About This Manual Organization H3C S5500-EI Series Ethernet Switches Operation Manual is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Service Loopback Ethernet Interface Link Aggregation Port Isolation Group DLDP LLDP Smart Link Monitor Link 01-Access VLAN GVRP QinQ BPDU Tunneling Volume...
Page 4
Volume Features Basic System Device File System Login Configuration Management Management MAC Address HTTP SNMP RMON Table Management System Information 07-System Maintaining and Track Center Volume Debugging VRRP Hotfix Cluster Automatic IRF Stack GR Overview Management Configuration Conventions The manual uses the following conventions: Command conventions Convention Description...
Symbols Convention Description Means reader be extremely careful. Improper operation may cause bodily injury. Means reader be careful. Improper operation may cause data loss or damage to equipment. Means an action or information that needs special attention to ensure successful configuration or good performance. Means a complementary description.
Obtaining the Documentation H3C Technologies Co., Ltd. provides various ways for you to obtain documentation, through which you can obtain the product documentations and those concerning newly added new features. The documentations are available in one of the following ways: CD-ROMs shipped with the devices H3C website Software release notes...
Product Features Introduction to Product H3C S5500-EI Series Ethernet Switches are Gigabit Ethernet switching products developed by Hangzhou H3C Technologies Co., Ltd. The S5500-EI series switches have abundant service features. They are designed as distribution and access devices for intranets and metropolitan area networks (MANs).
Page 9
Volume Features Mulitcast Multicast Routing IGMP Overview and Forwarding MSDP MBGP IGMP Snooping Multicast VLAN 04-Multicast IPv6 Multicast Volume Routing and IPv6 PIM IPv6 MBGP Forwarding IPv6 Multicast MLD Snooping VLAN 05-QoS Volume User Profile 802.1X HABP Authentication 06-Security Volume Portal Port Security IP Source Guard...
Features The following sections provide an overview of the main features of each module supported by the S5500-EI series. Access Volume Table 3-1 Features in Access volume Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface...
Page 11
Features Description In the use of fibers, link errors, namely unidirectional links, are likely to occur. DLDP is designed to detect such errors. This document describes: DLDP Introduction Enabling DLDP Setting DLDP Mode DLDP Setting the Interval for Sending Advertisement Packets Setting the DelayDown Timer Setting the Port Shutdown Mode Configuring DLDP Authentication...
Page 12
Features Description BPDU tunneling enables transparently transmission of customer network BPDU frames over the service provider network. This document describes: BPDU Tunneling Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames The VLAN mapping feature maps CVLAN tags to SVLAN tags. This document describes: VLAN Mapping Configuring One-to-One VLAN Mapping...
Features Description Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network monitoring and troubleshooting. This document describes: Port Mirroring Port Mirroring overview Local port mirroring configuration Remote port mirroring configuration IP Services Volume Table 3-2 Features in the IP Services volume...
Features Description Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. This document describes: URPF URPF overview URPF configuration Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4).
Page 15
Features Description Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks. This document describes: RIP basic functions configuration RIP advanced functions configuration RIP network optimization configuration Open Shortest Path First (OSPF) is an Interior Gateway Protocol based on the link state developed by IETF.
Features Description The IS-IS routing protocol supports multiple network protocols, including IPv6. IS-IS with IPv6 support is called IPv6 IS-IS dynamic routing protocol. This document describes: IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions Configuring IPv6 IS-IS Routing Information Control To support multiple network layer protocols, IETF extended BGP-4 by introducing IPv6 BGP.
Page 17
Features Description Internet Group Management Protocol (IGMP) is a protocol in the TCP/IP suite responsible for management of IP multicast members. This document describes: IGMP overview IGMP Configuring basic functions of IGMP Configuring IGMP performance parameters Configuring IGMP SSM Mapping Configuring IGMP Proxying PIM leverages the unicast routing table created by any unicast routing protocol to provide routing information for IP multicast.
Features Description As an IPv6 multicast extension of MP-BGP, IPv6 MBGP enables BGP to provide routing information for IPv6 multicast applications. This document describes: IPv6 MBGP Configuring IPv6 MBGP Basic Functions Configuring IPv6 MBGP Route Attributes Configuring a Large Scale IPv6 MBGP Network Multicast Listener Discovery Snooping (MLD Snooping) is an IPv6 multicast constraining mechanism that runs on Layer 2 devices to manage and control IPv6 multicast groups.
Page 19
Features Description IEEE 802.1x (hereinafter simplified as 802.1x) is a port-based network access control protocol that is used as the standard for LAN user access authentication. This document describes: 802.1x 802.1x overview 802.1x configuration 802.1x Guest-VLAN configuration On an HABP-capable switch, HABP packets can bypass 802.1x authentication and MAC authentication, allowing communication among switches in a cluster.
Features Description An ACL is used for identifying traffic based on a series of preset matching criteria. This document describes: ACL overview and ACL types ACL configuration System Volume Table 3-7 Features in the System volume Features Description Upon logging into a device, you can configure user interface properties and manage the system conveniently.
Page 21
Features Description Hypertext Transfer Protocol (HTTP) is used for transferring web page information across the Internet. This document describes: HTTP HTTP Configuration HTTPS Configuration Simple network management protocol (SNMP) offers a framework to monitor network devices through TCP/IP protocol suite. This document describes: SNMP overview SNMP...
Page 22
Features Description The track module is used to implement collaboration between different modules through established collaboration objects. The detection modules trigger the application modules to perform certain operations through the track module. This document describes: Track Track Overview Configuring Collaboration Between the Track Module and the Detection Modules Configuring Collaboration Between the Track Module and the Application Modules...
Page 23
Features Description Intelligent Resilient Framework (IRF) allows you to build an IRF stack, namely a united device, by interconnecting multiple devices through stack ports. You can manage all the devices in the IRF stack by managing the united device. This document describes: IRF Stack IRF Stack Overview IRF Stack Working Process...
Page 24
Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...
Page 25
Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...
Page 26
Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...
Page 27
Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...
Page 28
Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...
Page 29
Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol...
Page 30
Acronyms Full spelling Multicast Listener Discovery Protocol MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP...
Page 31
Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...
Page 32
Acronyms Full spelling Power over Ethernet Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return...
Page 33
Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active...
Page 34
Acronyms Full spelling Shortest Path First Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree...
Page 35
Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch...
Access Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The Access Volume is organized as follows: Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface Ethernet Interface...
Page 37
Features Description To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group. Service Loopback This document describes: Group Introduction to Service Loopback Groups Configuring a Service Loopback Group In the use of fibers, link errors, namely unidirectional links, are likely to occur.
Page 38
Features Description As defined in IEEE802.1Q, 12 bits are used to identify a VLAN ID, so a device can support a maximum of 4094 VLANs. The QinQ feature extends the VLAN space by allowing Ethernet frames to travel across the service provider network with double VLAN tags.
Page 39
Features Description RRPP is a link layer protocol designed for Ethernet rings. RRPP can prevent broadcast storms caused by data loops when an Ethernet ring is healthy, and rapidly restore the communication paths between the nodes after a link is disconnected on the ring. This document describes: RRPP overview RRPP Configuring Master Node...
Page 40
Table of Contents 1 Ethernet Interface Configuration ·············································································································1-1 General Ethernet Interface Configuration ·······························································································1-1 Combo Port Configuration ···············································································································1-1 Basic Ethernet Interface Configuration····························································································1-1 Configuring Flow Control on an Ethernet Interface ·········································································1-2 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface ········1-3 Configuring Loopback Testing on an Ethernet Interface·································································1-3 Configuring a Port Group·················································································································1-4 Configuring Storm Suppression ······································································································1-4...
Ethernet Interface Configuration General Ethernet Interface Configuration Combo Port Configuration Introduction to Combo port A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding interface. For a Combo port, the electrical port and the corresponding optical port are TX-SFP multiplexed.
Auto-negotiation mode (auto). Interfaces operating in this mode determine their duplex mode through auto-negotiation. Similarly, if you configure the transmission rate for an Ethernet interface by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a Gigabit Ethernet interface, you can specify the transmission rate by its auto-negotiation capacity.
Follow these steps to enable flow control on an Ethernet interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Ethernet interface view — interface-number Required Enable flow control flow-control Disabled by default Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface An Ethernet interface operates in one of the two physical link states: up or down.
To do… Use the command… Remarks Optional Enable loopback testing loopback { external | internal } Disabled by default. As for the internal loopback test and external loopback test, if an interface is down, only the former is available on it; if the interface is shut down, both are unavailable. The speed, duplex, mdi, and shutdown commands are not applicable during loopback testing.
Page 45
The storm suppression ratio settings configured for an Ethernet interface may get invalid if you enable the storm constrain for the interface. For information about the storm constrain function, see Configuring the Storm Constrain Function on an Ethernet Interface. Follow these steps to set storm suppression ratios for one or multiple Ethernet interfaces: To do…...
Setting the Interval for Collecting Ethernet Interface Statistics Follow these steps to configure the interval for collecting interface statistics: To do… Use the command… Remarks Enter system view system-view — interface interface-type Optional Configure the interval interface-number for collecting interface The default interval for collecting statistics interface statistics is 300 seconds.
messages will be sent to the terminal, and the corresponding MAC address forwarding entries will be removed. Follow these steps to configure loopback detection: To do… Use the command… Remarks Enter system view system-view — Required Enable global loopback loopback-detection enable detection Disabled by default Optional...
An Ethernet interface is composed of eight pins. By default, each pin has its particular role. For example, pin 1 and pin 2 are used for transmitting signals; pin 3 and pin 6 are used for receiving signals. You can change the pin roles through setting the MDI mode.
Configuring the Storm Constrain Function on an Ethernet Interface The storm constrain function suppresses packet storms in an Ethernet. With this function enabled on an interface, the system detects the multicast traffic, or broadcast traffic passing through the interface periodically and takes corresponding actions (that is, blocking or shutting down the interface and sending trap messages and logs) when the traffic detected exceeds the threshold.
To do… Use the command… Remarks Optional Specify to send log when the By default, the system sends traffic detected exceeds the log when the traffic detected upper threshold or drops down storm-constrain enable log exceeds the upper threshold or below the lower threshold from drops down below the lower a point higher than the upper...
Page 51
To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about display loopback-detection Available in any view the loopback function display storm-constrain Display the information about...
Page 52
Table of Contents 1 Link Aggregation Configuration ··············································································································1-1 Overview ·················································································································································1-1 Basic Concepts of Link Aggregation ·······························································································1-1 Link Aggregation Modes··················································································································1-3 Load Sharing Mode of an Aggregation Group ················································································1-4 Link Aggregation Configuration Task List ·······························································································1-5 Configuring an Aggregation Group ·········································································································1-6 Configuring a Static Aggregation Group··························································································1-6 Configuring a Dynamic Aggregation Group·····················································································1-7 Configuring an Aggregate Interface ········································································································1-8 Configuring the Description of an Aggregate Interface ···································································1-8...
Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups Displaying and Maintaining Link Aggregation Link Aggregation Configuration Examples Overview...
Page 54
Selected: a selected port can forward user traffic. Unselected: an unselected port cannot forward user traffic. The rate of an aggregate interface is the sum of the selected member ports’ rates. The duplex mode of an aggregate interface is consistent with that of the selected member ports. Note that all selected member ports use the same duplex mode.
Some configurations are called class-one configurations. Such configurations, for example, GVRP and MSTP, can be configured on aggregate interfaces and member ports but are not considered during operational key calculation. The change of a class-two configuration setting may affect the select state of link aggregation member ports and thus the ongoing service.
Dynamic aggregation mode LACP is enabled on member ports in a dynamic aggregation group. In a dynamic aggregation group, A selected port can receive and transmit LACPDUs. An unselected port can receive and send LACPDUs only if it is up and with the same configurations as those on the aggregate interface.
The system sets the load sharing mode of an aggregation group as follows: When hardware resources are available, a link aggregation group with at least two selected ports operates in load sharing mode. The load sharing mode of a link aggregation group with only one selected port is non-load sharing mode.
Configuring an Aggregation Group The following ports cannot be assigned to an aggregation group: Stack ports, RRPP-enabled ports, MAC address authentication-enabled ports, port security-enabled ports, IP source guard-enabled ports, and 802.1x-enabled ports. You are recommended not to assign reflector ports of port mirroring to an aggregation group. For details about reflector ports, refer to Port Mirroring Configuration in the Access Volume.
Configuring a Dynamic Aggregation Group Follow these steps to configure a Layer 2 dynamic aggregation group: To do... Use the command... Remarks Enter system view system-view — Optional By default, the system LACP priority is 32768. Set the system LACP lacp system-priority Changing the system LACP priority priority...
Removing a dynamic aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful dynamic aggregation, ensure that the peer ports of the ports aggregated at one end are also aggregated.
Follow these steps to enable linkUp/linkDown trap generation for an aggregate interface: To do... Use the command... Remarks Enter system view system-view — Optional snmp-agent trap enable Enable the trap function By default, linkUp/linkDown [ standard [ linkdown | linkup ] globally trap generation is enabled globally and on all interfaces.
traffic as needed. For example, for Layer 3 traffic, you can use IP addresses as hash keys for load sharing calculation. Follow these steps to configure load sharing mode for link aggregation groups: To do... Use the command... Remarks Enter system view system-view —...
Link Aggregation Configuration Examples Layer 2 Static Aggregation Configuration Example Network requirements As shown in Figure 1-1, Device A and Device B are connected through their respective Ethernet ports GigabitEthernet1/0/1 to GigabitEthernet1/0/3. Aggregate the ports on each device to form a static link aggregation group, thus balancing outgoing traffic across the member ports.
Layer 2 Dynamic Aggregation Configuration Example Network requirements As shown in Figure 1-2, Device A and Device B are connected through their respective Ethernet ports GigabitEthernet1/0/1 to GigabitEthernet1/0/3. Aggregate the ports on each device to form a dynamic link aggregation group, thus balancing outgoing traffic across the member ports.
Page 65
Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group for a Single-Isolation-Group Device·····················································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...
Port Isolation Configuration When configuring port isolation, go to these sections for information you are interested in: Introduction to Port Isolation Configuring the Isolation Group for a Single-Isolation-Group Device Displaying and Maintaining Isolation Groups Port Isolation Configuration Example Introduction to Port Isolation Usually, Layer 2 traffic isolation is achieved by assigning ports to different VLANs.
Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group information on a display port-isolate group Available in any view single-isolation-group device Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.
Page 68
Port-isolate group information: Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
Page 69
Table of Contents 1 Service Loopback Group Configuration ·································································································1-1 Overview ·················································································································································1-1 Functions of Service Loopback Groups ··························································································1-1 Port Configuration Prerequisites of Service Loopback Groups·······················································1-1 States of the Ports in a Service Loopback Group ···········································································1-2 Configuring a Service Loopback Group ··································································································1-2 Displaying and Maintaining Service Loopback Groups ··········································································1-3 Configuration Example····························································································································1-3...
Service Loopback Group Configuration When configuring a service loopback group, go to these sections for information you are interested in: Overview Configuring a Service Loopback Group Displaying and Maintaining Service Loopback Groups Configuration Example Overview The SFP+ subcards and GE subcards of the S5500-EI switches do not support service loopback groups.
The port is not configured with MSTP, 802.1x, MAC address authentication, port security mode, packet filtering, Ethernet frame filtering, or IP source guard. Additionally, the member port of a service loopback group cannot be configured with any of the above-mentioned configurations. The port belongs to VLAN 1.
You can change the service type of an existing service loopback group. For the change to be successful, you must ensure that the service group has not been referenced; the attributes of all member ports (if any) are not conflicting with the target service type; and no service loopback group has been created for the target service type, because only one service loopback group is allowed for a service type.
Page 73
Table of Contents 1 DLDP Configuration ··································································································································1-1 Overview ·················································································································································1-1 DLDP Introduction ···························································································································1-2 DLDP Fundamentals ·······················································································································1-2 DLDP Configuration Task List·················································································································1-8 Enabling DLDP········································································································································1-9 Setting DLDP Mode ································································································································1-9 Setting the Interval for Sending Advertisement Packets·······································································1-10 Setting the DelayDown Timer ···············································································································1-10 Setting the Port Shutdown Mode ··········································································································1-10 Configuring DLDP Authentication ·········································································································1-11 Resetting DLDP State ···························································································································1-11 Resetting DLDP State in System View··························································································1-12...
DLDP Configuration When performing DLDP configuration, go to these sections for information you are interested in: Overview DLDP Configuration Task List Enabling DLDP Setting DLDP Mode Setting the Interval for Sending Advertisement Packets Setting the DelayDown Timer Setting the Port Shutdown Mode Configuring DLDP Authentication Resetting DLDP State Displaying and Maintaining DLDP...
Figure 1-2 Unidirectional fiber link: a fiber not connected or disconnected Device A GE1/0/50 GE1/0/51 GE1/0/50 GE1/0/51 Device B DLDP Introduction Device Link Detection Protocol (DLDP) can detect the link status of a fiber cable or twisted pair. On detecting a unidirectional link, DLDP can shut down the related port automatically or prompt users to take measures as configured to avoid network problems.
Page 76
State Indicates… A port enters this state when: A unidirectional link is detected. Disable The contact with the neighbor in enhanced mode gets lost. In this state, the port does not receive or send packets other than DLDPDUs. A port in the Active, Advertisement, or Probe DLDP link state transits to this state rather than removes the corresponding neighbor entry and transits to the DelayDown Inactive state when it detects a port-down event.
Page 77
DLDP timer Description A device in the Active, Advertisement, or Probe DLDP link state transits to DelayDown state rather than removes the corresponding neighbor entry and transits to the Inactive state when it detects a port-down event. When a device transits to this state, the DelayDown timer is triggered. A DelayDown timer device in DelayDown state only responds to port-up events.
Page 78
Figure 1-3 A case for Enhanced DLDP mode In normal DLDP mode, only fiber cross-connected unidirectional links (as shown in Figure 1-1 ) can be detected. In enhanced DLDP mode, two types of unidirectional links can be detected. One is fiber cross-connected links (as shown in Figure 1-1).
Page 79
Table 1-4 DLDP packet types and DLDP states DLDP state Type of DLDP packets sent Active Advertisement packet with RSY tag Advertisement Normal Advertisement packet Probe Probe packet Disable Disable packet and RecoverProbe packet When a device transits from a DLDP state other than Inactive state or Disable state to Initial state, it sends Flush packets.
Page 80
Packet type Processing procedure If the corresponding neighbor entry does not exist, creates the neighbor entry, triggers the Entry timer, and transits to Probe state. If the neighbor information it carries conflicts with the corresponding locally Retrieves the maintained neighbor entry, drops the Echo packet neighbor packet.
The DLDP down port sends out a RecoverProbe packet, which carries only information about the local port, every two seconds. Upon receiving the RecoverProbe packet, the remote end returns a RecoverEcho packet. Upon receiving the RecoverEcho packet, the local port checks whether neighbor information in the RecoverEcho packet is the same as the local port information.
To ensure unidirectional links can be detected, make sure these settings are the same on the both sides: DLDP state (enabled/disabled), the interval for sending Advertisement packets, authentication mode, and password. Keep the interval for sending Advertisement packets adequate to enable unidirectional links to be detected in time.
Setting the Interval for Sending Advertisement Packets You can set the interval for sending Advertisement packets to enable unidirectional links to be detected in time. Follow these steps to set the interval for sending Advertisement packets: To do… Use the command… Remarks Enter system view system-view...
