aggregate interface interface-number aggregate view Perform either of the interface view, commands. port-group manual or port-group Enter port-group view port-group-name view Required...
Page 161: Displaying And Maintaining Gvrp
To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 interface interface-type Perform either of the interface aggregate interface-number commands. view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on a view, or Enter port-group port-group manual...
Page 162: Gvrp Configuration Examples
To do… Use the command… Remarks display gvrp state interface Display the current GVRP state interface-type interface-number vlan Available in any view vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state display gvrp status Available in any view Display the information about...
Page 163: Gvrp Configuration Example Ii
[DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).
Page 164: Gvrp Configuration Example Iii
[DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.
Page 165 [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.
Page 166 Table of Contents 1 QinQ Configuration ···································································································································1-1 Introduction to QinQ ································································································································1-1 Background ·····································································································································1-1 QinQ Mechanism and Benefits········································································································1-1 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modifying the TPID in a VLAN Tag ·································································································1-3 QinQ Configuration Task List··················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring Selective QinQ·····················································································································1-5 Configuring an Outer VLAN Tagging Policy ····················································································1-5...
Page 167: Qinq Configuration
QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...
Page 168: Qinq Frame Structure
Figure 1-1 Schematic diagram of the QinQ feature Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has...
Page 169: Implementations Of Qinq
Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.
Page 170 Figure 1-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.
Page 171: Qinq Configuration Task List
QinQ Configuration Task List Table 1-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Configuring an Outer VLAN Tagging Policy Optional Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network. QinQ configurations made in Ethernet interface view take effect on the current interface only;...
Page 172: Configuring The Tpid Value In Vlan Tags
condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ. Follow these steps to configure an outer VLAN tagging policy: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet or interface interface-type...
Page 173 Customer A1, Customer A2, Customer B1 and Customer B2 are edge devices on the customer network. Third-party devices with a TPID value of 0x8200 are deployed between Provider A and Provider B. Make configuration to achieve the following: Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A1and Customer A2 through VLAN 10 of the service provider network.
Page 174 [ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid pvid vlan 50 [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 50 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 10 and 50 to pass through. [ProviderA] interface gigabitethernet 1/0/3 [ProviderA-GigabitEthernet1/0/3] port link-type trunk [ProviderA-GigabitEthernet1/0/3] port trunk permit vlan 10 50...
Page 175: Comprehensive Selective Qinq Configuration Example
Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/3 of Provider B to allow tagged frames of VLAN 10 and 50 to pass through. Comprehensive Selective QinQ Configuration Example Network requirements Provider A and Provider B are edge devices on the service provider network and are...
Page 176 [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port link-type hybrid [ProviderA-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 untagged # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/1] qinq vid 1000 [ProviderA-GigabitEthernet1/0/1-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/1-vid-1000] quit # Tag CVLAN 20 frames with SVLAN 2000. [ProviderA-GigabitEthernet1/0/1] qinq vid 2000 [ProviderA-GigabitEthernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-GigabitEthernet1/0/1-vid-2000] quit...
Page 177 [ProviderB-GigabitEthernet1/0/2] port link-type hybrid [ProviderB-GigabitEthernet1/0/2] port hybrid vlan 2000 untagged # Tag CVLAN 20 frames with SVLAN 2000. [ProviderB-GigabitEthernet1/0/2] qinq vid 2000 [ProviderB-GigabitEthernet1/0/2-vid-2000] raw-vlan-id inbound 20 # Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type service-tag 8200 Configuration on third-party devices Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/1 of Provider B...
Page 178 Table of Contents 1 BPDU Tunneling Configuration················································································································1-1 Introduction to BPDU Tunneling ·············································································································1-1 Configuring BPDU Transparent Transmission························································································1-3 Configuring Destination Multicast MAC Address for BPDU Tunnel Frames ··········································1-3 BPDU Tunneling Configuration Example································································································1-3...
Page 179: Bpdu Tunneling Configuration
BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames BPDU Tunneling Configuration Example Introduction to BPDU Tunneling To avoid loops in your network, you can enable the Spanning Tree Protocol (STP) on your device.
Page 180 Figure 1-1 Network hierarchy of BPDU tunneling At the input side of the service provider network, the edge device changes the destination MAC address of a BPDU from a customer network from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 by default. In the service provider’s network, the modified BPDUs are forwarded as data packets in the user VLAN.
Page 181: Configuring Bpdu Transparent Transmission
Configuring BPDU Transparent Transmission Perform the following tasks to configure BPDU transparent transmission: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet or Required interface interface-type Layer-2 aggregate Use either command. interface-number interface view Settings made in interface view take effect only on the current Enter port.
Page 182 Provider A and Provider B are service provider network edge devices, which are interconnected through configured trunk ports. The configuration is required to satisfy the following requirements: Geographically dispersed customer network access devices Customer A and Customer B can implement consistent spanning tree calculation across the service provider network. destination multicast address...
Page 183 [ProviderB-GigabitEthernet1/0/2] undo stp enable [ProviderB-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp...
Page 184 Table of Contents 1 VLAN Mapping Configuration ··················································································································1-1 VLAN Mapping Overview ························································································································1-1 One-to-One VLAN Mapping and Many-to-One VLAN Mapping······················································1-2 Two-to-Two VLAN Mapping ············································································································1-3 Basic Concepts of VLAN Mapping ··································································································1-3 How VLAN Mapping Is Implemented ······························································································1-4 VLAN Mapping Configuration Task List ··································································································1-5 Configuring One-to-One VLAN Mapping ································································································1-6 Configuring One-to-One VLAN Mapping·························································································1-6 Configuring Many-to-One VLAN Mapping ······························································································1-8...
Page 185: Vlan Mapping Configuration
VLAN Mapping Configuration When configuring VLAN mapping, go to these sections for information you are interested in: VLAN Mapping Overview VLAN Mapping Configuration Task List Configuring One-to-One VLAN Mapping Configuring Many-to-One VLAN Mapping Configuring Two-to-Two VLAN Mapping VLAN Mapping Configuration Examples VLAN Mapping Overview VLAN mapping maps the customer VLANs (CVLANs) to service-provider VLANs (SVLANs).
Page 186: One-To-One Vlan Mapping And Many-To-One Vlan Mapping
One-to-One VLAN Mapping and Many-to-One VLAN Mapping Figure 1-1 Scenario for one-to-one/many-to-one VLAN mapping One-to-one VLAN mapping and many-to-one VLAN mapping are mainly applied in networking environments as shown in Figure 1-1. In such a network, different VLANs are used for transmitting different services (PC, IPTV, and VoIP for example) of a home user.
Page 187: Two-To-Two Vlan Mapping
Two-to-Two VLAN Mapping Figure 1-2 Scenario for two-to-two VLAN mapping SP 1 SP 2 Device A Device D VLAN VLAN VLAN VLAN 10/200 30/200 10/100 10/100 Device B VLAN VLAN Device C 10/100 30/200 VLAN 10 VLAN 30 VPN 1 VPN 1 Two-to-two VLAN mapping are mainly applied in networking environments as shown in Figure...
Page 188: How Vlan Mapping Is Implemented
Uplink policy: A QoS policy containing VLAN mappings for uplink traffic. Downlink policy: A QoS policy containing VLAN mappings for downlink traffic. How VLAN Mapping Is Implemented This section describes how VLAN mapping is implemented on your device. One-to-one VLAN mapping On the downlink port For uplink traffic For downlink traffic...
Page 189: Vlan Mapping Configuration Task List
Two-to-two VLAN mapping In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are called the new SVLAN and CVLAN.
Page 190: Configuring One-To-One Vlan Mapping
For many-to-one VLAN mapping, enable customer-side QinQ on the downlink port and service provider-side QinQ on the uplink port. To save system resources, disable user bindings recording on the DHCP snooping trusted ports that forward DHCP packets. For information about this feature, refer to DHCP Configuration in the IP Services Volume.
Page 191 To do... Use the command... Remarks Set the link type of the uplink port to port link-type trunk Required trunk Required Configure the uplink port to permit the port trunk permit vlan By default, a trunk port specified SVLANs to pass through { vlan-id-list | all } permits only VLAN 1 to pass through.
Page 192: Configuring Many-To-One Vlan Mapping
To do... Use the command... Remarks Map the SVLAN to the CVLAN classifier tcl-name behavior by associating the traffic class Required behavior-name with the traffic behavior Exit to system view quit — Configuring Many-to-One VLAN Mapping Perform many-to-one VLAN mapping on the campus switches shown in Figure 1-1 to carry the same service of different users using the same VLAN on the service provider’s network.
Page 193 To do... Use the command... Remarks Exit to system view quit — Enter the interface view of the uplink interface interface-type — port interface-number Required By default, all ports with Configure the uplink port as a DHCP DHCP snooping dhcp-snooping trust snooping trusted port enabled are DHCP snooping untrusted...
Page 194: Configuring Two-To-Two Vlan Mapping
To do... Use the command... Remarks Create a traffic behavior and traffic behavior Required enter traffic behavior view behavior-name Specify the SVLAN for the remark service-vlan-id Required VLAN mapping vlan-id-value Exit to system view quit — Create a QoS policy and enter qos policy policy-name Required QoS policy view...
Page 195 To do... Use the command... Remarks Required Configure the downlink port to permit By default, a trunk port port trunk permit vlan the packets of the SVLANs to pass permits only the packets { vlan-id-list | all } through of VLAN 1 to pass through.
Page 196 To do... Use the command... Remarks Map the original CVLAN and the new SVLAN classifier tcl-name behavior to the new CVLAN by associating the traffic Required behavior-name class with the traffic behavior Exit to system view quit — Table 1-5 Configure an uplink policy for the downlink port To do...
Page 197: Vlan Mapping Configuration Examples
To do... Use the command... Remarks Specify the original SVLAN used for remark service-vlan-id vlan-id-value Required replacing the new SVLAN Exit to system view quit — Create a QoS policy and enter QoS qos policy policy-name Required policy view Map the new CVLAN and SVLAN to the original CVLAN and SVLAN by classifier tcl-name behavior Required...
Page 198 Figure 1-3 Network diagram for one-to-one/many-to-one VLAN mapping configuration DHCP client VLAN 1 Home gateway VLAN 2 IPTV VLAN 1-> VLAN 101 VLAN 2-> VLAN 201 VLAN 3-> VLAN 301 VoIP VLAN 3 GE1/0/1 GE1/0/3 Switch A GE1/0/2 VLAN 1 Distrubution VLAN 1->...
Page 199 [SwitchA-classifier-c3] quit [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202 [SwitchA-behavior-b5] traffic behavior b6 [SwitchA-behavior-b6] remark service-vlan-id 302 [SwitchA-behavior-b6] quit...
Page 200 [SwitchA-policy-p11] classifier c22 behavior b22 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Configure GigabitEthernet 1/0/1 to permit frames of the specified CVLANs and SLVANs to pass through.
Page 201 # Configure uplink policies to map the CVLANs to the SVLANs. [SwitchB] traffic classifier c1 [SwitchB-classifier-c1] if-match customer-vlan-id 1 [SwitchB-classifier-c1] traffic classifier c2 [SwitchB-classifier-c2] if-match customer-vlan-id 2 [SwitchB-classifier-c2] traffic classifier c3 [SwitchB-classifier-c3] if-match customer-vlan-id 3 [SwitchB-classifier-c3] quit [SwitchB] traffic behavior b1 [SwitchB-behavior-b1] remark service-vlan-id 111 [SwitchB-behavior-b1] traffic behavior b2 [SwitchB-behavior-b2] remark service-vlan-id 211...
Page 202 [SwitchB-behavior-b11] traffic behavior b22 [SwitchB-behavior-b22] remark customer-vlan-id 2 [SwitchB-behavior-b22] traffic behavior b33 [SwitchB-behavior-b33] remark customer-vlan-id 3 [SwitchB-behavior-b33] quit [SwitchB] qos policy p11 [SwitchB-policy-p11] classifier c11 behavior b11 [SwitchB-policy-p11] classifier c22 behavior b22 [SwitchB-policy-p11] classifier c33 behavior b33 [SwitchB-policy-p11] quit [SwitchB] qos policy p22 [SwitchB-policy-p22] classifier c44 behavior b11 [SwitchB-policy-p22] classifier c55 behavior b22 [SwitchB-policy-p22] classifier c66 behavior b33...
Page 203: Enable Dhcp Snooping
Configuration on Switch C # Enable DHCP snooping. <SwitchC> system-view [SwitchC] dhcp-snooping # Enable ARP detection on each VLAN involved in VLAN mapping. [SwitchC] vlan 101 [SwitchC-vlan101] arp detection enable [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable...
Page 204 [SwitchC-classifier-c4] traffic classifier c5 [SwitchC-classifier-c5] if-match customer-vlan-id 211 to 310 [SwitchC-classifier-c5] traffic classifier c6 [SwitchC-classifier-c6] if-match customer-vlan-id 311 to 410 [SwitchC-classifier-c6] quit [SwitchC] traffic behavior b1 [SwitchC-behavior-b1] remark service-vlan-id 501 [SwitchC-behavior-b1] traffic behavior b2 [SwitchC-behavior-b2] remark service-vlan-id 502 [SwitchC-behavior-b2] traffic behavior b3 [SwitchC-behavior-b3] remark service-vlan-id 503 [SwitchC-behavior-b3] quit [SwitchC] qos policy p1...
Page 205: Two-To-Two Vlan Mapping Configuration Example
[SwitchC-GigabitEthernet1/0/3] port link-type trunk [SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503 # Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted port. [SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust # Configure GigabitEthernet 1/0/3 as an ARP trusted port. [SwitchC-GigabitEthernet1/0/3] arp detection trust # Enable SP-side QinQ on GigabitEthernet 1/0/3. [SwitchC-GigabitEthernet1/0/3] qinq enable uplink Configuration on Switch D # Enable DHCP snooping.
Page 206 Configuration procedure Configuration on Device A # Configure QinQ function on GigabitEthernet 1/0/1 to add outer VLAN tag 100 to the traffic tagged with VLAN 10. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 100 [DeviceA-GigabitEthernet1/0/1] qinq enable [DeviceA-GigabitEthernet1/0/1] quit # Configure the uplink port GigabitEthernet 1/0/2 to permit frames of VLAN 100 to pass through.
Page 207 [DeviceC] traffic classifier downlink_out [DeviceC-classifier-downlink_out] if-match customer-vlan-id 30 [DeviceC-classifier-downlink_out] if-match service-vlan-id 200 [DeviceC-classifier-downlink_out] quit # Specify the original CVLAN and SVLAN for outgoing VPN 1 traffic on GigabitEthernet 1/0/1. [DeviceC] traffic behavior downlink_out [DeviceC-behavior-downlink_out] remark customer-vlan-id 10 [DeviceC-behavior-downlink_out] remark service-vlan-id 100 [DeviceC-behavior-downlink_out] quit # Configure a downlink policy to map the new CVLAN and SVLAN to the original CVLAN and SVLAN for the outgoing VPN 1 traffic on GigabitEthernet 1/0/1.
Page 208 <DeviceD> system-view [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port access vlan 200 [DeviceD-GigabitEthernet1/0/2] qinq enable # Configure GigabitEthernet 1/0/1 to permit frames of VLAN 200 to pass through. [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] port link-type trunk [DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 200 1-24...
Page 209 Table of Contents 1 Ethernet OAM Configuration ........................1-1 Ethernet OAM Overview .........................1-1 Types of Ethernet OAMPDUs ......................1-1 Ethernet OAM Implementation ......................1-2 Standards and Protocols .........................1-5 Ethernet OAM Configuration Task List ....................1-5 Configuring Basic Ethernet OAM Functions ...................1-5 Configuring Link Monitoring ........................1-6 Configuring Errored Symbol Event Detection .................1-6 Configuring Errored Frame Event Detection ...................1-6 Configuring Errored Frame Period Event Detection................1-7...
Page 210: Ethernet Oam Configuration
Ethernet OAM Configuration When configuring the Ethernet OAM function, go to these sections for information you are interested in: Ethernet OAM Overview Ethernet OAM Configuration Task List Configuring Basic Ethernet OAM Functions Configuring Link Monitoring Enabling OAM Loopback Testing Displaying and Maintaining Ethernet OAM Configuration Ethernet OAM Configuration Example Ethernet OAM Overview Ethernet OAM (operation, administration, and maintenance) is a tool monitoring Layer-2 link status by...
Page 211: Ethernet Oam Implementation
Figure 1-1 Formats of different types of Ethernet OAMPDUs The fields in an OAMPDU are described as follows: Table 1-1 Description of the fields in an OAMPDU Field Description Destination MAC address of the Ethernet OAMPDU. Dest addr It is a slow protocol multicast address 0180c2000002. Source MAC address of the Ethernet OAMPDU.
Page 212 Ethernet OAM connection establishment Ethernet OAM connection is the base of all the other Ethernet OAM functions. OAM connection establishment is also known as the Discovery phase, where an Ethernet OAM entity discovers remote OAM entities and establishes sessions with them. In this phase, interconnected OAM entities notify the peer of their OAM configuration information and the OAM capabilities of the local nodes by exchanging Information OAMPDUs and determine whether Ethernet OAM connections can be established.
Page 213 The interval to send Information OAMPDUs is determined by a timer. Up to ten Information OAMPDUs can be sent in a second. Link monitoring Error detection in an Ethernet is difficult, especially when the physical connection in the network is not disconnected but network performance is degrading gradually.
Page 214: Standards And Protocols
Table 1-5 Critical link error events Ethernet OAM link events Description Link Fault Peer link signal is lost. Dying Gasp An unexpected fault, such as power failure, occurred. Critical event An undetermined critical event happened. As Information OAMPDUs are exchanged periodically across established OAM connections, an Ethernet OAM entity can inform one of its OAM peers of link faults through Information OAMPDUs.
Page 215: Configuring Link Monitoring
Follow these steps to configure basic Ethernet OAM functions: To do… Use the command… Remarks Enter system view System-view — interface interface-type Enter Ethernet port view — interface-number Optional Set Ethernet OAM operating oam mode { active | passive } The default is active Ethernet mode OAM mode.
Page 216: Configuring Errored Frame Period Event Detection
Follow these steps to configure errored frame event detection: To do… Use the command… Remarks Enter system view system-view — Optional Configure the errored frame oam errored-frame period period-value event detection interval 1 second by default Optional Configure the errored frame oam errored-frame threshold event triggering threshold threshold-value...
Page 217: Enabling Oam Loopback Testing
Enabling OAM Loopback Testing Follow these steps to enable Ethernet OAM loopback testing: To do… Use the command… Remarks Enter system view System-view — interface interface-type Enter Ethernet port view — interface-number Required Enable Ethernet OAM loopback oam loopback testing Disabled by default.
Page 218: Ethernet Oam Configuration Example
To do… Use the command… Remarks Available Clear statistics on Ethernet OAM packets reset oam [ interface interface-type in user and Ethernet OAM link error events interface-number ] view only Ethernet OAM Configuration Example Network requirements Enable Ethernet OAM on Device A and Device B to manage links on data link layer. Monitor link performance and collect statistics about the error frames received by Device A.
Page 219 -------------------------------------------------------------------------- Errored-symbol Event period(in seconds) Errored-symbol Event threshold Errored-frame Event period(in seconds) Errored-frame Event threshold Errored-frame-period Event period(in ms) 1000 Errored-frame-period Event threshold Errored-frame-seconds Event period(in seconds) Errored-frame-seconds Event threshold Use the display oam link-event command to display the statistics about Ethernet OAM link events. For example: # Display Ethernet OAM link event statistics of the remote end of Device B.
Page 220 Table of Contents 1 Connectivity Fault Detection Configuration ···························································································1-1 Overview ·················································································································································1-1 Basic Concepts in CFD ···················································································································1-1 Basic Functions of CFD···················································································································1-4 Protocols and Standards ·················································································································1-5 CFD Configuration Task List···················································································································1-5 Basic Configuration Tasks ······················································································································1-5 Configuring Service Instance ··········································································································1-6 Configuring MEP ·····························································································································1-6 Configuring MIP Generation Rules··································································································1-7 Configuring CC on MEPs························································································································1-7 Configuration Prerequisites ·············································································································1-8 Configuring Procedure·····················································································································1-8...
Page 221: Connectivity Fault Detection Configuration
Connectivity Fault Detection Configuration When configuring CFD, go to these sections for information you are interested in: Overview CFD Configuration Task List Basic Configuration Tasks Configuring CC on MEPs Configuring LB on MEPs Configuring LT on MEPs Displaying and Maintaining CFD CFD Configuration Examples Overview Connectivity Fault Detection (CFD) is an end-to-end per-VLAN link layer Operations, Administration...
Page 222 Figure 1-1 Two nested MDs CFD exchanges messages and performs operations on a per-domain basis. By planning MDs properly in a network, you can use CFD to locate failure points rapidly. Maintenance association A maintenance association (MA) is a set of maintenance points (MPs) in a MD. An MA is identified by the “MD name + MA name”.
Page 223 Figure 1-2 Outward-facing MEP Figure 1-3 Inward-facing MEP A MIP is internal to an MD. It cannot send CFD packets actively; however, it can handle and respond to CFD packets. The MA and MD that a MIP belongs to define the VLAN attribute and level of the packets received.
Page 224: Basic Functions Of Cfd
Figure 1-4 Levels of MPs Basic Functions of CFD CFD works effectively only in properly-configured networks. Its functions, which are implemented through the MPs, include: Continuity check (CC); Loopback (LB) Linktrace (LT) Continuity check Continuity check is responsible for checking the connectivity between MEPs. Connectivity faults are usually caused by device faults or configuration errors.
Page 225: Protocols And Standards
source MEP can identify the path to the destination MEP. Note that LTMs are multicast frames while LTRs are unicast frames. Protocols and Standards The CFD function is implemented in accordance with IEEE P802.1ag. CFD Configuration Task List For CFD to work effectively, you should first design the network by performing the following tasks: Grade the MDs in the entire network, and define the boundary of each MD.
Page 226: Configuring Service Instance
Based on the network design, you should configure MEPs or the rules for generating MIPs on each device. However, before doing this you must first configure the service instance. Configuring Service Instance A service instance is indicated by an integer to represent an MA in an MD. The MD and MA define the level and VLAN attribute of the messages handled by the MPs in a service instance.
Page 227: Configuring Mip Generation Rules
To do... Use the command... Remarks cfd remote-mep Required Configure a remote MEP for a remote-mep-id MEP in the same service No remote MEP is configured service-instance instance-id instance for a MEP by default. mep mep-id cfd mep service-instance Required Enable the MEP instance-id mep mep-id Disabled by default...
Page 228: Configuration Prerequisites
Configuration Prerequisites Before configuring this function, you should first complete the MEP configuration. Configuring Procedure Follow these steps to configure CC on a MEP: To do... Use the command... Remarks Enter system view system-view — Optional Configure the interval field cfd cc interval value in the CCM messages interval-field-value...
Page 229: Configuring Lt On Meps
To do... Use the command... Remarks Enter system view system-view — cfd loopback service-instance instance-id mep Required Enable LB mep-id { target-mep target-mep-id | target-mac Disabled by default mac-address } [ number loopback-number ] Configuring LT on MEPs LT can trace the path between the specified MEP and the target MEP, and can also locate link faults by sending LT messages automatically.
Page 230: Displaying And Maintaining Cfd
Displaying and Maintaining CFD To do... Use the command... Remarks Display CFD status display cfd status Available in any view Display MD configuration display cfd md Available in any view information Display MA configuration display cfd ma [ [ ma-name ] Available in any view information md md-name ]...
Page 231: Configuring Mep And Enabling Cc On It
Figure 1-5 Network diagram for MD configuration Configuration procedure Configuration on Device A (configuration on Device E is the same as that on Device A) <DeviceA> system-view [DeviceA] cfd enable [DeviceA] cfd md MD_A level 5 [DeviceA] cfd ma MA_MD_A md MD_A vlan 100 [DeviceA] cfd service-instance 1 md MD_A ma MA_MD_A Configuration on Device C <DeviceC>...
Page 232 Decide the remote MEP for each MEP, and enable these MEPs. According to the network diagram as shown in Figure 1-6, perform the following configurations: In MD_A, there are three edge ports: GigabitEthernet 1/0/1 on Device A, GigabitEthernet 1/0/3 on Device D and GigabitEthernet 1/0/4 on Device E.
Page 233: Configuring The Rules For Generating Mips
[DeviceD-GigabitEthernet1/0/3] cfd remote-mep 1001 service-instance 1 mep 4002 [DeviceD-GigabitEthernet1/0/3] cfd remote-mep 5001 service-instance 1 mep 4002 [DeviceD-GigabitEthernet1/0/3] cfd mep service-instance 1 mep 4002 enable [DeviceD-GigabitEthernet1/0/3] cfd cc service-instance 1 mep 4002 enable On Device E <DeviceE> system-view [DeviceE] interface gigabitethernet 1/0/4 [DeviceE-GigabitEthernet1/0/4] cfd mep 5001 service-instance 1 inbound [DeviceE-GigabitEthernet1/0/4] cfd remote-mep 1001 service-instance 1 mep 5001 [DeviceE-GigabitEthernet1/0/4] cfd remote-mep 4002 service-instance 1 mep 5001...
Page 234: Configuring Lb On Meps
Configuration procedure Configure Device B <DeviceB> system-view [DeviceB] cfd mip-rule explicit service-instance 1 Configure Device C <DeviceC> system-view [DeviceC] cfd mip-rule default service-instance 2 After the above operation, you can use the display cfd mp command to verify your configuration. Configuring LB on MEPs Network requirements Use the LB function to trace the fault source after CC detects a link fault.
Page 235 Table of Contents 1 MSTP Configuration ··································································································································1-1 MSTP Overview·······························································································································1-1 Introduction to STP··························································································································1-1 How STP works ·······························································································································1-3 Introduction to MSTP·······················································································································1-9 Protocols and Standards ···············································································································1-14 Configuration Task List ·························································································································1-14 Configuring the Root Bridge ··········································································································1-16 Configuring an MST Region ··········································································································1-16 Specifying the Root Bridge or a Secondary Root Bridge ······························································1-17 Configuring the Work Mode of an MSTP Device ··········································································1-18 Configuring the Priority of the Current Device···············································································1-19 Configuring the Maximum Hops of an MST Region······································································1-19...
Page 236 Configuration Prerequisites ···········································································································1-35 Configuration Procedure················································································································1-36 Configuration Example ··················································································································1-36 Configuring Protection Functions··········································································································1-36 Configuration prerequisites ···········································································································1-37 Enabling BPDU Guard···················································································································1-37 Enabling Root Guard ·····················································································································1-38 Enabling Loop Guard·····················································································································1-38 Enabling TC-BPDU Attack Guard ·································································································1-39 Displaying and Maintaining MSTP ········································································································1-40 MSTP Configuration Example ·······································································································1-40...
Page 237: Mstp Configuration
MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: MSTP Overview Configuration Task List Configuring the Root Bridge Configuring Leaf Nodes Configuring Digest Snooping Configuring No Agreement Check Configuring Protection Functions Displaying and Maintaining MSTP MSTP Configuration Example MSTP Overview Introduction to STP...
Page 238 There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology. Therefore, the root bridge is not fixed. After network convergence, the root bridge generates and sends out configuration BPDUs at a certain interval, and other devices just forward the BPDUs.
Page 239: How Stp Works
All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree. How STP works The devices on a network exchange BPDUs to identify the network topology.
Page 240 Table 1-2 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device performs the following: If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device discards the received configuration BPDU and does not process the configuration BPDU of this port.
Page 241 Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be defined, and acts depending on the comparison result: If the calculated configuration BPDU is superior, the device considers this port as the designated port, and replaces the configuration BPDU on the port with the calculated configuration BPDU, which will be sent out periodically.
Page 242 Device Port name BPDU of port {2, 0, 2, CP1} Device C {2, 0, 2, CP2} Comparison process and result on each device The following table shows the comparison process and result on each device. Table 1-5 Comparison process and result on each device BPDU of port after Device Comparison process...
Page 243 BPDU of port after Device Comparison process comparison Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP1}, and updates the configuration BPDU of CP1.
Page 244 Figure 1-3 The final calculated spanning tree The spanning tree calculation process in this example is only simplified process. The BPDU forwarding mechanism in STP Upon network initiation, every switch regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval. If it is the root port that received a configuration BPDU and the received configuration BPDU is superior to the configuration BPDU of the port, the device increases the message age carried in the configuration BPDU following a certain rule and starts a timer to time the configuration BPDU while...
Page 245: Introduction To Mstp
For this reason, as a mechanism for state transition in STP, the newly elected root ports or designated ports require twice the forward delay time before transiting to the forwarding state to ensure that the new configuration BPDU has propagated throughout the network. Hello time is the time interval at which a device sends hello packets to the surrounding devices to ensure that the paths are fault-free.
Page 246 MSTP divides a switched network into multiple regions, each containing multiple spanning trees that are independent of one another. MSTP prunes a loop network into a loop-free tree, thus avoiding proliferation and endless cycling of packets in a loop network. In addition, it provides multiple redundant paths for data forwarding, thus supporting load balancing of VLAN data.
Page 247 Multiple MST regions can exist in a switched network. You can use an MSTP command to assign multiple devices to the same MST region. VLAN-to-MSTI mapping table As an attribute of an MST region, the VLAN-to-MSTI mapping table describes the mapping relationships between VLANs and MSTIs.
Page 248 During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. 10) Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.
Page 249 In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.
Page 250: Protocols And Standards
Implementation of MSTP on devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation. In addition to basic MSTP functions, many special functions are provided for ease of management, as follows: Root bridge hold Root bridge backup...
Page 251 Task Remarks Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring Leaf Configuring Path Costs of Ports Optional NodesConfiguring Leaf Nodes...
Page 252: Configuring The Root Bridge
Configuring the Root Bridge Configuring an MST Region Configuration procedure Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration — Optional Configure the MST region region-name name The MST region name is the name...
Page 253: Specifying The Root Bridge Or A Secondary Root Bridge
Configuration example # Configure the MST region name to be “info”, the MSTP revision level to be 1, and VLAN 2 through VLAN 10 to be mapped to MSTI 1 and VLAN 20 through VLAN 30 to MSTI 2. <Sysname> system-view [Sysname] stp region-configuration [Sysname-mst-region] region-name info [Sysname-mst-region] instance 1 vlan 2 to 10...
Page 254: Configuring The Work Mode Of An Mstp Device
There is one and only one root bridge in effect in a spanning tree instance. If two or more devices have been designated to be root bridges of the same spanning tree instance, MSTP will select the device with the lowest MAC address as the root bridge. You can specify multiple secondary root bridges for the same instance.
Page 255: Configuring The Priority Of The Current Device
[Sysname] stp mode stp Configuring the Priority of the Current Device The priority of a device determines whether it can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. By setting the priority of a device to a low value, you can specify the device as the root bridge of the spanning tree.
Page 256: Configuring The Network Diameter Of A Switched Network