Manual mode. This mode applies to networks with low performance, where normal links may be treated as unidirectional links. It protects service packet transmission against false unidirectional links. In this mode, DLDP only detects unidirectional links and generates log and traps. The operations to shut down unidirectional link ports are accomplished by the administrator.
user-defined port shutdown mode. To enable the port to perform DLDP detect again, you can reset the DLDP state of the port in one of the following methods: If the port is shut down with the shutdown command manually, use the undo shutdown command on the port.
To do… Use the command… Remarks Clear the statistics on reset dldp statistics [ interface-type DLDP packets passing Available in user view interface-number ] through a port DLDP Configuration Example DLDP Configuration Example Network requirements Device A and Device B are connected through two fiber pairs, in which two fibers are cross-connected, as shown in Figure 1-4.
[DeviceA] dldp work-mode enhance # Set the port shutdown mode as auto mode. [DeviceA] dldp unidirectional-shutdown auto # Enable DLDP globally. [DeviceA] dldp enable # Check the information about DLDP. [DeviceA] display dldp DLDP global status : enable DLDP interval : 6s DLDP work-mode : enhance DLDP authentication-mode : none...
Page 88
Analysis: The problem can be caused by the following. The intervals for sending Advertisement packets on Device A and Device B are not the same. DLDP authentication modes/passwords on Device A and Device B are not the same. Solution: Make sure the interval for sending Advertisement packets, the authentication mode, and the password on Device A and Device B are the same.
Page 89
Table of Contents 1 LLDP Configuration···································································································································1-1 Introduction to LLDP ·······························································································································1-1 Overview··········································································································································1-1 LLDP Fundamental··························································································································1-1 TLV Types ·······································································································································1-2 Protocols and Standards ·················································································································1-4 LLDP Configuration Task List ·················································································································1-4 Performing Basic LLDP Configuration ····································································································1-4 Enabling LLDP·································································································································1-4 Setting LLDP Operating Mode ········································································································1-5 Configuring LLDPDU TLVs ·············································································································1-6 Enable LLDP Polling························································································································1-7 Configuring the Parameters Concerning LLDPDU Sending ···························································1-7 Configuring the Encapsulation Format for LLDPDUs ·············································································1-8...
LLDP Configuration When configuring LLDP, go to these sections for information you are interested in: Introduction to LLDP LLDP Configuration Task List Performing Basic LLDP Configuration Configuring the Encapsulation Format for LLDPDUs Configuring the Encapsulation Format of the Management Address Configuring CDP Compatibility Configuring LLDP Trapping Displaying and Maintaining LLDP...
To enable the neighboring devices to be informed of the existence of a device or an LLDP operating mode change (from the disable mode to TxRx mode, or from the Rx mode to Tx mode) timely, a device can invoke the fast sending mechanism. In this case, the interval to send LLDPDUs changes to one second.
Page 92
Type Description Remarks Port Description TLV Carries Ethernet port description System Name TLV Carries device name System Description TLV Carries system description System Capabilities TLV Carries information about system capabilities Carries the management address, the Optional to corresponding port number, and OID (object LLDP identifier).
Extended power-via-MDI TLV, which carries the information about the power supply capability of the current device. Hardware revision TLV, which carries the hardware version of an MED device. Firmware revision TLV, which carries the firmware version of an MED device. Software revision TLV, which carries the software version of an MED device.
To do… Use the command… Remarks Enter system view system-view — Required Enable LLDP globally lldp enable By default, LLDP is enabled globally. Enter Ethernet interface interface-type Either of the two is required. interface view interface-number Enter Configuration performed in Ethernet Ethernet interface view applies to the current interface...
Configuring LLDPDU TLVs Follow these steps to configure LLDPDU TLVs: To do… Use the command… Remarks Enter system view system-view — Optional Set the TTL multiplier lldp hold-multiplier value 4 by default. Enter Either of the two is required. Ethernet interface interface-type Configuration performed in Enter...
To enable MED related LLDP TLV sending, you need to enable LLDP-MED capabilities TLV sending first. Conversely, to disable LLDP-MED capabilities TLV sending, you need to disable the sending of other MED related LLDP TLVs. To disable MAC/PHY configuration/status TLV sending, you need to disable LLDP-MED capabilities TLV sending first.
To do… Use the command… Remarks Optional Set the delay period to send lldp timer tx-delay value LLDPDUs 2 seconds by default To enable local device information to be updated on neighboring devices before being aged out, make sure the interval to send LLDPDUs is shorter than the TTL of the local device information. Setting the number of the LLDPDUs to be sent when a new neighboring device is detected Follow these steps to set the number of the LLDPDUs to be sent when a new neighboring device is detected...
The configuration does not apply to LLDP-CDP packets, which use only SNAP encapsulation. Configuring the Encapsulation Format of the Management Address LLDP encapsulates the management address in the form of numbers or strings in management address TLVs and then advertises it. By default, management addresses are encapsulated in the form of numbers in TLVs.
TLV for the IP phones to configure the voice VLAN automatically. Thus, the voice traffic is confined in the configured voice VLAN to be differentiated from other types of traffic. CDP-compatible LLDP operates in one of the follows two modes: TxRx where CDP packets can be transmitted and received.
Follow these steps to configure LLDP trap: To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Either of the two is required. interface view interface-number Configuration performed in Enter Ethernet interface view applies Ethernet to the current port only;...
Figure 1-1 Network diagram for LLDP configuration GE1/0/1 GE1/0/2 Switch A GE1/0/1 MED设备 Switch B Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, setting the LLDP operating mode to [SwitchA] interface gigabitethernet1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...
Page 102
Transmit interval : 30s Hold multiplier Reinit delay : 2s Transmit delay : 2s Trap interval : 5s Fast start times Port 1 [GigabitEthernet1/0/1] : Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors...
Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2] : Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No...
Page 104
# Configure the link type of the ports to be trunk and enable the voice VLAN feature on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] voice vlan 2 enable [SwitchA-GigabitEthernet1/0/2] quit...
Page 105
Table of Contents 1 Smart Link Configuration ·························································································································1-1 Smart Link Overview ·······························································································································1-1 Terminology·····································································································································1-1 Operating Mechanism of Smart Link ·······························································································1-2 Configuring a Smart Link Device ············································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuring a Smart Link Device·····································································································1-3 Smart Link Device Configuration Example······················································································1-4 Configuring an Associated Device ··········································································································1-5 Configuring an Associated Device ··································································································1-5 Associated Device Configuration Example ·····················································································1-6 Displaying and Maintaining Smart Link···································································································1-6...
Smart Link Configuration When configuring Smart Link, go to these sections for information that you are interested in: Smart Link Overview Configuring a Smart Link Device Configuring an Associated Device Displaying and Maintaining Smart Link Smart Link Configuration Examples Smart Link Overview Smart Link is a feature developed to address the slow convergence issue with the Spanning Tree Protocol (STP).
Master port Master port is a port role in a smart link group. When both ports in a smart link group are up, the master port preferentially transits to the forwarding state. Once the master port fails, the slave port takes over to forward traffic.
Uplink traffic-triggered MAC address learning, where update is triggered by uplink traffic. This mechanism is applicable to environments with devices not supporting smart link, including devices of other vendors’. Flush update where a Smart Link-enabled device updates its information by transmitting flush messages over the backup link to its upstream devices.
To do… Use the command… Remarks Required protected-vlan By default, no Configure protected VLANs for the reference-instance protected VLAN is smart link group instance-id-list configured for a smart link group. In smart link group port interface-type view interface-number master Specify the Required master port for In Ethernet...
Configure all the control VLANs to receive flush messages. If no control VLAN is specified for processing flush messages, the device forwards the received flush messages directly without processing them. Make sure that the receive control VLAN is the same as the transmit control VLAN configured on the Smart Link device.
Page 112
Figure 1-2 Network diagram for single smart link group configuration Device A GE1/0/1 GE1/0/2 GE1/0/1 GE1/0/1 Device B Device D GE1/0/2 GE1/0/2 GE1/0/3 GE1/0/3 GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/1 Device C Device E Configuration procedure Configuration on Device C # Create smart link group 1. <DeviceC>...
[DeviceE-smlk-group1] port gigabitethernet1/0/2 master [DeviceE-smlk-group1] port gigabitethernet1/0/1 slave # Configure VLAN 1 as the transmit control VLAN. [DeviceE-smlk-group1] flush enable Configuration on Device B # Configure VLAN 1 as the receive control VLAN for GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3. <DeviceB>...
Page 114
The traffic of VLAN 1 through VLAN 200 on Device C are dually uplinked to Device A by Device B and Device D. Implement load sharing to uplink the traffic of VLAN 1 through VLAN 100 and the traffic of VLAN 101 through VLAN 200 over different links to Device A. Implement dual link backup on Device C: the traffic of VLANs 1 through 100 (mapped to MSTI 0) is uplinked to Device A by Device B;...
Page 115
# Configure protected VLANs for smart link group 1. [DeviceC-smlk-group1] protected-vlan reference-instance 0 # Configure GigabitEthernet 1/0/1 as the master port and GigabitEthernet 1/0/2 as the slave port. [DeviceC-smlk-group1] port gigabitethernet1/0/1 master [DeviceC-smlk-group1] port gigabitethernet1/0/2 slave # Enable role preemption. [DeviceC-smlk-group1] preemption mode role # Configure VLAN 10 as the transmit control VLAN of smart link group 1.
Page 116
[DeviceD-GigabitEthernet1/0/1] smart-link flush enable control-vlan 10 101 [DeviceD-GigabitEthernet1/0/1] quit [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan 1 to 200 [DeviceD-GigabitEthernet1/0/2] smart-link flush enable control-vlan 10 101 Configuration on Device A # Configure VLAN 10 and VLAN 101 as the receive control VLANs of GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
Page 117
Table of Contents 1 Monitor Link Configuration ······················································································································1-1 Overview ·················································································································································1-1 Terminology·····································································································································1-1 How Monitor Link Works··················································································································1-1 Configuring Monitor Link ·························································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Monitor Link Configuration Example ·······························································································1-2 Displaying and Maintaining Monitor Link ································································································1-3 Monitor Link Configuration Example ·······································································································1-3...
Monitor Link Configuration When configuring monitor link, go to these sections for information you are interested in: Overview Configuring Monitor Link Displaying and Maintaining Monitor Link Monitor Link Configuration Example Overview Monitor link is a port collaboration function used to enable a device to be aware of the up/down state change of the ports on an indirectly connected link.
Do not manually shut down or bring up the downlink ports in a monitor link group. Configuring Monitor Link Configuration Prerequisites Before assigning a port to a monitor link group, make sure the port is not the member port of any aggregation group or service loopback group.
Configuration procedure <Sysname> system-view [Sysname] monitor-link group 1 [Sysname-mtlk-group1] port gigabitethernet 1/0/1 uplink [Sysname-mtlk-group1] port gigabitethernet 1/0/2 downlink Displaying and Maintaining Monitor Link To do… Use the command… Remarks Display monitor link display monitor-link group Available in any view group information { group-id | all } Monitor Link Configuration Example Network requirements...
Page 121
[DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] undo stp enable [DeviceC-GigabitEthernet1/0/1] quit [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] undo stp enable [DeviceC-GigabitEthernet1/0/2] quit [DeviceC] smart-link group 1 # Configure the smart link group to protect all the VLANs mapped to MSTIs 0 through 32. [DeviceC-smlk-group1] protected-vlan reference-instance 0 to 32 # Configure GigabitEthernet 1/0/1 as the master port and GigabitEthernet 1/0/2 as the slave port.
Page 122
[DeviceD-mtlk-group1] port gigabitethernet 1/0/1 uplink [DeviceD-mtlk-group1] port gigabitethernet 1/0/2 downlink # Configure VLAN 1 as the control VLAN for receiving flush messages on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. [DeviceD-mtlk-group1] quit [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] smart-link flush enable [DeviceD-GigabitEthernet1/0/1] quit [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] smart-link flush enable...
Page 123
Table of Contents 1 VLAN Configuration ··································································································································1-1 Introduction to VLAN ·······························································································································1-1 VLAN Overview ·······························································································································1-1 VLAN Fundamentals ·······················································································································1-2 Types of VLAN ································································································································1-3 Configuring Basic VLAN Settings ···········································································································1-3 Configuring Basic Settings of a VLAN Interface ·····················································································1-4 Port-Based VLAN Configuration ·············································································································1-5 Introduction to Port-Based VLAN ····································································································1-5 Assigning an Access Port to a VLAN ······························································································1-6 Assigning a Trunk Port to a VLAN···································································································1-7 Assigning a Hybrid Port to a VLAN ·································································································1-8...
VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...
Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.
The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.
As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.
Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.
Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. Otherwise, the system prompts error information. For information about voice VLAN, refer to Voice VLAN Configuration. The local and remote ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
To do… Use the command… Remarks Assign one or a group of Required access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN In interface or port group view Follow these steps to assign an access port (in interface view) or multiple access ports (in port group view) to a VLAN: To do…...
To do… Use the command… Remarks Enter system view system-view — Enter Required interface interface-type Ethernet Use either command. interface-number interface view In Ethernet interface view, the subsequent configurations Enter Layer-2 interface bridge-aggregation aggregate apply to the current port. interface-number interface view port group...
Page 132
To do… Use the command… Remarks Enter system view system-view — Enter Ethernet interface interface-type Required interface view interface-number Use either command. In Ethernet interface view, Enter Layer-2 interface bridge-aggregation subsequent aggregate interface-number configurations apply to the interface view current port. Enter In port group view, the interface...
MAC-Based VLAN Configuration Introduction to MAC-Based VLAN MAC-based VLANs group VLAN members by MAC address. They only apply to untagged frames. When receiving an untagged frame, the device looks up the list of MAC-to-VLAN mappings based on the MAC address of the frame for a match. If a match is found, the system forwards the frame in the corresponding VLAN.
To do... Use the command... Remarks Enter Use either command. interface interface-type Ethernet Enter In Ethernet interface view, the interface-number interface view Ethernet subsequent configurations interface apply only to the current port; view or in port group view, the Enter port port-group manual port group subsequent configurations...
Configuring a Protocol-Based VLAN Follow these steps to configure a protocol-based VLAN: To do… Use the command… Remarks Enter system view system-view — Required If the specified VLAN does Enter VLAN view vlan vlan-id not exist, this command creates the VLAN first. protocol-vlan [ protocol-index ] { at | ipv4 | ipv6 | ipx { ethernetii | llc |...
Do not configure both the dsap-id and ssap-id arguments in the protocol-vlan command as 0xe0 or 0xff when configuring the user-defined template for llc encapsulation. Otherwise, the encapsulation format of the matching packets will be the same as that of the ipx llc or ipx raw packets respectively.
To do… Use the command… Remarks Required The IP network segment or IP ip-subnet-vlan Associate an IP subnet with the address to be associated with [ ip-subnet-index ] ip current VLAN a VLAN cannot be a multicast ip-address [ mask ] network segment or a multicast address.
To do... Use the command… Remarks display interface Display VLAN interface vlan-interface Available in any view information [ vlan-interface-id ] Display hybrid ports or trunk display port { hybrid | trunk } Available in any view ports on the device display mac-vlan { all | dynamic | mac-address Display MAC address-to-VLAN...
Page 139
Figure 1-4 Network diagram for port-based VLAN configuration Configuration procedure Configure Device A # Create VLAN 2, VLAN 6 through VLAN 50, and VLAN 100. <DeviceA> system-view [DeviceA] vlan 2 [DeviceA-vlan2] quit [DeviceA] vlan 100 [DeviceA-vlan100] vlan 6 to 50 Please wait...
Page 140
Flow-control is not enabled The Maximum Frame Length is 9216 Broadcast MAX-ratio: 100% Unicast MAX-ratio: 100% Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 100 Mdi type: auto Link delay is 0(sec) Port link-type: trunk VLAN passing : 2, 6-50, 100 VLAN permitted: 2, 6-50, 100 Trunk port encapsulation: IEEE 802.1q Port priority: 0...
Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.
Page 142
Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.
Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.
Page 144
[DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.
00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense.
Voice VLAN Assignment Modes A port can be assigned to a voice VLAN in one of the following two modes: In automatic mode, the system matches the source MAC addresses in the untagged packets sent when the IP phone is powered on against the OUI addresses. If a match is found, the system automatically assigns the port to the voice VLAN, issues ACL rules and configures the packet precedence.
If an IP phone sends tagged voice traffic and its connecting port is configured with 802.1X authentication and guest VLAN, you should assign different VLAN IDs for the voice VLAN, the default VLAN of the connecting port, and the 802.1X guest VLAN. The default VLANs for all ports are VLAN 1.
Setting a Port to Operate in Automatic Voice VLAN Assignment Mode Follow these steps to set a port to operate in automatic voice VLAN assignment mode: To do... Use the command... Remarks Enter system view system-view — Optional 1440 minutes by default. The voice VLAN aging time Set the voice VLAN aging time voice vlan aging minutes...
Page 150
To do... Use the command... Remarks Enter system view system-view — Optional Enable the voice VLAN security voice vlan security enable mode Enabled by default. Optional By default, each voice VLAN voice vlan mac-address oui Add a recognizable OUI has default OUI addresses mask oui-mask [ description address configured.
Displaying and Maintaining Voice VLAN To do... Use the command... Remarks Display the voice VLAN state display voice vlan state Available in any view Display the OUI addresses display voice vlan oui Available in any view currently supported by system Voice VLAN Configuration Examples Automatic Voice VLAN Mode Configuration Example Network requirements...
Page 152
Avaya phone 0011-1100-0000 ffff-ff00-0000 IP phone A 0011-2200-0000 ffff-ff00-0000 IP phone B 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current states of voice VLANs. <DeviceA> display voice vlan state...
Maximum of Voice VLANs: 16 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 1440 minutes Voice VLAN enabled port and its mode: PORT VLAN MODE ----------------------------------------------- GigabitEthernet1/0/1 AUTO GigabitEthernet1/0/2 AUTO Manual Voice VLAN Assignment Mode Configuration Example Network requirements Create VLAN 2 and configure it as a voice VLAN permitting only voice traffic to pass through.
Page 154
Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes...
Page 155
Table of Contents 1 GVRP Configuration ··································································································································1-1 Introduction to GVRP ······························································································································1-1 GARP···············································································································································1-1 GVRP···············································································································································1-3 Protocols and Standards ·················································································································1-4 GVRP Configuration Task List ················································································································1-4 Configuring GVRP Functions··················································································································1-4 Configuring GARP Timers·······················································································································1-5 Displaying and Maintaining GVRP··········································································································1-6 GVRP Configuration Examples···············································································································1-7 GVRP Configuration Example I·······································································································1-7 GVRP Configuration Example II······································································································1-8 GVRP Configuration Example III·····································································································1-9...
GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...
Page 157
Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...
GARP message format Figure 1-1 GARP message format Figure 1-1 illustrates the GARP message format. Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message ––...
about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.
To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface view, interface view or Layer interface interface-type Required Layer 2 2 aggregate interface interface-number aggregate view Perform either of the interface view, commands. port-group manual or port-group Enter port-group view port-group-name view Required...
To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 interface interface-type Perform either of the interface aggregate interface-number commands. view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on a view, or Enter port-group port-group manual...
To do… Use the command… Remarks display gvrp state interface Display the current GVRP state interface-type interface-number vlan Available in any view vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state display gvrp status Available in any view Display the information about...
[DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).
[DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.
Page 165
[DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.
Page 166
Table of Contents 1 QinQ Configuration ···································································································································1-1 Introduction to QinQ ································································································································1-1 Background ·····································································································································1-1 QinQ Mechanism and Benefits········································································································1-1 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modifying the TPID in a VLAN Tag ·································································································1-3 QinQ Configuration Task List··················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring Selective QinQ·····················································································································1-5 Configuring an Outer VLAN Tagging Policy ····················································································1-5...
QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...
Figure 1-1 Schematic diagram of the QinQ feature Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has...
Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.
Page 170
Figure 1-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.
QinQ Configuration Task List Table 1-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Configuring an Outer VLAN Tagging Policy Optional Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network. QinQ configurations made in Ethernet interface view take effect on the current interface only;...
condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ. Follow these steps to configure an outer VLAN tagging policy: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet or interface interface-type...
Page 173
Customer A1, Customer A2, Customer B1 and Customer B2 are edge devices on the customer network. Third-party devices with a TPID value of 0x8200 are deployed between Provider A and Provider B. Make configuration to achieve the following: Frames of VLAN 200 through VLAN 299 can be exchanged between Customer A1and Customer A2 through VLAN 10 of the service provider network.
Page 174
[ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid pvid vlan 50 [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 50 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 10 and 50 to pass through. [ProviderA] interface gigabitethernet 1/0/3 [ProviderA-GigabitEthernet1/0/3] port link-type trunk [ProviderA-GigabitEthernet1/0/3] port trunk permit vlan 10 50...
Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/3 of Provider B to allow tagged frames of VLAN 10 and 50 to pass through. Comprehensive Selective QinQ Configuration Example Network requirements Provider A and Provider B are edge devices on the service provider network and are...
Page 176
[ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port link-type hybrid [ProviderA-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 untagged # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/1] qinq vid 1000 [ProviderA-GigabitEthernet1/0/1-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/1-vid-1000] quit # Tag CVLAN 20 frames with SVLAN 2000. [ProviderA-GigabitEthernet1/0/1] qinq vid 2000 [ProviderA-GigabitEthernet1/0/1-vid-2000] raw-vlan-id inbound 20 [ProviderA-GigabitEthernet1/0/1-vid-2000] quit...
Page 177
[ProviderB-GigabitEthernet1/0/2] port link-type hybrid [ProviderB-GigabitEthernet1/0/2] port hybrid vlan 2000 untagged # Tag CVLAN 20 frames with SVLAN 2000. [ProviderB-GigabitEthernet1/0/2] qinq vid 2000 [ProviderB-GigabitEthernet1/0/2-vid-2000] raw-vlan-id inbound 20 # Set the TPID value in the outer tag to 0x8200. [ProviderA-GigabitEthernet1/0/3] quit [ProviderA] qinq ethernet-type service-tag 8200 Configuration on third-party devices Configure the third-party devices between Provider A and Provider B as follows: configure the port connecting GigabitEthernet 1/0/3 of Provider A and that connecting GigabitEthernet 1/0/1 of Provider B...
Page 178
Table of Contents 1 BPDU Tunneling Configuration················································································································1-1 Introduction to BPDU Tunneling ·············································································································1-1 Configuring BPDU Transparent Transmission························································································1-3 Configuring Destination Multicast MAC Address for BPDU Tunnel Frames ··········································1-3 BPDU Tunneling Configuration Example································································································1-3...
BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames BPDU Tunneling Configuration Example Introduction to BPDU Tunneling To avoid loops in your network, you can enable the Spanning Tree Protocol (STP) on your device.
Page 180
Figure 1-1 Network hierarchy of BPDU tunneling At the input side of the service provider network, the edge device changes the destination MAC address of a BPDU from a customer network from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 by default. In the service provider’s network, the modified BPDUs are forwarded as data packets in the user VLAN.
Configuring BPDU Transparent Transmission Perform the following tasks to configure BPDU transparent transmission: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet or Required interface interface-type Layer-2 aggregate Use either command. interface-number interface view Settings made in interface view take effect only on the current Enter port.
Page 182
Provider A and Provider B are service provider network edge devices, which are interconnected through configured trunk ports. The configuration is required to satisfy the following requirements: Geographically dispersed customer network access devices Customer A and Customer B can implement consistent spanning tree calculation across the service provider network. destination multicast address...
VLAN Mapping Configuration When configuring VLAN mapping, go to these sections for information you are interested in: VLAN Mapping Overview VLAN Mapping Configuration Task List Configuring One-to-One VLAN Mapping Configuring Many-to-One VLAN Mapping Configuring Two-to-Two VLAN Mapping VLAN Mapping Configuration Examples VLAN Mapping Overview VLAN mapping maps the customer VLANs (CVLANs) to service-provider VLANs (SVLANs).
One-to-One VLAN Mapping and Many-to-One VLAN Mapping Figure 1-1 Scenario for one-to-one/many-to-one VLAN mapping One-to-one VLAN mapping and many-to-one VLAN mapping are mainly applied in networking environments as shown in Figure 1-1. In such a network, different VLANs are used for transmitting different services (PC, IPTV, and VoIP for example) of a home user.
Uplink policy: A QoS policy containing VLAN mappings for uplink traffic. Downlink policy: A QoS policy containing VLAN mappings for downlink traffic. How VLAN Mapping Is Implemented This section describes how VLAN mapping is implemented on your device. One-to-one VLAN mapping On the downlink port For uplink traffic For downlink traffic...
Two-to-two VLAN mapping In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are called the new SVLAN and CVLAN.
For many-to-one VLAN mapping, enable customer-side QinQ on the downlink port and service provider-side QinQ on the uplink port. To save system resources, disable user bindings recording on the DHCP snooping trusted ports that forward DHCP packets. For information about this feature, refer to DHCP Configuration in the IP Services Volume.
Page 191
To do... Use the command... Remarks Set the link type of the uplink port to port link-type trunk Required trunk Required Configure the uplink port to permit the port trunk permit vlan By default, a trunk port specified SVLANs to pass through { vlan-id-list | all } permits only VLAN 1 to pass through.
To do... Use the command... Remarks Map the SVLAN to the CVLAN classifier tcl-name behavior by associating the traffic class Required behavior-name with the traffic behavior Exit to system view quit — Configuring Many-to-One VLAN Mapping Perform many-to-one VLAN mapping on the campus switches shown in Figure 1-1 to carry the same service of different users using the same VLAN on the service provider’s network.
Page 193
To do... Use the command... Remarks Exit to system view quit — Enter the interface view of the uplink interface interface-type — port interface-number Required By default, all ports with Configure the uplink port as a DHCP DHCP snooping dhcp-snooping trust snooping trusted port enabled are DHCP snooping untrusted...
To do... Use the command... Remarks Create a traffic behavior and traffic behavior Required enter traffic behavior view behavior-name Specify the SVLAN for the remark service-vlan-id Required VLAN mapping vlan-id-value Exit to system view quit — Create a QoS policy and enter qos policy policy-name Required QoS policy view...
Page 195
To do... Use the command... Remarks Required Configure the downlink port to permit By default, a trunk port port trunk permit vlan the packets of the SVLANs to pass permits only the packets { vlan-id-list | all } through of VLAN 1 to pass through.
Page 196
To do... Use the command... Remarks Map the original CVLAN and the new SVLAN classifier tcl-name behavior to the new CVLAN by associating the traffic Required behavior-name class with the traffic behavior Exit to system view quit — Table 1-5 Configure an uplink policy for the downlink port To do...
To do... Use the command... Remarks Specify the original SVLAN used for remark service-vlan-id vlan-id-value Required replacing the new SVLAN Exit to system view quit — Create a QoS policy and enter QoS qos policy policy-name Required policy view Map the new CVLAN and SVLAN to the original CVLAN and SVLAN by classifier tcl-name behavior Required...
[SwitchC-GigabitEthernet1/0/3] port link-type trunk [SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503 # Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted port. [SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust # Configure GigabitEthernet 1/0/3 as an ARP trusted port. [SwitchC-GigabitEthernet1/0/3] arp detection trust # Enable SP-side QinQ on GigabitEthernet 1/0/3. [SwitchC-GigabitEthernet1/0/3] qinq enable uplink Configuration on Switch D # Enable DHCP snooping.
Page 206
Configuration procedure Configuration on Device A # Configure QinQ function on GigabitEthernet 1/0/1 to add outer VLAN tag 100 to the traffic tagged with VLAN 10. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 100 [DeviceA-GigabitEthernet1/0/1] qinq enable [DeviceA-GigabitEthernet1/0/1] quit # Configure the uplink port GigabitEthernet 1/0/2 to permit frames of VLAN 100 to pass through.
Page 207
[DeviceC] traffic classifier downlink_out [DeviceC-classifier-downlink_out] if-match customer-vlan-id 30 [DeviceC-classifier-downlink_out] if-match service-vlan-id 200 [DeviceC-classifier-downlink_out] quit # Specify the original CVLAN and SVLAN for outgoing VPN 1 traffic on GigabitEthernet 1/0/1. [DeviceC] traffic behavior downlink_out [DeviceC-behavior-downlink_out] remark customer-vlan-id 10 [DeviceC-behavior-downlink_out] remark service-vlan-id 100 [DeviceC-behavior-downlink_out] quit # Configure a downlink policy to map the new CVLAN and SVLAN to the original CVLAN and SVLAN for the outgoing VPN 1 traffic on GigabitEthernet 1/0/1.
Page 208
<DeviceD> system-view [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port access vlan 200 [DeviceD-GigabitEthernet1/0/2] qinq enable # Configure GigabitEthernet 1/0/1 to permit frames of VLAN 200 to pass through. [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] port link-type trunk [DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 200 1-24...
Page 209
Table of Contents 1 Ethernet OAM Configuration ........................1-1 Ethernet OAM Overview .........................1-1 Types of Ethernet OAMPDUs ......................1-1 Ethernet OAM Implementation ......................1-2 Standards and Protocols .........................1-5 Ethernet OAM Configuration Task List ....................1-5 Configuring Basic Ethernet OAM Functions ...................1-5 Configuring Link Monitoring ........................1-6 Configuring Errored Symbol Event Detection .................1-6 Configuring Errored Frame Event Detection ...................1-6 Configuring Errored Frame Period Event Detection................1-7...
Ethernet OAM Configuration When configuring the Ethernet OAM function, go to these sections for information you are interested in: Ethernet OAM Overview Ethernet OAM Configuration Task List Configuring Basic Ethernet OAM Functions Configuring Link Monitoring Enabling OAM Loopback Testing Displaying and Maintaining Ethernet OAM Configuration Ethernet OAM Configuration Example Ethernet OAM Overview Ethernet OAM (operation, administration, and maintenance) is a tool monitoring Layer-2 link status by...
Figure 1-1 Formats of different types of Ethernet OAMPDUs The fields in an OAMPDU are described as follows: Table 1-1 Description of the fields in an OAMPDU Field Description Destination MAC address of the Ethernet OAMPDU. Dest addr It is a slow protocol multicast address 0180c2000002. Source MAC address of the Ethernet OAMPDU.
Page 212
Ethernet OAM connection establishment Ethernet OAM connection is the base of all the other Ethernet OAM functions. OAM connection establishment is also known as the Discovery phase, where an Ethernet OAM entity discovers remote OAM entities and establishes sessions with them. In this phase, interconnected OAM entities notify the peer of their OAM configuration information and the OAM capabilities of the local nodes by exchanging Information OAMPDUs and determine whether Ethernet OAM connections can be established.
Page 213
The interval to send Information OAMPDUs is determined by a timer. Up to ten Information OAMPDUs can be sent in a second. Link monitoring Error detection in an Ethernet is difficult, especially when the physical connection in the network is not disconnected but network performance is degrading gradually.
Table 1-5 Critical link error events Ethernet OAM link events Description Link Fault Peer link signal is lost. Dying Gasp An unexpected fault, such as power failure, occurred. Critical event An undetermined critical event happened. As Information OAMPDUs are exchanged periodically across established OAM connections, an Ethernet OAM entity can inform one of its OAM peers of link faults through Information OAMPDUs.
Follow these steps to configure basic Ethernet OAM functions: To do… Use the command… Remarks Enter system view System-view — interface interface-type Enter Ethernet port view — interface-number Optional Set Ethernet OAM operating oam mode { active | passive } The default is active Ethernet mode OAM mode.
Follow these steps to configure errored frame event detection: To do… Use the command… Remarks Enter system view system-view — Optional Configure the errored frame oam errored-frame period period-value event detection interval 1 second by default Optional Configure the errored frame oam errored-frame threshold event triggering threshold threshold-value...
Enabling OAM Loopback Testing Follow these steps to enable Ethernet OAM loopback testing: To do… Use the command… Remarks Enter system view System-view — interface interface-type Enter Ethernet port view — interface-number Required Enable Ethernet OAM loopback oam loopback testing Disabled by default.
To do… Use the command… Remarks Available Clear statistics on Ethernet OAM packets reset oam [ interface interface-type in user and Ethernet OAM link error events interface-number ] view only Ethernet OAM Configuration Example Network requirements Enable Ethernet OAM on Device A and Device B to manage links on data link layer. Monitor link performance and collect statistics about the error frames received by Device A.
Page 219
-------------------------------------------------------------------------- Errored-symbol Event period(in seconds) Errored-symbol Event threshold Errored-frame Event period(in seconds) Errored-frame Event threshold Errored-frame-period Event period(in ms) 1000 Errored-frame-period Event threshold Errored-frame-seconds Event period(in seconds) Errored-frame-seconds Event threshold Use the display oam link-event command to display the statistics about Ethernet OAM link events. For example: # Display Ethernet OAM link event statistics of the remote end of Device B.
Page 220
Table of Contents 1 Connectivity Fault Detection Configuration ···························································································1-1 Overview ·················································································································································1-1 Basic Concepts in CFD ···················································································································1-1 Basic Functions of CFD···················································································································1-4 Protocols and Standards ·················································································································1-5 CFD Configuration Task List···················································································································1-5 Basic Configuration Tasks ······················································································································1-5 Configuring Service Instance ··········································································································1-6 Configuring MEP ·····························································································································1-6 Configuring MIP Generation Rules··································································································1-7 Configuring CC on MEPs························································································································1-7 Configuration Prerequisites ·············································································································1-8 Configuring Procedure·····················································································································1-8...
Connectivity Fault Detection Configuration When configuring CFD, go to these sections for information you are interested in: Overview CFD Configuration Task List Basic Configuration Tasks Configuring CC on MEPs Configuring LB on MEPs Configuring LT on MEPs Displaying and Maintaining CFD CFD Configuration Examples Overview Connectivity Fault Detection (CFD) is an end-to-end per-VLAN link layer Operations, Administration...
Page 222
Figure 1-1 Two nested MDs CFD exchanges messages and performs operations on a per-domain basis. By planning MDs properly in a network, you can use CFD to locate failure points rapidly. Maintenance association A maintenance association (MA) is a set of maintenance points (MPs) in a MD. An MA is identified by the “MD name + MA name”.
Page 223
Figure 1-2 Outward-facing MEP Figure 1-3 Inward-facing MEP A MIP is internal to an MD. It cannot send CFD packets actively; however, it can handle and respond to CFD packets. The MA and MD that a MIP belongs to define the VLAN attribute and level of the packets received.
Figure 1-4 Levels of MPs Basic Functions of CFD CFD works effectively only in properly-configured networks. Its functions, which are implemented through the MPs, include: Continuity check (CC); Loopback (LB) Linktrace (LT) Continuity check Continuity check is responsible for checking the connectivity between MEPs. Connectivity faults are usually caused by device faults or configuration errors.
source MEP can identify the path to the destination MEP. Note that LTMs are multicast frames while LTRs are unicast frames. Protocols and Standards The CFD function is implemented in accordance with IEEE P802.1ag. CFD Configuration Task List For CFD to work effectively, you should first design the network by performing the following tasks: Grade the MDs in the entire network, and define the boundary of each MD.
Based on the network design, you should configure MEPs or the rules for generating MIPs on each device. However, before doing this you must first configure the service instance. Configuring Service Instance A service instance is indicated by an integer to represent an MA in an MD. The MD and MA define the level and VLAN attribute of the messages handled by the MPs in a service instance.
To do... Use the command... Remarks cfd remote-mep Required Configure a remote MEP for a remote-mep-id MEP in the same service No remote MEP is configured service-instance instance-id instance for a MEP by default. mep mep-id cfd mep service-instance Required Enable the MEP instance-id mep mep-id Disabled by default...
Configuration Prerequisites Before configuring this function, you should first complete the MEP configuration. Configuring Procedure Follow these steps to configure CC on a MEP: To do... Use the command... Remarks Enter system view system-view — Optional Configure the interval field cfd cc interval value in the CCM messages interval-field-value...
To do... Use the command... Remarks Enter system view system-view — cfd loopback service-instance instance-id mep Required Enable LB mep-id { target-mep target-mep-id | target-mac Disabled by default mac-address } [ number loopback-number ] Configuring LT on MEPs LT can trace the path between the specified MEP and the target MEP, and can also locate link faults by sending LT messages automatically.
Displaying and Maintaining CFD To do... Use the command... Remarks Display CFD status display cfd status Available in any view Display MD configuration display cfd md Available in any view information Display MA configuration display cfd ma [ [ ma-name ] Available in any view information md md-name ]...
Figure 1-5 Network diagram for MD configuration Configuration procedure Configuration on Device A (configuration on Device E is the same as that on Device A) <DeviceA> system-view [DeviceA] cfd enable [DeviceA] cfd md MD_A level 5 [DeviceA] cfd ma MA_MD_A md MD_A vlan 100 [DeviceA] cfd service-instance 1 md MD_A ma MA_MD_A Configuration on Device C <DeviceC>...
Page 232
Decide the remote MEP for each MEP, and enable these MEPs. According to the network diagram as shown in Figure 1-6, perform the following configurations: In MD_A, there are three edge ports: GigabitEthernet 1/0/1 on Device A, GigabitEthernet 1/0/3 on Device D and GigabitEthernet 1/0/4 on Device E.
Configuration procedure Configure Device B <DeviceB> system-view [DeviceB] cfd mip-rule explicit service-instance 1 Configure Device C <DeviceC> system-view [DeviceC] cfd mip-rule default service-instance 2 After the above operation, you can use the display cfd mp command to verify your configuration. Configuring LB on MEPs Network requirements Use the LB function to trace the fault source after CC detects a link fault.
Page 235
Table of Contents 1 MSTP Configuration ··································································································································1-1 MSTP Overview·······························································································································1-1 Introduction to STP··························································································································1-1 How STP works ·······························································································································1-3 Introduction to MSTP·······················································································································1-9 Protocols and Standards ···············································································································1-14 Configuration Task List ·························································································································1-14 Configuring the Root Bridge ··········································································································1-16 Configuring an MST Region ··········································································································1-16 Specifying the Root Bridge or a Secondary Root Bridge ······························································1-17 Configuring the Work Mode of an MSTP Device ··········································································1-18 Configuring the Priority of the Current Device···············································································1-19 Configuring the Maximum Hops of an MST Region······································································1-19...
MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: MSTP Overview Configuration Task List Configuring the Root Bridge Configuring Leaf Nodes Configuring Digest Snooping Configuring No Agreement Check Configuring Protection Functions Displaying and Maintaining MSTP MSTP Configuration Example MSTP Overview Introduction to STP...
Page 238
There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology. Therefore, the root bridge is not fixed. After network convergence, the root bridge generates and sends out configuration BPDUs at a certain interval, and other devices just forward the BPDUs.
All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree. How STP works The devices on a network exchange BPDUs to identify the network topology.