To do... Use the command... Remarks Enter system view system-view — Optional Configure the maximum hops stp max-hops hops of the MST region 20 by default A larger maximum hops setting means a larger size of the MST region. Only the maximum hops configured on the regional root bridge can restrict the size of the MST region.
Page 257: Configuring Timers Of Mstp
Configuring Timers of MSTP MSTP involves three timers: forward delay, hello time and max age. You can configure these three parameters for MSTP to calculate spanning trees. Configuration procedure Follow these steps to configure the timers of MSTP: To do... Use the command...
Page 258: Configuring The Timeout Factor
We recommend that you specify the network diameter with the stp root primary command and let MSTP automatically calculate optimal settings of these three timers. Configuration example # Set the forward delay to 1,600 centiseconds, hello time to 300 centiseconds, and max age to 2,100 centiseconds.
Page 259: Configuring Ports As Edge Ports
Configuration procedure Follow these steps to configure the maximum rate of a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type or Layer-2 Enter interface-number Configurations made in interface...
Page 260: Setting The Link Type Of A Port To P2P
Configuration procedure Follow these steps to specify a port or a group of ports as edge port(s): To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type Enter or Layer-2 interface-number Configurations made in interface interface view...
Page 261: Configuring The Mode A Port Uses To Recognize/Send Mstp Packets
Configuration procedure Follow these steps to set the type of a connected link to P2P: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view or Use either command. interface interface-type Enter Layer-2 interface-number Configurations made in interface interface aggregate...
Page 262: Enabling The Output Of Port State Transition Information
Configuration procedure Follow these steps to configure the MSTP packet format to be supported by a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view or interface interface-type Enter Use either command.
Page 263: Enabling The Mstp Feature
Follow these steps to enable output of port state transition information: To do... Use the command... Remarks Enter system view system-view — Optional Enable output of port state stp port-log { all | instance transition information of all This function is enabled by instance-id } MSTIs or a particular MSTI default.
Page 264: Configuring Leaf Nodes
[Sysname-GigabitEthernet1/0/1] undo stp enable Configuring Leaf Nodes Configuring an MST Region Refer to Configuring an MST Region in the section about root bridge configuration. Configuring the Work Mode of MSTP Refer to Configuring the Work Mode of an MSTP Device in the section about root bridge configuration.
Page 265 Table 1-7 Link speed vs. path cost Link speed Duplex state 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...
Page 266: Configuring Port Priority
If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.
Page 267: Setting The Link Type Of A Port To P2P
Configuration example # Set the priority of port GigabitEthernet 1/0/1 to 16 in MSTI 1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp instance 1 port priority 16 Setting the Link Type of a Port to P2P Refer to Setting the Link Type of a Port to P2P in the section about root bridge configuration.
Page 268: Configuration Example
Performing mCheck in interface view Follow these steps to perform mCheck in interface view: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface view or Layer-2 interface interface-type — aggregate interface view interface-number Perform mCheck stp mcheck Required Configuration Example...
Page 269: Configuration Procedure
Configuration Procedure Follow these steps to configure Digest Snooping: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type or Layer-2 interface-number Configurations made in Enter interface aggregate interface view will take effect on view or port interface view the current port only;...
Page 270: Configuring No Agreement Check
Figure 1-6 Digest Snooping configuration Configuration procedure Enable Digest Snooping on Device A. # Enable Digest Snooping on GigabitEthernet1/0/1. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceA-GigabitEthernet1/0/1] quit # Enable global Digest Snooping. [DeviceA] stp config-digest-snooping Enable Digest Snooping on Device B (the same as above, omitted) Configuring No Agreement Check In RSTP and MSTP, two types of messages are used for rapid state transition on designated ports: Proposal: sent by designated ports to request rapid transition...
Page 271: Configuration Prerequisites
Figure 1-7 Rapid state transition of an MSTP designated port Upstream Switch Downstream switch Proposal for rapid transition Root port blocks other non-edge ports Root port changes to Agreement forwarding state and sends Agreement Designated port Root port changes to Designated port forwarding state Figure 1-8...
Page 272: Configuration Example
Configuration Procedure Follow these steps to configure No Agreement Check: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type or Layer-2 Enter interface-number Configurations made in aggregate interface or interface view will take effect interface view port group...
Page 273: Configuration Prerequisites
Loop guard TC-BPDU attack guard Among loop guard, root guard and edge port settings, only one function can take effect on the same port at the same time. Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU Guard We recommend that you enable BPDU guard if your device supports this function.
Page 274: Enabling Root Guard
Enabling Root Guard We recommend that you enable root guard if your device supports this function. The root bridge and secondary root bridge of a panning tree should be located in the same MST region. Especially for the CIST, the root bridge and secondary root bridge are generally put in a high-bandwidth core region during network design.
Page 275: Enabling Tc-Bpdu Attack Guard
By keeping receiving BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, due to link congestion or unidirectional link failures, these ports may fail to receive BPDUs from the upstream devices. In this case, the downstream device will reselect the port roles: those ports in forwarding state that failed to receive upstream BPDUs will become designated ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched network.
Page 276: Displaying And Maintaining Mstp
We recommend that you keep this feature enabled. Displaying and Maintaining MSTP To do... Use the command... Remarks View information about abnormally Available in any view display stp abnormal-port blocked ports View information about ports blocked display stp down-port Available in any view by STP protection functions View the information of port role display stp [ instance...
Page 277 Figure 1-10 Network diagram for MSTP configuration Device B Device A Permit:all VLAN Permit: Permit: VLAN 10,20 VLAN 20,30 Permit: Permit: VLAN 10,20 VLAN 20,30 Permit:VLAN 20,40 Device D Device C “Permit:“ beside each link in the figure is followed by the VLANs the packets of which are permitted to pass this link.
Page 278 1 to 9, 11 to 29, 31 to 39, 41 to 4094 Configuration on Device B # Enter MST region view. <DeviceB> system-view [DeviceB] stp region-configuration # Configure the region name, VLAN-to-MSTI mappings and revision level of the MST region. [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30...
Page 279 [DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Define Device C as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable MSTP globally. [DeviceC] stp enable # View the MST region configuration information that has taken effect. [DeviceC] display stp region-configuration Oper configuration Format selector...
Page 280 1-44...
Page 281 Table of Contents 1 RRPP Configuration ··································································································································1-1 RRPP Overview ······································································································································1-1 Background ·····································································································································1-1 Basic Concepts in RRPP·················································································································1-2 RRPP Packets·································································································································1-4 Hello and Fail Timers·······················································································································1-4 How RRPP Works ···························································································································1-5 Typical RRPP Networking ···············································································································1-6 Protocols and Standards ···············································································································1-10 RRPP Configuration Task List ··············································································································1-10 Configuring Master Node ······················································································································1-11 Configuring Transit Node ······················································································································1-12 Configuring Edge Node·························································································································1-14 Configuring Assistant Edge Node ·········································································································1-15...
Page 282: Rrpp Configuration
RRPP Configuration When configuring RRPP, go to these sections for information you are interested in: RRPP Overview RRPP Configuration Task List Configuring Master Node Configuring Transit Node Configuring Edge Node Configuring Assistant Edge Node Configuring Ring Group Displaying and Maintaining RRPP RRPP Typical Configuration Examples Troubleshooting RRPP Overview...
Page 283: Basic Concepts In Rrpp
Basic Concepts in RRPP Figure 1-1 RRPP networking diagram RRPP domain The interconnected devices with the same domain ID and control VLANs constitute an RRPP domain. An RRPP domain contains the following elements: primary ring, subring, control VLAN, master node, transit node, primary port, secondary port, common port, and edge port.
Page 284 A data VLAN is a VLAN dedicated to transferring data packets. Both RRPP ports and non-RRPP ports can be assigned to a data VLAN. Node Each device on an RRPP ring is referred to as a node. The role of a node is configurable. There are the following node roles: Master node: Each ring has one and only one master node.
Page 285: Rrpp Packets
As shown in Figure 1-1, Device B and Device C lie on Ring 1 and Ring 2. Device B’s Port 1 and Port 2 and Device C’s Port 1 and Port 2 access the primary ring, so they are common ports. Device B’s Port 3 and Device C’s Port 3 access only the subring, so they are edge ports.
Page 286: How Rrpp Works
secondary port receives the Hello packets sent by the local master node before the Fail timer expires, the overall ring is in Health state. Otherwise, the ring transits into Disconnect state. In an RRPP domain, a transit node learns the Hello timer value and the Fail timer value on the master node through the received Hello packets, ensuring that all nodes in the ring network are consistent in the two timer settings.
Page 287: Typical Rrpp Networking
Broadcast storm suppression mechanism in a multi-homed subring in case of SRPT failure As shown in Figure 1-5, Ring 1 is the primary ring, and Ring 2 and Ring 3 are subrings. When the two SRPTs between the edge node and the assistant-edge node are down, the master nodes of Ring 2 and Ring 3 will open their respective secondary ports, and thus a loop among Device B, Device C, Device E, and Device F is generated.
Page 288 Single ring Figure 1-2 Single ring There is only a single ring in the network topology. In this case, you only need to define an RRPP domain. Tangent rings Figure 1-3 Tangent rings There are two or more rings in the network topology and only one common node between rings. In this case, you need to define an RRPP domain for each ring.
Page 289 Intersecting rings Figure 1-4 Intersecting rings There are two or more rings in the network topology and two common nodes between rings. In this case, you only need to define an RRPP domain, and set one ring as the primary ring and the other rings as subrings.
Page 290 Single-ring load balancing Figure 1-6 Network diagram for single-ring load balancing Device A Device B Domain 1 Ring 1 Domain 2 Device D Device C In a single-ring network, you can achieve load balancing by configuring multiple domains. As shown in Figure 1-6, Ring 1 is configured as the primary ring of both Domain 1 and Domain 2.
Page 291: Protocols And Standards
Protocols and Standards RFC 3619 Extreme Networks' Ethernet Automatic Protection Switching (EAPS) Version 1 is related to RRPP. RRPP Configuration Task List RRPP does not have an auto election mechanism, so you must configure each node in the ring network properly for RRPP to monitor and protect the ring network. Before configuring RRPP, you need to construct a ring-shaped Ethernet topology physically.
Page 292: Configuring Master Node
The link type of these ports must be trunk. They must be Layer 2 GE ports. They must not be member ports of any aggregation group, service loopback group, or smart link group. STP is disabled on them. The 802.1p priority of trusted packets on the ports is configured, so that RRPP packets take higher precedence than data packets when passing through the ports.
Page 293: Configuring Transit Node
To do… Use the command… Remarks ring ring-id node-mode master Specify the current device as [ primary-port interface-type the master node of the ring, interface-number ] Required and specify the primary port [ secondary-port interface-type and the secondary port interface-number ] level level-value Optional Configure the timer for the...
Page 294 To do… Use the command… Remarks Specify a control VLAN for the control-vlan vlan-id Required RRPP domain Required protected-vlan Specify protected VLANs for No protected VLAN is specified reference-instance the RRPP domain for an RRPP domain by instance-id-list default. ring ring-id node-mode transit Specify the current device as [ primary-port interface-type the transit node of the ring, and...
Page 295: Configuring Edge Node
Configuring Edge Node Follow these steps to configure edge node: To do… Use the command… Remarks Enter system view system-view — Create an RRPP domain and rrpp domain domain-id Required enter its view Specify a control VLAN for the control-vlan vlan-id Required RRPP domain Required...
Page 296: Configuring Assistant Edge Node
Before specifying RRPP rings for an RRPP domain, you must specify protected VLANs for the domain. Before specifying rings for an RRPP domain, you can delete or modify the protected VLANs configured for the RRPP domain; after specifying rings for an RRPP domain, you can delete or modify the protected VLANs configured for the RRPP domain, however, you cannot delete all the protected VLANs configured for the domain.
Page 297: Configuring Ring Group
To do… Use the command… Remarks Specify the current device as ring ring-id node-mode the assistant-edge node of the assistant-edge [ edge-port Required subring, and specify an edge interface-type port interface-number ] Required Enable the primary ring ring ring-id enable By default, the RRPP ring is disabled.
Page 298: Configuration Prerequisites
You need to configure ring groups on both the edge node and the assistant-edge node at the same time. The two ring groups must be configured with the same subrings. Otherwise, the ring groups cannot operate properly. Configuration Prerequisites The RRPP domain, control VLANs, protected VLANs, the primary ring, and the subrings have been configured on the edge node device.
Page 299: Rrpp Typical Configuration Examples
To do… Use the command… Remarks reset rrpp statistics domain Clear RRPP statistics Available in user view domain-id [ ring ring-id ] RRPP Typical Configuration Examples Configuring Single Ring Topology Networking requirements Device A, Device B, Device C, and Device D constitute RRPP domain 1, specify the primary control VLAN of RRPP domain 1 as VLAN 4092, and RPPP domain 1 protects all VLANs;...
Page 300 Configuration procedure Perform the following configuration on Device A: # Configure RRPP ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] undo stp enable [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all [DeviceA-GigabitEthernet1/0/1] qos trust dot1p [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] undo stp enable...
Page 301: Configuring Single-Domain Intersecting Ring Topology
# Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure the VLANs mapped to MSTIs 0 through 32 as the protected VLANs of RRPP domain 1. [DeviceB] rrpp domain 1 [DeviceB-rrpp-domain1] control-vlan 4092 [DeviceB-rrpp-domain1] protected-vlan reference-instance 0 to 32 # Configure Device B as the transit node of primary ring 1, with GigabitEthernet1/0/1 as the primary port and GigabitEthernet1/0/2 as the secondary port, and enable ring 1.
Page 302 Specify the control VLAN for the RRPP domain. Configure the protected VLANs to reference all MSTIs. The MSTI ID ranges from 0 to 32. Specify the node mode of a device on an RRPP ring and the ports accessing the RRPP ring on the device.
Page 303 [DeviceA-rrpp-domain1] ring 1 enable [DeviceA-rrpp-domain1] quit # Enable RRPP. [DeviceA] rrpp enable Configuration on Device B # Configure RRPP ports GigabitEthernet1/0/1, GigabitEthernet1/0/2 and GigabitEthernet1/0/3. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] undo stp enable [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all [DeviceB-GigabitEthernet1/0/1] qos trust dot1p [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2...
Page 304 <DeviceC> system-view [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] undo stp enable [DeviceC-GigabitEthernet1/0/1] port link-type trunk [DeviceC-GigabitEthernet1/0/1] port trunk permit vlan all [DeviceC-GigabitEthernet1/0/1] qos trust dot1p [DeviceC-GigabitEthernet1/0/1] quit [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] undo stp enable [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all [DeviceC-GigabitEthernet1/0/2] qos trust dot1p [DeviceC-GigabitEthernet1/0/2] quit [DeviceC] interface gigabitethernet 1/0/3...
Page 305 [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] undo stp enable [DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan all [DeviceD-GigabitEthernet1/0/2] qos trust dot1p [DeviceD-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure VLANs mapped to MSTIs 0 through 32 as the protected VLANs of RRPP domain 1.
Page 306: Configuring Intersecting-Ring Load Balancing
# Enable RRPP. [DeviceE] rrpp enable Verification After the configuration, you can use the display command to view RRPP configuration result on each device. Configuring Intersecting-Ring Load Balancing Networking requirements Device A, Device B, Device C, Device D, and Device F constitute RRPP domain 1, and VLAN 100 is the primary control VLAN of the RRPP domain.
Page 307 Figure 1-10 Network diagram for intersecting-ring load balancing configuration Configuration procedure Configure Device A as the master node of the primary ring # Create VLANs 10 and 20, and map VLAN 10 to MSTI 1 and VLAN 20 to MSTI 2. <DeviceA>...
Page 308 [DeviceA-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 100 as the primary control VLAN of RRPP domain 1, and configure the VLAN mapped to MSTI 1 as the protected VLAN of RRPP domain 1. [DeviceA] rrpp domain 1 [DeviceA-rrpp-domain1] control-vlan 100 [DeviceA-rrpp-domain1] protected-vlan reference-instance 1 # Configure Device A as the master node of primary ring 1, with GigabitEthernet1/0/1 as the primary port and GigabitEthernet1/0/2 as the secondary port, and enable ring 1.
Page 309 [DeviceB-GigabitEthernet1/0/1] qos trust dot1p [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] undo stp enable [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] undo port trunk permit vlan 1 [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 10 20 [DeviceB-GigabitEthernet1/0/2] qos trust dot1p [DeviceB-GigabitEthernet1/0/2] quit [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] undo stp enable [DeviceB-GigabitEthernet1/0/3] port link-type trunk [DeviceB-GigabitEthernet1/0/3] undo port trunk permit vlan 1...
Page 310 [DeviceB-rrpp-domain2] ring node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 [DeviceB-rrpp-domain2] ring 1 enable # Configure Device B as the assistant-edge node of subring 2 in RRPP domain 2, with GigabitEthernet1/0/3 as the edge port, and enable subring 2. [DeviceB-rrpp-domain2] ring 2 node-mode assistant-edge edge-port gigabitethernet 1/0/3 [DeviceB-rrpp-domain2] ring 2 enable [DeviceB-rrpp-domain2] quit...
Page 311 [DeviceC-GigabitEthernet1/0/4] undo stp enable [DeviceC-GigabitEthernet1/0/4] port link-type trunk [DeviceC-GigabitEthernet1/0/4] undo port trunk permit vlan 1 [DeviceC-GigabitEthernet1/0/4] port trunk permit vlan 10 [DeviceC-GigabitEthernet1/0/4] qos trust dot1p [DeviceC-GigabitEthernet1/0/4] quit # Create RRPP domain 1, configure VLAN 10 as the primary control VLAN of RRPP domain 1, and configure the VLAN mapped to MSTI 1 as the protected VLAN of RRPP domain 1.
Page 312 [DeviceD-vlan20] quit [DeviceD] stp region-configuration [DeviceD-mst-region] instance 1 vlan 10 [DeviceD-mst-region] instance 2 vlan 20 [DeviceD-mst-region] active region-configuration [DeviceD-mst-region] quit # Configure RRPP ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2. [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] undo stp enable [DeviceD-GigabitEthernet1/0/1] port link-type trunk [DeviceD-GigabitEthernet1/0/1] undo port trunk permit vlan 1 [DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 10 20 [DeviceD-GigabitEthernet1/0/1] qos trust dot1p [DeviceD-GigabitEthernet1/0/1] quit...
Page 313 Configure Device E as the master node of subring Ring 2 in domain 2 # Create VLAN 20, and map VLAN 20 to MSTI 2. <DeviceE> system-view [DeviceE] vlan 20 [DeviceE-vlan20] quit [DeviceE] stp region-configuration [DeviceE-mst-region] instance 2 vlan 20 [DeviceE-mst-region] active region-configuration [DeviceE-mst-region] quit # Configure RRPP ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2.
Page 314: Troubleshooting
[DeviceF-mst-region] quit # Configure RRPP ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2. [DeviceF] interface gigabitethernet 1/0/1 [DeviceF-GigabitEthernet1/0/1] undo stp enable [DeviceF-GigabitEthernet1/0/1] port link-type trunk [DeviceF-GigabitEthernet1/0/1] undo port trunk permit vlan 1 [DeviceF-GigabitEthernet1/0/1] port trunk permit vlan 10 [DeviceF-GigabitEthernet1/0/1] qos trust dot1p [DeviceF-GigabitEthernet1/0/1] quit [DeviceF] interface gigabitethernet 1/0/2 [DeviceF-GigabitEthernet1/0/2] undo stp enable [DeviceF-GigabitEthernet1/0/2] port link-type trunk...
Page 315 When the link state is normal, the master node cannot receive Hello packets, and the master node unblocks the secondary port. Analysis: The reasons may be: RRPP is not enabled on some nodes in the RRPP ring. The domain ID or primary control VLAN ID is not the same for the nodes in the same RRPP ring. Some ports are abnormal.
Page 316 Table of Contents 1 Port Mirroring Configuration ····················································································································1-1 Introduction to Port Mirroring ··················································································································1-1 Classification of Port Mirroring ········································································································1-1 Implementing Port Mirroring ············································································································1-1 Configuring Local Port Mirroring ·············································································································1-3 Configuring Remote Port Mirroring ·········································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-4 Configuring a Remote Destination Mirroring Group (on the Destination Device) ···························1-6 Displaying and Maintaining Port Mirroring ······························································································1-7 Port Mirroring Configuration Examples ···································································································1-7...
Page 317: Port Mirroring Configuration
Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.
Page 318 Figure 1-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device Remote port mirroring Remote port mirroring can mirror all packets but protocol packets. Remote port mirroring is implemented through the cooperation of a remote source mirroring group and a remote destination mirroring group as shown Figure 1-2.
Page 319: Configuring Local Port Mirroring
Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group. When receiving a packet, the destination device compares the VLAN ID carried in the packet with the ID of the probe VLAN configured in the remote destination mirroring group.
Page 320: Configuring Remote Port Mirroring
A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port. A mirroring or monitor port to be configured cannot belong to an existing port mirroring group.
Page 321 To do… Use the command… Remarks mirroring-group groupid Required In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group. interface interface-type In system view, you can interface-number Configure assign a list of mirroring [ mirroring-group groupid ] mirroring ports to the mirroring...
Page 322: Configuring A Remote Destination Mirroring Group (On The Destination Device)
To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. Configuring a Remote Destination Mirroring Group (on the Destination Device) A remote destination mirroring group comprises a remote probe VLAN and a monitor port.
Page 323: Displaying And Maintaining Port Mirroring
When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. To ensure operation of your device, do not assign the monitor port to a mirroring VLAN. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring.
Page 324: Remote Port Mirroring Configuration Example
Figure 1-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.
Page 325 As shown in Figure 1-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.
Page 326 [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-type trunk [SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet1/0/1] quit...
Page 327 IP Services Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a IP Address device that is attached to the Internet. This document introduces the commands for IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.
Page 328 Features Description UDP Helper functions as a relay agent that converts UDP broadcast UDP Helper packets into unicast packets and forwards them to a specified server. This document introduces the commands for UDP Helper configuration Unicast Reverse Path Forwarding (URPF) protects a network against URPF source address spoofing attacks.
Page 329 Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...
Page 330: Ip Addressing Configuration
IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes...
Page 331: Special Ip Addresses
Table 1-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link.
Page 332: Configuring Ip Addresses
In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.
Page 333: Ip Addressing Configuration Example
The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has BOOTP or DHCP configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.
Page 334: Displaying And Maintaining Ip Addressing
<Switch> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted...
Page 335 Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-1 ARP Address Resolution Process···································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-3 Configuring a Static ARP Entry ·······································································································1-3 Configuring the Maximum Number of ARP Entries for a VLAN Interface ·······································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-4 Enabling the ARP Entry Check ·······································································································1-5 ARP Configuration Example············································································································1-5...
Page 336 Configuring ARP Packet Source MAC Address Consistency Check··············································3-5 Configuring ARP Packet Rate Limit ········································································································3-5 Introduction······································································································································3-5 Configuring the ARP Packet Rate Limit Function ···········································································3-5 Configuring ARP Detection ·····················································································································3-5 Introduction to ARP Detection ·········································································································3-5 Enabling ARP Detection Based on DHCP Snooping Entries/802.1x Security Entries/Static IP-to-MAC Bindings···········································································································································3-6 Configuring ARP Detection Based on Specified Objects ································································3-7 Displaying and Maintaining ARP Detection·····················································································3-8...
Page 337: Arp Configuration
This document is organized as follows: ARP Configuration Proxy ARP Configuration ARP Attack Defense Configuration ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP ARP Overview ARP Function The Address Resolution Protocol (ARP) is used to resolve an IP address into an Ethernet MAC address...
Page 338: Arp Address Resolution Process
Hardware address length and protocol address length: They respectively specify the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length field is “4”.
Page 339: Arp Table
of the gateway from an ARP reply, Host A sends the packet to the gateway. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it broadcasts an ARP request, in which the target IP address is the IP address of Host B.
Page 340: Configuring The Maximum Number Of Arp Entries For A Vlan Interface
Follow these steps to configure a static ARP entry: To do… Use the command… Remarks Enter system view system-view — arp static ip-address mac-address Required Configure a permanent vlan-id interface-type No permanent static ARP entry static ARP entry interface-number [ vpn-instance is configured by default.
Page 341: Enabling The Arp Entry Check
Enabling the ARP Entry Check The ARP entry check function disables the device from learning multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address, and configuring such a static ARP entry is not allowed; otherwise, the system displays error messages. After the ARP entry check is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.
Page 342: Configuring Gratuitous Arp
Determining whether its IP address is already used by another device. Informing other devices of its MAC address change so that they can update their ARP entries. A device receiving a gratuitous ARP packet adds the information carried in the packet to its own dynamic ARP table if it finds no corresponding ARP entry for the ARP packet in the cache.
Page 343: Proxy Arp Configuration
Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview If a host sends an ARP request for the MAC address of another host that actually resides on another network (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts.
Page 344: Local Proxy Arp
You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, Switch seems to be a proxy of Host B. A main advantage of proxy ARP is that it is added on a single router without disturbing routing tables of other routers in the network.
Page 345: Displaying And Maintaining Proxy Arp
To do… Use the command… Remarks Required Enable local proxy ARP local-proxy-arp enable Disabled by default. Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is display proxy-arp [ interface Available in any view enabled vlan-interface vlan-id ] Display whether local proxy...
Page 346: Local Proxy Arp Configuration Example In Case Of Port Isolation
[Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3, respectively.
Page 347: Local Proxy Arp Configuration Example In Isolate-User-Vlan
# Configure an IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3.
Page 348 [SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/3 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port gigabitethernet 1/0/1 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A # Create VLAN 5 and add GigabitEthernet 1/0/1 to it. <SwitchA>...
Page 349: Arp Attack Defense Configuration
ARP Attack Defense Configuration When configuring ARP attack defense, go to these sections for information you are interested in: Configuring ARP Source Suppression Configuring ARP Defense Against IP Packet Attacks Configuring ARP Active Acknowledgement Configuring Source MAC Address Based ARP Attack Detection Configuring ARP Packet Source MAC Address Consistency Check Configuring ARP Packet Rate Limit Configuring ARP Detection...
Page 350: Displaying And Maintaining Arp Source Suppression
Displaying and Maintaining ARP Source Suppression To do… Use the command… Remarks Display the ARP source suppression display arp source-suppression Available in any view configuration information Configuring ARP Defense Against IP Packet Attacks Introduction to ARP Defense Against IP Packet Attacks When forwarding an IP packet, a device depends on ARP to resolve the MAC address of the next hop.
Page 351: Configuring The Arp Active Acknowledgement Function
If an ARP reply is received within five seconds, the gateway updates the ARP entry; If not, the ARP entry is not updated. Configuring the ARP Active Acknowledgement Function Follow these steps to configure ARP active acknowledgement: To do… Use the command… Remarks Enter system view system-view...
Page 352: Displaying And Maintaining Source Mac Address Based Arp Attack Detection
Follow these steps to configure protected MAC addresses: To do… Use the command… Remarks Enter system view system-view — Optional Configure protected MAC arp anti-attack source-mac addresses exclude-mac mac-address&<1-n> Not configured by default. Configuring the aging timer for protected MAC addresses Follow these steps to configure the aging timer for protected MAC addresses: To do…...
Page 353: Configuring Arp Packet Source Mac Address Consistency Check
ARP detection also checks source MAC address consistency of ARP packets, but it is enabled on an access device to detect only ARP packets sent to it. Configuring ARP Packet Source MAC Address Consistency Check Follow these steps to enable ARP packet source MAC address consistency check: To do…...
Page 354: Bindings
Enabling ARP Detection Based on DHCP Snooping Entries/802.1x Security Entries/Static IP-to-MAC Bindings With this feature enabled, the device compares the source IP and MAC addresses of an ARP packet received from the VLAN against the DHCP snooping entries, 802.1X security entries, or static IP-to-MAC binding entries.
Page 355: Configuring Arp Detection Based On Specified Objects
To do… Use the command… Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Required Enable ARP detection for Disabled by default. That is, the ARP arp detection enable the VLAN packets received on all the ports in the VLAN will not be checked.
Page 356: Displaying And Maintaining Arp Detection
dst-mac: Checks the target MAC address of ARP replies. If the target MAC address is all-zero, all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid and discarded. ip: Checks both the source and destination IP addresses in an ARP packet. The all-zero, all-one or multicast IP addresses are considered invalid and the corresponding packets are discarded.
Page 357 Figure 3-1 Network diagram for ARP detection configuration DHCP server Switch A Vlan-int10 10.1.1.1/24 VLAN10 DHCP snooping GE1/0/1 Switch B GE1/0/2 GE1/0/3 DHCP client DHCP client Host A Host B Configuration procedure Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on Switch A (the configuration procedure is omitted).
Page 358: Arp Detection Configuration Example Ii
[SwitchB-GigabitEthernet1/0/1] quit # Enable ARP detection for VLAN 10. Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an untrusted port by default). [SwitchB] vlan 10 [SwitchB-vlan10] arp detection enable [SwitchB-vlan10] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] arp detection trust [SwitchB-GigabitEthernet1/0/1] quit # Configure a static IP Source Guard binding entry on GigabitEthernet 1/0/2.
Page 359 Figure 3-2 Network diagram for ARP detection configuration Configuration procedure Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on Switch A (the configuration procedure is omitted). Configure Switch A as a DHCP server # Configure DHCP address pool 0 <SwitchA>...
Page 360 [SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dot1x [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dot1x [SwitchB-GigabitEthernet1/0/2] quit # Add local access user test. [SwitchB] local-user test [SwitchB-luser-test] service-type lan-access [SwitchB-luser-test] password simple test [SwitchB-luser-test] quit # Enable ARP detection for VLAN 10. Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an untrusted port by default).
Page 361 Table of Contents 1 DHCP Overview··········································································································································1-1 Introduction to DHCP ······························································································································1-1 DHCP Address Allocation ·······················································································································1-2 Allocation Mechanisms····················································································································1-2 Dynamic IP Address Allocation Process ·························································································1-2 IP Address Lease Extension ···········································································································1-3 DHCP Message Format ··························································································································1-3 DHCP Options·········································································································································1-4 DHCP Options Overview ·················································································································1-4 Introduction to DHCP Options ·········································································································1-4 Self-Defined Options ·······················································································································1-5 Protocols and Standards·························································································································1-8 2 DHCP Server Configuration······················································································································2-1...