Page 240
Table 1-2 Selection of the optimum configuration BPDU Step Actions Upon receiving a configuration BPDU on a port, the device performs the following: If the received configuration BPDU has a lower priority than that of the configuration BPDU generated by the port, the device discards the received configuration BPDU and does not process the configuration BPDU of this port.
Page 241
Step Description The device compares the calculated configuration BPDU with the configuration BPDU on the port of which the port role is to be defined, and acts depending on the comparison result: If the calculated configuration BPDU is superior, the device considers this port as the designated port, and replaces the configuration BPDU on the port with the calculated configuration BPDU, which will be sent out periodically.
Page 242
Device Port name BPDU of port {2, 0, 2, CP1} Device C {2, 0, 2, CP2} Comparison process and result on each device The following table shows the comparison process and result on each device. Table 1-5 Comparison process and result on each device BPDU of port after Device Comparison process...
Page 243
BPDU of port after Device Comparison process comparison Port CP1 receives the configuration BPDU of Device A {0, 0, 0, AP2}. Device C finds that the received configuration BPDU is superior to the configuration BPDU of the local port {2, 0, 2, CP1}, and updates the configuration BPDU of CP1.
Page 244
Figure 1-3 The final calculated spanning tree The spanning tree calculation process in this example is only simplified process. The BPDU forwarding mechanism in STP Upon network initiation, every switch regards itself as the root bridge, generates configuration BPDUs with itself as the root, and sends the configuration BPDUs at a regular hello interval. If it is the root port that received a configuration BPDU and the received configuration BPDU is superior to the configuration BPDU of the port, the device increases the message age carried in the configuration BPDU following a certain rule and starts a timer to time the configuration BPDU while...
For this reason, as a mechanism for state transition in STP, the newly elected root ports or designated ports require twice the forward delay time before transiting to the forwarding state to ensure that the new configuration BPDU has propagated throughout the network. Hello time is the time interval at which a device sends hello packets to the surrounding devices to ensure that the paths are fault-free.
Page 246
MSTP divides a switched network into multiple regions, each containing multiple spanning trees that are independent of one another. MSTP prunes a loop network into a loop-free tree, thus avoiding proliferation and endless cycling of packets in a loop network. In addition, it provides multiple redundant paths for data forwarding, thus supporting load balancing of VLAN data.
Page 247
Multiple MST regions can exist in a switched network. You can use an MSTP command to assign multiple devices to the same MST region. VLAN-to-MSTI mapping table As an attribute of an MST region, the VLAN-to-MSTI mapping table describes the mapping relationships between VLANs and MSTIs.
Page 248
During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. 10) Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.
Page 249
In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.
Implementation of MSTP on devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation. In addition to basic MSTP functions, many special functions are provided for ease of management, as follows: Root bridge hold Root bridge backup...
Page 251
Task Remarks Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring Leaf Configuring Path Costs of Ports Optional NodesConfiguring Leaf Nodes...
Configuring the Root Bridge Configuring an MST Region Configuration procedure Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view system-view — Enter MST region view stp region-configuration — Optional Configure the MST region region-name name The MST region name is the name...
Configuration example # Configure the MST region name to be “info”, the MSTP revision level to be 1, and VLAN 2 through VLAN 10 to be mapped to MSTI 1 and VLAN 20 through VLAN 30 to MSTI 2. <Sysname> system-view [Sysname] stp region-configuration [Sysname-mst-region] region-name info [Sysname-mst-region] instance 1 vlan 2 to 10...
There is one and only one root bridge in effect in a spanning tree instance. If two or more devices have been designated to be root bridges of the same spanning tree instance, MSTP will select the device with the lowest MAC address as the root bridge. You can specify multiple secondary root bridges for the same instance.
[Sysname] stp mode stp Configuring the Priority of the Current Device The priority of a device determines whether it can be elected as the root bridge of a spanning tree. A lower value indicates a higher priority. By setting the priority of a device to a low value, you can specify the device as the root bridge of the spanning tree.
To do... Use the command... Remarks Enter system view system-view — Optional Configure the maximum hops stp max-hops hops of the MST region 20 by default A larger maximum hops setting means a larger size of the MST region. Only the maximum hops configured on the regional root bridge can restrict the size of the MST region.
Configuring Timers of MSTP MSTP involves three timers: forward delay, hello time and max age. You can configure these three parameters for MSTP to calculate spanning trees. Configuration procedure Follow these steps to configure the timers of MSTP: To do... Use the command...
We recommend that you specify the network diameter with the stp root primary command and let MSTP automatically calculate optimal settings of these three timers. Configuration example # Set the forward delay to 1,600 centiseconds, hello time to 300 centiseconds, and max age to 2,100 centiseconds.
Configuration procedure Follow these steps to configure the maximum rate of a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type or Layer-2 Enter interface-number Configurations made in interface...
Configuration procedure Follow these steps to specify a port or a group of ports as edge port(s): To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type Enter or Layer-2 interface-number Configurations made in interface interface view...
Configuration procedure Follow these steps to set the type of a connected link to P2P: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view or Use either command. interface interface-type Enter Layer-2 interface-number Configurations made in interface interface aggregate...
Configuration procedure Follow these steps to configure the MSTP packet format to be supported by a port or a group of ports: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view or interface interface-type Enter Use either command.
Follow these steps to enable output of port state transition information: To do... Use the command... Remarks Enter system view system-view — Optional Enable output of port state stp port-log { all | instance transition information of all This function is enabled by instance-id } MSTIs or a particular MSTI default.
[Sysname-GigabitEthernet1/0/1] undo stp enable Configuring Leaf Nodes Configuring an MST Region Refer to Configuring an MST Region in the section about root bridge configuration. Configuring the Work Mode of MSTP Refer to Configuring the Work Mode of an MSTP Device in the section about root bridge configuration.
Page 265
Table 1-7 Link speed vs. path cost Link speed Duplex state 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...
If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.
Configuration example # Set the priority of port GigabitEthernet 1/0/1 to 16 in MSTI 1. <Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] stp instance 1 port priority 16 Setting the Link Type of a Port to P2P Refer to Setting the Link Type of a Port to P2P in the section about root bridge configuration.
Performing mCheck in interface view Follow these steps to perform mCheck in interface view: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet interface view or Layer-2 interface interface-type — aggregate interface view interface-number Perform mCheck stp mcheck Required Configuration Example...
Configuration Procedure Follow these steps to configure Digest Snooping: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type or Layer-2 interface-number Configurations made in Enter interface aggregate interface view will take effect on view or port interface view the current port only;...
Figure 1-6 Digest Snooping configuration Configuration procedure Enable Digest Snooping on Device A. # Enable Digest Snooping on GigabitEthernet1/0/1. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] stp config-digest-snooping [DeviceA-GigabitEthernet1/0/1] quit # Enable global Digest Snooping. [DeviceA] stp config-digest-snooping Enable Digest Snooping on Device B (the same as above, omitted) Configuring No Agreement Check In RSTP and MSTP, two types of messages are used for rapid state transition on designated ports: Proposal: sent by designated ports to request rapid transition...
Figure 1-7 Rapid state transition of an MSTP designated port Upstream Switch Downstream switch Proposal for rapid transition Root port blocks other non-edge ports Root port changes to Agreement forwarding state and sends Agreement Designated port Root port changes to Designated port forwarding state Figure 1-8...
Configuration Procedure Follow these steps to configure No Agreement Check: To do... Use the command... Remarks Enter system view system-view — Enter Ethernet Required interface view Use either command. interface interface-type or Layer-2 Enter interface-number Configurations made in aggregate interface or interface view will take effect interface view port group...
Loop guard TC-BPDU attack guard Among loop guard, root guard and edge port settings, only one function can take effect on the same port at the same time. Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU Guard We recommend that you enable BPDU guard if your device supports this function.
Enabling Root Guard We recommend that you enable root guard if your device supports this function. The root bridge and secondary root bridge of a panning tree should be located in the same MST region. Especially for the CIST, the root bridge and secondary root bridge are generally put in a high-bandwidth core region during network design.
By keeping receiving BPDUs from the upstream device, a device can maintain the state of the root port and blocked ports. However, due to link congestion or unidirectional link failures, these ports may fail to receive BPDUs from the upstream devices. In this case, the downstream device will reselect the port roles: those ports in forwarding state that failed to receive upstream BPDUs will become designated ports, and the blocked ports will transition to the forwarding state, resulting in loops in the switched network.
We recommend that you keep this feature enabled. Displaying and Maintaining MSTP To do... Use the command... Remarks View information about abnormally Available in any view display stp abnormal-port blocked ports View information about ports blocked display stp down-port Available in any view by STP protection functions View the information of port role display stp [ instance...
Page 277
Figure 1-10 Network diagram for MSTP configuration Device B Device A Permit:all VLAN Permit: Permit: VLAN 10,20 VLAN 20,30 Permit: Permit: VLAN 10,20 VLAN 20,30 Permit:VLAN 20,40 Device D Device C “Permit:“ beside each link in the figure is followed by the VLANs the packets of which are permitted to pass this link.
Page 278
1 to 9, 11 to 29, 31 to 39, 41 to 4094 Configuration on Device B # Enter MST region view. <DeviceB> system-view [DeviceB] stp region-configuration # Configure the region name, VLAN-to-MSTI mappings and revision level of the MST region. [DeviceB-mst-region] region-name example [DeviceB-mst-region] instance 1 vlan 10 [DeviceB-mst-region] instance 3 vlan 30...
Page 279
[DeviceC-mst-region] active region-configuration [DeviceC-mst-region] quit # Define Device C as the root bridge of MSTI 4. [DeviceC] stp instance 4 root primary # Enable MSTP globally. [DeviceC] stp enable # View the MST region configuration information that has taken effect. [DeviceC] display stp region-configuration Oper configuration Format selector...
RRPP Configuration When configuring RRPP, go to these sections for information you are interested in: RRPP Overview RRPP Configuration Task List Configuring Master Node Configuring Transit Node Configuring Edge Node Configuring Assistant Edge Node Configuring Ring Group Displaying and Maintaining RRPP RRPP Typical Configuration Examples Troubleshooting RRPP Overview...
Basic Concepts in RRPP Figure 1-1 RRPP networking diagram RRPP domain The interconnected devices with the same domain ID and control VLANs constitute an RRPP domain. An RRPP domain contains the following elements: primary ring, subring, control VLAN, master node, transit node, primary port, secondary port, common port, and edge port.
Page 284
A data VLAN is a VLAN dedicated to transferring data packets. Both RRPP ports and non-RRPP ports can be assigned to a data VLAN. Node Each device on an RRPP ring is referred to as a node. The role of a node is configurable. There are the following node roles: Master node: Each ring has one and only one master node.
As shown in Figure 1-1, Device B and Device C lie on Ring 1 and Ring 2. Device B’s Port 1 and Port 2 and Device C’s Port 1 and Port 2 access the primary ring, so they are common ports. Device B’s Port 3 and Device C’s Port 3 access only the subring, so they are edge ports.
secondary port receives the Hello packets sent by the local master node before the Fail timer expires, the overall ring is in Health state. Otherwise, the ring transits into Disconnect state. In an RRPP domain, a transit node learns the Hello timer value and the Fail timer value on the master node through the received Hello packets, ensuring that all nodes in the ring network are consistent in the two timer settings.
Broadcast storm suppression mechanism in a multi-homed subring in case of SRPT failure As shown in Figure 1-5, Ring 1 is the primary ring, and Ring 2 and Ring 3 are subrings. When the two SRPTs between the edge node and the assistant-edge node are down, the master nodes of Ring 2 and Ring 3 will open their respective secondary ports, and thus a loop among Device B, Device C, Device E, and Device F is generated.
Page 288
Single ring Figure 1-2 Single ring There is only a single ring in the network topology. In this case, you only need to define an RRPP domain. Tangent rings Figure 1-3 Tangent rings There are two or more rings in the network topology and only one common node between rings. In this case, you need to define an RRPP domain for each ring.
Page 289
Intersecting rings Figure 1-4 Intersecting rings There are two or more rings in the network topology and two common nodes between rings. In this case, you only need to define an RRPP domain, and set one ring as the primary ring and the other rings as subrings.
Page 290
Single-ring load balancing Figure 1-6 Network diagram for single-ring load balancing Device A Device B Domain 1 Ring 1 Domain 2 Device D Device C In a single-ring network, you can achieve load balancing by configuring multiple domains. As shown in Figure 1-6, Ring 1 is configured as the primary ring of both Domain 1 and Domain 2.
Protocols and Standards RFC 3619 Extreme Networks' Ethernet Automatic Protection Switching (EAPS) Version 1 is related to RRPP. RRPP Configuration Task List RRPP does not have an auto election mechanism, so you must configure each node in the ring network properly for RRPP to monitor and protect the ring network. Before configuring RRPP, you need to construct a ring-shaped Ethernet topology physically.
The link type of these ports must be trunk. They must be Layer 2 GE ports. They must not be member ports of any aggregation group, service loopback group, or smart link group. STP is disabled on them. The 802.1p priority of trusted packets on the ports is configured, so that RRPP packets take higher precedence than data packets when passing through the ports.
To do… Use the command… Remarks ring ring-id node-mode master Specify the current device as [ primary-port interface-type the master node of the ring, interface-number ] Required and specify the primary port [ secondary-port interface-type and the secondary port interface-number ] level level-value Optional Configure the timer for the...
Page 294
To do… Use the command… Remarks Specify a control VLAN for the control-vlan vlan-id Required RRPP domain Required protected-vlan Specify protected VLANs for No protected VLAN is specified reference-instance the RRPP domain for an RRPP domain by instance-id-list default. ring ring-id node-mode transit Specify the current device as [ primary-port interface-type the transit node of the ring, and...
Configuring Edge Node Follow these steps to configure edge node: To do… Use the command… Remarks Enter system view system-view — Create an RRPP domain and rrpp domain domain-id Required enter its view Specify a control VLAN for the control-vlan vlan-id Required RRPP domain Required...
Before specifying RRPP rings for an RRPP domain, you must specify protected VLANs for the domain. Before specifying rings for an RRPP domain, you can delete or modify the protected VLANs configured for the RRPP domain; after specifying rings for an RRPP domain, you can delete or modify the protected VLANs configured for the RRPP domain, however, you cannot delete all the protected VLANs configured for the domain.
To do… Use the command… Remarks Specify the current device as ring ring-id node-mode the assistant-edge node of the assistant-edge [ edge-port Required subring, and specify an edge interface-type port interface-number ] Required Enable the primary ring ring ring-id enable By default, the RRPP ring is disabled.
You need to configure ring groups on both the edge node and the assistant-edge node at the same time. The two ring groups must be configured with the same subrings. Otherwise, the ring groups cannot operate properly. Configuration Prerequisites The RRPP domain, control VLANs, protected VLANs, the primary ring, and the subrings have been configured on the edge node device.
To do… Use the command… Remarks reset rrpp statistics domain Clear RRPP statistics Available in user view domain-id [ ring ring-id ] RRPP Typical Configuration Examples Configuring Single Ring Topology Networking requirements Device A, Device B, Device C, and Device D constitute RRPP domain 1, specify the primary control VLAN of RRPP domain 1 as VLAN 4092, and RPPP domain 1 protects all VLANs;...
Page 300
Configuration procedure Perform the following configuration on Device A: # Configure RRPP ports GigabitEthernet1/0/1 and GigabitEthernet1/0/2. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] undo stp enable [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all [DeviceA-GigabitEthernet1/0/1] qos trust dot1p [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] undo stp enable...
# Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure the VLANs mapped to MSTIs 0 through 32 as the protected VLANs of RRPP domain 1. [DeviceB] rrpp domain 1 [DeviceB-rrpp-domain1] control-vlan 4092 [DeviceB-rrpp-domain1] protected-vlan reference-instance 0 to 32 # Configure Device B as the transit node of primary ring 1, with GigabitEthernet1/0/1 as the primary port and GigabitEthernet1/0/2 as the secondary port, and enable ring 1.
Page 302
Specify the control VLAN for the RRPP domain. Configure the protected VLANs to reference all MSTIs. The MSTI ID ranges from 0 to 32. Specify the node mode of a device on an RRPP ring and the ports accessing the RRPP ring on the device.
Page 303
[DeviceA-rrpp-domain1] ring 1 enable [DeviceA-rrpp-domain1] quit # Enable RRPP. [DeviceA] rrpp enable Configuration on Device B # Configure RRPP ports GigabitEthernet1/0/1, GigabitEthernet1/0/2 and GigabitEthernet1/0/3. <DeviceB> system-view [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] undo stp enable [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all [DeviceB-GigabitEthernet1/0/1] qos trust dot1p [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2...
Page 304
<DeviceC> system-view [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] undo stp enable [DeviceC-GigabitEthernet1/0/1] port link-type trunk [DeviceC-GigabitEthernet1/0/1] port trunk permit vlan all [DeviceC-GigabitEthernet1/0/1] qos trust dot1p [DeviceC-GigabitEthernet1/0/1] quit [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] undo stp enable [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan all [DeviceC-GigabitEthernet1/0/2] qos trust dot1p [DeviceC-GigabitEthernet1/0/2] quit [DeviceC] interface gigabitethernet 1/0/3...
Page 305
[DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] undo stp enable [DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan all [DeviceD-GigabitEthernet1/0/2] qos trust dot1p [DeviceD-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure VLANs mapped to MSTIs 0 through 32 as the protected VLANs of RRPP domain 1.
# Enable RRPP. [DeviceE] rrpp enable Verification After the configuration, you can use the display command to view RRPP configuration result on each device. Configuring Intersecting-Ring Load Balancing Networking requirements Device A, Device B, Device C, Device D, and Device F constitute RRPP domain 1, and VLAN 100 is the primary control VLAN of the RRPP domain.
Page 307
Figure 1-10 Network diagram for intersecting-ring load balancing configuration Configuration procedure Configure Device A as the master node of the primary ring # Create VLANs 10 and 20, and map VLAN 10 to MSTI 1 and VLAN 20 to MSTI 2. <DeviceA>...
Page 308
[DeviceA-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 100 as the primary control VLAN of RRPP domain 1, and configure the VLAN mapped to MSTI 1 as the protected VLAN of RRPP domain 1. [DeviceA] rrpp domain 1 [DeviceA-rrpp-domain1] control-vlan 100 [DeviceA-rrpp-domain1] protected-vlan reference-instance 1 # Configure Device A as the master node of primary ring 1, with GigabitEthernet1/0/1 as the primary port and GigabitEthernet1/0/2 as the secondary port, and enable ring 1.
Page 310
[DeviceB-rrpp-domain2] ring node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 [DeviceB-rrpp-domain2] ring 1 enable # Configure Device B as the assistant-edge node of subring 2 in RRPP domain 2, with GigabitEthernet1/0/3 as the edge port, and enable subring 2. [DeviceB-rrpp-domain2] ring 2 node-mode assistant-edge edge-port gigabitethernet 1/0/3 [DeviceB-rrpp-domain2] ring 2 enable [DeviceB-rrpp-domain2] quit...
Page 311
[DeviceC-GigabitEthernet1/0/4] undo stp enable [DeviceC-GigabitEthernet1/0/4] port link-type trunk [DeviceC-GigabitEthernet1/0/4] undo port trunk permit vlan 1 [DeviceC-GigabitEthernet1/0/4] port trunk permit vlan 10 [DeviceC-GigabitEthernet1/0/4] qos trust dot1p [DeviceC-GigabitEthernet1/0/4] quit # Create RRPP domain 1, configure VLAN 10 as the primary control VLAN of RRPP domain 1, and configure the VLAN mapped to MSTI 1 as the protected VLAN of RRPP domain 1.
Page 315
When the link state is normal, the master node cannot receive Hello packets, and the master node unblocks the secondary port. Analysis: The reasons may be: RRPP is not enabled on some nodes in the RRPP ring. The domain ID or primary control VLAN ID is not the same for the nodes in the same RRPP ring. Some ports are abnormal.
Page 316
Table of Contents 1 Port Mirroring Configuration ····················································································································1-1 Introduction to Port Mirroring ··················································································································1-1 Classification of Port Mirroring ········································································································1-1 Implementing Port Mirroring ············································································································1-1 Configuring Local Port Mirroring ·············································································································1-3 Configuring Remote Port Mirroring ·········································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-4 Configuring a Remote Destination Mirroring Group (on the Destination Device) ···························1-6 Displaying and Maintaining Port Mirroring ······························································································1-7 Port Mirroring Configuration Examples ···································································································1-7...
Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.
Page 318
Figure 1-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device Remote port mirroring Remote port mirroring can mirror all packets but protocol packets. Remote port mirroring is implemented through the cooperation of a remote source mirroring group and a remote destination mirroring group as shown Figure 1-2.
Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group. When receiving a packet, the destination device compares the VLAN ID carried in the packet with the ID of the probe VLAN configured in the remote destination mirroring group.
A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port. A mirroring or monitor port to be configured cannot belong to an existing port mirroring group.
Page 321
To do… Use the command… Remarks mirroring-group groupid Required In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group. interface interface-type In system view, you can interface-number Configure assign a list of mirroring [ mirroring-group groupid ] mirroring ports to the mirroring...
To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. Configuring a Remote Destination Mirroring Group (on the Destination Device) A remote destination mirroring group comprises a remote probe VLAN and a monitor port.
When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. To ensure operation of your device, do not assign the monitor port to a mirroring VLAN. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring.
Figure 1-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.
Page 325
As shown in Figure 1-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.
Page 326
[SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-type trunk [SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet1/0/1] quit...
Page 327
IP Services Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a IP Address device that is attached to the Internet. This document introduces the commands for IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.
Page 328
Features Description UDP Helper functions as a relay agent that converts UDP broadcast UDP Helper packets into unicast packets and forwards them to a specified server. This document introduces the commands for UDP Helper configuration Unicast Reverse Path Forwarding (URPF) protects a network against URPF source address spoofing attacks.
Page 329
Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...
IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes...
Table 1-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link.
In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.
The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has BOOTP or DHCP configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.
<Switch> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted...
Page 335
Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-1 ARP Address Resolution Process···································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-3 Configuring a Static ARP Entry ·······································································································1-3 Configuring the Maximum Number of ARP Entries for a VLAN Interface ·······································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-4 Enabling the ARP Entry Check ·······································································································1-5 ARP Configuration Example············································································································1-5...
Page 336
Configuring ARP Packet Source MAC Address Consistency Check··············································3-5 Configuring ARP Packet Rate Limit ········································································································3-5 Introduction······································································································································3-5 Configuring the ARP Packet Rate Limit Function ···········································································3-5 Configuring ARP Detection ·····················································································································3-5 Introduction to ARP Detection ·········································································································3-5 Enabling ARP Detection Based on DHCP Snooping Entries/802.1x Security Entries/Static IP-to-MAC Bindings···········································································································································3-6 Configuring ARP Detection Based on Specified Objects ································································3-7 Displaying and Maintaining ARP Detection·····················································································3-8...
This document is organized as follows: ARP Configuration Proxy ARP Configuration ARP Attack Defense Configuration ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP ARP Overview ARP Function The Address Resolution Protocol (ARP) is used to resolve an IP address into an Ethernet MAC address...
Hardware address length and protocol address length: They respectively specify the length of a hardware address and a protocol address, in bytes. For an Ethernet address, the value of the hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length field is “4”.
of the gateway from an ARP reply, Host A sends the packet to the gateway. If the gateway maintains the ARP entry of Host B, it forwards the packet to Host B directly; if not, it broadcasts an ARP request, in which the target IP address is the IP address of Host B.
Follow these steps to configure a static ARP entry: To do… Use the command… Remarks Enter system view system-view — arp static ip-address mac-address Required Configure a permanent vlan-id interface-type No permanent static ARP entry static ARP entry interface-number [ vpn-instance is configured by default.
Enabling the ARP Entry Check The ARP entry check function disables the device from learning multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address, and configuring such a static ARP entry is not allowed; otherwise, the system displays error messages. After the ARP entry check is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.
Determining whether its IP address is already used by another device. Informing other devices of its MAC address change so that they can update their ARP entries. A device receiving a gratuitous ARP packet adds the information carried in the packet to its own dynamic ARP table if it finds no corresponding ARP entry for the ARP packet in the cache.
Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview If a host sends an ARP request for the MAC address of another host that actually resides on another network (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts.
You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, Switch seems to be a proxy of Host B. A main advantage of proxy ARP is that it is added on a single router without disturbing routing tables of other routers in the network.
To do… Use the command… Remarks Required Enable local proxy ARP local-proxy-arp enable Disabled by default. Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is display proxy-arp [ interface Available in any view enabled vlan-interface vlan-id ] Display whether local proxy...
[Switch-Vlan-interface1] proxy-arp enable [Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3, respectively.
# Configure an IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3.
Page 348
[SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/3 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port gigabitethernet 1/0/1 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A # Create VLAN 5 and add GigabitEthernet 1/0/1 to it. <SwitchA>...
ARP Attack Defense Configuration When configuring ARP attack defense, go to these sections for information you are interested in: Configuring ARP Source Suppression Configuring ARP Defense Against IP Packet Attacks Configuring ARP Active Acknowledgement Configuring Source MAC Address Based ARP Attack Detection Configuring ARP Packet Source MAC Address Consistency Check Configuring ARP Packet Rate Limit Configuring ARP Detection...
Displaying and Maintaining ARP Source Suppression To do… Use the command… Remarks Display the ARP source suppression display arp source-suppression Available in any view configuration information Configuring ARP Defense Against IP Packet Attacks Introduction to ARP Defense Against IP Packet Attacks When forwarding an IP packet, a device depends on ARP to resolve the MAC address of the next hop.
If an ARP reply is received within five seconds, the gateway updates the ARP entry; If not, the ARP entry is not updated. Configuring the ARP Active Acknowledgement Function Follow these steps to configure ARP active acknowledgement: To do… Use the command… Remarks Enter system view system-view...
Follow these steps to configure protected MAC addresses: To do… Use the command… Remarks Enter system view system-view — Optional Configure protected MAC arp anti-attack source-mac addresses exclude-mac mac-address&<1-n> Not configured by default. Configuring the aging timer for protected MAC addresses Follow these steps to configure the aging timer for protected MAC addresses: To do…...
ARP detection also checks source MAC address consistency of ARP packets, but it is enabled on an access device to detect only ARP packets sent to it. Configuring ARP Packet Source MAC Address Consistency Check Follow these steps to enable ARP packet source MAC address consistency check: To do…...
Enabling ARP Detection Based on DHCP Snooping Entries/802.1x Security Entries/Static IP-to-MAC Bindings With this feature enabled, the device compares the source IP and MAC addresses of an ARP packet received from the VLAN against the DHCP snooping entries, 802.1X security entries, or static IP-to-MAC binding entries.
To do… Use the command… Remarks Enter system view system-view — Enter VLAN view vlan vlan-id — Required Enable ARP detection for Disabled by default. That is, the ARP arp detection enable the VLAN packets received on all the ports in the VLAN will not be checked.
dst-mac: Checks the target MAC address of ARP replies. If the target MAC address is all-zero, all-one, or inconsistent with the destination MAC address in the Ethernet header, the packet is considered invalid and discarded. ip: Checks both the source and destination IP addresses in an ARP packet. The all-zero, all-one or multicast IP addresses are considered invalid and the corresponding packets are discarded.
Page 357
Figure 3-1 Network diagram for ARP detection configuration DHCP server Switch A Vlan-int10 10.1.1.1/24 VLAN10 DHCP snooping GE1/0/1 Switch B GE1/0/2 GE1/0/3 DHCP client DHCP client Host A Host B Configuration procedure Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on Switch A (the configuration procedure is omitted).
[SwitchB-GigabitEthernet1/0/1] quit # Enable ARP detection for VLAN 10. Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an untrusted port by default). [SwitchB] vlan 10 [SwitchB-vlan10] arp detection enable [SwitchB-vlan10] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] arp detection trust [SwitchB-GigabitEthernet1/0/1] quit # Configure a static IP Source Guard binding entry on GigabitEthernet 1/0/2.
Page 359
Figure 3-2 Network diagram for ARP detection configuration Configuration procedure Add all the ports on Switch B into VLAN 10, and configure the IP address of VLAN-interface 10 on Switch A (the configuration procedure is omitted). Configure Switch A as a DHCP server # Configure DHCP address pool 0 <SwitchA>...
Page 360
[SwitchB] interface gigabitethernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] dot1x [SwitchB-GigabitEthernet1/0/1] quit [SwitchB] interface gigabitethernet 1/0/2 [SwitchB-GigabitEthernet1/0/2] dot1x [SwitchB-GigabitEthernet1/0/2] quit # Add local access user test. [SwitchB] local-user test [SwitchB-luser-test] service-type lan-access [SwitchB-luser-test] password simple test [SwitchB-luser-test] quit # Enable ARP detection for VLAN 10. Configure the upstream port as a trusted port and the downstream ports as untrusted ports (a port is an untrusted port by default).
Page 361
Table of Contents 1 DHCP Overview··········································································································································1-1 Introduction to DHCP ······························································································································1-1 DHCP Address Allocation ·······················································································································1-2 Allocation Mechanisms····················································································································1-2 Dynamic IP Address Allocation Process ·························································································1-2 IP Address Lease Extension ···········································································································1-3 DHCP Message Format ··························································································································1-3 DHCP Options·········································································································································1-4 DHCP Options Overview ·················································································································1-4 Introduction to DHCP Options ·········································································································1-4 Self-Defined Options ·······················································································································1-5 Protocols and Standards·························································································································1-8 2 DHCP Server Configuration······················································································································2-1...
Page 362
Self-Defined Option Configuration Example··················································································2-19 Troubleshooting DHCP Server Configuration ·······················································································2-20 3 DHCP Relay Agent Configuration ············································································································3-1 Introduction to DHCP Relay Agent ·········································································································3-1 Application Environment··················································································································3-1 Fundamentals··································································································································3-1 DHCP Relay Agent Support for Option 82 ······················································································3-2 DHCP Relay Agent Configuration Task List ···························································································3-3 Configuring the DHCP Relay Agent········································································································3-3 Enabling DHCP ·······························································································································3-3 Enabling the DHCP Relay Agent on an Interface ···········································································3-4 Correlating a DHCP Server Group with a Relay Agent Interface····················································3-4...
This document is organized as follows: DHCP Overview DHCP Server Configuration DHCP Relay Agent Configuration DHCP Client Configuration DHCP Snooping Configuration BOOTP Client Configuration DHCP Overview Introduction to DHCP The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts.
DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client. Automatic allocation: DHCP assigns a permanent IP address to a client. Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease.
After receiving the DHCP-ACK message, the client probes whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within a specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server and requests an IP address again.
secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0. flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast;...
Option 121: Classless route option. It specifies a list of classless static routes (the destination addresses in these static routes are classless) that the requesting client should add to its routing table. Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table.
Page 368
Figure 1-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 1-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.
Page 369
Figure 1-8 Sub-option 1 in normal padding format Sub-option type (0x01) Length (0x06) Circuit ID type (0x00) Length (0x04) VLAN ID Interface number Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format.
Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.
DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List Configuring an Address Pool for the DHCP Server Enabling DHCP Enabling the DHCP Server on an Interface Applying an Extended Address Pool on an Interface Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82...
Page 372
Common address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client. The common address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients.
DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool. Keep the IP addresses for dynamic allocation within the subnet where the interface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation. IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following sequence: The first assignable IP address found in the extended address pool referenced on the receiving...
Configuring an Address Pool for the DHCP Server Configuration Task List Complete the following tasks to configure an address pool: Task Remarks Creating a DHCP Address Pool Required Configuring manual address allocation Required to configure Configuring an Address either of the two for the Allocation Mode for a common address pool Configuring dynamic address allocation...
Configuring an Address Allocation Mode for a Common Address Pool You can configure either the static binding or dynamic address allocation for a common address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
Page 376
Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier to accomplish a static binding configuration. In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa. If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.
In common address pool view, using the network command repeatedly overwrites the previous configuration. After you exclude IP addresses from automatic allocation using the dhcp server forbidden-ip command, neither a common address pool nor an extended address pool can assign these IP addresses through dynamic address allocation.
Configuring a Domain Name Suffix for the Client You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client only needs to input part of a domain name, and the system will add the domain name suffix for name resolution.
h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response is received, then broadcasts it to get the destination IP address. Follow these steps to configure WINS servers and NetBIOS node type in the DHCP address pool: To do…...
Follow these steps to configure the gateways in the DHCP address pool: To do… Use the command… Remarks Enter system view system-view — Enter DHCP address dhcp server ip-pool pool-name — pool view [ extended ] Required Specify gateways gateway-list ip-address&<1-8> No gateway is specified by default.
When a router starts up without loading any configuration file, the system sets an active interface (such as the interface of the default VLAN) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name. After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.
To do… Use the command… Remarks Required option code { ascii ascii-string Configure a self-defined DHCP | hex hex-string&<1-16> | No DHCP option is configured option ip-address ip-address&<1-8> } by default. Table 2-1 Description of common options Option Option name Corresponding command Command parameter Router Option...
To do… Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Optional Enable the DHCP server on an dhcp select server global-pool interface [ subaddress ] Enabled by default. If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of whether the subaddress keyword is used, will select an IP address from the address pool containing the primary IP address of the DHCP relay agent’s interface (connected to the client) for a requesting client.
Only an extended address pool can be applied on the interface. The address pool to be referenced must already exist. Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server. Configuration Prerequisites Before performing this configuration, complete the following configurations on the DHCP server: Enable DHCP Configure the DHCP address pool...
Follow these steps to configure IP address conflict detection: To do… Use the command… Remarks Enter system view system-view — Optional Specify the number of ping dhcp server ping packets One ping packet by default. packets number The value 0 indicates that no ping operation is performed.
Displaying and Maintaining the DHCP Server To do… Use the command… Remarks Display information about IP address display dhcp server conflict { all | ip conflicts ip-address } Display information about lease display dhcp server expired { all | ip expiration ip-address | pool [ pool-name ] } Display information about assignable...
Static IP Address Assignment Configuration Example Network requirements As shown in Figure 2-1, Switch B (DHCP client) obtains a static IP address, DNS server address, and gateway address from Switch A (DHCP server). Figure 2-1 Network diagram for static IP address assignment Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A.
Page 388
The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for subnet 10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 less than 124.
Troubleshooting DHCP Server Configuration Symptom A client’s IP address obtained from the DHCP server conflicts with another IP address. Analysis A host on the subnet may have the same IP address. Solution Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration The DHCP relay agent configuration is supported only on VLAN interfaces.
Figure 3-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process).
If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing normal the original Option 82 with the Option 82 padded in normal format.
Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view system-view — Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.
To do… Use the command… Remarks Required Correlate the DHCP server dhcp relay server-select By default, no interface is group with the current interface group-id correlated with any DHCP server group. You can specify up to twenty DHCP server groups on the relay agent and eight DHCP server addresses for each DHCP server group.
Page 396
The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. You are recommended to configure IP address check on the interface enabled with the DHCP relay agent;...
Follow these steps to enable unauthorized DHCP server detection: To do… Use the command… Remarks Enter system view system-view — Required Enable unauthorized DHCP dhcp relay server-detect server detection Disabled by default. With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.
Page 398
Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable the relay agent to support Option dhcp relay information...
To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82.
Switch A forwards DHCP requests to the DHCP server (Switch B) after replacing Option 82 in the requests, so that the DHCP clients can obtain IP addresses. Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP. <SwitchA>...
Page 402
The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct. 3-12...
DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.
An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Recording IP-to-MAC mappings of DHCP clients DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries.
If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.
You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports.
Page 410
To do… Use the command… Remarks dhcp-snooping information format Configure the Optional { normal | verbose padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format of Option 82.
Displaying and Maintaining DHCP Snooping To do… Use the command… Remarks display dhcp-snooping [ ip Display DHCP snooping entries ip-address ] display dhcp-snooping Display Option 82 configuration information information { all | interface Available in any on the DHCP snooping device interface-type interface-number } view Display DHCP packet statistics on the...
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP Snooping Option 82 Support Configuration Example Network requirements As shown in Figure 5-3, enable DHCP snooping and Option 82 support on Switch B. Configure the handling strategy for DHCP requests containing Option 82 as replace. On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as company001 and for the remote ID sub-option as device001.
BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server. Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.
Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks Display related information on a display bootp client [ interface Available in any BOOTP client interface-type interface-number ] view BOOTP Client Configuration Example Network requirement As shown in Figure 2-2, Switch B’s port belonging to VLAN 1 is connected to the LAN.
Page 416
Table of Contents 1 DNS Configuration·····································································································································1-1 DNS Overview·········································································································································1-1 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the DNS Client·····················································································································1-4 Configuring Static Domain Name Resolution ··················································································1-4 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-5 Displaying and Maintaining DNS ············································································································1-5 DNS Configuration Examples ·················································································································1-5 Static Domain Name Resolution Configuration Example································································1-5 Dynamic Domain Name Resolution Configuration Example···························································1-6...
DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the DNS Client Configuring the DNS Proxy Displaying and Maintaining DNS DNS Configuration Examples Troubleshooting DNS Configuration This document only covers IPv4 DNS configuration. For information about IPv6 DNS configuration, refer to IPv6 Basics Configuration in the IP Services Volume.
Page 418
The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned. The DNS client returns the resolution result to the application after receiving a response from the DNS server.
If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 1-2, a DNS client sends a DNS request to the DNS proxy, which forwards the...
Configuring the DNS Client Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do… Use the command… Remarks Enter system view system-view –– Configure a mapping between a host Required name and IP address in the static ip host hostname ip-address Not configured by default.
Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view system-view — Required Enable DNS proxy dns proxy enable Disabled by default. Displaying and Maintaining DNS To do… Use the command… Remarks Display the static domain name display ip host...
data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
Page 423
Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 1-5 Create a zone # Create a mapping between the host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure...
Page 424
Figure 1-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Execute the ping host command on the Switch to verify that the communication between the Switch...
DNS Proxy Configuration Example Network requirements Specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A. Figure 1-8 Network diagram for DNS proxy Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are...
# Specify the DNS server 2.1.1.2. [SwitchB] dns server 2.1.1.2 Configuration verification # Execute the ping host.com command on Switch B to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)
Page 427
Table of Contents 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Overview ·······················································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2 Configuring TCP Optional Parameters ···································································································1-3 Configuring ICMP to Send Error Packets ·······························································································1-4...
IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Optional Parameters Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization IP Performance Overview In some network environments, you can adjust the IP parameters to achieve best network performance.
Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable the interface to forward ip forward-broadcast [ acl By default, the device is...
[SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B # Enable Switch B to receive directed broadcasts. <SwitchB> system-view [SwitchB] ip forward-broadcast # Configure a static route to the host. [SwitchB] ip route-static 1.1.1.1 24 2.2.2.2 # Configure an IP address for VLAN-interface 2.
The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer Configuring ICMP to Send Error Packets Sending error packets is a major function of ICMP.
Page 432
When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet’s port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet. If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure”...
Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Display TCP connection statistics display tcp statistics Display UDP statistics display udp statistics display ip statistics [ slot Display statistics of IP packets slot-number ] display icmp statistics [ slot Display statistics of ICMP flows...
UDP Helper Configuration When configuring UDP Helper, go to these sections for information you are interested in: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples UDP Helper can be currently configured on VLAN interfaces only. Introduction to UDP Helper Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network.
To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Specify the destination server to which UDP packets udp-helper server ip-address No destination server is specified are to be forwarded by default. The UDP Helper enabled device cannot forward DHCP broadcast packets. That is to say, the UDP port number cannot be set to 67 or 68.
Page 437
Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1.
Page 438
Table of Contents 1 URPF Configuration ··································································································································1-1 URPF Overview ······································································································································1-1 What is URPF··································································································································1-1 How URPF Works ···························································································································1-1 Configuring URPF ···································································································································1-1...
URPF Configuration When configuring URPF, go to these sections for information you are interested in: URPF Overview Configuring URPF URPF Overview What is URPF Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. Attackers launch attacks by creating a series of packets with forged source addresses. For applications using IP-address-based authentication, this type of attacks allows unauthorized users to access the system in the name of authorized users, or even access the system as the administrator.
Page 440
To do... Use the command… Remarks Enter system view system-view –– Required Enable URPF check ip urpf strict Disabled by default.
Page 441
Table of Contents 1 IPv6 Basics Configuration ························································································································1-1 IPv6 Overview ·········································································································································1-1 IPv6 Features ··································································································································1-1 Introduction to IPv6 Address ···········································································································1-3 Introduction to IPv6 Neighbor Discovery Protocol···········································································1-5 IPv6 PMTU Discovery ·····················································································································1-8 Introduction to IPv6 DNS ·················································································································1-9 Protocols and Standards ·················································································································1-9 IPv6 Basics Configuration Task List ·······································································································1-9 Configuring Basic IPv6 Functions ·········································································································1-10 Enabling IPv6 ································································································································1-10 Configuring an IPv6 Unicast Address····························································································1-10...
IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Configuring IPv6 DNS Client Displaying and Maintaining IPv6 Basics Configuration IPv6 Configuration Example...
Page 443
the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field). Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format Adequate address space The source and destination IPv6 addresses are both 128 bits (16 bytes) long.
Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.
Page 445
Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).
Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all nodes multicast address FF02::1 Link-local scope all nodes multicast address FF01::2 Node-local scope all routers multicast address FF02::2 Link-local scope all routers multicast address FF05::2...
Page 447
Duplicate address detection Router/prefix discovery and address autoconfiguration Redirection Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP. Table 1-3 Types and functions of ICMPv6 messages ICMPv6 message Number Function Used to acquire the link-layer address of a neighbor Neighbor solicitation (NS) Used to verify whether the neighbor is reachable message...
Page 448
After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address. Node A acquires the link-layer address of node B from the NA message.
The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically generates an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message. In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix.
The source host uses its MTU to send packets to the destination host. If the MTU supported by a forwarding interface is smaller than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.
Task Remarks Configuring ICMPv6 Packet Sending Optional Configuring IPv6 DNS Client Optional Configuring Basic IPv6 Functions Enabling IPv6 Before performing IPv6-related configurations, you need to Enable IPv6. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. Follow these steps to Enable IPv6: To do...
To do... Use the command... Remarks Automatically Optional generate a link-local ipv6 address auto By default, after an IPv6 address for the link-local Configure site-local address or interface an IPv6 aggregatable global unicast link-local address is configured for an Manually assign a address interface, a link-local address ipv6 address...
Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view system-view — ipv6 neighbor ipv6-address mac-address { vlan-id Configure a static port-type port-number | interface interface-type Required neighbor entry interface-number } You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.
Page 454
Table 1-4 Parameters in an RA message and their descriptions Parameters Description When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit Cur hop limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device.
Page 455
To do… Use the command… Remarks Required Disable the RA message undo ipv6 nd ra halt By default, RA messages are suppression suppressed. Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. Configure the maximum and ipv6 nd ra interval The device sends RA messages...
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages. Configuring the Maximum Number of Attempts to Send an NS Message for DAD An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address.
MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism. The aging time is invalid for a static PMTU. Follow these steps to configure the aging time for dynamic PMTUs: To do…...
successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until the capacity of the token bucket is restored. Follow these steps to configure the capacity and update interval of the token bucket: To do…...
Configuring IPv6 DNS Client Configuring Static IPv6 Domain Name Resolution Configuring static IPv6 domain name resolution is to establish the mapping between a host name and an IPv6 address. When using such applications as Telnet, you can directly input a host name and the system will resolve the host name into an IPv6 address.
Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name display dns ipv6 dynamic-host cache information Display IPv6 DNS server information display dns ipv6 server [ dynamic ] display ipv6 fib [ slot-number ] Display the IPv6 FIB entries [ ipv6-address ]...
The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to DNS Commands in the IP Services Volume. IPv6 Configuration Example Network requirements Host, Switch A and Switch B are directly connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them.
Page 462
Configure Switch B # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure an aggregatable global unicast address for VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 # Configure an IPv6 static route with destination IP address 2001::/64 and next hop address 3001::1. [SwitchB-Vlan-interface2] ipv6 route-static 2001:: 64 3001::1 Configure Host Enable IPv6 for Host to automatically get an IPv6 address through IPv6 NDP.
Page 463
ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA-Vlan-interface1] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...
Page 464
ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...
Page 465
OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.
Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.
Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.
Page 469
To do… Use the command… Remarks Required ip address ip-address By default, no IP Configure an IPv4 address for the interface { mask | mask-length } address is [ sub ] configured. ipv6 address Use either Manually specify { ipv6-address prefix-length command.
Page 470
Table of Contents 1 Tunneling Configuration···························································································································1-1 Introduction to Tunneling ························································································································1-1 IPv6 over IPv4 Tunnel ·····················································································································1-2 Protocols and Standards ·················································································································1-4 Tunneling Configuration Task List ··········································································································1-5 Configuring IPv6 Manual Tunnel·············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuration Example ····················································································································1-6 Configuring 6to4 Tunnel························································································································1-10 Configuration Prerequisites ···········································································································1-10 Configuration Procedure················································································································1-10 6to4 Tunnel Configuration Example ······························································································1-11 Configuring ISATAP Tunnel··················································································································1-14...
Tunneling Configuration When configuring tunneling, go to these sections for information you are interested in: Introduction to Tunneling Tunneling Configuration Task List Configuring IPv6 Manual Tunnel Configuring 6to4 Tunnel Configuring ISATAP Tunnel Displaying and Maintaining Tunneling Configuration Troubleshooting Tunneling Configuration The tunnel interface number is in the A/B/C format, where A, B, and C represent the stack member device ID, the sub-slot number, and the tunnel interface number respectively.
connection. In practice, the virtual interface that supports only point-to-point connections is called tunnel interface. One tunnel provides one channel to transfer encapsulated packets. Packets can be encapsulated and decapsulated at both ends of a tunnel. Tunneling refers to the whole process from data encapsulation to data transfer to data decapsulation.
Page 473
The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself. The destination device forwards the packet according to the destination address in the decapsulated IPv6 packet.
A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manually configured tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks. 6to4 tunnel An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks.
Tunneling Configuration Task List Complete the following tasks to configure the tunneling feature: Task Remarks Configuring IPv6 Manual Tunnel Optional Configuring IPv6 Configuring 6to4 Tunnel Optional over IPv4 tunnel Configuring ISATAP Tunnel Optional Configuring IPv6 Manual Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for the interface-number } tunnel. Required Configure a destination By default, no destination destination ip-address address for the tunnel address is configured for the...
Page 477
Figure 1-3 Network diagram for an IPv6 manual tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 478
# Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route to IPv6 Group 2 through tunnel 1/0/0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
Page 479
Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:6401 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: [SwitchB] display ipv6 interface tunnel 1/0/0 verbose Tunnel1/0/0 current state :UP...
bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 3003::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring 6to4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for interface-number } the tunnel. Required Reference a service loopback service-loopback-group By default, no service loopback group...
Page 482
Figure 1-4 Network diagram for a 6to4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 483
[SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring ISATAP Tunnel...
To do… Use the command… Remarks Required By default, the tunnel is an IPv6 manual tunnel. The tunnel-protocol ipv6-ipv4 Set an ISATAP tunnel same tunnel mode should isatap be configured at both ends of the tunnel. Otherwise, packet delivery will fail. Required source { ip-address | Configure a source address or...
Page 486
Figure 1-5 Network diagram for an ISATAP tunnel Configuration procedure Make sure that the corresponding VLAN interfaces have been created on the switch. Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other. Configuration on the switch # Enable IPv6.
Page 487
# Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel1/0/0] undo ipv6 nd ra halt [Switch-Tunnel1/0/0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 1/0/0 Configuration on the ISATAP host The specific configuration on the ISATAP host is related to its operating system.
DAD transmits 0 default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.
Page 489
Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-1 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-2 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...
sFlow Configuration When configuring sFlow, go to these sections for information you are interested in: sFlow Overview Configuring sFlow Displaying and Maintaining sFlow sFlow Configuration Example Troubleshooting sFlow Configuration sFlow Overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics.
When the sFlow packet buffer overflows or the one-second timer expires, the sFlow agent sends sFlow packets to the specified sFlow collector. Configuring sFlow The sFlow feature enables the remote sFlow collector to monitor the network and analyze sFlow packet statistics.
sFlow Configuration Example Network requirements Host A and Server are connected to Switch through GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 1/0/3. GigabitEthernet 1/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.
Collector IP:3.3.3.2 Port:6343 Interval(s): 30 sFlow Port Information: Interface Direction Rate Mode Status Eth1/1 In/Out 100000 Random Active Troubleshooting sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis sFlow is not enabled globally because the sFlow agent or/and the sFlow collector is/are not specified.
Page 494
IP Routing Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The IP Routing Volume is organized as follows: Features Description IP Routing This document introduces the Display commands for IP Routing Table. Overview Static Routing This document introduces the commands for Static Routing. Routing Information Protocol (RIP) is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks.
Page 495
Features Description Routing policy is used on the router for route inspection, filtering, attributes Routing Policy modifying when routes are received, advertised, or redistributed. This document introduces the commands for Routing Policy configuration. Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links in networks.
Page 496
Table of Contents 1 IP Routing Overview··································································································································1-1 IP Routing and Routing Table·················································································································1-1 Routing ············································································································································1-1 Routing Table ··································································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Classification of Dynamic Routing Protocols···················································································1-3 Routing Protocols and Routing Priority ···························································································1-4 Load Balancing and Route Backup ·································································································1-4 Route Recursion······························································································································1-5 Sharing of Routing Information········································································································1-5 Configuring a Router ID ··························································································································1-5...
IP Routing Overview Go to these sections for information you are interested in: IP Routing and Routing Table Routing Protocol Overview Configuring a Router ID Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing and Routing Table Routing Routing in the Internet is achieved through routers.
Page 498
Outbound interface: Specifies the interface through which the IP packets are to be forwarded. IP address of the next hop: Specifies the address of the next router on the path. If only the outbound interface is configured, its address will be the IP address of the next hop. Priority for the route.
Routing Protocol Overview Static Routing and Dynamic Routing Static routing is easy to configure and requires less system resources. It works well in small, stable networks with simple topologies. Its major drawback is that you must perform routing configuration again whenever the network topology changes; it cannot adjust to network changes by itself. Dynamic routing is based on dynamic routing protocols, which can detect network topology changes and recalculate the routes accordingly.
Routing Protocols and Routing Priority Different routing protocols may find different routes to the same destination. However, not all of those routes are optimal. In fact, at a particular moment, only one protocol can uniquely determine the current optimal route to the destination. For the purpose of route selection, each routing protocol (including static routes) is assigned a priority.
The number of routes for load balancing varies by device. In current implementations, routing protocols supporting load balancing are static routing, RIP, OSPF, BGP, and IS-IS. Route backup Route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority to be the main route and all the rest backup routes.
Displaying and Maintaining a Routing Table To do… Use the command… Remarks Display brief information about display ip routing-table [ vpn-instance Available in any the active routes in the routing vpn-instance-name ] [ verbose | | { begin | view table exclude | include } regular-expression ] Display information about...
Page 503
Table of Contents 1 Static Routing Configuration····················································································································1-1 Introduction ·············································································································································1-1 Static Route ·····································································································································1-1 Default Route···································································································································1-1 Application Environment of Static Routing ······················································································1-2 Configuring a Static Route ······················································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Detecting Reachability of the Static Route’s Nexthop ············································································1-3 Detecting Nexthop Reachability Through BFD ···············································································1-3 Detecting Nexthop Reachability Through Track··············································································1-4 Displaying and Maintaining Static Routes·······························································································1-5 Static Route Configuration Example ·······································································································1-6...
Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Static Route Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction Static Route A static route is a manually configured.
The network administrator can configure a default route with both destination and mask being 0.0.0.0. The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route. Some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate a default route.
Configuration Procedure Follow these steps to configure a static route: To do… Use the command… Remarks Enter system view system-view — ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number next-hop-address | vpn-instance Required d-vpn-instance-name next-hop-address } [ preference preference-value ] [ tag tag-value ] By default, [ description description-text ]...
protocols and Multiprotocol Label Switching (MPLS). For details about BFD, refer to BFD Configuration in the IP Routing Volume. After a static route is configured, you can enable BFD to detect the reachability of the static route's nexthop. Network requirements To detect the reachability of the static route's nexthop through BFD, you need to enable BFD first.
Configuration procedure Follow these steps to detect the reachability of a static route's nexthop through Track: To do… Use the command… Remarks Enter system view system-view — ip route-static dest-address { mask | mask-length } { next-hop-address | vpn-instance d-vpn-instance-name next-hop-address } track track-entry-number [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
Static Route Configuration Example Basic Static Route Configuration Example Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. Figure 1-1 Network diagram for static route configuration Configuration procedure Configuring IP addresses for interfaces (omitted) Configuring static routes...
Page 510
Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.
Page 511
<1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.
Page 512
Table of Contents 1 RIP Configuration ······································································································································1-1 RIP Overview ··········································································································································1-1 Operation of RIP······························································································································1-1 Operation of RIP······························································································································1-2 RIP Version ·····································································································································1-2 RIP Message Format·······················································································································1-3 Supported RIP Features··················································································································1-5 Protocols and Standards ·················································································································1-5 Configuring RIP Basic Functions ············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuring RIP Route Control ···············································································································1-7 Configuring an Additional Routing Metric ························································································1-7 Configuring RIPv2 Route Summarization························································································1-8 Disabling Host Route Reception ·····································································································1-9...
RIP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in: RIP Overview Configuring RIP Basic Functions Configuring RIP Route Control Configuring RIP Network Optimization Displaying and Maintaining RIP...
Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.
RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets. RIPv2 is a classless routing protocol.
Page 516
RIPv2 message format The format of RIPv2 message is similar to RIPv1. Figure 1-2 shows it. Figure 1-2 RIPv2 Message Format The differences from RIPv1 are stated as following. Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address.
RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC 2453 “RIP Version 2”. With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication. Supported RIP Features The current implementation supports the following RIP features.
Page 518
If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one. If no RIP Specify a global RIP version { 1 | 2 } version is specified for an...
To do… Use the command… Remarks Enter system view system-view –– interface interface-type Enter interface view –– interface-number Optional Define an inbound rip metricin [ route-policy additional routing metric route-policy-name ] value 0 by default Optional Define an outbound rip metricout [ route-policy additional routing metric route-policy-name ] value 1 by default...
You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.
To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Optional rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] | advertise a default route if the to advertise a default route no-originate } RIP process is configured with...
Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.
Follow these steps to enable poison reverse: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Enable poison reverse rip poison-reverse Disabled by default Configuring the Maximum Number of Load Balanced Routes Follow these steps to configure the maximum number of load balanced routes: To do…...
To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Enable source IP address Optional check on incoming RIP validate-source-address Enabled by default messages The source IP address check feature should be disabled if the RIP neighbor is not directly connected. Configuring RIPv2 Message Authentication RIPv2 supports two authentication modes: plain text and MD5.
To do… Use the command… Remarks Specify a RIP neighbor peer ip-address Required Required Disable source address check undo validate-source-address on incoming RIP updates Not disabled by default You need not use the peer ip-address command when the neighbor is directly connected; otherwise the neighbor may receive both the unicast and multicast (or broadcast) of the same routing information.
Displaying and Maintaining RIP To do… Use the command… Remarks Display RIP current status display rip [ process-id | vpn-instance and configuration information vpn-instance-name ] Display all active routes in RIP display rip process-id database database Available in any view Display RIP interface display rip process-id interface information...
From the routing table, you can see RIPv2 uses classless subnet mask. Since the routing information advertised by RIPv1 has a long aging time, it will still exist until it ages out after RIPv2 is configured. Configuring RIP Route Redistribution Network requirements As shown in the following figure: Two RIP processes are running on Switch B, which communicates with Switch A through RIP 100...
Page 531
[SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit # Enable RIP 200 and specify RIP version 2 on Switch C. <SwitchC> system-view [SwitchC] rip 200 [SwitchC-rip-200] network 12.0.0.0 [SwitchC-rip-200] network 16.0.0.0 [SwitchC-rip-200] version 2 [SwitchC-rip-200] undo summary # Display the routing table of Switch C.
# Configure ACL 2000 to filter routes redistributed from RIP 100 on Switch B, making the route 10.2.1.0/24 not advertised to Switch C. [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [SwitchB-acl-basic-2000] rule permit [SwitchB-acl-basic-2000] quit [SwitchB] rip 200 [SwitchB-rip-200] filter-policy 2000 export rip 100 # Display the routing table of Switch C.
[SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] rip metricin 3 [SwitchA-Vlan-interface200] display rip 1 database 1.0.0.0/8, cost 0, ClassfulSumm 1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 The display shows that there is only one RIP route to network 1.1.5.0/24, with the next hop as Switch B (1.1.1.2) and a cost of 2.
127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure route summarization on Switch C and advertise only the summary route 10.0.0.0/8. [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] rip summary-address 10.0.0.0 8 # Display the routing table information of Switch D. [SwitchD] display ip routing-table Routing Tables: Public Destinations : 7 Routes : 7...
Page 537
Table of Contents 1 OSPF Configuration ··································································································································1-1 Introduction to OSPF·······························································································································1-1 Basic Concepts································································································································1-2 OSPF Area Partition ························································································································1-3 Classification of Routers··················································································································1-6 Classification of OSPF Networks ····································································································1-8 DR and BDR····································································································································1-8 OSPF Packet Formats·····················································································································1-9 Supported OSPF Features············································································································1-18 Protocols and Standards ···············································································································1-19 OSPF Configuration Task List ··············································································································1-19 Enabling OSPF ·····································································································································1-21 Prerequisites··································································································································1-21 Configuration Procedure················································································································1-21...
Page 538
Disabling Interfaces from Sending OSPF Packets········································································1-36 Configuring Stub Routers ··············································································································1-36 Configuring OSPF Authentication ·································································································1-37 Adding the Interface MTU into DD Packets···················································································1-38 Configuring the Maximum Number of External LSAs in LSDB ·····················································1-38 Making External Route Selection Rules Defined in RFC1583 Compatible···································1-38 Logging Neighbor State Changes ·································································································1-39 Configuring OSPF Network Management ·····················································································1-39 Enabling Message Logging ···········································································································1-40...
OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used. When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPF OSPF Configuration Task List Enabling OSPF...