Page 362 Self-Defined Option Configuration Example··················································································2-19 Troubleshooting DHCP Server Configuration ·······················································································2-20 3 DHCP Relay Agent Configuration ············································································································3-1 Introduction to DHCP Relay Agent ·········································································································3-1 Application Environment··················································································································3-1 Fundamentals··································································································································3-1 DHCP Relay Agent Support for Option 82 ······················································································3-2 DHCP Relay Agent Configuration Task List ···························································································3-3 Configuring the DHCP Relay Agent········································································································3-3 Enabling DHCP ·······························································································································3-3 Enabling the DHCP Relay Agent on an Interface ···········································································3-4 Correlating a DHCP Server Group with a Relay Agent Interface····················································3-4...
Page 363: Dhcp Overview
This document is organized as follows: DHCP Overview DHCP Server Configuration DHCP Relay Agent Configuration DHCP Client Configuration DHCP Snooping Configuration BOOTP Client Configuration DHCP Overview Introduction to DHCP The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts.
Page 364: Dhcp Address Allocation
DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client. Automatic allocation: DHCP assigns a permanent IP address to a client. Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease.
Page 365: Ip Address Lease Extension
After receiving the DHCP-ACK message, the client probes whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within a specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server and requests an IP address again.
Page 366: Dhcp Options
secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0. flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast;...
Page 367: Self-Defined Options
Option 121: Classless route option. It specifies a list of classless static routes (the destination addresses in these static routes are classless) that the requesting client should add to its routing table. Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table.
Page 368 Figure 1-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 1-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.
Page 369 Figure 1-8 Sub-option 1 in normal padding format Sub-option type (0x01) Length (0x06) Circuit ID type (0x00) Length (0x04) VLAN ID Interface number Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format.
Page 370: Protocols And Standards
Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.
Page 371: Dhcp Server Configuration
DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List Configuring an Address Pool for the DHCP Server Enabling DHCP Enabling the DHCP Server on an Interface Applying an Extended Address Pool on an Interface Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82...
Page 372 Common address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client. The common address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients.
Page 373: Ip Address Allocation Sequence
DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool. Keep the IP addresses for dynamic allocation within the subnet where the interface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation. IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following sequence: The first assignable IP address found in the extended address pool referenced on the receiving...
Page 374: Configuring An Address Pool For The Dhcp Server
Configuring an Address Pool for the DHCP Server Configuration Task List Complete the following tasks to configure an address pool: Task Remarks Creating a DHCP Address Pool Required Configuring manual address allocation Required to configure Configuring an Address either of the two for the Allocation Mode for a common address pool Configuring dynamic address allocation...
Page 375: Configuring An Address Allocation Mode For A Common Address Pool
Configuring an Address Allocation Mode for a Common Address Pool You can configure either the static binding or dynamic address allocation for a common address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
Page 376 Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier to accomplish a static binding configuration. In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa. If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.
Page 377: Configuring Dynamic Address Allocation For An Extended Address Pool
In common address pool view, using the network command repeatedly overwrites the previous configuration. After you exclude IP addresses from automatic allocation using the dhcp server forbidden-ip command, neither a common address pool nor an extended address pool can assign these IP addresses through dynamic address allocation.
Page 378: Configuring A Domain Name Suffix For The Client
Configuring a Domain Name Suffix for the Client You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client only needs to input part of a domain name, and the system will add the domain name suffix for name resolution.
Page 379: Configuring The Bims Server Information For The Client
h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response is received, then broadcasts it to get the destination IP address. Follow these steps to configure WINS servers and NetBIOS node type in the DHCP address pool: To do…...
Page 380: Configuring Option 184 Parameters For The Client With Voice Service
Follow these steps to configure the gateways in the DHCP address pool: To do… Use the command… Remarks Enter system view system-view — Enter DHCP address dhcp server ip-pool pool-name — pool view [ extended ] Required Specify gateways gateway-list ip-address&<1-8> No gateway is specified by default.
Page 381: Configuring Self-Defined Dhcp Options
When a router starts up without loading any configuration file, the system sets an active interface (such as the interface of the default VLAN) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name. After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.
Page 382: Enabling Dhcp
To do… Use the command… Remarks Required option code { ascii ascii-string Configure a self-defined DHCP | hex hex-string&<1-16> | No DHCP option is configured option ip-address ip-address&<1-8> } by default. Table 2-1 Description of common options Option Option name Corresponding command Command parameter Router Option...
Page 383: Applying An Extended Address Pool On An Interface
To do… Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Optional Enable the DHCP server on an dhcp select server global-pool interface [ subaddress ] Enabled by default. If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of whether the subaddress keyword is used, will select an IP address from the address pool containing the primary IP address of the DHCP relay agent’s interface (connected to the client) for a requesting client.
Page 384: Configuring The Dhcp Server Security Functions
Only an extended address pool can be applied on the interface. The address pool to be referenced must already exist. Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server. Configuration Prerequisites Before performing this configuration, complete the following configurations on the DHCP server: Enable DHCP Configure the DHCP address pool...
Page 385: Configuring The Handling Mode For Option 82
Follow these steps to configure IP address conflict detection: To do… Use the command… Remarks Enter system view system-view — Optional Specify the number of ping dhcp server ping packets One ping packet by default. packets number The value 0 indicates that no ping operation is performed.
Page 386: Displaying And Maintaining The Dhcp Server
Displaying and Maintaining the DHCP Server To do… Use the command… Remarks Display information about IP address display dhcp server conflict { all | ip conflicts ip-address } Display information about lease display dhcp server expired { all | ip expiration ip-address | pool [ pool-name ] } Display information about assignable...
Page 387: Static Ip Address Assignment Configuration Example
Static IP Address Assignment Configuration Example Network requirements As shown in Figure 2-1, Switch B (DHCP client) obtains a static IP address, DNS server address, and gateway address from Switch A (DHCP server). Figure 2-1 Network diagram for static IP address assignment Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A.
Page 388 The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for subnet 10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 less than 124.
Page 389: Self-Defined Option Configuration Example
[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.4 [SwitchA-dhcp-pool-1] quit # Configure DHCP address pool 2 (address range, gateway, and lease duration). [SwitchA] dhcp server ip-pool 2 [SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Self-Defined Option Configuration Example...
Page 390: Troubleshooting Dhcp Server Configuration
Troubleshooting DHCP Server Configuration Symptom A client’s IP address obtained from the DHCP server conflicts with another IP address. Analysis A host on the subnet may have the same IP address. Solution Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
Page 391: Dhcp Relay Agent Configuration
DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration The DHCP relay agent configuration is supported only on VLAN interfaces.
Page 392: Dhcp Relay Agent Support For Option 82
Figure 3-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process).
Page 393: Dhcp Relay Agent Configuration Task List
If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing normal the original Option 82 with the Option 82 padded in normal format.
Page 394: Enabling The Dhcp Relay Agent On An Interface
Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view system-view — Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.
Page 395: Configuring The Dhcp Relay Agent Security Functions
To do… Use the command… Remarks Required Correlate the DHCP server dhcp relay server-select By default, no interface is group with the current interface group-id correlated with any DHCP server group. You can specify up to twenty DHCP server groups on the relay agent and eight DHCP server addresses for each DHCP server group.
Page 396 The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. You are recommended to configure IP address check on the interface enabled with the DHCP relay agent;...
Page 397: Configuring The Dhcp Relay Agent To Send A Dhcp-Release Request
Follow these steps to enable unauthorized DHCP server detection: To do… Use the command… Remarks Enter system view system-view — Required Enable unauthorized DHCP dhcp relay server-detect server detection Disabled by default. With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.
Page 398 Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable the relay agent to support Option dhcp relay information...
Page 399: Displaying And Maintaining Dhcp Relay Agent Configuration
To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82.
Page 400: Dhcp Relay Agent Option 82 Support Configuration Example
Figure 3-3 Network diagram for DHCP relay agent DHCP client DHCP client Vlan-int1 Vlan-int2 10.10.1.1/24 10.1.1.2/24 Vlan-int2 10.1.1.1/24 Switch A Switch B DHCP relay agent DHCP server DHCP client DHCP client Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP.
Page 401: Troubleshooting Dhcp Relay Agent Configuration
Switch A forwards DHCP requests to the DHCP server (Switch B) after replacing Option 82 in the requests, so that the DHCP clients can obtain IP addresses. Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP. <SwitchA>...
Page 402 The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct. 3-12...
Page 403: Dhcp Client Configuration
DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.
Page 404: Displaying And Maintaining The Dhcp Client
An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
Page 405: Dhcp Snooping Configuration
DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Page 406: Application Environment Of Trusted Ports
Recording IP-to-MAC mappings of DHCP clients DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries.
Page 407: Dhcp Snooping Support For Option 82
Figure 5-2 Configure trusted ports in a cascaded network DHCP client Host A DHCP snooping DHCP server Switch A GE1/0/1 GE1/0/2 Eth1/1 GE1/0/1 GE1/0/2 GE1/0/4 DHCP snooping DHCP client GE1/0/3 GE1/0/3 Switch C Host B GE1/0/1 GE1/0/4 GE1/0/2 DHCP snooping DHCP client GE1/0/3 Switch B...
Page 408: Configuring Dhcp Snooping Basic Functions
If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.
Page 409: Configuring Dhcp Snooping To Support Option 82
You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports.
Page 410 To do… Use the command… Remarks dhcp-snooping information format Configure the Optional { normal | verbose padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format of Option 82.
Page 411: Displaying And Maintaining Dhcp Snooping
Displaying and Maintaining DHCP Snooping To do… Use the command… Remarks display dhcp-snooping [ ip Display DHCP snooping entries ip-address ] display dhcp-snooping Display Option 82 configuration information information { all | interface Available in any on the DHCP snooping device interface-type interface-number } view Display DHCP packet statistics on the...
Page 412: Dhcp Snooping Option 82 Support Configuration Example
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP Snooping Option 82 Support Configuration Example Network requirements As shown in Figure 5-3, enable DHCP snooping and Option 82 support on Switch B. Configure the handling strategy for DHCP requests containing Option 82 as replace. On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as company001 and for the remote ID sub-option as device001.
Page 413: Bootp Client Configuration
BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.
Page 414: Obtaining An Ip Address Dynamically
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server. Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.
Page 415: Displaying And Maintaining Bootp Client Configuration
Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks Display related information on a display bootp client [ interface Available in any BOOTP client interface-type interface-number ] view BOOTP Client Configuration Example Network requirement As shown in Figure 2-2, Switch B’s port belonging to VLAN 1 is connected to the LAN.
Page 416 Table of Contents 1 DNS Configuration·····································································································································1-1 DNS Overview·········································································································································1-1 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the DNS Client·····················································································································1-4 Configuring Static Domain Name Resolution ··················································································1-4 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-5 Displaying and Maintaining DNS ············································································································1-5 DNS Configuration Examples ·················································································································1-5 Static Domain Name Resolution Configuration Example································································1-5 Dynamic Domain Name Resolution Configuration Example···························································1-6...
Page 417: Dns Configuration
DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the DNS Client Configuring the DNS Proxy Displaying and Maintaining DNS DNS Configuration Examples Troubleshooting DNS Configuration This document only covers IPv4 DNS configuration. For information about IPv6 DNS configuration, refer to IPv6 Basics Configuration in the IP Services Volume.
Page 418 The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned. The DNS client returns the resolution result to the application after receiving a response from the DNS server.
Page 419: Dns Proxy
If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 1-2, a DNS client sends a DNS request to the DNS proxy, which forwards the...
Page 420: Configuring The Dns Client
Configuring the DNS Client Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do… Use the command… Remarks Enter system view system-view –– Configure a mapping between a host Required name and IP address in the static ip host hostname ip-address Not configured by default.
Page 421: Configuring The Dns Proxy
Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view system-view — Required Enable DNS proxy dns proxy enable Disabled by default. Displaying and Maintaining DNS To do… Use the command… Remarks Display the static domain name display ip host...
Page 422: Dynamic Domain Name Resolution Configuration Example
data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
Page 423 Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 1-5 Create a zone # Create a mapping between the host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure...
Page 424 Figure 1-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Execute the ping host command on the Switch to verify that the communication between the Switch...
Page 425: Dns Proxy Configuration Example
DNS Proxy Configuration Example Network requirements Specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A. Figure 1-8 Network diagram for DNS proxy Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are...
Page 426: Troubleshooting Dns Configuration
# Specify the DNS server 2.1.1.2. [SwitchB] dns server 2.1.1.2 Configuration verification # Execute the ping host.com command on Switch B to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)
Page 427 Table of Contents 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Overview ·······················································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2 Configuring TCP Optional Parameters ···································································································1-3 Configuring ICMP to Send Error Packets ·······························································································1-4...
Page 428: Ip Performance Optimization Configuration
IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Optional Parameters Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization IP Performance Overview In some network environments, you can adjust the IP parameters to achieve best network performance.
Page 429: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network
Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable the interface to forward ip forward-broadcast [ acl By default, the device is...
Page 430: Configuring Tcp Optional Parameters
[SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B # Enable Switch B to receive directed broadcasts. <SwitchB> system-view [SwitchB] ip forward-broadcast # Configure a static route to the host. [SwitchB] ip route-static 1.1.1.1 24 2.2.2.2 # Configure an IP address for VLAN-interface 2.
Page 431: Configuring Icmp To Send Error Packets
The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer Configuring ICMP to Send Error Packets Sending error packets is a major function of ICMP.
Page 432 When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet’s port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet. If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure”...
Page 433: Displaying And Maintaining Ip Performance Optimization
Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Display TCP connection statistics display tcp statistics Display UDP statistics display udp statistics display ip statistics [ slot Display statistics of IP packets slot-number ] display icmp statistics [ slot Display statistics of ICMP flows...
Page 434 Table of Contents 1 UDP Helper Configuration ························································································································1-1 Introduction to UDP Helper ·····················································································································1-1 Configuring UDP Helper ·························································································································1-1 Displaying and Maintaining UDP Helper·································································································1-2 UDP Helper Configuration Examples······································································································1-2 UDP Helper Configuration Example································································································1-2...
Page 435: Udp Helper Configuration
UDP Helper Configuration When configuring UDP Helper, go to these sections for information you are interested in: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples UDP Helper can be currently configured on VLAN interfaces only. Introduction to UDP Helper Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network.
Page 436: Displaying And Maintaining Udp Helper
To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Specify the destination server to which UDP packets udp-helper server ip-address No destination server is specified are to be forwarded by default. The UDP Helper enabled device cannot forward DHCP broadcast packets. That is to say, the UDP port number cannot be set to 67 or 68.
Page 437 Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1.
Page 438 Table of Contents 1 URPF Configuration ··································································································································1-1 URPF Overview ······································································································································1-1 What is URPF··································································································································1-1 How URPF Works ···························································································································1-1 Configuring URPF ···································································································································1-1...
Page 439: Urpf Configuration
URPF Configuration When configuring URPF, go to these sections for information you are interested in: URPF Overview Configuring URPF URPF Overview What is URPF Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. Attackers launch attacks by creating a series of packets with forged source addresses. For applications using IP-address-based authentication, this type of attacks allows unauthorized users to access the system in the name of authorized users, or even access the system as the administrator.
Page 440 To do... Use the command… Remarks Enter system view system-view –– Required Enable URPF check ip urpf strict Disabled by default.
Page 441 Table of Contents 1 IPv6 Basics Configuration ························································································································1-1 IPv6 Overview ·········································································································································1-1 IPv6 Features ··································································································································1-1 Introduction to IPv6 Address ···········································································································1-3 Introduction to IPv6 Neighbor Discovery Protocol···········································································1-5 IPv6 PMTU Discovery ·····················································································································1-8 Introduction to IPv6 DNS ·················································································································1-9 Protocols and Standards ·················································································································1-9 IPv6 Basics Configuration Task List ·······································································································1-9 Configuring Basic IPv6 Functions ·········································································································1-10 Enabling IPv6 ································································································································1-10 Configuring an IPv6 Unicast Address····························································································1-10...
Page 442: Ipv6 Basics Configuration
IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Configuring IPv6 DNS Client Displaying and Maintaining IPv6 Basics Configuration IPv6 Configuration Example...
Page 443 the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field). Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format Adequate address space The source and destination IPv6 addresses are both 128 bits (16 bytes) long.
Page 444: Introduction To Ipv6 Address
Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.
Page 445 Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).
Page 446: Introduction To Ipv6 Neighbor Discovery Protocol
Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all nodes multicast address FF02::1 Link-local scope all nodes multicast address FF01::2 Node-local scope all routers multicast address FF02::2 Link-local scope all routers multicast address FF05::2...
Page 447 Duplicate address detection Router/prefix discovery and address autoconfiguration Redirection Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP. Table 1-3 Types and functions of ICMPv6 messages ICMPv6 message Number Function Used to acquire the link-layer address of a neighbor Neighbor solicitation (NS) Used to verify whether the neighbor is reachable message...
Page 448 After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address. Node A acquires the link-layer address of node B from the NA message.
Page 449: Ipv6 Pmtu Discovery
The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically generates an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message. In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix.
Page 450: Introduction To Ipv6 Dns
The source host uses its MTU to send packets to the destination host. If the MTU supported by a forwarding interface is smaller than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.
Page 451: Configuring Basic Ipv6 Functions
Task Remarks Configuring ICMPv6 Packet Sending Optional Configuring IPv6 DNS Client Optional Configuring Basic IPv6 Functions Enabling IPv6 Before performing IPv6-related configurations, you need to Enable IPv6. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. Follow these steps to Enable IPv6: To do...
Page 452: Configuring Ipv6 Ndp
To do... Use the command... Remarks Automatically Optional generate a link-local ipv6 address auto By default, after an IPv6 address for the link-local Configure site-local address or interface an IPv6 aggregatable global unicast link-local address is configured for an Manually assign a address interface, a link-local address ipv6 address...
Page 453: Configuring The Maximum Number Of Neighbors Dynamically Learned
Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view system-view — ipv6 neighbor ipv6-address mac-address { vlan-id Configure a static port-type port-number | interface interface-type Required neighbor entry interface-number } You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.
Page 454 Table 1-4 Parameters in an RA message and their descriptions Parameters Description When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit Cur hop limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device.
Page 455 To do… Use the command… Remarks Required Disable the RA message undo ipv6 nd ra halt By default, RA messages are suppression suppressed. Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. Configure the maximum and ipv6 nd ra interval The device sends RA messages...
Page 456: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages. Configuring the Maximum Number of Attempts to Send an NS Message for DAD An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address.
Page 457: Configuring Ipv6 Tcp Properties
MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism. The aging time is invalid for a static PMTU. Follow these steps to configure the aging time for dynamic PMTUs: To do…...
Page 458: Enable Sending Of Multicast Echo Replies
successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until the capacity of the token bucket is restored. Follow these steps to configure the capacity and update interval of the token bucket: To do…...
Page 459: Configuring Ipv6 Dns Client
Configuring IPv6 DNS Client Configuring Static IPv6 Domain Name Resolution Configuring static IPv6 domain name resolution is to establish the mapping between a host name and an IPv6 address. When using such applications as Telnet, you can directly input a host name and the system will resolve the host name into an IPv6 address.
Page 460: Displaying And Maintaining Ipv6 Basics Configuration
Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name display dns ipv6 dynamic-host cache information Display IPv6 DNS server information display dns ipv6 server [ dynamic ] display ipv6 fib [ slot-number ] Display the IPv6 FIB entries [ ipv6-address ]...
Page 461: Ipv6 Configuration Example
The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to DNS Commands in the IP Services Volume. IPv6 Configuration Example Network requirements Host, Switch A and Switch B are directly connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them.
Page 462 Configure Switch B # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure an aggregatable global unicast address for VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 # Configure an IPv6 static route with destination IP address 2001::/64 and next hop address 3001::1. [SwitchB-Vlan-interface2] ipv6 route-static 2001:: 64 3001::1 Configure Host Enable IPv6 for Host to automatically get an IPv6 address through IPv6 NDP.
Page 463 ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA-Vlan-interface1] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...
Page 464 ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...
Page 465 OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.
Page 466: Troubleshooting Ipv6 Basics Configuration
Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.
Page 467 Table of Contents 1 Dual Stack Configuration··························································································································1-1 Dual Stack Overview·······························································································································1-1 Configuring Dual Stack ···························································································································1-1...
Page 468: Dual Stack Overview
Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.
Page 469 To do… Use the command… Remarks Required ip address ip-address By default, no IP Configure an IPv4 address for the interface { mask | mask-length } address is [ sub ] configured. ipv6 address Use either Manually specify { ipv6-address prefix-length command.
Page 470 Table of Contents 1 Tunneling Configuration···························································································································1-1 Introduction to Tunneling ························································································································1-1 IPv6 over IPv4 Tunnel ·····················································································································1-2 Protocols and Standards ·················································································································1-4 Tunneling Configuration Task List ··········································································································1-5 Configuring IPv6 Manual Tunnel·············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuration Example ····················································································································1-6 Configuring 6to4 Tunnel························································································································1-10 Configuration Prerequisites ···········································································································1-10 Configuration Procedure················································································································1-10 6to4 Tunnel Configuration Example ······························································································1-11 Configuring ISATAP Tunnel··················································································································1-14...
Page 471: Tunneling Configuration
Tunneling Configuration When configuring tunneling, go to these sections for information you are interested in: Introduction to Tunneling Tunneling Configuration Task List Configuring IPv6 Manual Tunnel Configuring 6to4 Tunnel Configuring ISATAP Tunnel Displaying and Maintaining Tunneling Configuration Troubleshooting Tunneling Configuration The tunnel interface number is in the A/B/C format, where A, B, and C represent the stack member device ID, the sub-slot number, and the tunnel interface number respectively.
Page 472: Ipv6 Over Ipv4 Tunnel
connection. In practice, the virtual interface that supports only point-to-point connections is called tunnel interface. One tunnel provides one channel to transfer encapsulated packets. Packets can be encapsulated and decapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data decapsulation.
Page 473 The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself. The destination device forwards the packet according to the destination address in the decapsulated IPv6 packet.
Page 474: Protocols And Standards
A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manually configured tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks. 6to4 tunnel An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks.
Page 475: Tunneling Configuration Task List
Tunneling Configuration Task List Complete the following tasks to configure the tunneling feature: Task Remarks Configuring IPv6 Manual Tunnel Optional Configuring IPv6 Configuring 6to4 Tunnel Optional over IPv4 tunnel Configuring ISATAP Tunnel Optional Configuring IPv6 Manual Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
Page 476: Configuration Example
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for the interface-number } tunnel. Required Configure a destination By default, no destination destination ip-address address for the tunnel address is configured for the...
Page 477 Figure 1-3 Network diagram for an IPv6 manual tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 478 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route to IPv6 Group 2 through tunnel 1/0/0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
Page 479 Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:6401 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: [SwitchB] display ipv6 interface tunnel 1/0/0 verbose Tunnel1/0/0 current state :UP...
Page 480: Configuring 6To4 Tunnel
bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 3003::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring 6to4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
Page 481: 6To4 Tunnel Configuration Example
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for interface-number } the tunnel. Required Reference a service loopback service-loopback-group By default, no service loopback group...
Page 482 Figure 1-4 Network diagram for a 6to4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 483 [SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
Page 484: Configuring Isatap Tunnel
from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring ISATAP Tunnel...
Page 485: Configuration Example
To do… Use the command… Remarks Required By default, the tunnel is an IPv6 manual tunnel. The tunnel-protocol ipv6-ipv4 Set an ISATAP tunnel same tunnel mode should isatap be configured at both ends of the tunnel. Otherwise, packet delivery will fail. Required source { ip-address | Configure a source address or...
Page 486 Figure 1-5 Network diagram for an ISATAP tunnel Configuration procedure Make sure that the corresponding VLAN interfaces have been created on the switch. Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other. Configuration on the switch # Enable IPv6.
Page 487 # Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel1/0/0] undo ipv6 nd ra halt [Switch-Tunnel1/0/0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 1/0/0 Configuration on the ISATAP host The specific configuration on the ISATAP host is related to its operating system.
Page 488: Displaying And Maintaining Tunneling Configuration
DAD transmits 0 default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.
Page 489 Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-1 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-2 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...
Page 490: Sflow Configuration
sFlow Configuration When configuring sFlow, go to these sections for information you are interested in: sFlow Overview Configuring sFlow Displaying and Maintaining sFlow sFlow Configuration Example Troubleshooting sFlow Configuration sFlow Overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics.
Page 491: Configuring Sflow
When the sFlow packet buffer overflows or the one-second timer expires, the sFlow agent sends sFlow packets to the specified sFlow collector. Configuring sFlow The sFlow feature enables the remote sFlow collector to monitor the network and analyze sFlow packet statistics.
Page 492: Sflow Configuration Example
sFlow Configuration Example Network requirements Host A and Server are connected to Switch through GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 1/0/3. GigabitEthernet 1/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.
Page 493: Troubleshooting Sflow Configuration
Collector IP:3.3.3.2 Port:6343 Interval(s): 30 sFlow Port Information: Interface Direction Rate Mode Status Eth1/1 In/Out 100000 Random Active Troubleshooting sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis sFlow is not enabled globally because the sFlow agent or/and the sFlow collector is/are not specified.
Page 494 IP Routing Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The IP Routing Volume is organized as follows: Features Description IP Routing This document introduces the Display commands for IP Routing Table. Overview Static Routing This document introduces the commands for Static Routing. Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks.
Page 495 Features Description Routing policy is used on the router for route inspection, filtering, attributes Routing Policy modifying when routes are received, advertised, or redistributed. This document introduces the commands for Routing Policy configuration. Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links in networks.
Page 496 Table of Contents 1 IP Routing Overview··································································································································1-1 IP Routing and Routing Table·················································································································1-1 Routing ············································································································································1-1 Routing Table ··································································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Classification of Dynamic Routing Protocols···················································································1-3 Routing Protocols and Routing Priority ···························································································1-4 Load Balancing and Route Backup ·································································································1-4 Route Recursion······························································································································1-5 Sharing of Routing Information········································································································1-5 Configuring a Router ID ··························································································································1-5...
Page 497: Ip Routing Overview
IP Routing Overview Go to these sections for information you are interested in: IP Routing and Routing Table Routing Protocol Overview Configuring a Router ID Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing and Routing Table Routing Routing in the Internet is achieved through routers.
Page 498 Outbound interface: Specifies the interface through which the IP packets are to be forwarded. IP address of the next hop: Specifies the address of the next router on the path. If only the outbound interface is configured, its address will be the IP address of the next hop. Priority for the route.
Page 499: Routing Protocol Overview
Routing Protocol Overview Static Routing and Dynamic Routing Static routing is easy to configure and requires less system resources. It works well in small, stable networks with simple topologies. Its major drawback is that you must perform routing configuration again whenever the network topology changes; it cannot adjust to network changes by itself. Dynamic routing is based on dynamic routing protocols, which can detect network topology changes and recalculate the routes accordingly.
Page 500: Routing Protocols And Routing Priority
Routing Protocols and Routing Priority Different routing protocols may find different routes to the same destination. However, not all of those routes are optimal. In fact, at a particular moment, only one protocol can uniquely determine the current optimal route to the destination. For the purpose of route selection, each routing protocol (including static routes) is assigned a priority.
Page 501: Route Recursion
The number of routes for load balancing varies by device. In current implementations, routing protocols supporting load balancing are static routing, RIP, OSPF, BGP, and IS-IS. Route backup Route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority to be the main route and all the rest backup routes.
Page 502: Displaying And Maintaining A Routing Table
Displaying and Maintaining a Routing Table To do… Use the command… Remarks Display brief information about display ip routing-table [ vpn-instance Available in any the active routes in the routing vpn-instance-name ] [ verbose | | { begin | view table exclude | include } regular-expression ] Display information about...
Page 503 Table of Contents 1 Static Routing Configuration····················································································································1-1 Introduction ·············································································································································1-1 Static Route ·····································································································································1-1 Default Route···································································································································1-1 Application Environment of Static Routing ······················································································1-2 Configuring a Static Route ······················································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Detecting Reachability of the Static Route’s Nexthop ············································································1-3 Detecting Nexthop Reachability Through BFD ···············································································1-3 Detecting Nexthop Reachability Through Track··············································································1-4 Displaying and Maintaining Static Routes·······························································································1-5 Static Route Configuration Example ·······································································································1-6...
Page 504: Static Routing Configuration
Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Static Route Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction Static Route A static route is a manually configured.
Page 505: Application Environment Of Static Routing
The network administrator can configure a default route with both destination and mask being 0.0.0.0. The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route. Some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate a default route.
Page 506: Configuration Procedure
Configuration Procedure Follow these steps to configure a static route: To do… Use the command… Remarks Enter system view system-view — ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number next-hop-address | vpn-instance Required d-vpn-instance-name next-hop-address } [ preference preference-value ] [ tag tag-value ] By default, [ description description-text ]...
Page 507: Detecting Nexthop Reachability Through Track
protocols and Multiprotocol Label Switching (MPLS). For details about BFD, refer to BFD Configuration in the IP Routing Volume. After a static route is configured, you can enable BFD to detect the reachability of the static route's nexthop. Network requirements To detect the reachability of the static route's nexthop through BFD, you need to enable BFD first.
Page 508: Displaying And Maintaining Static Routes
Configuration procedure Follow these steps to detect the reachability of a static route's nexthop through Track: To do… Use the command… Remarks Enter system view system-view — ip route-static dest-address { mask | mask-length } { next-hop-address | vpn-instance d-vpn-instance-name next-hop-address } track track-entry-number [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
Page 509: Static Route Configuration Example
Static Route Configuration Example Basic Static Route Configuration Example Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. Figure 1-1 Network diagram for static route configuration Configuration procedure Configuring IP addresses for interfaces (omitted) Configuring static routes...
Page 510 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.
Page 511 <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.
Page 512 Table of Contents 1 RIP Configuration ······································································································································1-1 RIP Overview ··········································································································································1-1 Operation of RIP······························································································································1-1 Operation of RIP······························································································································1-2 RIP Version ·····································································································································1-2 RIP Message Format·······················································································································1-3 Supported RIP Features··················································································································1-5 Protocols and Standards ·················································································································1-5 Configuring RIP Basic Functions ············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuring RIP Route Control ···············································································································1-7 Configuring an Additional Routing Metric ························································································1-7 Configuring RIPv2 Route Summarization························································································1-8 Disabling Host Route Reception ·····································································································1-9...
Page 513: Rip Configuration
RIP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in: RIP Overview Configuring RIP Basic Functions Configuring RIP Route Control Configuring RIP Network Optimization Displaying and Maintaining RIP...
Page 514: Rip Version
Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.
Page 515: Rip Message Format
RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets. RIPv2 is a classless routing protocol.
Page 516 RIPv2 message format The format of RIPv2 message is similar to RIPv1. Figure 1-2 shows it. Figure 1-2 RIPv2 Message Format The differences from RIPv1 are stated as following. Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address.
Page 517: Protocols And Standards
RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC 2453 “RIP Version 2”. With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication. Supported RIP Features The current implementation supports the following RIP features.
Page 518 If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
Page 519: Configuring Rip Route Control
To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one. If no RIP Specify a global RIP version { 1 | 2 } version is specified for an...
Page 520: Configuring Ripv2 Route Summarization
To do… Use the command… Remarks Enter system view system-view –– interface interface-type Enter interface view –– interface-number Optional Define an inbound rip metricin [ route-policy additional routing metric route-policy-name ] value 0 by default Optional Define an outbound rip metricout [ route-policy additional routing metric route-policy-name ] value 1 by default...
Page 521: Disabling Host Route Reception
You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.
Page 522: Configuring Inbound/Outbound Route Filtering
To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Optional rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] | advertise a default route if the to advertise a default route no-originate } RIP process is configured with...
Page 523: Configuring A Priority For Rip
Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.
Page 524: Configuring Rip Timers
Configuring RIP Timers Follow these steps to configure RIP timers: To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional timers { garbage-collect garbage-collect-value | suppress The default update timer, timeout Configure values for suppress-value | timeout...
Page 525: Configuring The Maximum Number Of Load Balanced Routes
Follow these steps to enable poison reverse: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable poison reverse rip poison-reverse Disabled by default Configuring the Maximum Number of Load Balanced Routes Follow these steps to configure the maximum number of load balanced routes: To do…...
Page 526: Configuring Ripv2 Message Authentication
To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Enable source IP address Optional check on incoming RIP validate-source-address Enabled by default messages The source IP address check feature should be disabled if the RIP neighbor is not directly connected. Configuring RIPv2 Message Authentication RIPv2 supports two authentication modes: plain text and MD5.
Page 527: Configuring Rip-To-Mib Binding
To do… Use the command… Remarks Specify a RIP neighbor peer ip-address Required Required Disable source address check undo validate-source-address on incoming RIP updates Not disabled by default You need not use the peer ip-address command when the neighbor is directly connected; otherwise the neighbor may receive both the unicast and multicast (or broadcast) of the same routing information.
Page 528: Displaying And Maintaining Rip
Displaying and Maintaining RIP To do… Use the command… Remarks Display RIP current status display rip [ process-id | vpn-instance and configuration information vpn-instance-name ] Display all active routes in RIP display rip process-id database database Available in any view Display RIP interface display rip process-id interface information...
Page 529 [SwitchB-Vlan-interface100] ip address 192.168.1.2 24 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 10.2.1.1 24 [SwitchB-Vlan-interface101] quit Configure basic RIP functions # Configure Switch A. [SwitchA] rip [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] network 172.16.0.0 [SwitchA-rip-1] network 172.17.0.0 # Configure Switch B. [SwitchB] rip [SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0...
Page 530: Configuring Rip Route Redistribution
From the routing table, you can see RIPv2 uses classless subnet mask. Since the routing information advertised by RIPv1 has a long aging time, it will still exist until it ages out after RIPv2 is configured. Configuring RIP Route Redistribution Network requirements As shown in the following figure: Two RIP processes are running on Switch B, which communicates with Switch A through RIP 100...
Page 531 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit # Enable RIP 200 and specify RIP version 2 on Switch C. <SwitchC> system-view [SwitchC] rip 200 [SwitchC-rip-200] network 12.0.0.0 [SwitchC-rip-200] network 16.0.0.0 [SwitchC-rip-200] version 2 [SwitchC-rip-200] undo summary # Display the routing table of Switch C.
Page 532: Configuring An Additional Metric For A Rip Interface
# Configure ACL 2000 to filter routes redistributed from RIP 100 on Switch B, making the route 10.2.1.0/24 not advertised to Switch C. [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [SwitchB-acl-basic-2000] rule permit [SwitchB-acl-basic-2000] quit [SwitchB] rip 200 [SwitchB-rip-200] filter-policy 2000 export rip 100 # Display the routing table of Switch C.
Page 533 <SwitchA> system-view [SwitchA] rip 1 [SwitchA-rip-1] network 1.0.0.0 [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] rip 1 [SwitchB-rip-1] network 1.0.0.0 [SwitchB-rip-1] version 2 [SwitchB-rip-1] undo summary # Configure Switch C. <SwitchC> system-view [SwitchB] rip 1 [SwitchC-rip-1] network 1.0.0.0 [SwitchC-rip-1] version 2...
Page 534: Configuring Rip To Advertise A Summary Route
[SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] rip metricin 3 [SwitchA-Vlan-interface200] display rip 1 database 1.0.0.0/8, cost 0, ClassfulSumm 1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 The display shows that there is only one RIP route to network 1.1.5.0/24, with the next hop as Switch B (1.1.1.2) and a cost of 2.
Page 535 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 10.6.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit Configure RIP basic functions. # Configure Switch C.
Page 536: Troubleshooting Rip
127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure route summarization on Switch C and advertise only the summary route 10.0.0.0/8. [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] rip summary-address 10.0.0.0 8 # Display the routing table information of Switch D. [SwitchD] display ip routing-table Routing Tables: Public Destinations : 7 Routes : 7...
Page 537 Table of Contents 1 OSPF Configuration ··································································································································1-1 Introduction to OSPF·······························································································································1-1 Basic Concepts································································································································1-2 OSPF Area Partition ························································································································1-3 Classification of Routers··················································································································1-6 Classification of OSPF Networks ····································································································1-8 DR and BDR····································································································································1-8 OSPF Packet Formats·····················································································································1-9 Supported OSPF Features············································································································1-18 Protocols and Standards ···············································································································1-19 OSPF Configuration Task List ··············································································································1-19 Enabling OSPF ·····································································································································1-21 Prerequisites··································································································································1-21 Configuration Procedure················································································································1-21...
Page 538 Disabling Interfaces from Sending OSPF Packets········································································1-36 Configuring Stub Routers ··············································································································1-36 Configuring OSPF Authentication ·································································································1-37 Adding the Interface MTU into DD Packets···················································································1-38 Configuring the Maximum Number of External LSAs in LSDB ·····················································1-38 Making External Route Selection Rules Defined in RFC1583 Compatible···································1-38 Logging Neighbor State Changes ·································································································1-39 Configuring OSPF Network Management ·····················································································1-39 Enabling Message Logging ···········································································································1-40...
Page 539: Ospf Configuration
OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used. When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPF OSPF Configuration Task List Enabling OSPF...
Page 540: Basic Concepts
Area partition: Allows an AS to be split into different areas for ease of management and routing information transmitted between areas is summarized to reduce network bandwidth consumption. Equal-cost multi-route: Supports multiple equal-cost routes to a destination. Routing hierarchy: Supports a four-level routing hierarchy that prioritizes routes into intra-area, inter-area, external Type-1, and external Type-2 routes.
Page 541: Ospf Area Partition
Router LSA: Type-1 LSA, originated by all routers, flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. Network LSA: Type-2 LSA, originated for broadcast and NBMA networks by the designated router, flooded throughout a single area only.
Page 542 Figure 1-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas.
Page 543 Figure 1-3 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. Therefore, you can configure interface parameters such as hello packet interval on the virtual link as they are configured on physical interfaces. The two ABRs on the virtual link exchange OSPF packets with each other directly, and the OSPF routers in between simply convey these OSPF packets as normal IP packets.
Page 544: Classification Of Routers
On the left of the figure, RIP routes are translated into Type-5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS. However, Area 1 is an NSSA area, so these Type-5 LSAs cannot travel to Area 1. Like stub areas, virtual links cannot transit NSSA areas.
Page 545 Backbone Router At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and internal routers in area 0 are backbone routers. Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS.
Page 546: Classification Of Ospf Networks
the same destination have the same cost, then take the cost from the router to the ASBR into consideration. Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol: Broadcast: When the link layer protocol is Ethernet or FDDI, OSPF considers the network type broadcast by default.
Page 547: Ospf Packet Formats
If the DR fails to work, routers on the network have to elect another DR and synchronize information with the new DR. It is time-consuming and prone to routing calculation errors. The Backup Designated Router (BDR) is introduced to reduce the synchronization period. The BDR is elected along with the DR and establishes adjacencies for routing information exchange with all other routers.
Page 548 Figure 1-8 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 1-9 OSPF packet header Version: OSPF version number, which is 2 for OSPFv2. Type: OSPF packet type from 1 to 5, corresponding with hello, DD, LSR, LSU and LSAck respectively.
Page 549 Figure 1-10 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields: Network mask: Network mask associated with the router’s sending interface. If two routers have different network masks, they cannot become neighbors.
Page 550 Figure 1-11 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I DD sequence number LSA header LSA header Major fields: Interface MTU: Size in bytes of the largest IP datagram that can be sent out the associated interface, without fragmentation.
Page 551 Figure 1-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. Link State ID: Determined by LSA type. Advertising Router: ID of the router that sent the LSA. LSU packet LSU (Link State Update) packets are used to send the requested LSAs to peers, and each packet carries a collection of LSAs.
Page 552 Figure 1-14 LSAck packet format LSA header format All LSAs have the same header, as shown in the following figure. Figure 1-15 LSA header format Major fields: LS age: Time in seconds elapsed since the LSA was originated. A LSA ages in the LSDB (added by 1 per second), but does not in transmission.
Page 553 Figure 1-16 Router LSA format LS age Options Linke state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields: Link State ID: ID of the router that originated the LSA. V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint.
Page 554 Figure 1-17 Network LSA format Major fields: Link State ID: The interface address of the DR Network mask: The mask of the network (a broadcast or NBMA network) Attached router: The IDs of the routers, which are adjacent to the DR, including the DR itself Summary LSA Network summary LSAs (Type-3 LSAs) and ASBR summary LSAs (Type-4 LSAs) are originated by ABRs.
Page 555 A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Page 556: Supported Ospf Features
Figure 1-20 NSSA external LSA format Supported OSPF Features Multi-process With multi-process support, multiple OSPF processes can run on a router simultaneously and independently. Routing information interactions between different processes seem like interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.
Page 557: Protocols And Standards
forwarding table based on the new routing information received from neighbors and removes the stale routes. OSPF supports multi-instance, which can run in VPN networks. In BGP MPLS VPN networks, multiple sites in the same VPN can use OSPF as the internal routing protocol, but they are treated as different ASs.
Page 558 Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required Configuring a Stub Area Configuring OSPF Optional Configuring an NSSA Area Areas Configuring a Virtual Link Configuring the OSPF Network Type for an Interface as Optional Broadcast Configuring OSPF Configuring the OSPF Network Type for an Interface as NBMA Optional Network Types...
Page 559: Enabling Ospf
Task Remarks Configuration Prerequisites Optional Configuring a Loopback Interface Optional Configuring OSPF Sham Link Advertising Routes of a Loopback Interface Optional Creating a Sham Link Optional Configuring the OSPF GR Restarter Optional Configuring OSPF Configuring the OSPF GR Helper Optional Graceful Restart Triggering OSPF Graceful Restart Optional...
Page 560: Configuring Ospf Areas
To do… Use the command… Remarks Required Configure an OSPF area and area area-id enter OSPF area view Not configured by default. Optional Configure a description for description description the area Not configured by default. Specify a network to enable Required network ip-address OSPF on the interface...
Page 561: Configuring An Nssa Area
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Enter area view area area-id — Required Configure the area as a stub stub [ no-summary ] area Not configured by default.
Page 562: Configuring A Virtual Link
It is required to use the nssa command on all the routers attached to an NSSA area. Using the default-cost command only takes effect on the ABR/ASBR of an NSSA area. Configuring a Virtual Link Non-backbone areas exchange routing information via the backbone area. Therefore, connectivity between the backbone and non-backbone areas and within the backbone itself must be maintained.
Page 563: Prerequisites
Prerequisites Before configuring OSPF network types, you have configured: IP addresses for interfaces, making neighboring nodes accessible with each other at network layer. OSPF basic functions. Configuring the OSPF Network Type for an Interface as Broadcast Follow these steps to configure the OSPF network type for an interface as broadcast: To do…...
Page 564: Configuring The Ospf Network Type For An Interface As P2Mp
The DR priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences: The former is for actual DR election. The latter is to indicate whether a neighbor has the election right or not. If you configure the DR priority for a neighbor as 0, the local router will consider the neighbor has no election right, and thus no hello packet is sent to this neighbor, reducing the number of hello packets for DR/BDR election on networks.
Page 565: Configuring Ospf Route Summarization
OSPF basic functions Corresponding filters if routing information filtering is needed. Configuring OSPF Route Summarization Route summarization: An ABR or ASBR summarizes routes with the same prefix into a single route and distribute it to other areas. Through route summarization, routing information across areas and the size of routing tables on routers will be reduced, improving calculation speed of routers.
Page 566: Configuring Ospf Inbound Route Filtering
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ]* Required asbr-summary ip-address { mask Configure ASBR route The command is available on an | mask-length } [ tag tag | summarization ASBR only.
Page 567: Configuring An Ospf Cost For An Interface
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Enter area view area area-id — Required Configure ABR Type-3 LSA filter { acl-number | ip-prefix Not configured by filtering ip-prefix-name } { import | export }...
Page 568: Configuring The Maximum Number Of Load-Balanced Routes
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, the maximum number Configure the maximum-routes { external | inter | of AS external routes, inter-area maximum number of intra } number...
Page 569: Configuring Ospf Route Redistribution
Configuring OSPF Route Redistribution Configure route redistribution into OSPF If the router runs OSPF and other routing protocols, you can configure OSPF to redistribute RIP, IS-IS, BGP, static, or direct routes and advertise these routes in Type-5 LSAs or Type-7 LSAs. By filtering redistributed routes, OSPF translates only routes not filtered out into Type-5 LSAs or Type-7 LSAs for advertisement.
Page 570: Advertising A Host Route
The default-route-advertise summary cost command is applicable only to VPN, and the default route is redistributed in a Type-3 LSA. The PE router will advertise the default route to the CE router. Configure the default parameters for redistributed routes You can configure default parameters such as the cost, upper limit, tag and type for redistributed routes. Tags are used to indicate information related to protocols.
Page 571: Prerequisites
Configure OSPF authentication to meet high security requirements of some mission-critical networks. Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. Prerequisites Before configuring OSPF network optimization, you have configured: IP addresses for interfaces;...
Page 572: Specifying An Lsa Transmission Delay
The hello and dead intervals restore to default values after you change the network type for an interface. The dead interval should be at least four times the hello interval on an interface. The poll interval is at least four times the hello interval. The retransmission interval should not be so small for avoidance of unnecessary LSA retransmissions.
Page 573: Specifying The Lsa Minimum Repeat Arrival Interval
With this task configured, when network changes are not frequent, SPF calculation applies at the minimum-interval. If network changes become frequent, SPF calculation interval is incremented by incremental-interval × 2 (n is the number of calculation times) each time a calculation occurs, up to the maximum-interval.
Page 574: Disabling Interfaces From Sending Ospf Packets
With this command configured, when network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, LSA generation interval is incremented by incremental-interval•2n-2 (n is the number of generation times) each time a generation occurs, up to the maximum-interval.
Page 575: Configuring Ospf Authentication
Follow these steps to configure a router as a stub router: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Required Configure the router as a stub-router stub router Not configured by default.
Page 576: Adding The Interface Mtu Into Dd Packets
Adding the Interface MTU into DD Packets Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...
Page 577: Logging Neighbor State Changes
To avoid routing loops, it is recommended to configure all the routers to be either compatible or incompatible with the external route selection rules defined in RFC 1583. Logging Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do…...
Page 578: Enabling Message Logging
Enabling Message Logging Follow these steps to enable message logging: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Required Enable message enable log [ config | error | state ] logging Not enabled by default.
Page 579: Configuring Ospf Sham Link
Follow these steps to configure the LSU transmit rate: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, an OSPF Configure the LSU transmit-pacing interval interval count interface sends up to three...
Page 580: Creating A Sham Link
To do… Use the command… Remarks ipv4-family vpn-instance Enter BGP VPN instance view Required vpn-instance-name Inject direct routes, that is, import-route direct Required loopback host routes For BGP VPN information, refer to MCE Configuration in the IP Routing Volume. Creating a Sham Link Follow these steps to create a sham link: To do…...
Page 581: Configuring Ospf Graceful Restart
Configuring OSPF Graceful Restart One device can act as both a GR Restarter and GR Helper at the same time. Configuring the OSPF GR Restarter You can configure the IETF standard or non IETF standard OSPF GR Restarter. Configure the IETF standard OSPF GR Restarter Follow these steps to configure the standard IETF OSPF GR Restarter: To do…...
Page 582: Configuring The Ospf Gr Helper
To do… Use the command… Remarks Optional Configure Graceful Restart graceful-restart interval timer interval for OSPF 120 seconds by default Configuring the OSPF GR Helper You can configure the IETF standard or non IETF standard OSPF GR Helper. Configuring the IETF standard OSPF GR Helper Follow these steps to configure the IETF standard OSPF GR Helper: To do…...
Page 583: Displaying And Maintaining Ospf
For the IETF standard GR capable routers, ensure they have the following capabilities enabled: Opaque LSA advertisement IETF standard GR For the non IETF standard GR capable routers, ensure they have the following capabilities enabled: link local signaling out of band re-synchronization Non IETF standard GR Follow these steps to trigger OSPF Graceful Restart: To do…...
Page 584: Ospf Configuration Examples
To do… Use the command… Remarks reset ospf [ process-id ] counters [ neighbor Reset OSPF counters [ interface-type interface-number ] [ router-id ] ] reset ospf [ process-id ] process Available in Reset an OSPF process user view [ graceful-restart ] Re-enable OSPF route reset ospf [ process-id ] redistribution redistribution...
Page 585 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 [SwitchB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quit # Configure Switch C <SwitchC>...
Page 586 Neighbor state change count: 5 Neighbors Area 0.0.0.1 interface 10.2.1.1(Vlan-interface200)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Switch A.
Page 587: Configuring Ospf Route Redistribution
Network 10.2.1.1 10.2.1.1 80000010 Sum-Net 10.5.1.0 10.2.1.1 80000003 Sum-Net 10.3.1.0 10.2.1.1 1069 8000000F Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Switch D. [SwitchD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination...
Page 588 Figure 1-22 Network diagram for OSPF redistributing routes from outside of an AS Configuration procedure Configure IP addresses for interfaces (omitted). Configure OSPF basic functions (Refer to Configuring OSPF Basic Functions). Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.2.0/24. <SwitchC>...
Page 589: Configuring Ospf To Advertise A Summary Route
10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to Advertise a Summary Route Network requirements As shown in the following figure: Switch A and Switch B are in AS 200, which runs OSPF.
Page 590 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.
Page 591: Configuring An Ospf Stub Area
[SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 O_ASE 11.2.1.1 Vlan100 10.2.1.0/24 O_ASE 11.2.1.1 Vlan100 10.3.1.0/24 O_ASE 11.2.1.1...
Page 592 Figure 1-24 Network diagram for OSPF Stub area configuration Switch A Area 0 Switch B Vlan-int100 10.1.1.1/24 Vlan-int100 10.1.1.2/24 Vlan-int200 Vlan-int200 10.2.1.1/24 10.3.1.1/24 Vlan-int200 Vlan-int200 Area 1 Area 2 10.3.1.2/24 10.2.1.2/24 Stub ASBR Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces (omitted).
Page 593 Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route.
Page 594: Configuring An Ospf Nssa Area
When Switch C resides in the Stub area, a default route takes the place of the external route. # Filter Type-3 LSAs out the stub area [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] stub no-summary [SwitchA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Switch C. [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables...
Page 595 Figure 1-25 Network diagram for OSPF NSSA area configuration Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Area 1 as an NSSA area. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit...
Page 596: Configuring Ospf Dr Election
0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure Switch C to redistribute static routes. [SwitchC] ip route-static 3.1.3.1 24 11.1.1.1 [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...
Page 597 Figure 1-26 Network diagram for OSPF DR election configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.
Page 598 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4...
Page 599 # Display neighbor information on Switch D. [SwitchD] display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...
Page 600 Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode: Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way...
Page 601: Configuring Ospf Virtual Links
192.168.1.2 Broadcast DROther 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR/BDR. Configuring OSPF Virtual Links Network requirements In the following figure, Area 2 has no direct connection to Area 0, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C.
Page 602 <SwitchC> system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] area 2 [SwitchC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchC–ospf-1-area-0.0.0.2] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit # Display the OSPF routing table of Switch B.
Page 603: Ospf Graceful Restart Configuration Example
[SwitchB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.3.1.0/24 Inter 10.2.1.2 3.3.3.3 0.0.0.0 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0...
Page 604 [SwitchA-ospf-100-area-0.0.0.0] return Configure Switch B <SwitchB> system-view [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule 10 permit source 192.1.1.1 0.0.0.0 [SwitchB-acl-basic-2000] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] graceful-restart help 2000 [SwitchB-ospf-100] area 0 [SwitchB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 Configure Switch C...
Page 605: Configuring Route Filtering
OSPF 1 restarted OOB Progress timer for neighbor 192.1.1.2. %Oct 22 09:36:12:566 2008 RouterA RM/3/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbour 192.1.1.2(Ethernet1/1) from Loading to Full OSPF 1 restarted OOB Progress timer for neighbor 192.1.1.2. OSPF 1 deleted OOB Progress timer for neighbor 192.1.1.2. OSPF 1 Gr Wait Timeout timer fired.
Page 606 # On Switch C, configure a static route destined for network 3.1.2.0/24. [SwitchC] ip route-static 3.1.2.0 24 10.4.1.2 # On Switch C, configure a static route destined for network 3.1.3.0/24. [SwitchC] ip route-static 3.1.3.0 24 10.4.1.2 # On Switch C, configure OSPF to redistribute static routes. [SwitchC] ospf 1 [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...
Page 607: Troubleshooting Ospf Configuration
10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 10.5.1.0/24 OSPF 10.1.1.2 Vlan100 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The route destined for network 3.1.3.0/24 is filtered out. On Switch A, filter out the route 10.5.1.1/24.