Area partition: Allows an AS to be split into different areas for ease of management and routing information transmitted between areas is summarized to reduce network bandwidth consumption. Equal-cost multi-route: Supports multiple equal-cost routes to a destination. Routing hierarchy: Supports a four-level routing hierarchy that prioritizes routes into intra-area, inter-area, external Type-1, and external Type-2 routes.
Router LSA: Type-1 LSA, originated by all routers, flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. Network LSA: Type-2 LSA, originated for broadcast and NBMA networks by the designated router, flooded throughout a single area only.
Page 542
Figure 1-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas.
Page 543
Figure 1-3 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. Therefore, you can configure interface parameters such as hello packet interval on the virtual link as they are configured on physical interfaces. The two ABRs on the virtual link exchange OSPF packets with each other directly, and the OSPF routers in between simply convey these OSPF packets as normal IP packets.
On the left of the figure, RIP routes are translated into Type-5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS. However, Area 1 is an NSSA area, so these Type-5 LSAs cannot travel to Area 1. Like stub areas, virtual links cannot transit NSSA areas.
Page 545
Backbone Router At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and internal routers in area 0 are backbone routers. Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS.
the same destination have the same cost, then take the cost from the router to the ASBR into consideration. Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol: Broadcast: When the link layer protocol is Ethernet or FDDI, OSPF considers the network type broadcast by default.
If the DR fails to work, routers on the network have to elect another DR and synchronize information with the new DR. It is time-consuming and prone to routing calculation errors. The Backup Designated Router (BDR) is introduced to reduce the synchronization period. The BDR is elected along with the DR and establishes adjacencies for routing information exchange with all other routers.
Page 548
Figure 1-8 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 1-9 OSPF packet header Version: OSPF version number, which is 2 for OSPFv2. Type: OSPF packet type from 1 to 5, corresponding with hello, DD, LSR, LSU and LSAck respectively.
Page 549
Figure 1-10 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields: Network mask: Network mask associated with the router’s sending interface. If two routers have different network masks, they cannot become neighbors.
Page 550
Figure 1-11 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I DD sequence number LSA header LSA header Major fields: Interface MTU: Size in bytes of the largest IP datagram that can be sent out the associated interface, without fragmentation.
Page 551
Figure 1-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. Link State ID: Determined by LSA type. Advertising Router: ID of the router that sent the LSA. LSU packet LSU (Link State Update) packets are used to send the requested LSAs to peers, and each packet carries a collection of LSAs.
Page 552
Figure 1-14 LSAck packet format LSA header format All LSAs have the same header, as shown in the following figure. Figure 1-15 LSA header format Major fields: LS age: Time in seconds elapsed since the LSA was originated. A LSA ages in the LSDB (added by 1 per second), but does not in transmission.
Page 553
Figure 1-16 Router LSA format LS age Options Linke state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields: Link State ID: ID of the router that originated the LSA. V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint.
Page 554
Figure 1-17 Network LSA format Major fields: Link State ID: The interface address of the DR Network mask: The mask of the network (a broadcast or NBMA network) Attached router: The IDs of the routers, which are adjacent to the DR, including the DR itself Summary LSA Network summary LSAs (Type-3 LSAs) and ASBR summary LSAs (Type-4 LSAs) are originated by ABRs.
Page 555
A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Figure 1-20 NSSA external LSA format Supported OSPF Features Multi-process With multi-process support, multiple OSPF processes can run on a router simultaneously and independently. Routing information interactions between different processes seem like interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.
forwarding table based on the new routing information received from neighbors and removes the stale routes. OSPF supports multi-instance, which can run in VPN networks. In BGP MPLS VPN networks, multiple sites in the same VPN can use OSPF as the internal routing protocol, but they are treated as different ASs.
Page 558
Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required Configuring a Stub Area Configuring OSPF Optional Configuring an NSSA Area Areas Configuring a Virtual Link Configuring the OSPF Network Type for an Interface as Optional Broadcast Configuring OSPF Configuring the OSPF Network Type for an Interface as NBMA Optional Network Types...
Task Remarks Configuration Prerequisites Optional Configuring a Loopback Interface Optional Configuring OSPF Sham Link Advertising Routes of a Loopback Interface Optional Creating a Sham Link Optional Configuring the OSPF GR Restarter Optional Configuring OSPF Configuring the OSPF GR Helper Optional Graceful Restart Triggering OSPF Graceful Restart Optional...
To do… Use the command… Remarks Required Configure an OSPF area and area area-id enter OSPF area view Not configured by default. Optional Configure a description for description description the area Not configured by default. Specify a network to enable Required network ip-address OSPF on the interface...
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Enter area view area area-id — Required Configure the area as a stub stub [ no-summary ] area Not configured by default.
It is required to use the nssa command on all the routers attached to an NSSA area. Using the default-cost command only takes effect on the ABR/ASBR of an NSSA area. Configuring a Virtual Link Non-backbone areas exchange routing information via the backbone area. Therefore, connectivity between the backbone and non-backbone areas and within the backbone itself must be maintained.
Prerequisites Before configuring OSPF network types, you have configured: IP addresses for interfaces, making neighboring nodes accessible with each other at network layer. OSPF basic functions. Configuring the OSPF Network Type for an Interface as Broadcast Follow these steps to configure the OSPF network type for an interface as broadcast: To do…...
The DR priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences: The former is for actual DR election. The latter is to indicate whether a neighbor has the election right or not. If you configure the DR priority for a neighbor as 0, the local router will consider the neighbor has no election right, and thus no hello packet is sent to this neighbor, reducing the number of hello packets for DR/BDR election on networks.
OSPF basic functions Corresponding filters if routing information filtering is needed. Configuring OSPF Route Summarization Route summarization: An ABR or ASBR summarizes routes with the same prefix into a single route and distribute it to other areas. Through route summarization, routing information across areas and the size of routing tables on routers will be reduced, improving calculation speed of routers.
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ]* Required asbr-summary ip-address { mask Configure ASBR route The command is available on an | mask-length } [ tag tag | summarization ASBR only.
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Enter area view area area-id — Required Configure ABR Type-3 LSA filter { acl-number | ip-prefix Not configured by filtering ip-prefix-name } { import | export }...
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, the maximum number Configure the maximum-routes { external | inter | of AS external routes, inter-area maximum number of intra } number...
Configuring OSPF Route Redistribution Configure route redistribution into OSPF If the router runs OSPF and other routing protocols, you can configure OSPF to redistribute RIP, IS-IS, BGP, static, or direct routes and advertise these routes in Type-5 LSAs or Type-7 LSAs. By filtering redistributed routes, OSPF translates only routes not filtered out into Type-5 LSAs or Type-7 LSAs for advertisement.
The default-route-advertise summary cost command is applicable only to VPN, and the default route is redistributed in a Type-3 LSA. The PE router will advertise the default route to the CE router. Configure the default parameters for redistributed routes You can configure default parameters such as the cost, upper limit, tag and type for redistributed routes. Tags are used to indicate information related to protocols.
Configure OSPF authentication to meet high security requirements of some mission-critical networks. Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. Prerequisites Before configuring OSPF network optimization, you have configured: IP addresses for interfaces;...
The hello and dead intervals restore to default values after you change the network type for an interface. The dead interval should be at least four times the hello interval on an interface. The poll interval is at least four times the hello interval. The retransmission interval should not be so small for avoidance of unnecessary LSA retransmissions.
With this task configured, when network changes are not frequent, SPF calculation applies at the minimum-interval. If network changes become frequent, SPF calculation interval is incremented by incremental-interval × 2 (n is the number of calculation times) each time a calculation occurs, up to the maximum-interval.
With this command configured, when network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, LSA generation interval is incremented by incremental-interval•2n-2 (n is the number of generation times) each time a generation occurs, up to the maximum-interval.
Follow these steps to configure a router as a stub router: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Required Configure the router as a stub-router stub router Not configured by default.
Adding the Interface MTU into DD Packets Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...
To avoid routing loops, it is recommended to configure all the routers to be either compatible or incompatible with the external route selection rules defined in RFC 1583. Logging Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do…...
Enabling Message Logging Follow these steps to enable message logging: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Required Enable message enable log [ config | error | state ] logging Not enabled by default.
Follow these steps to configure the LSU transmit rate: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, an OSPF Configure the LSU transmit-pacing interval interval count interface sends up to three...
To do… Use the command… Remarks ipv4-family vpn-instance Enter BGP VPN instance view Required vpn-instance-name Inject direct routes, that is, import-route direct Required loopback host routes For BGP VPN information, refer to MCE Configuration in the IP Routing Volume. Creating a Sham Link Follow these steps to create a sham link: To do…...
Configuring OSPF Graceful Restart One device can act as both a GR Restarter and GR Helper at the same time. Configuring the OSPF GR Restarter You can configure the IETF standard or non IETF standard OSPF GR Restarter. Configure the IETF standard OSPF GR Restarter Follow these steps to configure the standard IETF OSPF GR Restarter: To do…...
To do… Use the command… Remarks Optional Configure Graceful Restart graceful-restart interval timer interval for OSPF 120 seconds by default Configuring the OSPF GR Helper You can configure the IETF standard or non IETF standard OSPF GR Helper. Configuring the IETF standard OSPF GR Helper Follow these steps to configure the IETF standard OSPF GR Helper: To do…...
For the IETF standard GR capable routers, ensure they have the following capabilities enabled: Opaque LSA advertisement IETF standard GR For the non IETF standard GR capable routers, ensure they have the following capabilities enabled: link local signaling out of band re-synchronization Non IETF standard GR Follow these steps to trigger OSPF Graceful Restart: To do…...
To do… Use the command… Remarks reset ospf [ process-id ] counters [ neighbor Reset OSPF counters [ interface-type interface-number ] [ router-id ] ] reset ospf [ process-id ] process Available in Reset an OSPF process user view [ graceful-restart ] Re-enable OSPF route reset ospf [ process-id ] redistribution redistribution...
Page 585
[SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 [SwitchB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quit # Configure Switch C <SwitchC>...
Page 586
Neighbor state change count: 5 Neighbors Area 0.0.0.1 interface 10.2.1.1(Vlan-interface200)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Switch A.
Network 10.2.1.1 10.2.1.1 80000010 Sum-Net 10.5.1.0 10.2.1.1 80000003 Sum-Net 10.3.1.0 10.2.1.1 1069 8000000F Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Switch D. [SwitchD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination...
Page 588
Figure 1-22 Network diagram for OSPF redistributing routes from outside of an AS Configuration procedure Configure IP addresses for interfaces (omitted). Configure OSPF basic functions (Refer to Configuring OSPF Basic Functions). Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.2.0/24. <SwitchC>...
10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to Advertise a Summary Route Network requirements As shown in the following figure: Switch A and Switch B are in AS 200, which runs OSPF.
Page 590
[SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.
[SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 O_ASE 11.2.1.1 Vlan100 10.2.1.0/24 O_ASE 11.2.1.1 Vlan100 10.3.1.0/24 O_ASE 11.2.1.1...
Page 592
Figure 1-24 Network diagram for OSPF Stub area configuration Switch A Area 0 Switch B Vlan-int100 10.1.1.1/24 Vlan-int100 10.1.1.2/24 Vlan-int200 Vlan-int200 10.2.1.1/24 10.3.1.1/24 Vlan-int200 Vlan-int200 Area 1 Area 2 10.3.1.2/24 10.2.1.2/24 Stub ASBR Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces (omitted).
Page 593
Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route.
When Switch C resides in the Stub area, a default route takes the place of the external route. # Filter Type-3 LSAs out the stub area [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] stub no-summary [SwitchA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Switch C. [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables...
Page 595
Figure 1-25 Network diagram for OSPF NSSA area configuration Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Area 1 as an NSSA area. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit...
0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure Switch C to redistribute static routes. [SwitchC] ip route-static 3.1.3.1 24 11.1.1.1 [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...
Page 597
Figure 1-26 Network diagram for OSPF DR election configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.
Page 598
[SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4...
Page 599
# Display neighbor information on Switch D. [SwitchD] display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...
Page 600
Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode: Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way...
192.168.1.2 Broadcast DROther 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR/BDR. Configuring OSPF Virtual Links Network requirements In the following figure, Area 2 has no direct connection to Area 0, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C.
Page 602
<SwitchC> system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] area 2 [SwitchC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchC–ospf-1-area-0.0.0.2] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit # Display the OSPF routing table of Switch B.
[SwitchB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.3.1.0/24 Inter 10.2.1.2 3.3.3.3 0.0.0.0 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0...
Page 604
[SwitchA-ospf-100-area-0.0.0.0] return Configure Switch B <SwitchB> system-view [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule 10 permit source 192.1.1.1 0.0.0.0 [SwitchB-acl-basic-2000] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] graceful-restart help 2000 [SwitchB-ospf-100] area 0 [SwitchB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 Configure Switch C...
10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 10.5.1.0/24 OSPF 10.1.1.2 Vlan100 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The route destined for network 3.1.3.0/24 is filtered out. On Switch A, filter out the route 10.5.1.1/24.
Page 608
Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment and mask (a P2P or virtual link may have different network segments and masks). Processing steps Display OSPF neighbor information using the display ospf peer command.
Page 609
Table of Contents 1 IS-IS Configuration ····································································································································1-1 IS-IS Overview ········································································································································1-1 Basic Concepts································································································································1-1 IS-IS Area ········································································································································1-3 IS-IS Network Type ·························································································································1-5 IS-IS PDU Format····························································································································1-6 Supported IS-IS Features··············································································································1-12 Protocols and Standards ···············································································································1-14 IS-IS Configuration Task List ················································································································1-15 Configuring IS-IS Basic Functions ········································································································1-16 Configuration Prerequisites ···········································································································1-16 Enabling IS-IS································································································································1-16 Configuring the IS Level and Circuit Level ····················································································1-16 Configuring the Network Type of an Interface as P2P ··································································1-17...
Page 610
Enabling the Logging of Neighbor State Changes················································································1-33 Enabling IS-IS SNMP Trap ···················································································································1-33 Binding an IS-IS Process with MIBs ·····································································································1-33 Displaying and Maintaining IS-IS ··········································································································1-34 IS-IS Configuration Example·················································································································1-35 IS-IS Basic Configuration ··············································································································1-35 DIS Election Configuration ············································································································1-39 Configuring IS-IS Route Redistribution ·························································································1-44 IS-IS-based Graceful Restart Configuration Example···································································1-47 IS-IS Authentication Configuration Example ·················································································1-49...
IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes Enabling IS-IS SNMP Trap...
Page 612
Routing domain (RD). A group of ISs exchanges routing information with each other using the same routing protocol in a routing domain. Area. An area is a unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas.
Divide the extended IP address into 3 sections with 4 digits in each section to get the system ID 1680.1000.1001. There are other methods to define a system ID. The principle is to make sure it can uniquely identify a host or router.
Page 614
The Level-1 routers in different areas can not establish neighbor relationships. The neighbor relationship establishment of Level-2 routers has nothing to do with area. Figure 1-2 shows an IS-IS network topology. Area 1 comprises a set of Level-2 routers and is the backbone.
The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree (SPT). Routing method A Level-1 router makes routing decisions based on the system ID. If the destination is not in the area, the packet is forwarded to the nearest Level-1-2 router.
The Level-1 and Level-2 DISs are elected respectively. You can assign different priorities for different level DIS elections. The higher a router’s priority is, the more likelihood the router becomes the DIS. If there are multiple routers with the same highest DIS priority, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected.
Page 617
Figure 1-5 PDU format Common header format Figure 1-6 shows the PDU common header format. Figure 1-6 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Intradomain Routing Protocol Discriminator: Set to 0x83.
Page 618
Hello Hello packets are used by routers to establish and maintain neighbor relationships. A hello packet is also called an IS-to-IS hello PDU (IIH). For broadcast networks, the Level-1 routers use the Level-1 LAN IIHs; and the Level-2 routers use the Level-2 LAN IIHs. The P2P IIHs are used on point-to-point networks.
Page 619
Figure 1-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carry link state information. LSP involves two types: Level-1 LSP and Level-2 LSP.
Page 620
PDU Length: Total length of the PDU in bytes. Remaining Lifetime: LSP remaining lifetime in seconds. LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). Sequence Number: LSP sequence number. Checksum: LSP checksum.
Page 621
Figure 1-11 L1/L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors. Figure 1-12 shows the PSNP packet format.
Figure 1-13 CLV format Table 1-2 shows that different PDUs contain different CLVs. Table 1-2 CLV name and the corresponding PDU type CLV Code Name PDU Type Area Addresses IIH, LSP IS Neighbors (LSP) Partition Designated Level2 IS L2 LSP IS Neighbors (MAC Address) LAN IIH IS Neighbors (SNPA Address)
Page 623
IS-IS Graceful Restart For detailed GR information, refer to GR Overview in the System Volume. After an IS-IS GR Restarter restarts IS-IS, it needs to complete the following two tasks to synchronize the LSDB with its neighbors. To obtain effective IS-IS neighbor information without changing adjacencies. To obtain the LSDB contents.
A virtual system is identified by an additional system ID and generates extended LSP fragments. Original LSP It is the LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system. Extended LSP Extended LSPs are generated by virtual systems.
Task Remarks Configuring IS-IS GR Optional Enabling the Logging of Neighbor State Changes Optional Enabling IS-IS SNMP Trap Optional Binding an IS-IS Process with MIBs Optional Configuring IS-IS Basic Functions Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure the link layer protocol. Configure an IP address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer.
To do… Use the command… Remarks Enter system view system-view –– isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Optional is-level { level-1 | level-1-2 | Specify the IS level level-2 } The default is Level-1-2. Return to system view quit ––...
Configuring IS-IS Link Cost The IS-IS cost of an interface is determined in the following order: ISIS cost specified in interface view. ISIS cost specified in system view. The cost is applied to the interfaces associated to the IS-IS process. Automatically calculated cost: When the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost= (bandwidth reference value/interface bandwidth) ×10.
Configuring IS-IS Route Summarization This task is to configure a summary route, so routes falling into the network range of the summary route are summarized into one route for advertisement. Doing so can reduce the size of routing tables, as well as the scale of LSP and LSDB.
Page 631
Configuring IS-IS Route Redistribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network. In that case, you can configure a limit on the number of redistributed routes to limit the number of routes to be advertised.
To do… Use the command… Remarks Required filter-policy { acl-number | ip-prefix Filter routes calculated ip-prefix-name | route-policy No filtering is configured from received LSPs route-policy-name } import by default. Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them into the IS-IS routing table and advertise them in LSPs.
Tuning and Optimizing IS-IS Networks Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure IP addresses for interfaces, and make adjacent nodes reachable to each other at the network layer. Enable IS-IS. Specifying Intervals for Sending IS-IS Hello and CSNP Packets Follow these steps to configure intervals for sending IS-IS hello and CSNP packets: To do…...
On a broadcast link, Level-1 and Level-2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level. On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets, and you need not specify Level-1 or Level-2. Configuring a DIS Priority for an Interface On an IS-IS broadcast network, a router should be elected as the DIS at a routing level.
To do… Use the command… Remarks Enter system view system-view –– interface interface-type Enter interface view –– interface-number Required Enable the interface to send small hello packets without isis small-hello Standard hello packets are sent CLVs by default. Configuring LSP Parameters Configuring LSP timers Specify the maximum age of LSPs Each LSP has an age that decreases in the LSDB.
Page 636
Specify LSP sending intervals If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs. On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP.