Page 608 Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment and mask (a P2P or virtual link may have different network segments and masks). Processing steps Display OSPF neighbor information using the display ospf peer command.
Page 609 Table of Contents 1 IS-IS Configuration ····································································································································1-1 IS-IS Overview ········································································································································1-1 Basic Concepts································································································································1-1 IS-IS Area ········································································································································1-3 IS-IS Network Type ·························································································································1-5 IS-IS PDU Format····························································································································1-6 Supported IS-IS Features··············································································································1-12 Protocols and Standards ···············································································································1-14 IS-IS Configuration Task List ················································································································1-15 Configuring IS-IS Basic Functions ········································································································1-16 Configuration Prerequisites ···········································································································1-16 Enabling IS-IS································································································································1-16 Configuring the IS Level and Circuit Level ····················································································1-16 Configuring the Network Type of an Interface as P2P ··································································1-17...
Page 610 Enabling the Logging of Neighbor State Changes················································································1-33 Enabling IS-IS SNMP Trap ···················································································································1-33 Binding an IS-IS Process with MIBs ·····································································································1-33 Displaying and Maintaining IS-IS ··········································································································1-34 IS-IS Configuration Example·················································································································1-35 IS-IS Basic Configuration ··············································································································1-35 DIS Election Configuration ············································································································1-39 Configuring IS-IS Route Redistribution ·························································································1-44 IS-IS-based Graceful Restart Configuration Example···································································1-47 IS-IS Authentication Configuration Example ·················································································1-49...
Page 611: Is-Is Configuration
IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes Enabling IS-IS SNMP Trap...
Page 612 Routing domain (RD). A group of ISs exchanges routing information with each other using the same routing protocol in a routing domain. Area. An area is a unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas.
Page 613: Is-Is Area
Divide the extended IP address into 3 sections with 4 digits in each section to get the system ID 1680.1000.1001. There are other methods to define a system ID. The principle is to make sure it can uniquely identify a host or router.
Page 614 The Level-1 routers in different areas can not establish neighbor relationships. The neighbor relationship establishment of Level-2 routers has nothing to do with area. Figure 1-2 shows an IS-IS network topology. Area 1 comprises a set of Level-2 routers and is the backbone.
Page 615: Is-Is Network Type
The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree (SPT). Routing method A Level-1 router makes routing decisions based on the system ID. If the destination is not in the area, the packet is forwarded to the nearest Level-1-2 router.
Page 616: Is-Is Pdu Format
The Level-1 and Level-2 DISs are elected respectively. You can assign different priorities for different level DIS elections. The higher a router’s priority is, the more likelihood the router becomes the DIS. If there are multiple routers with the same highest DIS priority, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected.
Page 617 Figure 1-5 PDU format Common header format Figure 1-6 shows the PDU common header format. Figure 1-6 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Intradomain Routing Protocol Discriminator: Set to 0x83.
Page 618 Hello Hello packets are used by routers to establish and maintain neighbor relationships. A hello packet is also called an IS-to-IS hello PDU (IIH). For broadcast networks, the Level-1 routers use the Level-1 LAN IIHs; and the Level-2 routers use the Level-2 LAN IIHs. The P2P IIHs are used on point-to-point networks.
Page 619 Figure 1-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carry link state information. LSP involves two types: Level-1 LSP and Level-2 LSP.
Page 620 PDU Length: Total length of the PDU in bytes. Remaining Lifetime: LSP remaining lifetime in seconds. LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). Sequence Number: LSP sequence number. Checksum: LSP checksum.
Page 621 Figure 1-11 L1/L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors. Figure 1-12 shows the PSNP packet format.
Page 622: Supported Is-Is Features
Figure 1-13 CLV format Table 1-2 shows that different PDUs contain different CLVs. Table 1-2 CLV name and the corresponding PDU type CLV Code Name PDU Type Area Addresses IIH, LSP IS Neighbors (LSP) Partition Designated Level2 IS L2 LSP IS Neighbors (MAC Address) LAN IIH IS Neighbors (SNPA Address)
Page 623 IS-IS Graceful Restart For detailed GR information, refer to GR Overview in the System Volume. After an IS-IS GR Restarter restarts IS-IS, it needs to complete the following two tasks to synchronize the LSDB with its neighbors. To obtain effective IS-IS neighbor information without changing adjacencies. To obtain the LSDB contents.
Page 624: Protocols And Standards
A virtual system is identified by an additional system ID and generates extended LSP fragments. Original LSP It is the LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system. Extended LSP Extended LSPs are generated by virtual systems.
Page 625: Configuring Is-Is Basic Functions
RFC 2763 - Dynamic Hostname Exchange Mechanism for IS-IS RFC 2966 - Domain-wide Prefix Distribution with Two-Level IS-IS RFC 2973 - IS-IS Mesh Groups RFC 3277 - IS-IS Transient Blackhole Avoidance RFC 3358 - Optional Checksums in ISIS RFC 3373 - Three-Way Handshake for IS-IS Point-to-Point Adjacencies RFC 3567 - Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication RFC 3719 - Recommendations for Interoperable Networks using IS-IS RFC 3786 - Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit...
Page 626: Configuration Prerequisites
Task Remarks Configuring IS-IS GR Optional Enabling the Logging of Neighbor State Changes Optional Enabling IS-IS SNMP Trap Optional Binding an IS-IS Process with MIBs Optional Configuring IS-IS Basic Functions Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure the link layer protocol. Configure an IP address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer.
Page 627: Configuring The Network Type Of An Interface As P2P
To do… Use the command… Remarks Enter system view system-view –– isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Optional is-level { level-1 | level-1-2 | Specify the IS level level-2 } The default is Level-1-2. Return to system view quit ––...
Page 628: Configuring Is-Is Link Cost
Configuring IS-IS Link Cost The IS-IS cost of an interface is determined in the following order: ISIS cost specified in interface view. ISIS cost specified in system view. The cost is applied to the interfaces associated to the IS-IS process. Automatically calculated cost: When the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost= (bandwidth reference value/interface bandwidth) ×10.
Page 629: Specifying A Priority For Is-Is
Enable automatic IS-IS cost calculation Follow these steps to enable automatic IS-IS cost calculation: To do… Use the command… Remarks Enter system view system-view — isis [ process-id ] [ vpn-instance Enter IS-IS view — vpn-instance-name ] Required Specify an IS-IS cost style cost-style { wide | wide-compatible } narrow by default Required...
Page 630: Configuring Is-Is Route Summarization
Configuring IS-IS Route Summarization This task is to configure a summary route, so routes falling into the network range of the summary route are summarized into one route for advertisement. Doing so can reduce the size of routing tables, as well as the scale of LSP and LSDB.
Page 631 Configuring IS-IS Route Redistribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network. In that case, you can configure a limit on the number of redistributed routes to limit the number of routes to be advertised.
Page 632: Configuring Is-Is Route Leaking
To do… Use the command… Remarks Required filter-policy { acl-number | ip-prefix Filter routes calculated ip-prefix-name | route-policy No filtering is configured from received LSPs route-policy-name } import by default. Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them into the IS-IS routing table and advertise them in LSPs.
Page 633: Tuning And Optimizing Is-Is Networks
Tuning and Optimizing IS-IS Networks Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure IP addresses for interfaces, and make adjacent nodes reachable to each other at the network layer. Enable IS-IS. Specifying Intervals for Sending IS-IS Hello and CSNP Packets Follow these steps to configure intervals for sending IS-IS hello and CSNP packets: To do…...
Page 634: Configuring A Dis Priority For An Interface
On a broadcast link, Level-1 and Level-2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level. On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets, and you need not specify Level-1 or Level-2. Configuring a DIS Priority for an Interface On an IS-IS broadcast network, a router should be elected as the DIS at a routing level.
Page 635: Configuring Lsp Parameters
To do… Use the command… Remarks Enter system view system-view –– interface interface-type Enter interface view –– interface-number Required Enable the interface to send small hello packets without isis small-hello Standard hello packets are sent CLVs by default. Configuring LSP Parameters Configuring LSP timers Specify the maximum age of LSPs Each LSP has an age that decreases in the LSDB.
Page 636 Specify LSP sending intervals If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs. On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP.
Page 637 Enabling LSP flash flooding Since changed LSPs may trigger SPF recalculation, you can enable LSP flash flooding to advertise the changed LSPs before the router recalculates routes. Doing so can speed up network convergence. Follow these steps to enable LSP flash flooding: To do…...
Page 638: Configuring Spf Parameters
Figure 1-14 Network diagram of a fully meshed network To avoid this, you can configure some interfaces as a mesh group or/and configure the blocked interfaces. After receiving an LSP, a member interface in a mesh group floods it out the interfaces that does not belong to the mesh group.
Page 639: Setting The Lsdb Overload Bit
To do… Use the command... Remarks Enter system view system-view –– isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Optional Configure the SPF timer spf maximum-interval The default SPF calculation calculation interval [ initial-interval [ second-wait-interval ] ] interval is 10 seconds.
Page 640: Configuring Area Authentication
Follow these steps to configure neighbor relationship authentication: To do… Use the command… Remarks Enter system view system-view –– interface interface-type Enter interface view –– interface-number Required isis authentication-mode { simple | Specify the authentication md5 } password [ level-1 | level-2 ] Not authentication is mode and password [ ip | osi ]...
Page 641: Configuring System Id To Host Name Mappings
To do… Use the command… Remarks Required Specify the routing domain domain-authentication-mode No routing domain authentication mode and { simple | md5 } password [ ip | authentication is configured by password osi ] default. Configuring System ID to Host Name Mappings In IS-IS, a system ID identifies a router or host uniquely.
Page 642: Configuring Is-Is Gr
Follow these steps to configure dynamic system ID to host name mapping: To do… Use the command... Remarks Enter system view system-view –– isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Required Specify a host name for is-name sys-name the router No specified by default.
Page 643: Enabling The Logging Of Neighbor State Changes
Enabling the Logging of Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do… Use the command… Remarks Enter system view system-view –– isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Enable the logging of neighbor log-peer-change...
Page 644: Displaying And Maintaining Is-Is
Displaying and Maintaining IS-IS To do… Use the command… Remarks Display brief IS-IS configuration display isis brief [ process-id | vpn-instance Available in any information vpn-instance-name ] view Display the status of IS-IS display isis debug-switches { process-id | Available in any debug switches vpn-instance vpn-instance-name } view...
Page 645: Is-Is Configuration Example
IS-IS Configuration Example IS-IS Basic Configuration Network requirements As shown in Figure 1-15, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch. Switch A, B and C are in Area 10, while Switch D is in Area 20.
Page 646 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD>...
Page 647 -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00* 0x00000008 0xe651 1189 0/0/0 0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 0/0/0 0000.0000.0003.00-00 0x00000014 0x194a 1190 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchC] display isis lsdb Database information for ISIS(1) --------------------------------...
Page 648 Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL ------------------------------------------------------------------------------- 0000.0000.0003.00-00 0x00000013 0xc73d 1003 0/0/0 0000.0000.0004.00-00* 0x0000003c 0xd647 1194 0/0/0 0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches should have a default route with the next hop being the Level-1-2 switch.
Page 649: Dis Election Configuration
ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan200 Direct D/L/- 172.16.0.0/16 NULL Vlan300 192.168.0.2 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchD] display isis route Route information for ISIS(1) -----------------------------...
Page 650 Figure 1-16 Network diagram for DIS selection Configuration procedure Configure an IP address for each interface (omitted) Enable IS-IS # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 651 [SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01 State: Up HoldTime: 21s...
Page 652 Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/Yes By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively. Configure the DIS priority of Switch A.
Page 653 Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01...
Page 654: Network Requirements
IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS Route Redistribution Network requirements As shown in the following figure, Switch A, Switch B, Switch C and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.
Page 655 # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D.
Page 656 ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100 Direct D/L/- 10.1.2.0/24 NULL VLAN200 Direct D/L/- 192.168.0.0/24 NULL VLAN300 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost...
Page 657: Is-Is-Based Graceful Restart Configuration Example
[SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Configure route redistribution from RIP to IS-IS on Switch D. [SwitchD-rip-1] quit [SwitchD] isis 1 [SwitchD–isis] import-route rip level-2 # Display IS-IS routing information on Switch C. [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 658 Figure 1-18 Network diagram for IS-IS-based GR configuration GR restarter Switch A Vlan-int100 10.0.0.1/24 Vlan-int100 Vlan-int100 10.0.0.2/24 10.0.0.3/24 Switch B Switch C GR helper GR helper Configuration procedure Configure IP addresses of the interfaces on each switch and configure IS-IS. Follow Figure 1-18 to configure the IP address and subnet mask of each interface.
Page 659: Is-Is Authentication Configuration Example
T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS Authentication Configuration Example...
Page 660 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable 1 [RouterB--Vlan-interface200] quit # Configure Switch C. <SwitchC>...
Page 661 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis authentication-mode md5 t5Hr [SwitchB-Vlan-interface200] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis authentication-mode md5 t5Hr [SwitchC-Vlan-interface200] quit # Specify the MD5 authentication mode and password hSec on VLAN-interface 300 of Switch D and on VLAN-interface 300 of Switch C. [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis authentication-mode md5 hSec [SwitchC-Vlan-interface300] quit...
Page 662 Table of Contents 1 BGP Configuration ····································································································································1-1 BGP Overview·········································································································································1-1 Formats of BGP Messages ·············································································································1-2 BGP Path Attributes ························································································································1-4 BGP Route Selection·······················································································································1-8 iBGP and IGP Synchronization ·····································································································1-10 Settlements for Problems in Large Scale BGP Networks ·····························································1-11 BGP GR·········································································································································1-14 MP-BGP ········································································································································1-15 Protocols and Standards ···············································································································1-15 BGP Configuration Task List·················································································································1-16 Configuring BGP Basic Functions·········································································································1-17 Prerequisites··································································································································1-17...
Page 663 Enabling Quick eBGP Session Reestablishment··········································································1-33 Enabling MD5 Authentication for TCP Connections ·····································································1-34 Configuring BGP Load Balancing··································································································1-34 Forbiding Session Establishment with a Peer or Peer Group ·······················································1-35 Configuring a Large Scale BGP Network······························································································1-35 Configuration Prerequisites ···········································································································1-35 Configuring BGP Peer Groups ······································································································1-35 Configuring BGP Community ········································································································1-36 Configuring a BGP Route Reflector ······························································································1-37 Configuring a BGP Confederation·································································································1-38...
Page 664: Bgp Configuration
BGP Configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. When configuring BGP, go to these sections for information you are interested in: BGP Overview BGP Configuration Task List Configuring BGP Basic Functions Controlling Route Generation Controlling Route Distribution and Reception Configuring BGP Route Attributes Tuning and Optimizing BGP Networks...
Page 665: Formats Of Bgp Messages
A router advertising BGP messages is called a BGP speaker. It establishes peer relationships with other BGP speakers to exchange routing information. When a BGP speaker receives a new route or a route better than the current one from another AS, it will advertise the route to all the other BGP peers in the local AS.
Page 666 Figure 1-2 BGP open message format Version: This 1-byte unsigned integer indicates the protocol version number. The current BGP version is 4. My autonomous system: This 2-byte unsigned integer indicates the Autonomous System number of the sender. Hold time: When establishing a peer relationship, two parties negotiate an identical hold time. If no Keepalive or Update is received from a peer within the hold time, the BGP connection is considered down.
Page 667: Bgp Path Attributes
NLRI (Network Layer Reachability Information): Each feasible route is represented as <length, prefix>. Notification A Notification message is sent when an error is detected. The BGP connection is closed immediately after sending it. The Notification message format is shown below: Figure 1-4 BGP Notification message format Error code: Type of Notification.
Page 668 Optional non-transitive: If a BGP router does not support this attribute, it will not advertise routes with this attribute. The usage of each BGP path attribute is described in the following table. Table 1-1 Usage of BGP path attributes Name Category ORIGIN Well-known mandatory...
Page 669: Bgp Route Selection
Figure 1-6 AS_PATH attribute 8.0.0.0 AS 10 D = 8.0.0.0 D = 8.0.0.0 (10) (10) AS 40 AS 20 D = 8.0.0.0 D = 8.0.0.0 (40,10) (20,10) D = 8.0.0.0 (30,20,10) AS 30 AS 50 In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements.
Page 670 Figure 1-7 NEXT_HOP attribute MED (MULTI_EXIT_DISC) The MED attribute is exchanged between two neighboring ASs, each of which does not advertise the attribute to any other AS. Similar with metrics used by IGP, MED is used to determine the best route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value the best route if other conditions are the same.
Page 671: Settlements For Problems In Large Scale Bgp Networks
The LOCAL_PREF attribute is exchanged between iBGP peers only, and thus is not advertised to any other AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several iBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route.
Page 672 Select the route with the smallest next hop cost Select the route with the shortest CLUSTER_LIST Select the route with the smallest ORIGINATOR_ID Select the route advertised by the router with the smallest Router ID Select the route with the lowest IP address CLUSTER_IDs of route reflectors form a CLUSTER_LIST.
Page 673 Figure 1-10 Network diagram for BGP load balancing In the above figure, Router D and Router E are iBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C. If load balancing is configured and the two routes have the same AS_PATH attribute, ORIGIN attribute, LOCAL_PREF and MED, Router C installs both the two routes to its route table for load balancing.
Page 674 Figure 1-11 iBGP and IGP synchronization If synchronization is enabled in this example, only when the route 8.0.0.0/24 received from Router B is available in its IGP routing table, can Router D add the route into its BGP routing table and advertise the route to the eBGP peer.
Page 675 Figure 1-12 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify configurations on them. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed accordingly.
Page 676 A router that is neither a route reflector nor a client is a non-client, which has to establish BGP sessions to the route reflector and other non-clients, as shown below. Figure 1-13 Network diagram for route reflector The route reflector and clients form a cluster. In some cases, you can configure more than one route reflector in a cluster to improve network reliability and prevent single point failure, as shown in the following figure.
Page 677: Bgp Gr
Confederation Confederation is another method to deal with growing iBGP connections in ASs. It splits an AS into multiple sub-ASs. In each sub-AS, iBGP peers are fully meshed, and intra-confederation eBGP connections are established between sub-ASs, as shown below: Figure 1-15 Confederation network diagram From the perspective of a non-confederation BGP speaker, it needs not know sub-ASs in the confederation.
Page 678: Mp-Bgp
After the restart is completed, the GR Restarter will reestablish GR sessions with its peers and send a new GR message notifying the completion of restart. Routing information is exchanged between them for the GR Restarter to create a new routing table and forwarding table and have stale routing information removed.
Page 679: Bgp Configuration Task List
RFC2918: Route Refresh Capability for BGP-4 RFC2439: BGP Route Flap Damping RFC1997: BGP Communities Attribute RFC2796: BGP Route Reflection RFC3065: Autonomous System Confederations for BGP draft-ietf-idr-restart-08: Graceful Restart Mechanism for BGP BGP Configuration Task List Complete the following tasks to configure BGP: Task Remarks Creating a BGP Connection...
Page 680: Configuring Bgp Basic Functions
Task Remarks Configuring BGP Keepalive Interval and Optional Holdtime Configuring the Interval for Sending the Optional Same Update Configuring BGP Soft-Reset Optional Tuning and Optimizing Enabling Quick eBGP Session Optional BGP Networks Reestablishment Enabling MD5 Authentication for TCP Optional Connections Configuring BGP Load Balancing Optional Forbiding Session Establishment with a Peer...
Page 681: Specifying The Source Interface For Tcp Connections
Follow these steps to create a BGP connection: To do… Use the command… Remarks Enter system view system-view — — Enable BGP and enter BGP bgp as-number view Not enabled by default Optional Specify a Router ID router-id router-id By default, the global router ID is used.
Page 682: Allowing Establishment Of Ebgp Connection To A Non Directly Connected Peer/Peer Group
To do… Use the command… Remarks Required Specify the source peer { group-name | By default, BGP uses the outbound interface for ip-address } interface of the best route to the BGP establishing TCP connect-interface peer/peer group as the source interface for connections to a peer interface-type establishing a TCP connection to the...
Page 683: Prerequisites
Prerequisites BGP connections have been created. Injecting a Local Network In BGP view, you can inject a local network to allow BGP to advertise it to BGP peers. The origin attribute of routes advertised in this way is IGP. You can also reference a route policy to flexibly control route advertisement.
Page 684: Prerequisites
To do… Use the command… Remarks import-route protocol [ process-id | all-processes ] Required Enable route redistribution from [ med med-value | a routing protocol into BGP Not redistributed by default route-policy route-policy-name ] * Optional Enable default route default-route imported redistribution into BGP Not enabled by default Controlling Route Distribution and Reception...
Page 685: Advertising A Default Route To A Peer Or Peer Group
Advertising a Default Route to a Peer or Peer Group After this task is configured, the BGP router sends a default route with the next hop being itself to the specified peer/peer group, regardless of whether the default route is available in the routing table. Follow these steps to advertise a default route to a peer or peer group: To do…...
Page 686 To do… Use the command… Remarks filter-policy { acl-number | Required to choose any; ip-prefix ip-prefix-name } Configure the filtering of Not configured by default. export [ direct | isis process-id redistributed routes You can configure a filtering | ospf process-id | rip policy as needed;...
Page 687: Enabling Bgp And Igp Route Synchronization
Enabling BGP and IGP Route Synchronization By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. With BGP and IGP synchronization enabled, the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table. Follow these steps to enable BGP and IGP synchronization: To do…...
Page 688: Configuring A Shortcut Route
To do… Use the command… Remarks Required dampening [ half-life-reachable Configure BGP route half-life-unreachable reuse suppress Not configured by dampening ceiling | route-policy route-policy-name ] * default. Configuring a Shortcut Route An eBGP route received has a priority of 255, lower than a local route. This task allows you configure an eBGP route as a shortcut route that has the same priority as a local route and thus has greater likehood to become the optimal route.
Page 689: Configure The Default Local Preference
Follow these steps to configure preferences for BGP routes: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — preference Optional Configure preferences { external-preference The default preferences of external, for external, internal, internal-preference internal, and local BGP routes are 255, local BGP routes...
Page 690 To do… Use the command… Remarks Enter system view system-view — Enter BGP view — bgp as-number Required Enable the comparison of MED of compare-different-as-med routes from different ASs Not enabled by default Enable the comparison of MED of routes from each AS Route learning sequence may affect optimal route selection.
Page 691: Configuring The Next Hop Attribute
Note that, in this case, BGP load balancing cannot be implemented because load balanced routes must have the same AS-path attribute. Follow these steps to enable the comparison of MED of routes from each AS: To do… Use the command… Remarks Enter system view system-view...
Page 692: Configuring The As-Path Attribute
Figure 1-17 Next hop attribute configuration If a BGP router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an eBGP peer by default. As shown below, Router A and Router B establish an eBGP neighbor relationship, and Router B and Router C establish an iBGP neighbor relationship.
Page 693 To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Optional Permit local AS number to appear in peer { group-name | routes from a peer/peer group and ip-address } allow-as-loop By default, the local AS specify the appearance times [ number ] number is not allowed.
Page 694: Tuning And Optimizing Bgp Networks
Figure 1-19 AS number substitution configuration AS 100 PE 1 PE 2 MPLS backbone EBGP_Update:10.1.1.1/32 EBGP_Update:10.1.1.1/32 VPNv4_Update:10.1.0.0/16 AS_PATH:100,100 AS_PATH:800 RD:10.1.1.1/32 AS_PATH:800 CE 1 CE 2 AS 800 AS 800 As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, when PE 2 receives a BGP update sent from CE 1, it replaces AS number 800 as its own AS number 100.
Page 695: Configuring Bgp Keepalive Interval And Holdtime
Configuring BGP Keepalive Interval and Holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the connection. If two parties have the same timer assigned with different values, the smaller one is used by the two parties.
Page 696: Enabling Quick Ebgp Session Reestablishment
The current BGP implementation supports the route-refresh capability, with which, a router can dynamically refresh its BGP routing table when the route selection policy is modified, without tearing down BGP connections. If a BGP peer does not support route-refresh, you need to save updates from the peer on the local router.
Page 697: Enabling Md5 Authentication For Tcp Connections
With quick eBGP connection reestablishment enabled, the router, when the link to a directly connected eBGP peer is down, will reestablish a session to the eBGP peer immediately. Follow these steps to enable quick eBGP session reestablishment: To do… Use the command… Remarks Enter system view system-view...
Page 698: Configuring A Large Scale Bgp Network
Forbiding Session Establishment with a Peer or Peer Group Follow these steps to forbid session establishment with a peer or peer group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Optional Forbid session establishment with a peer { group-name | peer or peer group...
Page 699: Configuring Bgp Community
Configure an eBGP peer group If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group; if not, it is a mixed eBGP peer group. There are two approaches for configuring an eBGP peer group: Create the eBGP peer group, specify its AS number, and add peers into it.
Page 700: Configuring A Bgp Route Reflector
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Advertise the peer { group-name | ip-address } community attribute to advertise-community Advertise the a peer/peer group Required community Not configured Advertise the attribute to a by default.
Page 701: Configuring A Bgp Confederation
In general, it is not required to make clients of a route reflector fully meshed. The route reflector forwards routing information between clients. If clients are fully meshed, you can disable route reflection between clients to reduce routing costs. In general, a cluster has only one route reflector, and the router ID is used to identify the cluster. You can configure multiple route reflectors to improve network stability.
Page 702: Configuring Bgp Gr
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enable compatibility with routers not Optional compliant with RFC 3065 in the confederation nonstandard Not enabled by default confederation Configuring BGP GR Perform the following configuration on the GR Restarter and GR Helper respectively. A device can act as a GR Restarter and GR Helper at the same time.
Page 703: Enabling Logging Of Peer State Changes
Follow these steps to enable Trap: To do… Use the command… Remarks Enter system view system-view — Optional Enable Trap for BGP snmp-agent trap enable bgp Enabled by default Enabling Logging of Peer State Changes Follow these steps to enable the logging of peer state changes: To do…...
Page 704: Displaying And Maintaining Bgp
Displaying and Maintaining BGP Displaying BGP To do… Use the command… Remarks Display peer group information display bgp group [ group-name ] Display advertised BGP routing display bgp network information Display AS path information display bgp paths [ as-regular-expression ] Display BGP peer/peer group display bgp peer [ ip-address { log-info | information...
Page 705: Bgp Configuration Examples
Resetting BGP Connections To do… Use the command… Remarks Reset all BGP connections reset bgp all Reset the BGP connections to an AS reset bgp as-number Reset the BGP connection to a peer reset bgp ip-address [ flap-info ] Reset all eBGP connections reset bgp external Available in user view...
Page 706 # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] peer 9.1.3.2 as-number 65009 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 9.1.3.1 as-number 65009 [SwitchC-bgp] peer 9.1.2.2 as-number 65009 [SwitchC-bgp] quit # Configure Switch D.
Page 707 200.1.1.2 4 65008 1 00:44:03 Established You can find Switch B has established BGP connections to other switches. # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, >...
Page 708 # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] import-route direct # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 7 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 709: Bgp And Igp Synchronization Configuration
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/31/47 ms BGP and IGP Synchronization Configuration Network requirements As shown below, OSPF is used as the IGP protocol in AS65009, where Switch C is a non-BGP switch.
Page 710 [SwitchB-bgp] import-route ospf 1 [SwitchB-bgp] quit # Display routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 711: Bgp Load Balancing Configuration
Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 8.1.1.0/24 0.0.0.0 *> 9.0.0.0 3.1.1.1 65009? # Use ping for verification. [SwitchA] ping -a 8.1.1.1 9.1.2.1 PING 9.1.2.1: 56 data bytes, press CTRL_C to break Reply from 9.1.2.1: bytes=56 Sequence=1 ttl=254 time=15 ms Reply from 9.1.2.1: bytes=56 Sequence=2 ttl=254 time=31 ms Reply from 9.1.2.1: bytes=56 Sequence=3 ttl=254 time=47 ms...
Page 712 [SwitchA-bgp] peer 200.1.1.1 as-number 65009 [SwitchA-bgp] peer 200.1.2.1 as-number 65009 # Inject route 8.0.0.0/8 to BGP routing table. [SwitchA-bgp] network 8.0.0.0 255.0.0.0 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.1.2 as-number 65008 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] network 9.1.1.0 255.255.255.0 [SwitchB-bgp] quit...
Page 713: Bgp Community Configuration
[SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 714 <SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 30 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.3.1 as-number 20 [SwitchC-bgp] quit # Display the BGP routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20...
Page 715: Bgp Route Reflector Configuration
[SwitchA-route-policy] apply community no-export [SwitchA-route-policy] quit # Apply the routing policy. [SwitchA] bgp 10 [SwitchA-bgp] peer 200.1.2.2 route-policy comm_policy export [SwitchA-bgp] peer 200.1.2.2 advertise-community # Display the routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best...
Page 716 Configuration procedure Configure IP addresses for interfaces (omitted) Configure BGP connections # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B.
Page 717: Bgp Confederation Configuration
BGP Local router ID is 200.1.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 718 Configuration procedure Configure IP addresses for interfaces (omitted) Configure BGP confederation # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 65001 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] confederation id 200 [SwitchA-bgp] confederation peer-as 65002 65003 [SwitchA-bgp] peer 10.1.1.2 as-number 65002 [SwitchA-bgp] peer 10.1.1.2 next-hop-local [SwitchA-bgp] peer 10.1.2.2 as-number 65003 [SwitchA-bgp] peer 10.1.2.2 next-hop-local [SwitchA-bgp] quit...
Page 719 [SwitchD-bgp] quit # Configure Switch E. <SwitchE> system-view [SwitchE] bgp 65001 [SwitchE-bgp] router-id 5.5.5.5 [SwitchE-bgp] confederation id 200 [SwitchE-bgp] peer 10.1.4.1 as-number 65001 [SwitchE-bgp] peer 10.1.5.1 as-number 65001 [SwitchE-bgp] quit Configure the eBGP connection between AS100 and AS200. # Configure Switch A. [SwitchA] bgp 65001 [SwitchA-bgp] peer 200.1.1.2 as-number 100 [SwitchA-bgp] quit...
Page 720: Bgp Path Selection Configuration
Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, external-confed, best, Not advertised to any peers yet # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, >...
Page 721 Figure 1-26 Network diagram for BGP path selection configuration Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24 Vlan-int300 194.1.1.1/24 Vlan-int200 193.1.1.1/24 Switch C Vlan-int400 195.1.1.2/24 Switch B Vlan-int100 192.1.1.2/24 Vlan-int200 193.1.1.2/24 Vlan-int300 194.1.1.2/24...
Page 722 <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table on Switch A. [SwitchA-bgp] network 1.0.0.0 8 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 200 [SwitchB-bgp] peer 192.1.1.1 as-number 100 [SwitchB-bgp] peer 194.1.1.1 as-number 200 [SwitchB-bgp] quit...
Page 723 [SwitchA-bgp] quit # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Page 724: Troubleshooting Bgp
Troubleshooting BGP No BGP Peer Relationship Established Symptom Display BGP peer information using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers need to establish a TCP session using port 179 and exchange open messages successfully.
Page 725 Table of Contents 1 IPv6 Static Routing Configuration ···········································································································1-1 Introduction to IPv6 Static Routing··········································································································1-1 Features of IPv6 Static Routes········································································································1-1 Default IPv6 Route ··························································································································1-1 Configuring an IPv6 Static Route············································································································1-1 Configuration prerequisites ·············································································································1-2 Configuring an IPv6 Static Route ····································································································1-2 Displaying and Maintaining IPv6 Static Routes ······················································································1-2 IPv6 Static Routing Configuration Example ····························································································1-2...
Page 726: Ipv6 Static Routing Configuration
IPv6 Static Routing Configuration When configuring IPv6 Static Routing, go to these sections for information you are interested in: Introduction to IPv6 Static Routing Configuring an IPv6 Static Route Displaying and Maintaining IPv6 Static Routes IPv6 Static Routing Configuration Example The term “router”...
Page 727: Displaying And Maintaining Ipv6 Static Routes
Configuration prerequisites Configuring parameters for the related interfaces Configuring link layer attributes for the related interfaces Enabling IPv6 packet forwarding Ensuring that the neighboring nodes are IPv6 reachable Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do…...
Page 728 Figure 1-1 Network diagram for static routes Configuration procedure Configure the IPv6 addresses of all VLAN interfaces (Omitted) Configure IPv6 static routes. # Configure the default IPv6 static route on SwitchA. <SwitchA> system-view [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on SwitchB. <SwitchB>...
Page 729 Destination : 1:: /64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan-interface100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command.
Page 730 Table of Contents 1 RIPng Configuration··································································································································1-1 Introduction to RIPng ······························································································································1-1 RIPng Working Mechanism ·············································································································1-1 RIPng Packet Format ······················································································································1-2 RIPng Packet Processing Procedure ······························································································1-3 Protocols and Standards ·················································································································1-3 Configuring RIPng Basic Functions ········································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuration Procedure··················································································································1-4 Configuring RIPng Route Control ···········································································································1-4 Configuring an Additional Routing Metric ························································································1-4 Configuring RIPng Route Summarization ·······················································································1-5 Advertising a Default Route·············································································································1-5...
Page 731: Ripng Configuration
RIPng Configuration When configuring RIPng, go to these sections for information you are interested in: Introduction to RIPng Configuring RIPng Basic Functions Configuring RIPng Route Control Tuning and Optimizing the RIPng Network Displaying and Maintaining RIPng RIPng Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4.
Page 732: Ripng Packet Format
Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information: Destination address: IPv6 address of a host or a network. Next hop address: IPv6 address of a neighbor along the path to the destination. Egress interface: Outbound interface that forwards IPv6 packets.
Page 733: Ripng Packet Processing Procedure
Figure 1-3 IPv6 prefix RTE format IPv6 prefix (16 octets) Route tag Prefix length Metric IPv6 prefix: Destination IPv6 address prefix. Route tag: Route tag. Prefix len: Length of the IPv6 address prefix. Metric: Cost of a route. RIPng Packet Processing Procedure Request packet When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.
Page 734: Configuration Procedure
Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration Procedure Follow these steps to configure the basic RIPng functions: To do… Use the command… Remarks Enter system view –– system-view Required Create a RIPng process and ripng [ process-id ] enter RIPng view...
Page 735: Configuring Ripng Route Summarization
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. Follow these steps to configure an inbound/outbound additional routing metric: To do… Use the command…...
Page 736: Configuring A Ripng Route Filtering Policy
Configuring a RIPng Route Filtering Policy You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed. Follow these steps to configure a RIPng route filtering policy: To do…...
Page 737: Tuning And Optimizing The Ripng Network
Tuning and Optimizing the RIPng Network This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface Configure the basic RIPng functions This section covers the following topics: Configuring RIPng Timers...
Page 738: Configuring Split Horizon And Poison Reverse
Configuring Split Horizon and Poison Reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect. Configure split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors.
Page 739: Configuring The Maximum Number Of Equal Cost Routes For Load Balancing
Follow these steps to configure RIPng zero field check: To do… Use the command… Remarks Enter system view system-view –– Enter RIPng view ripng [ process-id ] –– Optional Enable the zero field check checkzero Enabled by default Configuring the Maximum Number of Equal Cost Routes for Load Balancing Follow these steps to configure the maximum number of equal cost RIPng routes for load balancing: To do…...
Page 740 Figure 1-4 Network diagram for RIPng configuration Configuration procedure Configure the IPv6 address for each interface (omitted) Configure basic RIPng functions # Configure Switch A. <SwitchA> system-view [SwitchA] ripng 1 [SwitchA-ripng-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 1 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 400 [SwitchA-Vlan-interface400] ripng 1 enable...
Page 741 [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 3::/64,...
Page 742 via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [SwitchA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect...
Page 743 Table of Contents 1 OSPFv3 Configuration ······························································································································1-1 Introduction to OSPFv3···························································································································1-1 OSPFv3 Overview ···························································································································1-1 OSPFv3 Packets ·····························································································································1-1 OSPFv3 LSA Types ························································································································1-2 Timers of OSPFv3 ···························································································································1-2 OSPFv3 Features Supported ··········································································································1-3 Protocols and Standards ·················································································································1-3 IPv6 OSPFv3 Configuration Task List ····································································································1-4 Enabling OSPFv3····································································································································1-4 Prerequisites····································································································································1-4 Enabling OSPFv3 ····························································································································1-4 Configuring OSPFv3 Area Parameters···································································································1-5...
Page 744 Troubleshooting OSPFv3 Configuration························································································1-24 No OSPFv3 Neighbor Relationship Established ···········································································1-24 Incorrect Routing Information ········································································································1-24...
Page 745: Ospfv3 Configuration
OSPFv3 Configuration When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPFv3 IPv6 OSPFv3 Configuration Task List Enabling OSPFv3 Configuring OSPFv3 Area Parameters Configuring OSPFv3 Network Types Configuring OSPFv3 Routing Information Control Tuning and Optimizing OSPFv3 Networks Displaying and Maintaining OSPFv3 OSPFv3 Configuration Examples Introduction to OSPFv3...
Page 746: Ospfv3 Lsa Types
Figure 1-1 OSPFv3 packet header Major fields: Version #: Version of OSPF, which is 3 for OSPFv3. Type: Type of OSPF packet; Types 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively. Packet Length: Packet length in bytes, including header. Instance ID: Instance ID for a link.
Page 747: Ospfv3 Features Supported
SPF timer GR timer OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election. The hello interval must be identical on neighboring interfaces. The smaller the hello interval, the faster the network convergence speed and the bigger the network load.
Page 748: Ipv6 Ospfv3 Configuration Task List
IPv6 OSPFv3 Configuration Task List Complete the following tasks to configure OSPFv3: Task Remarks Enabling OSPFv3 Required Configuring an OSPFv3 Stub Area Optional Configuring OSPFv3 Area Parameters Configuring an OSPFv3 Virtual Link Optional Configuring the OSPFv3 Network Type for an Optional Configuring OSPFv3 Interface...
Page 749: Configuring Ospfv3 Area Parameters
To do… Use the command… Remarks Enter system view system-view — Required Enable an OSPFv3 process ospfv3 [ process-id ] By default, no OSPFv3 process and enter its view is enabled. Specify a router ID Required router-id router-id interface interface-type Enter interface view —...
Page 750: Configuring An Ospfv3 Virtual Link
You cannot remove an OSPFv3 area directly. Only when you remove all configurations in area view and all interfaces attached to the area become down, can the area be removed. All the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only available on the ABR of the stub area.
Page 751: Prerequisites
Prerequisites Before configuring OSPFv3 network types, you have configured: IPv6 functions OSPFv3 basic functions Configuring the OSPFv3 Network Type for an Interface Follow these steps to configure the OSPFv3 network type for an interface: To do… Use the command… Remarks Enter system view system-view —...
Page 752: Configuring Ospfv3 Inbound Route Filtering
Follow these steps to configure route summarization: To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Enter OSPFv3 area view area area-id — Required abr-summary ipv6-address Configure a summary route prefix-length [ not-advertise ] Not configured by default The abr-summary command takes effect on ABRs only.
Page 753: Configuring The Maximum Number Of Ospfv3 Load-Balanced Routes
Follow these steps to configure an OSPFv3 cost for an interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional By default, OSPFv3 computes an interface’s Configure an cost according to its bandwidth. ospfv3 cost value OSPFv3 cost for the [ instance instance-id ]...
Page 754: Configuring Ospfv3 Route Redistribution
To do… Use the command… Remarks Optional preference [ ase ] Configure a priority for [ route-policy By default, the priority of OSPFv3 OSPFv3 route-policy-name ] internal routes is 10, and priority of preference OSPFv3 external routes is 150. Configuring OSPFv3 Route Redistribution Follow these steps to configure OSPFv3 route redistribution: To do…...
Page 755: Prerequisites
Packet timer: Specified to adjust topology convergence speed and network load LSA delay timer: Specified especially for low-speed links SPF timer: Specified to protect networks from being over-loaded due to frequent network changes. For a broadcast network, you can configure DR priorities for interfaces to affect DR/BDR election. By disabling an interface from sending OSPFv3 packets, you can make other routers on the network obtain no information from the interface.
Page 756: Configuring A Dr Priority For An Interface
The dead interval set on neighboring interfaces cannot be too short. Otherwise, a neighbor is easily considered down. The LSA retransmission interval cannot be too short; otherwise, unnecessary retransmissions occur. Configuring a DR Priority for an Interface Follow these steps to configure a DR priority for an interface: To do…...
Page 757: Disable Interfaces From Sending Ospfv3 Packets
Disable Interfaces from Sending OSPFv3 Packets Follow these steps to disable interfaces from sending OSPFv3 packets: To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Required Disable interfaces from silent-interface { interface-type sending OSPFv3 packets interface-number | all } Not disabled by default...
Page 758: Configuring Gr Restarter
thus called GR Helpers). Then, the GR Restarter retrieves its adjacencies and LSDB with the help of the GR Helpers. Thus, the normal data forwarding is ensured. Configuring GR Restarter You can configure the GR Restarter capability on a GR Restarter. Follow these steps to configure GR Restarter: To do…...
Page 759: Displaying And Maintaining Ospfv3
Displaying and Maintaining OSPFv3 To do… Use the command… Remarks Display OSPFv3 debugging display debugging ospfv3 state information Display OSPFv3 process brief display ospfv3 [ process-id ] information Display OSPFv3 interface display ospfv3 interface [ interface-type information interface-number | statistic ] display ospfv3 [ process-id ] lsdb [ [ external | Display OSPFv3 LSDB inter-prefix | inter-router | intra-prefix | link |...
Page 760: Ospfv3 Configuration Examples
OSPFv3 Configuration Examples Configuring OSPFv3 Areas Network requirements In the following figure, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas. It is required to configure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability.
Page 761 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 [SwitchC-ospfv3-1] router-id 3.3.3.3 [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ospfv3 1 area 2 [SwitchC-Vlan-interface400] quit # Configure Switch D.
Page 762 4.4.4.4 Full/DR 00:00:38 Vlan400 # Display OSPFv3 routing table information on Switch D. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Seleted route OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: 2001::/64...
Page 763: Configuring Ospfv3 Dr Election
*Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area # Configure Area 2 as a totally stub area on Switch C.
Page 764 Figure 1-3 Network diagram for OSPFv3 DR election configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure OSPFv3 basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 765 <SwitchD> system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. You can find the switches have the same default DR priority 1.
Page 766: Configuring Ospfv3
2.2.2.2 2-Way/DROther 00:00:38 Vlan200 3.3.3.3 Full/Backup 00:00:32 Vlan100 4.4.4.4 Full/DR 00:00:36 Vlan200 # Display neighbor information on Switch D. You can find Switch D is still the DR. [SwitchD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface...
Page 767 Figure 1-4 Network diagram for OSPFv3 GR configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted). Configure OSPFv3 basic functions # On Switch A, enable OSPFv3 process 1, enable GR and set the router ID to 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] graceful-restart enable...
Page 768: Troubleshooting Ospfv3 Configuration
# After all switches function properly, perform a master/backup switchover on Switch A to trigger a OSPFv3 GR operation. Troubleshooting OSPFv3 Configuration No OSPFv3 Neighbor Relationship Established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower protocol work well, check OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask and network type.
Page 769 Table of Contents 1 IPv6 IS-IS Configuration····························································································································1-1 Introduction to IPv6 IS-IS ························································································································1-1 Configuring IPv6 IS-IS Basic Functions ··································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Configuring IPv6 IS-IS Routing Information Control ···············································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Displaying and Maintaining IPv6 IS-IS····································································································1-4 IPv6 IS-IS Configuration Example ··········································································································1-5...
Page 770: Ipv6 Is-Is Configuration
IPv6 IS-IS Configuration IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, refer to IS-IS Configuration in the IP Routing Volume. When configuring IPv6 IS-IS, go to these sections for information you are interested in: Introduction to IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions...
Page 771: Configuring Ipv6 Is-Is Basic Functions
Configuring IPv6 IS-IS Basic Functions You can implement IPv6 inter-networking through configuring IPv6 IS-IS in IPv6 network environment. Configuration Prerequisites Before the configuration, accomplish the following tasks first: Enable IPv6 globally Configure IP addresses for interfaces, and make sure all neighboring nodes are reachable. Enable IS-IS Configuration Procedure Follow these steps to configure the basic functions of IPv6 IS-IS:...
Page 772: Configuration Procedure
Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do… Use command to… Remarks Enter system view system-view –– Enter IS-IS view isis [ process-id ] –– Optional Define the priority for IPv6 ipv6 preference { route-policy IS-IS routes route-policy-name | preference } * 15 by default...
Page 773: Displaying And Maintaining Ipv6 Is
The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement.
Page 774: Ipv6 Is-Is Configuration Example
To do… Use the command… Remarks Clear the IS-IS data information reset isis peer system-id [ process-id | Available in user view of a neighbor vpn vpn-instance-name ] IPv6 IS-IS Configuration Example Network requirements As shown in Figure 1-1, Switch A, Switch B, Switch C and Switch D reside in the same autonomous system, and all are enabled with IPv6.
Page 775 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis ipv6 enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] ipv6 enable [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis ipv6 enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1 [SwitchC-Vlan-interface200] quit...
Page 776 Table of Contents 1 IPv6 BGP Configuration····························································································································1-1 IPv6 BGP Overview ································································································································1-1 Configuration Task List ···························································································································1-2 Configuring IPv6 BGP Basic Functions ··································································································1-3 Prerequisites····································································································································1-3 Specifying an IPv6 BGP Peer ·········································································································1-3 Injecting a Local IPv6 Route············································································································1-3 Configuring a Preferred Value for Routes from a Peer/Peer Group ···············································1-3 Specifying the Source Interface for Establishing TCP Connections ···············································1-4 Allowing the establishment of a Non-Direct eBGP connection ·······················································1-5 Configuring a Description for an IPv6 Peer/Peer Group ·································································1-5...
Page 777 IPv6 BGP Route Reflector Configuration ······················································································1-22 Troubleshooting IPv6 BGP Configuration ·····························································································1-24 No IPv6 BGP Peer Relationship Established ················································································1-24...
Page 778: Ipv6 Bgp Configuration
IPv6 BGP Configuration This chapter describes only configuration for IPv6 BGP. For BGP related information, refer to BGP Configuration in the IP Routing Volume. When configuring IPv6 BGP, go to these sections for information you are interested in: IPv6 BGP Overview Configuration Task List Configuring IPv6 BGP Basic Functions Controlling Route Distribution and Reception...
Page 779: Configuration Task List
Configuration Task List Complete the following tasks to configure IPv6 BGP: Task Remarks Specifying an IPv6 BGP Peer Required Injecting a Local IPv6 Route Optional Configuring a Preferred Value for Routes from Optional a Peer/Peer Group Specifying the Source Interface for Optional Establishing TCP Connections Configuring IPv6 BGP...
Page 780: Configuring Ipv6 Bgp Basic Functions
Configuring IPv6 BGP Basic Functions Prerequisites Before configuring this task, you need to: Specify IP addresses for interfaces. Enable IPv6. You need create a peer group before configuring basic functions for it. For related information, refer to Configuring IPv6 BGP Peer Group.
Page 781: Specifying The Source Interface For Establishing Tcp Connections
To do… Use the command… Remarks Enter system view system-view — Enter BGP view — bgp as-number Enter IPv6 address family view ipv6-family — Optional Configure a preferred value for peer { ipv6-group-name | routes received from an IPv6 ipv6-address } preferred-value By default, the preferred value peer/peer group value...
Page 782: Allowing The Establishment Of A Non-Direct Ebgp Connection
To improve stability and reliability, you can specify a loopback interface as the source interface for establishing TCP connections to a BGP peer. By doing so, a connection failure upon redundancy availability will not affect TCP connection establishment. To establish multiple BGP connections to a BGP router, you need to specify on the local router the respective source interfaces for establishing TCP connections to the peers on the peering BGP router;...
Page 783: Disabling Session Establishment To An Ipv6 Peer/Peer Group
The peer group to be configured with a description must have been created. Disabling Session Establishment to an IPv6 Peer/Peer Group Follow these steps to disable session establishment to a peer/peer group: To do… Use the command… Remarks Enter system view system-view —...
Page 784: Configuring Ipv6 Bgp Route Redistribution
Enable IPv6 Configure the IPv6 BGP basic functions Configuring IPv6 BGP Route Redistribution Follow these steps to configure IPv6 BGP route redistribution: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family —...
Page 785: Configuring Outbound Route Filtering
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family — Required peer { ipv6-group-name | ipv6-address } Advertise a default route to an default-route-advertise [ route-policy Not advertised by IPv6 peer/peer group route-policy-name ]...
Page 786: Configuring Inbound Route Filtering
IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command. Configuring Inbound Route Filtering Follow these steps to configure inbound route filtering: To do…...
Page 787: Configuring Route Dampening
By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the iBGP route is advertised by IGP can the route be advertised to eBGP peers. Follow these steps to configure IPv6 BGP and IGP route synchronization: To do…...
Page 788: Configuring The Med Attribute
To do… Use the command… Remarks Enter system view system-view — Enter BGP view — bgp as-number Enter IPv6 address family view ipv6-family — preference Optional { external-preference Configure preference values for internal-preference The default preference values of IPv6 BGP external, internal, local-preference | external, internal and local routes are local routes...
Page 789: Configuring The As_Path Attribute
To do… Use the command… Remarks Enable the comparison of MED Optional for routes from confederation bestroute med-confederation Disabled by default peers Configuring the AS_PATH Attribute Follow these steps to configure the AS_PATH attribute: To do… Use the command… Remarks Enter system view system-view —...
Page 790: Prerequisites
route-refresh feature that enables dynamic IPv6 BGP routing table refresh without needing to disconnect IPv6 BGP links. With this feature enabled on all IPv6 BGP routers in a network, when a routing policy modified on a router, the router advertises a route-refresh message to its peers, which then send their routing information back to the router.
Page 791: Configuring Ipv6 Bgp Soft Reset
Configuring IPv6 BGP Soft Reset Enable route refresh Follow these steps to enable route refresh: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address ipv6-family — family view Optional peer { ipv6-group-name | ipv6-address } Enable route refresh capability-advertise route-refresh...
Page 792: Configuring A Large Scale Ipv6 Bgp Network
To do… Use the command… Remarks Required Configure the maximum balance number By default, no load balancing is number of load balanced routes enabled. Configuring a Large Scale IPv6 BGP Network In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too many peers.
Page 793 Creating a pure eBGP peer group Follow these steps to configure a pure eBGP group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family — group ipv6-group-name Create an eBGP peer group Required external...
Page 794: Configuring Ipv6 Bgp Community
Configuring IPv6 BGP Community Advertise community attribute to an IPv6 peer/peer group Follow these steps to advertise community attribute to an IPv6 peer/peer group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number —...
Page 795 To do… Use the command… Remarks Configure the router as a route Required peer { ipv6-group-name | reflector and specify an IPv6 ipv6-address } reflect-client Not configured by default. peer/peer group as a client Optional Enable route reflection reflect between-clients between clients Enabled by default.
Page 796: Displaying And Maintaining Ipv6 Bgp
Displaying and Maintaining IPv6 BGP Displaying BGP To do… Use the command… Remarks Display IPv6 BGP peer group display bgp ipv6 group [ ipv6-group-name ] information Display IPv6 BGP advertised display bgp ipv6 network routing information Display IPv6 BGP AS path display bgp ipv6 paths information [ as-regular-expression ]...
Page 797: Resetting Ipv6 Bgp Connections
Resetting IPv6 BGP Connections To do… Use the command… Remarks Perform soft reset on refresh bgp ipv6 { ipv4-address | ipv6-address | all | IPv6 BGP external | group ipv6-group-name | internal } { export | Available in connections import } user view Reset IPv6 BGP reset bgp ipv6 { as-number | ipv4-address | ipv6-address...
Page 798 Figure 1-1 IPv6 BGP basic configuration network diagram Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure iBGP connections # Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit...
Page 799: Ipv6 Bgp Route Reflector Configuration
# Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 10::1 as-number 65009 [SwitchA-bgp-af-ipv6] quit [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 10::2 as-number 65008 # Display IPv6 peer information on Switch B. [SwitchB] display bgp ipv6 peer BGP local router ID : 2.2.2.2 Local AS number : 65009...
Page 800 Figure 1-2 Network diagram for IPv6 BGP route reflector configuration Route reflector Vlan-int300 Vlan-int100 101::1/96 102::1/96 Switch C IBGP IBGP Vlan-int200 Switch A 100::1/96 Vlan-int100 102::2/96 Vlan-int200 Vlan-int300 100::2/96 101::2/96 AS 100 AS 200 Switch D Switch B Configuration procedure Configure IPv6 addresses for VLAN interfaces (omitted) Configure IPv6 BGP basic functions # Configure Switch A.
Page 801: Troubleshooting Ipv6 Bgp Configuration
[SwitchD-bgp] ipv6-family [SwitchD-bgp-af-ipv6] peer 102::1 as-number 200 Configure route reflector # Configure Switch C as a route reflector, Switch B and Switch D as its clients. [SwitchC-bgp-af-ipv6] peer 101::2 reflect-client [SwitchC-bgp-af-ipv6] peer 102::2 reflect-client Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64.
Page 802 Table of Contents 1 Route Policy Configuration ······················································································································1-1 Introduction to Route Policy ····················································································································1-1 Route Policy ····································································································································1-1 Filters ···············································································································································1-1 Route Policy Application··················································································································1-2 Route Policy Configuration Task List ······································································································1-2 Defining Filters ········································································································································1-3 Prerequisites····································································································································1-3 Defining an IP-prefix List ·················································································································1-3 Defining an AS Path List··················································································································1-4 Defining a Community List ··············································································································1-4 Defining an Extended Community List ····························································································1-5 Configuring a Route Policy ·····················································································································1-5...
Page 803: Route Policy Configuration
Route Policy Configuration A route policy is used on a router for route filtering and attributes modification when routes are received, advertised, or redistributed. When configuring route policy, go to these sections for information you are interested in: Introduction to Route Policy Route Policy Configuration Task List Defining Filters Configuring a Route Policy...
Page 804: Route Policy Application
An IP prefix list is configured to match the destination address of routing information. Moreover, you can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, refer to RIP Commands and OSPF Commands in the IP Routing Volume. An IP prefix list, identified by name, can comprise multiple items.
Page 805: Prerequisites
Task Creating a Route Policy Configuring a Route Policy Defining if-match Clauses Defining apply Clauses Defining Filters Prerequisites Before configuring this task, you need to decide on: IP-prefix list name Matching address range Extcommunity list sequence number Defining an IP-prefix List Define an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items.
Page 806: Defining An As Path List
Define an IPv6 prefix list Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number. An item with a smaller index number is matched first. If one item is matched, the IPv6 prefix list is passed, and the routing information will not go to the next item.
Page 807: Defining An Extended Community List
Follow these steps to define a community list: To do… Use the command… Remarks Enter system view system-view — ip community-list basic-comm-list-num Define a basic { deny | permit } [ community-number-list ] Required to community list [ internet | no-advertise | no-export | Define a define either;...
Page 808: Creating A Route Policy
Creating a Route Policy Follow these steps to create a route policy: To do… Use the command… Remarks Enter system view system-view — Create a route policy, specify a route-policy route-policy-name { permit | node for it and enter route Required deny } node node-number policy node view...
Page 809: Defining Apply Clauses
To do… Use the command… Remarks if-match ipv6 { address | Optional Match IPv6 routing information whose next-hop | route-source } { acl next hop or source is specified in the ACL Not configured by acl-number | prefix-list or IP prefix list default.
Page 810 To do… Use the command… Remarks Enter system view system-view — route-policy route-policy-name Required Enter route policy node view { permit | deny } node Not created by default. node-number Optional Set the AS-PATH attribute for apply as-path BGP routing information as-number&<1-10>...
Page 811: Displaying And Maintaining The Route Policy
To do… Use the command… Remarks Optional Set a preferred value for BGP apply preferred-value routing information preferred-value Not set by default. Optional Set a tag value for RIP, OSPF or apply tag value IS-IS routing information Not set by default. The difference between IPv4 and IPv6 apply clauses is the command for setting the next hop for routing information.
Page 812 Figure 1-1 Network diagram for route policy application to route redistribution Configuration procedure Specify IP addresses for interfaces (omitted). Configure IS-IS. # Configure Switch C. <SwitchC> system-view [SwitchC] isis [SwitchC-isis-1] is-level level-2 [SwitchC-isis-1] network-entity 10.0000.0000.0001.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 201...
Page 813 <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # On Switch B, configure OSPF and enable route redistribution from IS-IS. [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] import-route isis 1 [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A to view redistributed routes.
Page 814: Applying A Route Policy To Ipv6 Route Redistribution
[SwitchB-route-policy] if-match acl 2002 [SwitchB-route-policy] apply tag 20 [SwitchB-route-policy] quit [SwitchB] route-policy isis2ospf permit node 30 [SwitchB-route-policy] quit Apply the route policy to route redistribution. # On Switch B, apply the route policy when redistributing routes. [SwitchB] ospf [SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A.
Page 815 Figure 1-2 Network diagram for route policy application to route redistribution Configuration procedure Configure Switch A. # Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 10::1 32 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ipv6 address 11::1 32 [SwitchA-Vlan-interface200] quit...
Page 816: Applying A Route Policy To Filter Received Bgp Routes
[SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Enable RIPng. [SwitchB] ripng # Display RIPng routing table information. [SwitchB-ripng-1] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::7D58:0:CA03:1 on Vlan-interface 100 Dest 10::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec Dest 20::/32,...
Page 817 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 1.1.1.2 as-number 300 # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 1.1.2.2 as-number 300 # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 300 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 1.1.1.1 as-number 100 [SwitchC-bgp] peer 1.1.2.1 as-number 200 [SwitchC-bgp] peer 1.1.3.2 as-number 400 # Configure Switch D.
Page 818: Troubleshooting Route Policy Configuration
*> 9.9.9.0/24 1.1.3.1 300 200i The display above shows that Switch D has learned routes 4.4.4.0/24, 5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from AS 200. Configure Switch D to reject routes from AS 200. # Configure AS_PATH list 1 on Switch D. [SwitchD] ip as-path 1 permit .*200.* # Configure a route policy named rt1 on Switch D.
Page 819: Ipv6 Routing Information Filtering Failure
IPv6 Routing Information Filtering Failure Symptom Filtering routing information failed, while the routing protocol runs normally. Analysis At least one item of the IPv6 prefix list should be configured as permit mode, and at least one node of the Route policy should be configured as permit mode. Solution Use the display ip ipv6-prefix command to display IP prefix list information.
Page 820 Table of Contents 1 BFD Configuration·····································································································································1-1 Introduction to BFD ·································································································································1-1 How BFD Works ······························································································································1-1 BFD Packet Format ·························································································································1-4 Protocols and Standards ·················································································································1-5 BFD Configuration Task List ···················································································································1-6 Configuring BFD Basic Functions ···········································································································1-6 Configuration Prerequisites ·············································································································1-6 Configuration Procedure··················································································································1-6 Configuring Protocol-based BFD ············································································································1-7 Configuring BFD for OSPF··············································································································1-7 Configuring BFD for IS-IS················································································································1-7 Configuring BFD for RIP··················································································································1-8...
Page 821: Bfd Configuration
BFD Configuration When configuring BFD, go to these sections for information you are interested in: Introduction to BFD BFD Configuration Task List Configuring BFD Basic Functions Configuring Protocol-based BFD Enabling Trap Displaying and Maintaining BFD BFD Configuration Examples The term “router” or router icon in this document refers to a router in a generic sense or an Ethernet switch running routing protocols.
Page 822 BFD provides no neighbor discovery mechanism. Protocols that BFD services notify BFD of routers to which it needs to establish sessions. After a session is established, if no BFD control packet is received from the peer within the negotiated BFD interval, BFD notifies a failure to the protocol, which takes appropriate measures.
Page 823 No detection time resolution is defined in the BFD draft. At present, most devices supporting BFD provide detection measured in milliseconds. BFD session modes Control packet mode: Both ends of the link exchange BFD control packets to monitor link status. Echo mode: One end of the link sends Echo packets to the other end, which then forwards the packets back to the originating end, thereby monitoring link status in both directions.
Page 824: Bfd Packet Format
Dynamic BFD parameter changes After a BFD session is established, both ends can negotiate the related BFD parameters, such as the minimum transmit interval, minimum receive interval, initialization mode, and packet authentication mode. After that, both ends use the negotiated parameters, without affecting the current session state. Authentication modes BFD provides the following authentication methods: Simple: Plain text authentication...
Page 825: Protocols And Standards
Demand (D): If set, Demand mode is active in the transmitting system (the system wishes to operate in Demand mode, knows that the session is up in both directions, and is directing the remote system to cease the periodic transmission of BFD Control packets). If clear, Demand mode is not active in the transmitting system.
Page 826: Bfd Configuration Task List
BFD Configuration Task List Complete the following tasks to configure BFD: Task Remarks Configuring BFD Basic Functions Optional Configuring BFD for OSPF Required Configuring BFD for IS-IS Required Configuring BFD for RIP Required Configuring Protocol-based BFD Configuring BFD for BGP Required Configuring BFD for VRRP Required...
Page 827: Configuring Protocol-Based Bfd
To do… Use the command… Remarks Optional bfd authentication-mode Configure the authentication By default, the interface { md5 key-id key | sha1 key-id type operates in the key | simple key-id password } non-authentication mode. Configuring Protocol-based BFD Configuring BFD for OSPF After discovering neighbors by sending hello packets, OSPF notifies BFD of the neighbor addresses, and BFD uses theses addresses to establish sessions.
Page 828: Configuring Bfd For Rip
To do… Use the command… Remarks Required Enable BFD on the IS-IS isis bfd enable interface Not enabled by default For details about IS-IS, refer to IS-IS Configuration in the IP Routing Volume. Configuring BFD for RIP RIP periodically sends route update requests to neighbors. If no route update response for a route is received within the specified interval, RIP considers the route unreachable.
Page 829: Configuring Bfd For Bgp
Bidirectional detection in BFD control packet mode Follow these steps to configure BFD for RIP (bidirectional detection in BFD control packet mode): To do… Use the command… Remarks Enter system view system-view — Required Create a RIP process rip [ process-id ] [ vpn-instance and enter RIP view vpn-instance-name ] By default, RIP is disabled.
Page 830: Configuring Bfd For Vrrp
At present, you can configure BFD for IPv4 BGP neighbors only. If GR capability is enabled for BGP, use BFD with caution. For BGP configuration, refer to BGP Configuration in the IP Routing Volume. Configuring BFD for VRRP To configure BFD for VRRP, you need to configure a BFD track entry and then bind the track entry to a VRRP group.
Page 831 BFD control packet mode To use BFD control packets for bidirectional detection between two devices, you need to enable BFD control packet mode for each device’s static route destined to the peer. Follow these steps to configure BFD control packet mode for static routes: To do…...
Page 832: Enabling Trap
If route flaps occur, enabling BFD may worsen the route flaps. Therefore, enable BFD with care in such cases. The source address of echo packets must be configured if the BFD session operates in the echo mode. If you configure BFD for a static route, you need to specify the outbound interface and next hop IP address for the route.
Page 833: Bfd Configuration Examples
To do… Use the command… Remarks On a centralized Available in any display bfd session [ verbose ] Display BFD device view session On a distributed display bfd session [ verbose ] [ slot Available in any information device slot-number [ all | verbose ] ] view On a centralized Available in...
Page 834 Configure OSPF basic functions. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit [SwitchA] interface Vlan-interface 10 [SwitchA-Vlan-interface10] ospf bfd enable [SwitchA-Vlan-interface10] quit # Configure Switch B. [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit...
Page 835 # Display OSPF neighbor information of Switch A. <SwitchA> display ospf peer OSPF Process 1 with Router ID 192.168.1.40 Neighbor Brief Information Area: 0.0.0.1 Router ID Address Pri Dead-Time Interface State 10.1.0.102 10.1.0.100 vlan10 Full/DR # Enable BFD debugging on Switch A. <SwitchA>...
Page 836: Configuring Bfd For Is
# Display OSPF neighbor information of Switch A. Because Switch A has removed its neighbor relationship with Switch B, no information is output. <SwitchA> display ospf peer OSPF Process 1 with Router ID 192.168.1.40 Neighbor Brief Information Configuring BFD for IS-IS Network requirements Switch A and Switch B are interconnected through a Layer-2 switch.
Page 837 [SwitchA-Vlan-interface10] quit # Configure Switch B. [SwitchB] isis [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface Vlan-interface 10 [SwitchB-Vlan-interface10] isis enable [SwitchB-Vlan-interface10] isis bfd enable [SwitchB-Vlan-interface10] quit Configure BFD parameters. # Configure Switch A. [SwitchA] bfd session init-mode active [SwitchA] interface Vlan-interface 10 [SwitchA-Vlan-interface10] bfd min-receive-interval 300 [SwitchA-Vlan-interface10] bfd min-transmit-interval 300 [SwitchA-Vlan-interface10] bfd authentication-mode simple 1 zhang...
Page 838: Configuring Bfd For Rip (Single-Hop Detection In Bfd Echo Packet Mode)
<SwitchA> terminal debugging # When the link between Switch B and the Layer 2 switch fails, you can see that Switch A can quickly detect the changes on Switch B. #Aug 8 14:54:05:362 2008 SwitchA IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983041 is Down, ifAdminStatus is 1, ifOperStatus is 2 #Aug 8 14:54:05:363 2008 SwitchA ISIS/4/ADJ_CHANGE:TrapID(1.3.6.1.2.1.138.0.17<...
Page 839 When the link between Switch C and the Layer 2 switch fails, BFD can quickly detect the link failure and notify it to RIP, and the BFD session goes down. In response, RIP deletes the neighbor relationship with Switch C and the route information received from Switch C. Then, Switch A learns the static route sent by Switch C with the outbound interface being the interface connected to Switch B.
Page 840 # Configure Switch A. [SwitchA] rip 1 [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] rip bfd enable [SwitchA-Vlan-interface100] quit [SwitchA] rip 2 [SwitchA-rip-2] network 192.168.2.0 # Configure Switch B. [SwitchB] rip 1 [SwitchB-rip-1] network 192.168.2.0 [SwitchB-rip-1] network 192.168.3.0 [SwitchB-rip-1] quit # Configure Switch C.
Page 841 Preference: 100 Cost: 1 NextHop: 192.168.1.2 Interface: vlan-interface 100 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.1.2 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h00m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 NextHop: 192.168.2.2 Interface: vlan-interface 200 BkNextHop: 0.0.0.0...
Page 842: Configuring Bfd For Rip (Bidirectional Detection In Bfd Control Packet Mode)
RelyNextHop: 0.0.0.0 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h18m40s Tag: 0 Configuring BFD for RIP (Bidirectional Detection in BFD Control Packet Mode) Network requirements Switch A is connected to Switch C through Switch B. VLAN-interface 100 on Switch A, VLAN-interface 200 on Switch C, and VLAN-interface 200 and VLAN-interface 100 on Switch B run RIP process 1.
Page 843 [SwitchA] interface vlan-interface 300 [SwitchA-Vlan-interface300] ip address 192.168.3.1 24 [SwitchA-Vlan-interface300] quit # Configure Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.168.1.2 24 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ip address 192.168.2.1 24 # Configure Switch C. <SwitchC> system-view [SwitchC] interface vlan 200 [SwitchC-Vlan-interface200] ip address 192.168.2.2 24 [SwitchC-Vlan-interface200] quit...
Page 844 [SwitchC-rip-1] undo validate-source-address [SwitchC-rip-1] import-route static [SwitchC-rip-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] rip bfd enable [SwitchC-Vlan-interface200] quit # Configure Switch D. <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 192.168.3.0 [SwitchD-rip-1] network 192.168.4.0 Configure BFD parameters. # Configure Switch A. [SwitchA] bfd session init-mode active [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] bfd min-transmit-interval 500...
Page 845 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1 Preference: 100 Cost: 1 NextHop: 192.168.1.2 Interface: vlan-interface 100 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.1.2 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h00m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2...
Page 846: Configuring Bfd For Bgp
NextHop: 192.168.3.2 Interface: vlan-interface 300 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h18m40s Tag: 0 Configuring BFD for BGP Network requirements Switch A and Switch B are interconnected through a Layer 2 switch. BFD is enabled on the connected interfaces.
Page 847 # Configure Switch B. [SwitchB] bgp 100 [SwitchB-bgp] peer 10.1.0.100 as-number 100 [SwitchB-bgp] peer 10.1.0.100 bfd [SwitchB-bgp] quit Configure BFD parameters. # Configure Switch A. [SwitchA] bfd session init-mode active [SwitchA-vlan10] interface Vlan-interface 10 [SwitchA-Vlan-interface10] bfd min-transmit-interval 300 [SwitchA-Vlan-interface10] bfd min-receive-interval 300 [SwitchA-Vlan-interface10] bfd detect-multiplier 7 [SwitchA-Vlan-interface10] bfd authentication-mode simple 1 zhang [SwitchA-Vlan-interface10] quit...
Page 848: Configuring Bfd For The Vrrp Backup To Monitor The Master
# When the link between Switch A and Switch B fails, display the detailed BGP neighbor information of Switch A. Switch A has removed its neighbor relationship with Switch B. <SwitchA> display bgp peer 10.1.0.100 verbose Peer: 10.1.0.100 Local: 1.1.1.1 Type: IBGP link BGP version 4, remote router ID 2.2.2.2 BGP current state: Idle...
Page 849 Figure 1-9 Network diagram for monitoring the master on the backup Configuration procedure # Configure Switch A. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA–vlan-interface2] ip address 192.168.0.101 24 [SwitchA–vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchA–vlan-interface2] vrrp vrid 1 priority 110 [SwitchA–vlan-interface2] return # Configure Switch B.
Page 850: Backup Router
[SwitchB] interface vlan-interface 2 [SwitchB–vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB–vlan-interface2] vrrp vrid 1 track 1 switchover [SwitchB–vlan-interface2] return Use the display vrrp verbose command to display the configuration. # Display the detailed information of VRRP group 1 on Switch A. <SwitchA>...
Page 851: Configuring Bfd For The Vrrp Master To Monitor The Uplinks
Track Object Switchover Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.102 # Display the track entry information of Switch B. <SwitchB> display track 1 Track ID: 1 Status: Negative Reference Object: BFD Session: Packet type: Echo Interface : vlan-interface2 Remote IP...
Page 852 Figure 1-10 Network diagram for monitoring the uplink through VRRP Internet Backup Master uplink uplink device device forwarding Vlan-int3 1.1.1.2/24 Vlan-int3 1.1.1.1/24 Virtual Router Switch A Switch B Master Backup Heartbeat Vlan-int2 Vlan-int2 192.168.0.101/24 192.168.0.102/24 Trunk Trunk MSTP enabled L2 switch L2 switch BFD probe packet User data...
Page 853 [SwitchB–vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB–vlan-interface2] return Use the display vrrp verbose command to display the configuration. # Display the detailed information of VRRP group 1 on Switch A. <SwitchA> display vrrp verbose IPv4 Standby Information: Run Method : VIRTUAL-MAC Total number of virtual routers: 1 Interface : vlan-interface2...
Page 854: Configuring Bfd Echo Packet Mode For Static Routing
Master IP : 192.168.0.102 # When the uplink of Switch A goes down, display the detailed information of VRRP group 1 on Switch <SwitchB> display vrrp verbose IPv4 Standby Information: Run Method : VIRTUAL-MAC Total number of virtual routers: 1 Virtual IP Ping : Enable Interface...
Page 855 # Configure a static route on Switch A and enable BFD on it. Implement BFD through BFD echo packets. <SwitchA> system-view [SwitchA] bfd echo-source-ip 123.1.1.1 [SwitchA] interface vlan-interface 10 [SwitchA-vlan-interface10] bfd min-echo-receive-interval 300 [SwitchA-vlan-interface10] bfd detect-multiplier 7 [SwitchA-vlan-interface10] quit [SwitchA] ip route-static 120.1.1.1 24 vlan-interface 10 10.1.1.100 bfd echo-packet [SwitchA] ip route-static 120.1.1.1 24 vlan-interface 11 11.1.1.2 preference 65 [SwitchA] quit Verify the configuration...
Page 856: Configuring Bfd Control Packet Mode For Static Routing
%Nov 12 19:28:28:592 2005 SwitchA BFD/5/LOG:Sess[123.1.1.1/10.1.1.100, Vlan10], Sta: UP->DOWN, Diag: 1 *0.53892593 SwitchA BFD/8/SCM:Sess[123.1.1.1/10.1.1.100, Vlan10], Oper: Reset *0.53892593 SwitchA BFD/8/EVENT:Send sess-down Msg, [Src:123.1.1.1, Dst:10.1.1.100, Vlan10] Protocol: STATIC *0.53892595 SwitchA RM/7/LOG:static route [Dest:120.1.1.1/24,Nexthop:10.1.1.100,ExitIf: Vlan10] became invalid # Execute the display ip routing-table protocol static command, and you can see Switch A selects Switch D to reach Switch C.
Page 857 [SwitchA-vlan-interface12] bfd min-transmit-interval 500 [SwitchA-vlan-interface12] bfd min-receive-interval 500 [SwitchA-vlan-interface12] bfd detect-multiplier 9 [SwitchA-vlan-interface12] quit [SwitchA] ip route-static 14.1.1.0 24 vlan-interface 12 12.1.1.2 bfd control-packet [SwitchA] quit # Configure Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 12 [SwitchB-vlan-interface12] ip address 12.1.1.2 24 [SwitchB-vlan-interface12] bfd min-transmit-interval 500 [SwitchB-vlan-interface12] bfd min-receive-interval 500 [SwitchB-vlan-interface12] bfd detect-multiplier 9...
Page 858 *Jul 27 10:18:19:172 2007 SwitchA BFD/7/EVENT:Receive Delete-sess, [Src:12.1.1.1 ,Dst:12.1.1.2, Vlan12,Ctrl], Direct, Instance:0x0, Proto:STATIC *Jul 27 10:18:19:172 2007 SwitchA BFD/7/EVENT:Notify driver to stop receiving bf # Display the static route on Switch A, which is in the inactive state. <SwitchA> display ip routing-table protocol static Public Routing Table : Static Summary Count : 1 Static Routing table Status : <...
Page 859 Table of Contents 1 MCE Overview············································································································································1-1 MCE Overview ········································································································································1-1 Introduction to BGP/MPLS VPN······································································································1-1 BGP/MPLS VPN Concepts ·············································································································1-2 Introduction to MCE·························································································································1-4 How MCE Works ·····························································································································1-5 Routing Information Exchange for MCE ·································································································1-5 Route Exchange between a CE and the Private Network·······························································1-5 Route Exchange between CE and PE ····························································································1-7 2 MCE Configuration ····································································································································2-1 Configuring a VPN Instance····················································································································2-1 VPN Instance Configuration Task List·····························································································2-1...
Page 860: Mce Overview
MCE Overview The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running routing protocols. MCE Overview Multi-CE (MCE) enables a switch to function as the CEs of multiple VPN instances in a BGP/MPLS VPN network, thus reducing the investment on network equipment.
Page 861: Bgp/Mpls Vpn Concepts
Figure 1-1 A BGP/MPLS VPN implementation CEs and PEs mark the boundary between the service providers and the customers. A CE is usually a router. After a CE establishes adjacency with a directly connected PE, it redistributes its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information.
Page 862 Address space overlapping Each VPN independently manages the addresses that it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses in network segment 10.110.10.0/24, address space overlapping occurs.
Page 863: Introduction To Mce
You are recommended to configure a distinct RD for each VPN instance on a PE, guaranteeing that routes to the same CE use the same RD. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address. By prefixing a distinct RD to a specific IPv4 address prefix, you make it a globally unique VPN IPv4 address prefix.
Page 864: How Mce Works
An S5500-EI switch with MCE enabled can solve this problem. By binding the VLAN interfaces to the VPNs in a network on an S5500-EI switch of this kind, you can create and maintain a routing table for each of the VPNs. In this way, packets of different VPNs in the private network can be isolated. Moreover, with the cooperation of the PE, the routes of each VPN can be advertised to the corresponding remote PE properly, so that packets of each VPN in the private network can be transmitted securely through the public network.
Page 865 Static route OSPF IS-IS EBGP This introduces the cooperation of routing protocols and MCE in brief. For details on routing protocols, see the IPv4 Routing module of this manual. Static routes A CE can communicate with a site through static routes. As static routes configure for traditional CEs take effect globally, address overlapping between multiple VPNs remains a problem till the emergence of MCE.
Page 866: Route Exchange Between Ce And Pe
Normally, when an OSPF route is imported to the BGP routing table as a BGP route on a PE, some attributes of the OSPF route get lost. When the BGP route is imported to the OSPF routing table on the remote CE, not all the attributes of the original OSPF routes can be restored.
Page 867 OSPF IS-IS EBGP For information on how to configure the routing protocols and how to import routes, refer to the IPv4 Routing module of this manual.
Page 868: Mce Configuration
MCE Configuration For detailed information on the routing protocol configuration mentioned in this chapter, see the IPv4 Routing module of this manual. Configuring a VPN Instance VPN Instance Configuration Task List Complete the following tasks to configure a VPN instance: Task Remarks Creating a VPN Instance...
Page 869: Associating An Vpn Instance With An Interface
To do… Use the command… Remarks Optional Set the description information for the VPN description text By default, a VPN instance has no instance description configured. The RD configured for a VPN instance on the MCE device must be same as that configured for the VPN instance on the PE device.
Page 870: Configuring Route Exchange Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view ip vpn-instance Enter VPN instance view — vpn-instance-name Required Associate the current VPN vpn-target vpn-target&<1-8> By default, a VPN instance has instance with one or multiple [ both | export-extcommunity no VPN target associated with VPN targets | import-extcommunity ]...
Page 871: Configuring To Use Rip Between A Mce And A Site
To do… Use the command… Remarks Enter system view system-view — Required ip route-static vpn-instance s-vpn-instance-name&<1-5> dest-address This operation is { mask | mask-length } { gateway-address performed on the MCE Define a static route for [ public ] | interface-type interface-number device.
Page 872: Configuring To Use Is-Is Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view Required Enable OSPF for a ospf [ process-id | This operation is performed on the MCE VPN instance (this router-id router-id | device. As for the corresponding operation also leads vpn-instance configuration on the site, you can just you to OSPF view)
Page 873: Configuring To Use Ebgp Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view Required Enable IS-IS for a isis [ process-id ] This operation is performed on the MCE device. VPN instance and vpn-instance As for the corresponding configuration on the enter IS-IS view vpn-instance-name site, you can just enable IS-IS as usual.
Page 874 To do… Use the command… Remarks Optional filter-policy { acl-number | Apply a filter policy to routes ip-prefix ip-prefix-name } By default, received routes are received import not filtered. Configure to permit the routes Optional with their AS numbers contained in their AS_PATH peer { group-name | By default, routes with their AS attributes being the local AS...
Page 875: Configuring Route Exchange Between A Mce And A
In a VPN instance with BGP enabled, the BGP route exchange is processed in the same way as those in a normal BGP-enabled network. Configuring Route Exchange between a MCE and a PE Configuring Route Exchange between a MCE and a PE Complete the following tasks to configure route exchange between a MCE and a PE: Task Remarks...
Page 876: Configuring To Use Rip Between A Mce And A Pe
A static route configured for a VPN instance does not take effect if you configure the next hop address of the route as the IP address of a local interface (such as Ethernet interface, VLAN interface). If the default static route preference is not configured, the preference of a newly defined static route adopts the system default preference value, which is 60.
Page 877: Configure To Use Is-Is Between A Mce And A Pe
To do… Use the command… Remarks Required import-route protocol [ process-id | Enable OSPF to import allow-ibgp ] [ cost cost | type type | By default, OSPF does not routes of other protocols tag tag | route-policy import the routes of other route-policy-name ] * protocols.
Page 878: Configure To Use Ebgp Between A Mce And A Pe
Configure to Use EBGP between a MCE and a PE To use EBGP to exchange routing information between a MCE and a PE, you need to configure the peer end as a peer in the BGP-VPNs on both ends, import VPN routes in the site to the MCE, and then advertise these routes to the PE.
Page 879 To do… Use the command… Remarks display bgp vpnv4 vpn-instance Display information about vpn-instance-name peer [ group-name Available in any view BGP VPNv4 peers log-info | ip-address { log-info | verbose } | verbose ] display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community...
Page 880: Mce Configuration Example
MCE Configuration Example MCE Configuration Example (A) Network requirements An MCE device connects to VPN1 (with the address range being 192.168.0.0/16) through VLAN-interface 10 (with the IP address being 10.214.10.3) and connects to VPN2 (with the address range being 192.168.10.0/24) through VLAN-interface 20 (with the IP address being 10.214.20.3).
Page 881 [MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 # Create VLAN 10, add GigabitEthernet 1/0/10 to VLAN 10, and create VLAN-interface 10. [MCE-vpn-instance-vpn2] quit [MCE] vlan 10 [MCE-vlan10] port GigabitEthernet 1/0/10 [MCE-vlan10] quit [MCE] interface Vlan-interface 10 # Bind VLAN-interface 10 to VPN1, and configure IP address 10.214.10.3/24 for VLAN-interface 10. [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Create VLAN 20, add GigabitEthernet 1/0/20 to VLAN 20, create VLAN-interface 20, bind...
Page 882 # Define a static route on MCE, specify the next hop address 10.214.10.2 for packets destined for the network segment 192.168.0.0, and bind this route to VPN1. [MCE-Vlan-interface10] quit [MCE] ip route-static vpn-instance vpn1 192.168.0.0 16 10.214.10.2 # Display the information about the routes of VPN1 maintained on MCE. [MCE] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5...
Page 883 192.168.10.0/24 10.214.20.2 Vlan20 As shown in the displayed information above, MCE has obtained the routes of VPN2 through RIP, and maintains these routes in a routing table different from the routing table for routing information of VPN1 to the network segment 192.168.0.0, thus isolating the routes of VPN1 from the routes of VPN2. Configure the routing protocol running between the MCE and a PE # MCE uses GigabitEthernet 1/0/3 to connect to GigabitEthernet 1/0/18 of PE.
Page 884: Mce Configuration Example
Destinations : 6 Routes : 6 Destination/Mask Proto Cost NextHop Interface 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 10.214.30.0/24 Direct 0 10.214.30.1 Vlan30 10.214.30.2/32 Direct 0 127.0.0.1 InLoop0 100.100.10.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/16 O_ASE 10.214.30.1 Vlan30 As shown in the displayed information above, the static routes of VPN1 have been imported to the OSPF routing table between MCE and PE.
Page 885 Network diagram Figure 2-2 Network diagram for MCE configuration (B) VPN 2 Site 1 BGP 200 VPN 1 BGP 100 OSPF GE1/0/18 GE1/0/3 172.16.10.0 Vlan-int30 GE1/0/10 10.100.30.1 Vlan-int40 Site 2 Vlan-int2 10.100.40.1 VPN 1 10.100.10.1 GE1/0/20 Vlan-int3 10.100.20.1 OSPF 172.16.20.0 VPN 2 Configuration procedure Configure VPN instances...
Page 886 # Create VLAN 3, add GigabitEthernet 1/0/20 to VLAN 3, create VLAN-interface 3, bind VLAN-interface 3 to VPN2, and configure IP address 10.214.20.3/24 for VLAN-interface 3. [MCE-Vlan-interface10] quit [MCE] vlan 3 [MCE-vlan3] port GigabitEthernet 1/0/20 [MCE-vlan3] quit [MCE] interface Vlan-interface 3 [MCE-Vlan-interface3] ip binding vpn-instance vpn2 [MCE-Vlan-interface3] ip address 10.214.20.3 24 [MCE-Vlan-interface3] quit...
Page 887 10.100.10.1/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 OSPF 10.100.10.2 Vlan2 As shown in the displayed information above, MCE has obtained the routing information of VPN1 through OSPF process 10. # Create OSPF process 20 for MCE whose router ID is 10.10.20.1, bind the process to VPN2. Redistribute BGP routes from VPN2, enable OSPF multi-instance, and advertise the network segment 10.100.20.0.
Page 888 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 10.100.30.0/24 Direct 0 10.100.10.3 Vlan2 10.100.30.3/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 10.100.10.2 Vlan2 # For VPN2, perform the configurations similar to the above on MCE and PE to import the OSPF routing information of VPN2 to the EBGP routing table.
Page 889 IP Multicast Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The IP Multicast Volume is organized as follows: Features Description This document describes the main concepts in multicast: Introduction to Multicast Multicast Overview Multicast Models Multicast Architecture Multicast Packets Forwarding Mechanism Multicast routing and forwarding refer to some policies that filter RPF routing information for IP multicast support.
Page 890 Features Description As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications. This document describes: MBGP Configuring MBGP Basic Functions Configuring MBGP Route Attributes Configuring a Large Scale MBGP Network Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.
Page 891 Table of Contents 1 Multicast Overview ····································································································································1-1 Introduction to Multicast ··························································································································1-1 Comparison of Information Transmission Techniques····································································1-1 Features of Multicast ·······················································································································1-4 Common Notations in Multicast·······································································································1-5 Advantages and Applications of Multicast·······················································································1-5 Multicast Models ·····································································································································1-6 Multicast Architecture······························································································································1-6 Multicast Addresses ························································································································1-7 Multicast Protocols ························································································································1-11 Multicast Packet Forwarding Mechanism ·····························································································1-13...
Page 892: Multicast Overview
Multicast Overview This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. Introduction to Multicast As a technique coexisting with unicast and broadcast, the multicast technique effectively addresses the issue of point-to-multipoint data transmission.
Page 893 Figure 1-1 Unicast transmission Host A Receiver Host B Source Host C Receiver Host D IP network Receiver Packets for Host B Host E Packets for Host D Packets for Host E Assume that Host B, Host D and Host E need the information. A separate transmission channel needs to be established from the information source to each of these hosts.
Page 894 Figure 1-2 Broadcast transmission Assume that only Host B, Host D, and Host E need the information. If the information is broadcast to the subnet, Host A and Host C also receive it. In addition to information security issues, this also causes traffic flooding on the same subnet.
Page 895: Features Of Multicast
Figure 1-3 Multicast transmission The multicast source (Source in the figure) sends only one copy of the information to a multicast group. Host B, Host D and Host E, which are receivers of the information, need to join the multicast group. The routers on the network duplicate and forward the information based on the distribution of the group members.
Page 896: Common Notations In Multicast
For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission TV transmission Multicast transmission A TV station transmits a TV program through A multicast source sends multicast data to a a channel.
Page 897: Multicast Models
Data warehouse and financial applications (stock quotes). Any other point-to-multipoint data distribution application. Multicast Models Based on how the receivers treat the multicast sources, there are three multicast models: any-source multicast (ASM), source-filtered multicast (SFM), and source-specific multicast (SSM). ASM model In the ASM model, any sender can send information to a multicast group as a multicast source, and numbers of receivers can join a multicast group identified by a group address and obtain multicast information addressed to that multicast group.
Page 898: Multicast Addresses
Multicast applications: A software system that supports multicast applications, such as video conferencing, must be installed on multicast sources and receiver hosts, and the TCP/IP stack must support reception and transmission of multicast data. Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided.
Page 899 Address Description 224.0.0.5 Open Shortest Path First (OSPF) routers 224.0.0.6 OSPF designated routers/backup designated routers 224.0.0.7 Shared Tree (ST) routers 224.0.0.8 ST hosts 224.0.0.9 Routing Information Protocol version 2 (RIPv2) routers 224.0.0.11 Mobile agents 224.0.0.12 Dynamic Host Configuration Protocol (DHCP) server/relay agent 224.0.0.13 All Protocol Independent Multicast (PIM) routers 224.0.0.14...
Page 900 Description When set to 0, it indicates that this address is an IPv6 multicast address not based on a unicast prefix When set to 1, it indicates that this address is an IPv6 multicast address based on a unicast prefix (the T bit must also be set to 1) When set to 0, it indicates that this address is an IPv6 multicast address permanently-assigned by IANA When set to 1, it indicates that this address is a transient, or dynamically...
Page 901 Figure 1-6 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost.
Page 902: Multicast Protocols
Multicast Protocols Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, MSDP, and MBGP/IPv6 MBGP; we refer to IP multicast working at the data link layer as Layer 2 multicast and the corresponding multicast protocols as Layer 2 multicast protocols, which include IGMP Snooping/MLD Snooping, and multicast VLAN/IPv6 multicast VLAN.
Page 903 A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicast routes constitute a loop-free data transmission path from a data source to multiple receivers, namely, a multicast distribution tree. In the ASM model, multicast routes come in intra-domain routes and inter-domain routes.
Page 904: Multicast Packet Forwarding Mechanism
data to each VLAN of the Layer 2 device. With the multicast VLAN or IPv6 multicast VLAN feature enabled on the Layer 2 device, the Layer 3 multicast device needs to send only one copy of multicast to the multicast VLAN or IPv6 multicast VLAN on the Layer 2 device. This avoids waste of network bandwidth and extra burden on the Layer 3 device.
Page 905 Table of Contents 1 Multicast Routing and Forwarding Configuration··················································································1-1 Multicast Routing and Forwarding Overview ··························································································1-1 Introduction to Multicast Routing and Forwarding···········································································1-1 RPF Check Mechanism···················································································································1-1 Multicast Static Routes ····················································································································1-4 Multicast Traceroute ························································································································1-5 Configuration Task List ···························································································································1-6 Enabling IP Multicast Routing ·················································································································1-6 Configuring Multicast Routing and Forwarding·······················································································1-7 Configuration Prerequisites ·············································································································1-7 Configuring Multicast Static Routes ································································································1-7...
Page 906: Multicast Routing And Forwarding Configuration
Multicast Routing and Forwarding Configuration When configuring multicast routing and forwarding, go to these sections for information you are interested in: Multicast Routing and Forwarding Overview Configuration Task List Displaying and Maintaining Multicast Routing and Forwarding Configuration Examples Troubleshooting Multicast Routing and Forwarding The term "router"...
Page 907 A unicast routing table contains the shortest path to each destination subnet, An MBGP routing table contains multicast routing information, and A multicast static routing table contains the RPF routing information defined by the user through static configuration. When performing an RPF check, a router searches its unicast routing table and multicast static routing table at the same time.
Page 908 routing entry and a multicast forwarding entry for a multicast packet, the router sets the RPF interface of the packet as the incoming interface of the (S, G) entry. Upon receiving an (S, G) multicast packet, the router first searches its multicast forwarding table: If the corresponding (S, G) entry does not exist in the multicast forwarding table, the packet is subject to an RPF check.
Page 909: Multicast Static Routes
is Vlan-interface 20. This means the (S, G) entry is correct and packet arrived along a wrong path. The RPF check fails and the packet is discarded. Multicast Static Routes A multicast static route is an important basis for RPF check. Depending on the application environment, a multicast static route has the following two functions: Changing an RPF route Typically, the topology structure of a multicast network is the same as that of a unicast network, and...
Page 910: Multicast Traceroute
Figure 1-3 Creating an RPF route As shown in Figure 1-3, the RIP domain and the OSPF domain are unicast isolated from each other. When no multicast static route is configured, the hosts (Receivers) in the OSPF domain cannot receive the multicast packets sent by the multicast source (Source) in the RIP domain.
Page 911: Configuration Task List
Introduction to multicast traceroute packets A multicast traceroute packet is a special IGMP packet, which differs from common IGMP packets in that its IGMP Type field is set to 0x1F or 0x1E and that its destination IP address is a unicast address. There are three types of multicast traceroute packets: Query, with the IGMP Type field set to 0x1F, Request, with the IGMP Type field set to 0x1F, and...
Page 912: Configuring Multicast Routing And Forwarding
Enabling IP multicast routing in the public instance Follow these steps to enable IP multicast routing in the public instance: To do... Use the command... Remarks Enter system view system-view — Required Enable IP multicast routing multicast routing-enable Disabled by default Configuring Multicast Routing and Forwarding Configuration Prerequisites Before configuring multicast routing and forwarding, complete the following tasks:...
Page 913: Configuring A Multicast Routing Policy
Configuring a Multicast Routing Policy You can configure the router to determine the RPF route based on the longest match principle. For details about RPF route selection, refer to RPF check process. By configuring per-source or per-source-and-group load splitting, you can optimize the traffic delivery when multiple data flows are handled.
Page 914: Configuring The Multicast Forwarding Table Size
To do... Use the command... Remarks Required multicast boundary Configure a multicast group-address { mask | No forwarding boundary by forwarding boundary mask-length } default Configuring the Multicast Forwarding Table Size The router maintains the corresponding forwarding entry for each multicast packet it receives. Excessive multicast routing entries, however, can exhaust the router’s memory and thus result in lower router performance.
Page 915: Displaying And Maintaining Multicast Routing And Forwarding
Displaying and Maintaining Multicast Routing and Forwarding To do... Use the command... Remarks display multicast boundary [ group-address [ mask View the multicast boundary Available in | mask-length ] ] [ interface interface-type information any view interface-number ] display multicast forwarding-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | View the multicast...
Page 916 Switch A, Switch B and Switch C run OSPF. Typically, Receiver can receive the multicast data from Source through the path Switch A – Switch B, which is the same as the unicast route. Perform the following configuration so that Receiver can receive the multicast data from Source through the path Switch A –...
Page 917 [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] pim dm [SwitchB-Vlan-interface102] quit # Enable IP multicast routing on Switch A, and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] pim dm [SwitchA-Vlan-interface200] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim dm [SwitchA-Vlan-interface102] quit [SwitchA] interface vlan-interface 103...
Page 918: Creating An Rpf Route
Creating an RPF Route Network requirements PIM-DM runs in the network and all switches in the network support IP multicast. Switch B and Switch C run OSPF, and have no unicast routes to Switch A. Typically, Receiver can receive the multicast data from Source 1 in the OSPF domain. Perform the following configuration so that Receiver can receive multicast data from Source 2, which is outside the OSPF domain.
Page 919 # Enable IP multicast routing on Switch A and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here.
Page 920: Troubleshooting Multicast Routing And Forwarding
Troubleshooting Multicast Routing and Forwarding Multicast Static Route Failure Symptom No dynamic routing protocol is enabled on the routers, and the physic status and link layer status of interfaces are both up, but the multicast static route fails. Analysis If the multicast static route is not configured or updated correctly to match the current network conditions, the route entry and the configuration information of multicast static routes do not exist in the multicast routing table.
Page 921 In the case of PIM-SM, use the display current-configuration command to check the BSR and RP information. 1-16...
Page 922 Table of Contents 1 IGMP Configuration ···································································································································1-1 IGMP Overview ·······································································································································1-1 IGMP Versions ································································································································1-1 Introduction to IGMPv1····················································································································1-1 Enhancements in IGMPv2···············································································································1-3 Enhancements in IGMPv3···············································································································1-4 IGMP SSM Mapping························································································································1-5 IGMP Proxying ································································································································1-6 Protocols and Standards ·················································································································1-7 IGMP Configuration Task List ·················································································································1-7 Configuring Basic Functions of IGMP ·····································································································1-8 Configuration Prerequisites ·············································································································1-8 Enabling IGMP ································································································································1-9 Configuring IGMP Versions·············································································································1-9...
Page 923: Igmp Configuration
IGMP Configuration When configuring IGMP, go to the following sections for the information you are interested in: IGMP Overview IGMP Configuration Task List IGMP Configuration Examples Troubleshooting IGMP The term "router" in this document refers to a router in a generic sense or a Layer 3 switch running an IP routing protocol.
Page 924 Of multiple multicast routers on the same subnet, all the routers can hear IGMP membership report messages (often referred to as reports) from hosts, but only one router is needed for sending IGMP query messages (often referred to as queries). So, a querier election mechanism is required to determine which router will act as the IGMP querier on the subnet.
Page 925: Enhancements In Igmpv2
At the same time, because Host A is interested in G2, it sends a report to the multicast group address of G2. Through the above-mentioned query/report process, the IGMP routers learn that members of G1 and G2 are attached to the local subnet, and the multicast routing protocol (PIM for example) running on the routers generates (*, G1) and (*, G2) multicast forwarding entries, which will be the basis for subsequent multicast forwarding, where * represents any multicast source.
Page 926: Enhancements In Igmpv3
If the querier receives a membership report for the group within the maximum response time, it will maintain the memberships of the group; otherwise, the querier will assume that no hosts on the subnet are still interested in multicast traffic to that group and will stop maintaining the memberships of the group.
Page 927: Igmp Ssm Mapping
IGMPv3 supports not only general queries (feature of IGMPv1) and group-specific queries (feature of IGMPv2), but also group-and-source-specific queries. A general query does not carry a group address, nor a source address; A group-specific query carries a group address, but no source address; A group-and-source-specific query carries a group address and one or more source addresses.
Page 928: Igmp Proxying
Figure 1-3 Network diagram for IGMP SSM mapping IGMPv1 report IGMPv2 report Querier IGMPv3 report Router A Receiver Receiver Receiver Host A (IGMPv1) Host B (IGMPv2) Host C (IGMPv3) As shown in Figure 1-3, on an SSM network, Host A, Host B and Host C are running IGMPv1, IGMPv2 and IGMPv3 respectively.
Page 929: Protocols And Standards
Figure 1-4 Network diagram for IGMP proxying Proxy & Querier Querier Router B Router A PIM domain Ethernet Receiver Receiver Host B Host A Host C Query from Router A Report from Host Report from Router B Host interface Query from Router B Router interface As shown in Figure...
Page 930: Configuring Basic Functions Of Igmp
Task Remarks Enabling IGMP Required Configuring IGMP Versions Optional Configuring Basic Functions Configuring Static Joining Optional of IGMP Configuring a Multicast Group Filter Optional Configuring the Maximum Number of Multicast Optional Groups on an Interface Configuring IGMP Message Options Optional Adjusting IGMP Configuring IGMP Query and Response Optional...
Page 931: Enabling Igmp
Enabling IGMP First, IGMP must be enabled on the interface on which the multicast group memberships are to be established and maintained. Enabling IGMP Follow these steps to enable IGMP: To do... Use the command... Remarks Enter system view system-view —...
Page 932: Configuring Static Joining
To do... Use the command... Remarks Optional Configure an IGMP version on igmp version version-number the interface IGMPv2 by default Configuring Static Joining After an interface is configured as a static member of a multicast group or a multicast source and group, it will act as a virtual member of the multicast group to receive multicast data addressed to that multicast group for the purpose of testing multicast data forwarding.
Page 933: Configuring The Maximum Number Of Multicast Groups On An Interface
Follow these steps to configure a multicast group filter: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Configure a multicast group igmp group-policy No multicast group filter filter acl-number [ version-number ] configured by default Configuring the Maximum Number of Multicast Groups on an Interface You can configure the allowed maximum number of multicast groups on an interface to flexibly control...
Page 934: Configuring Igmp Message Options
Startup query count IGMP general query interval IGMP querier’s robustness variable Maximum response time for IGMP general queries IGMP last-member query interval Other querier present interval Configuring IGMP Message Options IGMP queries include group-specific queries and group-and-source-specific queries, and multicast groups change dynamically, so a device cannot maintain the information for all multicast sources and groups, For this reason, when receiving a multicast packet but unable to locate the outgoing interface for the destination multicast group, an IGMP router needs to leverage the Router-Alert option to pass...
Page 935: Configuring Igmp Query And Response Parameters
To do... Use the command... Remarks Configure the interface to Optional discard any IGMP message igmp require-router-alert By default, the device does not that does not carry the check the Router-Alert option. Router-Alert option Optional Enable insertion of the Router-Alert option into IGMP igmp send-router-alert By default, IGMP messages messages...
Page 936 To do... Use the command... Remarks Optional Configure the startup query startup-query-interval interval For the system default, see interval “Note” below. Optional Configure the startup query startup-query-count value For the system default, see count “Note” below. Optional Configure the IGMP query timer query interval interval 60 seconds by default...
Page 937: Configuring Igmp Fast Leave Processing
To do... Use the command... Remarks Optional Configure the other querier igmp timer For the system default, see present interval other-querier-present interval “Note” below. If not statically configured, the startup query interval is 1/4 of the “IGMP query interval”. By default, the IGMP query interval is 60 seconds, so the startup query interval = 60 / 4 = 15 (seconds).
Page 938: Configuring Igmp Ssm Mapping
To do... Use the command... Remarks Required Configure IGMP fast leave fast-leave [ group-policy processing acl-number ] Disabled by default The IGMP fast leave processing configuration is effective only if the device is running IGMPv2 or IGMPv3. Configuring IGMP SSM Mapping Due to some possible restrictions, some receiver hosts on an SSM network may run IGMPv1 or IGMPv2.
Page 939: Configuring Igmp Proxying
Follow these steps to configure an IGMP SSM mapping: To do… Use the command… Remarks Enter system view system-view — Enter IGMP view igmp — Required ssm-mapping group-address Configure an IGMP SSM { mask | mask-length } No IGMP mappings are mapping source-address configured by default.
Page 940: Configuring Multicast Forwarding On A Downstream Interface
Each device can have only one interface serving as the proxy interface. In scenarios with multiple instances, IGMP proxying is configured on only one interface per instance. You cannot enable IGMP on interfaces with IGMP proxying enabled. Moreover, only the igmp require-router-alert, igmp send-router-alert, and igmp version commands can take effect on such interfaces.
Page 941: Displaying And Maintaining Igmp
Displaying and Maintaining IGMP To do... Use the command... Remarks display igmp group [ group-address | View IGMP multicast group Available in interface interface-type interface-number ] information any view [ static | verbose ] View layer 2 port information about display igmp group port-info [ vlan Available in IGMP multicast groups...
Page 942: Igmp Configuration Examples
IGMP Configuration Examples Basic IGMP Functions Configuration Example Network requirements Receivers receive VOD information through multicast. Receivers of different organizations form stub networks N1 and N2, and Host A and Host C are receivers in N1 and N2 respectively. Switch A in the PIM network connects to N1, and both Switch B and Switch C connect to N2. Switch A connects to N1 through VLAN-interface 100, and to other devices in the PIM network through VLAN-interface 101.
Page 943 [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] pim dm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim dm [SwitchA-Vlan-interface101] quit # Enable IP multicast routing on Switch B, enable PIM-DM on each interface, and enable IGMP on VLAN-interface 200.
Page 944: Ssm Mapping Configuration Example
SSM Mapping Configuration Example Network requirements On the PIM-SSM network shown in Figure 1-6, the receiver host receives VOD information through multicast. The receiver host runs IGMPv2, so it cannot specify the expected multicast sources in its membership reports. It is required to configure the IGMP SSM mapping feature on Switch D so that the receiver host will receive multicast data from Source 1 and Source 3 only.
Page 945 [SwitchD-Vlan-interface400] igmp enable [SwitchD-Vlan-interface400] igmp version 3 [SwitchD-Vlan-interface400] igmp ssm-mapping enable [SwitchD-Vlan-interface400] pim sm [SwitchD-Vlan-interface400] quit [SwitchD] interface vlan-interface 103 [SwitchD-Vlan-interface103] pim sm [SwitchD-Vlan-interface103] quit [SwitchD] interface vlan-interface 104 [SwitchD-Vlan-interface104] pim sm [SwitchD-Vlan-interface104] quit # Enable IP multicast routing on Switch A, and enable PIM-SM on each interface. <SwitchA>...
Page 946: Igmp Proxying Configuration Example
133.133.1.1 133.133.3.1 Use the display igmp ssm-mapping group command to view the multicast group information created based on the configured IGMP SSM mappings. # View the IGMP multicast group information created based on the IGMP SSM mappings on Switch D. [SwitchD] display igmp ssm-mapping group Total 1 IGMP SSM-mapping Group(s).
Page 947 Network diagram Figure 1-7 Network diagram for IGMP Proxying configuration Configuration procedure Configure IP addresses Configure the IP address and subnet mask of each interface as per Figure 1-7. The detailed configuration steps are omitted here. Enable IP multicast routing, PIM-DM, IGMP, and IGMP Proxying. # Enable IP multicast routing on Switch A, PIM-DM on VLAN-interface 101, and IGMP on VLAN-interface 100.
Page 948: Troubleshooting Igmp
[SwitchB] display igmp interface vlan-interface 100 verbose Vlan-interface100(192.168.1.2): IGMP proxy is enabled Current IGMP version is 2 Multicast routing on this interface: enabled Require-router-alert: disabled Version1-querier-present-timer-expiry: 00:00:20 Use the display igmp group command to view the IGMP multicast group information. For example, # View the IGMP multicast group information on Switch A.
Page 949: Inconsistent Memberships On Routers On The Same Subnet
Check the IGMP version on the interface. You can use the display igmp interface command to check whether the IGMP version on the interface is lower than that on the host. Check that no ACL rule has been configured to restrict the host from joining the multicast group G. Carry out the display current-configuration interface command to check whether the igmp group-policy command has been executed.
Page 950 Table of Contents 1 PIM Configuration······································································································································1-1 PIM Overview··········································································································································1-1 Introduction to PIM-DM····················································································································1-2 How PIM-DM Works ························································································································1-2 Introduction to PIM-SM····················································································································1-4 How PIM-SM Works ························································································································1-5 Introduction to Administrative Scoping in PIM-SM ········································································1-11 SSM Model Implementation in PIM ·······························································································1-13 Protocols and Standards ···············································································································1-14 Configuring PIM-DM······························································································································1-14 PIM-DM Configuration Task List ···································································································1-14 Configuration Prerequisites ···········································································································1-15 Enabling PIM-DM ··························································································································1-15...
Page 951 PIM-SSM Configuration Example··································································································1-50 Troubleshooting PIM Configuration ······································································································1-53 Failure of Building a Multicast Distribution Tree Correctly ····························································1-53 Multicast Data Abnormally Terminated on an Intermediate Router ··············································1-54 RPs Unable to Join SPT in PIM-SM······························································································1-54 RPT Establishment Failure or Source Registration Failure in PIM-SM·········································1-55...
Page 952: Pim Configuration
PIM Configuration When configuring PIM, go to these sections for information you are interested in: PIM Overview Configuring PIM-DM Configuring PIM-SM Configuring PIM-SSM Configuring PIM Common Features Displaying and Maintaining PIM PIM Configuration Examples Troubleshooting PIM Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the PIM protocol.
Page 953: Introduction To Pim-Dm
Introduction to PIM-DM PIM-DM is a type of dense mode multicast protocol. It uses the “push mode” for multicast forwarding, and is suitable for small-sized networks with densely distributed multicast members. The basic implementation of PIM-DM is as follows: PIM-DM assumes that at least one multicast group member exists on each subnet of a network, and therefore multicast data is flooded to all nodes on the network.
Page 954 corresponding interface from the outgoing interface list in the (S, G) entry and stop forwarding subsequent packets addressed to that multicast group down to this node. An (S, G) entry contains the multicast source address S, multicast group address G, outgoing interface list, and incoming interface.
Page 955: Introduction To Pim-Sm
The node that needs to receive multicast data sends a graft message toward its upstream node, as a request to join the SPT again. Upon receiving this graft message, the upstream node puts the interface on which the graft was received into the forwarding state and responds with a graft-ack message to the graft sender.
Page 956: How Pim-Sm Works
PIM-SM is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast group members. The basic implementation of PIM-SM is as follows: PIM-SM assumes that no hosts need to receive multicast data.
Page 957 A DR must be elected in a multi-access network, no matter this network connects to multicast sources or to receivers. The DR at the receiver side sends join messages to the RP; the DR at the multicast source side sends register messages to the RP. A DR is elected on a multi-access subnet by means of comparison of the priorities and IP addresses carried in hello messages.
Page 958 optimize the topological structure of the RPT, multiple candidate RPs (C-RPs) can be configured in a PIM-SM domain, among which an RP is dynamically elected through the bootstrap mechanism. Each elected RP serves a different multicast group range. For this purpose, a bootstrap router (BSR) must be configured.
Page 959 Table 1-1 Values in the hashing algorithm Value Description Value Hash value IP address of the multicast group Hash mask length IP address of the C-RP & Logical operator of “and” Logical operator of “exclusive-or” Modulo operator, which gives the remainder of an integer division RPT establishment Figure 1-5 RPT establishment in a PIM-SM domain As shown in...
Page 960 Multicast source registration The purpose of multicast source registration is to inform the RP about the existence of the multicast source. Figure 1-6 Multicast source registration As shown in Figure 1-6, the multicast source registers with the RP as follows: When the multicast source S sends the first multicast packet to multicast group G, the DR directly connected with the multicast source, upon receiving the multicast packet, encapsulates the packet in a PIM register message, and sends the message to the corresponding RP by unicast.
Page 961 Switchover to SPT In a PIM-SM domain, a multicast group corresponds to one RP and RPT. Before the SPT switchover takes place, the DR at the multicast source side encapsulates all multicast data destined to the multicast group in register messages and sends these messages to the RP. Upon receiving these register messages, the RP abstracts the multicast data and sends the multicast data down the RPT to the DRs at the receiver side.
Page 962: Introduction To Administrative Scoping In Pim-Sm
Introduction to Administrative Scoping in PIM-SM Division of PIM-SM domains Typically, a PIM-SM domain contains only one BSR, which is responsible for advertising RP-set information within the entire PIM-SM domain. The information for all multicast groups is forwarded within the network scope administered by the BSR. We call this non-scoped BSR mechanism. To implement refined management, a PIM-SM domain can be divided into one global scope zone and multiple administratively scoped zones (admin-scope zones).
Page 963 Figure 1-7 Relationship between admin-scope zones and the global scope zone in geographic space Admin-scope zones are geographically separated from one another. Namely, a router must not serve different admin-scope zones. In other words, different admin-scope zones contain different routers, whereas the global scope zone covers all routers in the PIM-SM domain.
Page 964: Ssm Model Implementation In Pim
SSM Model Implementation in PIM The source-specific multicast (SSM) model and the any-source multicast (ASM) model are two opposite models. Presently, the ASM model includes the PIM-DM and PIM-SM modes. The SSM model can be implemented by leveraging part of the PIM-SM technique. The SSM model provides a solution for source-specific multicast.
Page 965: Protocols And Standards
As shown in Figure 1-9, Host B and Host C are multicast information receivers. They send IGMPv3 report messages to the respective DRs to express their interest in the information of the specific multicast source S. Upon receiving a report message, the DR first checks whether the group address in this message falls in the SSM group range: If so, the DR sends a subscribe message for channel subscription hop by hop toward the multicast source S.
Page 966: Configuration Prerequisites
Configuration Prerequisites Before configuring PIM-DM, complete the following task: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Before configuring PIM-DM, prepare the following data: The interval between state-refresh messages Minimum time to wait before receiving a new refresh message TTL value of state-refresh messages Graft retry period Enabling PIM-DM...
Page 967: Configuring State-Refresh Parameters
Follow these steps to enable the state-refresh capability: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Enable state-refresh pim state-refresh-capable Enabled by default Configuring State-Refresh Parameters To avoid the resource-consuming reflooding of unwanted traffic caused by timeout of pruned interfaces, the router directly connected with the multicast source periodically sends an (S, G) state-refresh message, which is forwarded hop by hop along the initial multicast flooding path of the PIM-DM domain, to refresh the prune timer state of all the routers on the path.
Page 968: Configuring Pim-Sm
Follow these steps to configure graft retry period: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Configure graft retry period pim timer graft-retry interval 3 seconds by default For the configuration of other timers in PIM-DM, refer to Configuring PIM Common Timers.
Page 969: Enabling Pim
Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Before configuring PIM-SM, prepare the following data: The IP address of a static RP and an ACL rule defining the range of multicast groups to be served by the static RP C-RP priority and an ACL rule defining the range of multicast groups to be served by each C-RP A legal C-RP address range and an ACL rule defining the range of multicast groups to be served...
Page 970: Configuring An Rp
For details about the multicast routing-enable command, see Multicast Routing and Forwarding Commands in the IP Multicast Volume. Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism. For a large PIM network, static RP configuration is a tedious job. Generally, static RP configuration is just a backup means for the dynamic RP election mechanism to enhance the robustness and operation manageability of a multicast network.
Page 971 To do... Use the command... Remarks Enter system view system-view — Enter PIM view — c-rp interface-type interface-number [ group-policy Required Configure an interface to be a acl-number | priority priority | No C-RPs are configured C-RP holdtime hold-interval | by default advertisement-interval adv-interval ] *...
Page 972: Configuring A Bsr
Follow these steps to configure C-RP timers globally: To do... Use the command... Remarks Enter system view system-view — Enter PIM view — Optional Configure the C-RP-Adv c-rp advertisement-interval interval interval 60 seconds by default Optional Configure C-RP timeout time c-rp holdtime interval 150 seconds by default For the configuration of other timers in PIM-SM, refer to...
Page 973 value of 1, the whole network will not be affected as long as the neighbor router discards these bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the entire network, all these routers will discard bootstrap messages from out of the legal address range.
Page 974 To do… Use the command… Remarks Required Configure a PIM domain border pim bsr-boundary By default, no PIM domain border is configured. Configuring global C-BSR parameters In each PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the PIM-SM domain send advertisement messages to the BSR.
Page 975: Configuring Administrative Scoping
Follow these steps to configure C-BSR timers: To do… Use the command… Remarks Enter system view system-view — Enter PIM view — Optional Configure the BS period c-bsr interval interval For the default value, see the note below. Optional Configure the BS timeout c-bsr holdtime interval For the default value, see the note below.
Page 976 To do… Use the command… Remarks Required Enable administrative scoping c-bsr admin-scope Disabled by default Configuring an admin-scope zone boundary The boundary of each admin-scope zone is formed by ZBRs. Each admin-scope zone maintains a BSR, which serves a specific multicast group range. Multicast protocol packets (such as assert messages and bootstrap messages) that belong to this range cannot cross the admin-scope zone boundary.
Page 977: Configuring Multicast Source Registration
To do… Use the command… Remarks Required Configure a C-BSR for the c-bsr global [ hash-length No C-BSRs are configured for global-scope zone hash-length | priority priority ] * the global-scope zone by default About the Hash mask length and C-BSR priority: You can configure these parameters at three levels: global configuration level, global scope zone level, and admin-scope zone level.
Page 978: Disabling Spt Switchover
To do... Use the command... Remarks Enter system view system-view — Enter PIM view — Optional Configure a filtering rule for register-policy acl-number No register filtering rule by register messages default Optional Configure the device to By default, the checksum is calculate the checksum based register-whole-checksum calculated based on the header...
Page 979: Configuration Prerequisites
Task Remarks Enabling PIM-SM Required Configuring the SSM Group Range Optional Configuring PIM Common Features Optional Configuration Prerequisites Before configuring PIM-SSM, complete the following task: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Page 980: Configuring The Ssm Group Range
Configuring the SSM Group Range As for whether the information from a multicast source is delivered to the receivers based on the PIM-SSM model or the PIM-SM model, this depends on whether the group address in the (S, G) channel subscribed by the receivers falls in the SSM group range. All PIM-SM-enabled interfaces assume that multicast groups within this address range are using the PIM-SSM model.
Page 981: Configuration Prerequisites
Task Remarks Configuring PIM Hello Options Optional Configuring PIM Common Timers Optional Configuring Join/Prune Message Sizes Optional Configuration Prerequisites Before configuring PIM common features, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Page 982: Configuring A Hello Message Filter
Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering effect. This filter works not only on independent multicast data but also on multicast data encapsulated in register messages. Configuring a Hello Message Filter Along with the wide applications of PIM, the security requirement for the protocol is becoming more and more demanding.
Page 983 largest value will take effect. If you want to enable neighbor tracking, the neighbor tracking feature should be enabled on all PIM routers on a multi-access subnet. The LAN-delay setting will cause the upstream routers to delay processing received prune messages. If the LAN-delay setting is too small, it may cause the upstream router to stop forwarding multicast packets before a downstream router sends a prune override message.
Page 984: Configuring Pim Common Timers
To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Configure the priority for DR pim hello-option dr-priority election priority 1 by default Optional Configure PIM neighbor pim hello-option holdtime timeout time interval 105 seconds by default Optional...
Page 985: Configuring Join/Prune Message Sizes
To do... Use the command... Remarks Optional Configure the join/prune timer join-prune interval interval 60 seconds by default Optional Configure the join/prune holdtime join-prune interval timeout time 210 seconds by default Optional Configure assert timeout time holdtime assert interval 180 seconds by default Optional Configure the multicast source source-lifetime interval...
Page 986: Displaying And Maintaining Pim
To do... Use the command... Remarks Enter system view system-view — Enter PIM view — Optional Configure the maximum size of jp-pkt-size packet-size a join/prune message 8,100 bytes by default Configure the maximum Optional number of (S, G) entries in a jp-queue-size queue-size 1,020 by default join/prune message...
Page 987: Pim Configuration Examples
PIM Configuration Examples PIM-DM Configuration Example Network requirements Receivers receive VOD information through multicast. The receiver groups of different organizations form stub networks, and one or more receiver hosts exist in each stub network. The entire PIM domain operates in the dense mode. Host A and Host C are multicast receivers in two stub networks.
Page 988 Configure the IP address and subnet mask for each interface as per Figure 1-10. Detailed configuration steps are omitted here. Configure the OSPF protocol for interoperation among the switches in the PIM-DM domain. Ensure the network-layer interoperation in the PIM-DM domain and enable dynamic update of routing information among the switches through a unicast routing protocol.
Page 989 # View the PIM neighboring relationships on Switch D. [SwitchD] display pim neighbor Total Number of Neighbors = 3 Neighbor Interface Uptime Expires Dr-Priority 192.168.1.1 Vlan103 00:02:22 00:01:27 1 192.168.2.1 Vlan101 00:00:22 00:01:29 3 192.168.3.1 Vlan102 00:00:23 00:01:31 5 Assume that Host A needs to receive the information addressed to multicast group G (225.1.1.1). After multicast source S (10.110.5.100/24) sends multicast packets to the multicast group G, an SPT is established through traffic flooding.
Page 990: Pim-Sm Non-Scoped Zone Configuration Example
UpTime: 00:03:27 Upstream interface: Vlan-interface300 Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 3 1: Vlan-interface103 Protocol: pim-dm, UpTime: 00:03:27, Expires: never 2: Vlan-interface101 Protocol: pim-dm, UpTime: 00:03:27, Expires: never 3: Vlan-interface102 Protocol: pim-dm, UpTime: 00:03:27, Expires: never PIM-SM Non-Scoped Zone Configuration Example Network requirements Receivers receive VOD information through multicast.
Page 991 Network diagram Figure 1-11 Network diagram for PIM-SM non- scoped zone configuration Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int101 192.168.1.1/24 Vlan-int101 192.168.1.2/24 Vlan-int102 192.168.9.1/24 Vlan-int105 192.168.4.2/24 Switch B Vlan-int200 10.110.2.1/24 Switch E Vlan-int104 192.168.3.2/24...
Page 992 [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm [SwitchA-Vlan-interface102] quit The configuration on Switch B and Switch C is similar to that on Switch A. The configuration on Switch D and Switch E is also similar to that on Switch A except that it is not necessary to enable IGMP on the corresponding interfaces on these two switches.
Page 993 Hash mask length: 32 State: Accept Preferred Scope: Not scoped Uptime: 00:40:40 Expires: 00:01:42 # View the BSR information and the locally configured C-RP information in effect on Switch D. [SwitchD] display pim bsr-info Elected BSR Address: 192.168.9.2 Priority: 20 Hash mask length: 32 State: Accept Preferred Scope: Not scoped...
Page 994 # View the RP information on Switch A. [SwitchA] display pim rp-info PIM-SM BSR RP information: Group/MaskLen: 225.1.1.0/24 RP: 192.168.4.2 Priority: 0 HoldTime: 150 Uptime: 00:51:45 Expires: 00:02:22 RP: 192.168.9.2 Priority: 0 HoldTime: 150 Uptime: 00:51:45 Expires: 00:02:22 Assume that Host A needs to receive information addressed to the multicast group G (225.1.1.0). The RP corresponding to the multicast group G is Switch E as a result of hash calculation, so an RPT will be built between Switch A and Switch E.
Page 995: Pim-Sm Admin-Scope Zone Configuration Example
Total number of downstreams: 1 1: Vlan-interface100 Protocol: pim-sm, UpTime: 00:00:42, Expires: 00:03:06 The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D. [SwitchD] display pim routing-table Total 0 (*, G) entry;...
Page 996 of admin-scope zone 2, which also serve the multicast group range 239.0.0.0/8. Both VLAN-interface 109 of Switch F and VLAN-interface 110 of Switch H act as C-BSRs and C-RPs of the global scope zone, which serve all the multicast groups other than those in the 239.0.0.0/8 range.
Page 997 Configure the IP address and subnet mask for each interface as per Figure 1-12. The detailed configuration steps are omitted here. Configure OSPF for interoperation among the switches in the PIM-SM domain. Ensure the network-layer interoperation among the switches in the PIM-SM domain and enable dynamic update of routing information among the switches through a unicast routing protocol.
Page 998 # On Switch B, configure VLAN-interface 102 and VLAN-interface 103 to be the boundary of admin-scope zone 1. [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] multicast boundary 239.0.0.0 8 [SwitchB-Vlan-interface102] quit [SwitchB] interface vlan-interface 103 [SwitchB-Vlan-interface103] multicast boundary 239.0.0.0 8 [SwitchB-Vlan-interface103] quit # On Switch C, configure VLAN-interface 103 and VLAN-interface 106 to be the boundary of admin-scope zone 2.
Page 999 [SwitchF] pim [SwitchF-pim] c-bsr global [SwitchF-pim] c-bsr vlan-interface 109 [SwitchF-pim] c-rp vlan-interface 109 [SwitchF-pim] quit Verify the configuration To view the BSR election information and the C-RP information on a switch, use the display pim bsr-info command. For example: # View the BSR information and the locally configured C-RP information on Switch B. [SwitchB] display pim bsr-info Elected BSR Address: 10.110.9.1 Priority: 0...
Page 1000 State: Elected Scope: 239.0.0.0/8 Uptime: 00:03:48 Next BSR message scheduled at: 00:01:12 Candidate BSR Address: 10.110.4.2 Priority: 0 Hash mask length: 30 State: Elected Scope: 239.0.0.0/8 Candidate RP: 10.110.4.2(Vlan-interface104) Priority: 0 HoldTime: 150 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:10 # View the BSR information and the locally configured C-RP information on Switch F.

H3C LS-3100-52P-OVS-H3 Operation Manual

Table of Contents

1 Obtaining the Documentation

2 Product Features

3 Features

Ethernet Interface Configuration

Link Aggregation Configuration

Port Isolation Configuration

Service Loopback Group Configuration

Dldp Configuration

Lldp Configuration

Smart Link Configuration

Monitor Link Configuration

Table of Contents

1 VLAN Configuration

2 Isolate-User-VLAN Configuration

3 Voice VLAN Configuration

Gvrp Configuration

Qinq Configuration

Bpdu Tunneling Configuration

VLAN Mapping Configuration

Ethernet Oam Configuration

Connectivity Fault Detection Configuration

Mstp Configuration

Quick Links

Chapters

Troubleshooting

Related Manuals for H3C LS-3100-52P-OVS-H3

Summary of Contents for H3C LS-3100-52P-OVS-H3