Page 637
Enabling LSP flash flooding Since changed LSPs may trigger SPF recalculation, you can enable LSP flash flooding to advertise the changed LSPs before the router recalculates routes. Doing so can speed up network convergence. Follow these steps to enable LSP flash flooding: To do…...
Figure 1-14 Network diagram of a fully meshed network To avoid this, you can configure some interfaces as a mesh group or/and configure the blocked interfaces. After receiving an LSP, a member interface in a mesh group floods it out the interfaces that does not belong to the mesh group.
Follow these steps to configure neighbor relationship authentication: To do… Use the command… Remarks Enter system view system-view –– interface interface-type Enter interface view –– interface-number Required isis authentication-mode { simple | Specify the authentication md5 } password [ level-1 | level-2 ] Not authentication is mode and password [ ip | osi ]...
To do… Use the command… Remarks Required Specify the routing domain domain-authentication-mode No routing domain authentication mode and { simple | md5 } password [ ip | authentication is configured by password osi ] default. Configuring System ID to Host Name Mappings In IS-IS, a system ID identifies a router or host uniquely.
Follow these steps to configure dynamic system ID to host name mapping: To do… Use the command... Remarks Enter system view system-view –– isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Required Specify a host name for is-name sys-name the router No specified by default.
Enabling the Logging of Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do… Use the command… Remarks Enter system view system-view –– isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Enable the logging of neighbor log-peer-change...
Displaying and Maintaining IS-IS To do… Use the command… Remarks Display brief IS-IS configuration display isis brief [ process-id | vpn-instance Available in any information vpn-instance-name ] view Display the status of IS-IS display isis debug-switches { process-id | Available in any debug switches vpn-instance vpn-instance-name } view...
IS-IS Configuration Example IS-IS Basic Configuration Network requirements As shown in Figure 1-15, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch. Switch A, B and C are in Area 10, while Switch D is in Area 20.
Page 648
Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL ------------------------------------------------------------------------------- 0000.0000.0003.00-00 0x00000013 0xc73d 1003 0/0/0 0000.0000.0004.00-00* 0x0000003c 0xd647 1194 0/0/0 0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches should have a default route with the next hop being the Level-1-2 switch.
ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan200 Direct D/L/- 172.16.0.0/16 NULL Vlan300 192.168.0.2 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchD] display isis route Route information for ISIS(1) -----------------------------...
Page 650
Figure 1-16 Network diagram for DIS selection Configuration procedure Configure an IP address for each interface (omitted) Enable IS-IS # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 651
[SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01 State: Up HoldTime: 21s...
Page 652
Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/Yes By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively. Configure the DIS priority of Switch A.
Page 653
Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01...
IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS Route Redistribution Network requirements As shown in the following figure, Switch A, Switch B, Switch C and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.
[SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Configure route redistribution from RIP to IS-IS on Switch D. [SwitchD-rip-1] quit [SwitchD] isis 1 [SwitchD–isis] import-route rip level-2 # Display IS-IS routing information on Switch C. [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 658
Figure 1-18 Network diagram for IS-IS-based GR configuration GR restarter Switch A Vlan-int100 10.0.0.1/24 Vlan-int100 Vlan-int100 10.0.0.2/24 10.0.0.3/24 Switch B Switch C GR helper GR helper Configuration procedure Configure IP addresses of the interfaces on each switch and configure IS-IS. Follow Figure 1-18 to configure the IP address and subnet mask of each interface.
BGP Configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. When configuring BGP, go to these sections for information you are interested in: BGP Overview BGP Configuration Task List Configuring BGP Basic Functions Controlling Route Generation Controlling Route Distribution and Reception Configuring BGP Route Attributes Tuning and Optimizing BGP Networks...
A router advertising BGP messages is called a BGP speaker. It establishes peer relationships with other BGP speakers to exchange routing information. When a BGP speaker receives a new route or a route better than the current one from another AS, it will advertise the route to all the other BGP peers in the local AS.
Page 666
Figure 1-2 BGP open message format Version: This 1-byte unsigned integer indicates the protocol version number. The current BGP version is 4. My autonomous system: This 2-byte unsigned integer indicates the Autonomous System number of the sender. Hold time: When establishing a peer relationship, two parties negotiate an identical hold time. If no Keepalive or Update is received from a peer within the hold time, the BGP connection is considered down.
NLRI (Network Layer Reachability Information): Each feasible route is represented as <length, prefix>. Notification A Notification message is sent when an error is detected. The BGP connection is closed immediately after sending it. The Notification message format is shown below: Figure 1-4 BGP Notification message format Error code: Type of Notification.
Page 668
Optional non-transitive: If a BGP router does not support this attribute, it will not advertise routes with this attribute. The usage of each BGP path attribute is described in the following table. Table 1-1 Usage of BGP path attributes Name Category ORIGIN Well-known mandatory...
Figure 1-6 AS_PATH attribute 8.0.0.0 AS 10 D = 8.0.0.0 D = 8.0.0.0 (10) (10) AS 40 AS 20 D = 8.0.0.0 D = 8.0.0.0 (40,10) (20,10) D = 8.0.0.0 (30,20,10) AS 30 AS 50 In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements.
Page 670
Figure 1-7 NEXT_HOP attribute MED (MULTI_EXIT_DISC) The MED attribute is exchanged between two neighboring ASs, each of which does not advertise the attribute to any other AS. Similar with metrics used by IGP, MED is used to determine the best route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value the best route if other conditions are the same.
The LOCAL_PREF attribute is exchanged between iBGP peers only, and thus is not advertised to any other AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several iBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route.
Page 672
Select the route with the smallest next hop cost Select the route with the shortest CLUSTER_LIST Select the route with the smallest ORIGINATOR_ID Select the route advertised by the router with the smallest Router ID Select the route with the lowest IP address CLUSTER_IDs of route reflectors form a CLUSTER_LIST.
Page 673
Figure 1-10 Network diagram for BGP load balancing In the above figure, Router D and Router E are iBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C. If load balancing is configured and the two routes have the same AS_PATH attribute, ORIGIN attribute, LOCAL_PREF and MED, Router C installs both the two routes to its route table for load balancing.
Page 674
Figure 1-11 iBGP and IGP synchronization If synchronization is enabled in this example, only when the route 8.0.0.0/24 received from Router B is available in its IGP routing table, can Router D add the route into its BGP routing table and advertise the route to the eBGP peer.
Page 675
Figure 1-12 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify configurations on them. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed accordingly.
Page 676
A router that is neither a route reflector nor a client is a non-client, which has to establish BGP sessions to the route reflector and other non-clients, as shown below. Figure 1-13 Network diagram for route reflector The route reflector and clients form a cluster. In some cases, you can configure more than one route reflector in a cluster to improve network reliability and prevent single point failure, as shown in the following figure.
Confederation Confederation is another method to deal with growing iBGP connections in ASs. It splits an AS into multiple sub-ASs. In each sub-AS, iBGP peers are fully meshed, and intra-confederation eBGP connections are established between sub-ASs, as shown below: Figure 1-15 Confederation network diagram From the perspective of a non-confederation BGP speaker, it needs not know sub-ASs in the confederation.
After the restart is completed, the GR Restarter will reestablish GR sessions with its peers and send a new GR message notifying the completion of restart. Routing information is exchanged between them for the GR Restarter to create a new routing table and forwarding table and have stale routing information removed.
Follow these steps to create a BGP connection: To do… Use the command… Remarks Enter system view system-view — — Enable BGP and enter BGP bgp as-number view Not enabled by default Optional Specify a Router ID router-id router-id By default, the global router ID is used.
To do… Use the command… Remarks Required Specify the source peer { group-name | By default, BGP uses the outbound interface for ip-address } interface of the best route to the BGP establishing TCP connect-interface peer/peer group as the source interface for connections to a peer interface-type establishing a TCP connection to the...
Prerequisites BGP connections have been created. Injecting a Local Network In BGP view, you can inject a local network to allow BGP to advertise it to BGP peers. The origin attribute of routes advertised in this way is IGP. You can also reference a route policy to flexibly control route advertisement.
To do… Use the command… Remarks import-route protocol [ process-id | all-processes ] Required Enable route redistribution from [ med med-value | a routing protocol into BGP Not redistributed by default route-policy route-policy-name ] * Optional Enable default route default-route imported redistribution into BGP Not enabled by default Controlling Route Distribution and Reception...
Advertising a Default Route to a Peer or Peer Group After this task is configured, the BGP router sends a default route with the next hop being itself to the specified peer/peer group, regardless of whether the default route is available in the routing table. Follow these steps to advertise a default route to a peer or peer group: To do…...
Page 686
To do… Use the command… Remarks filter-policy { acl-number | Required to choose any; ip-prefix ip-prefix-name } Configure the filtering of Not configured by default. export [ direct | isis process-id redistributed routes You can configure a filtering | ospf process-id | rip policy as needed;...
Enabling BGP and IGP Route Synchronization By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. With BGP and IGP synchronization enabled, the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table. Follow these steps to enable BGP and IGP synchronization: To do…...
To do… Use the command… Remarks Required dampening [ half-life-reachable Configure BGP route half-life-unreachable reuse suppress Not configured by dampening ceiling | route-policy route-policy-name ] * default. Configuring a Shortcut Route An eBGP route received has a priority of 255, lower than a local route. This task allows you configure an eBGP route as a shortcut route that has the same priority as a local route and thus has greater likehood to become the optimal route.
Follow these steps to configure preferences for BGP routes: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — preference Optional Configure preferences { external-preference The default preferences of external, for external, internal, internal-preference internal, and local BGP routes are 255, local BGP routes...
Page 690
To do… Use the command… Remarks Enter system view system-view — Enter BGP view — bgp as-number Required Enable the comparison of MED of compare-different-as-med routes from different ASs Not enabled by default Enable the comparison of MED of routes from each AS Route learning sequence may affect optimal route selection.
Note that, in this case, BGP load balancing cannot be implemented because load balanced routes must have the same AS-path attribute. Follow these steps to enable the comparison of MED of routes from each AS: To do… Use the command… Remarks Enter system view system-view...
Figure 1-17 Next hop attribute configuration If a BGP router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an eBGP peer by default. As shown below, Router A and Router B establish an eBGP neighbor relationship, and Router B and Router C establish an iBGP neighbor relationship.
Page 693
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Optional Permit local AS number to appear in peer { group-name | routes from a peer/peer group and ip-address } allow-as-loop By default, the local AS specify the appearance times [ number ] number is not allowed.
Figure 1-19 AS number substitution configuration AS 100 PE 1 PE 2 MPLS backbone EBGP_Update:10.1.1.1/32 EBGP_Update:10.1.1.1/32 VPNv4_Update:10.1.0.0/16 AS_PATH:100,100 AS_PATH:800 RD:10.1.1.1/32 AS_PATH:800 CE 1 CE 2 AS 800 AS 800 As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, when PE 2 receives a BGP update sent from CE 1, it replaces AS number 800 as its own AS number 100.
Configuring BGP Keepalive Interval and Holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the connection. If two parties have the same timer assigned with different values, the smaller one is used by the two parties.
The current BGP implementation supports the route-refresh capability, with which, a router can dynamically refresh its BGP routing table when the route selection policy is modified, without tearing down BGP connections. If a BGP peer does not support route-refresh, you need to save updates from the peer on the local router.
With quick eBGP connection reestablishment enabled, the router, when the link to a directly connected eBGP peer is down, will reestablish a session to the eBGP peer immediately. Follow these steps to enable quick eBGP session reestablishment: To do… Use the command… Remarks Enter system view system-view...
Forbiding Session Establishment with a Peer or Peer Group Follow these steps to forbid session establishment with a peer or peer group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Optional Forbid session establishment with a peer { group-name | peer or peer group...
Configure an eBGP peer group If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group; if not, it is a mixed eBGP peer group. There are two approaches for configuring an eBGP peer group: Create the eBGP peer group, specify its AS number, and add peers into it.
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Advertise the peer { group-name | ip-address } community attribute to advertise-community Advertise the a peer/peer group Required community Not configured Advertise the attribute to a by default.
In general, it is not required to make clients of a route reflector fully meshed. The route reflector forwards routing information between clients. If clients are fully meshed, you can disable route reflection between clients to reduce routing costs. In general, a cluster has only one route reflector, and the router ID is used to identify the cluster. You can configure multiple route reflectors to improve network stability.
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enable compatibility with routers not Optional compliant with RFC 3065 in the confederation nonstandard Not enabled by default confederation Configuring BGP GR Perform the following configuration on the GR Restarter and GR Helper respectively. A device can act as a GR Restarter and GR Helper at the same time.
Follow these steps to enable Trap: To do… Use the command… Remarks Enter system view system-view — Optional Enable Trap for BGP snmp-agent trap enable bgp Enabled by default Enabling Logging of Peer State Changes Follow these steps to enable the logging of peer state changes: To do…...
Displaying and Maintaining BGP Displaying BGP To do… Use the command… Remarks Display peer group information display bgp group [ group-name ] Display advertised BGP routing display bgp network information Display AS path information display bgp paths [ as-regular-expression ] Display BGP peer/peer group display bgp peer [ ip-address { log-info | information...
Resetting BGP Connections To do… Use the command… Remarks Reset all BGP connections reset bgp all Reset the BGP connections to an AS reset bgp as-number Reset the BGP connection to a peer reset bgp ip-address [ flap-info ] Reset all eBGP connections reset bgp external Available in user view...
Page 707
200.1.1.2 4 65008 1 00:44:03 Established You can find Switch B has established BGP connections to other switches. # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, >...
Page 708
# Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] import-route direct # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 7 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/31/47 ms BGP and IGP Synchronization Configuration Network requirements As shown below, OSPF is used as the IGP protocol in AS65009, where Switch C is a non-BGP switch.
Page 710
[SwitchB-bgp] import-route ospf 1 [SwitchB-bgp] quit # Display routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
[SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 714
<SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 30 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.3.1 as-number 20 [SwitchC-bgp] quit # Display the BGP routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20...
BGP Local router ID is 200.1.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, external-confed, best, Not advertised to any peers yet # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, >...
Page 721
Figure 1-26 Network diagram for BGP path selection configuration Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24 Vlan-int300 194.1.1.1/24 Vlan-int200 193.1.1.1/24 Switch C Vlan-int400 195.1.1.2/24 Switch B Vlan-int100 192.1.1.2/24 Vlan-int200 193.1.1.2/24 Vlan-int300 194.1.1.2/24...
Page 723
[SwitchA-bgp] quit # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Troubleshooting BGP No BGP Peer Relationship Established Symptom Display BGP peer information using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers need to establish a TCP session using port 179 and exchange open messages successfully.
Page 725
Table of Contents 1 IPv6 Static Routing Configuration ···········································································································1-1 Introduction to IPv6 Static Routing··········································································································1-1 Features of IPv6 Static Routes········································································································1-1 Default IPv6 Route ··························································································································1-1 Configuring an IPv6 Static Route············································································································1-1 Configuration prerequisites ·············································································································1-2 Configuring an IPv6 Static Route ····································································································1-2 Displaying and Maintaining IPv6 Static Routes ······················································································1-2 IPv6 Static Routing Configuration Example ····························································································1-2...
IPv6 Static Routing Configuration When configuring IPv6 Static Routing, go to these sections for information you are interested in: Introduction to IPv6 Static Routing Configuring an IPv6 Static Route Displaying and Maintaining IPv6 Static Routes IPv6 Static Routing Configuration Example The term “router”...
Configuration prerequisites Configuring parameters for the related interfaces Configuring link layer attributes for the related interfaces Enabling IPv6 packet forwarding Ensuring that the neighboring nodes are IPv6 reachable Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do…...
Page 728
Figure 1-1 Network diagram for static routes Configuration procedure Configure the IPv6 addresses of all VLAN interfaces (Omitted) Configure IPv6 static routes. # Configure the default IPv6 static route on SwitchA. <SwitchA> system-view [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on SwitchB. <SwitchB>...
Page 729
Destination : 1:: /64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan-interface100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command.
Page 730
Table of Contents 1 RIPng Configuration··································································································································1-1 Introduction to RIPng ······························································································································1-1 RIPng Working Mechanism ·············································································································1-1 RIPng Packet Format ······················································································································1-2 RIPng Packet Processing Procedure ······························································································1-3 Protocols and Standards ·················································································································1-3 Configuring RIPng Basic Functions ········································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuration Procedure··················································································································1-4 Configuring RIPng Route Control ···········································································································1-4 Configuring an Additional Routing Metric ························································································1-4 Configuring RIPng Route Summarization ·······················································································1-5 Advertising a Default Route·············································································································1-5...
RIPng Configuration When configuring RIPng, go to these sections for information you are interested in: Introduction to RIPng Configuring RIPng Basic Functions Configuring RIPng Route Control Tuning and Optimizing the RIPng Network Displaying and Maintaining RIPng RIPng Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4.
Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information: Destination address: IPv6 address of a host or a network. Next hop address: IPv6 address of a neighbor along the path to the destination. Egress interface: Outbound interface that forwards IPv6 packets.
Figure 1-3 IPv6 prefix RTE format IPv6 prefix (16 octets) Route tag Prefix length Metric IPv6 prefix: Destination IPv6 address prefix. Route tag: Route tag. Prefix len: Length of the IPv6 address prefix. Metric: Cost of a route. RIPng Packet Processing Procedure Request packet When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.
Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration Procedure Follow these steps to configure the basic RIPng functions: To do… Use the command… Remarks Enter system view –– system-view Required Create a RIPng process and ripng [ process-id ] enter RIPng view...
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. Follow these steps to configure an inbound/outbound additional routing metric: To do… Use the command…...
Configuring a RIPng Route Filtering Policy You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed. Follow these steps to configure a RIPng route filtering policy: To do…...
Tuning and Optimizing the RIPng Network This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface Configure the basic RIPng functions This section covers the following topics: Configuring RIPng Timers...
Configuring Split Horizon and Poison Reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect. Configure split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors.
Follow these steps to configure RIPng zero field check: To do… Use the command… Remarks Enter system view system-view –– Enter RIPng view ripng [ process-id ] –– Optional Enable the zero field check checkzero Enabled by default Configuring the Maximum Number of Equal Cost Routes for Load Balancing Follow these steps to configure the maximum number of equal cost RIPng routes for load balancing: To do…...
Page 741
[SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 3::/64,...
Page 742
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [SwitchA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect...
Page 743
Table of Contents 1 OSPFv3 Configuration ······························································································································1-1 Introduction to OSPFv3···························································································································1-1 OSPFv3 Overview ···························································································································1-1 OSPFv3 Packets ·····························································································································1-1 OSPFv3 LSA Types ························································································································1-2 Timers of OSPFv3 ···························································································································1-2 OSPFv3 Features Supported ··········································································································1-3 Protocols and Standards ·················································································································1-3 IPv6 OSPFv3 Configuration Task List ····································································································1-4 Enabling OSPFv3····································································································································1-4 Prerequisites····································································································································1-4 Enabling OSPFv3 ····························································································································1-4 Configuring OSPFv3 Area Parameters···································································································1-5...
Page 744
Troubleshooting OSPFv3 Configuration························································································1-24 No OSPFv3 Neighbor Relationship Established ···········································································1-24 Incorrect Routing Information ········································································································1-24...
OSPFv3 Configuration When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPFv3 IPv6 OSPFv3 Configuration Task List Enabling OSPFv3 Configuring OSPFv3 Area Parameters Configuring OSPFv3 Network Types Configuring OSPFv3 Routing Information Control Tuning and Optimizing OSPFv3 Networks Displaying and Maintaining OSPFv3 OSPFv3 Configuration Examples Introduction to OSPFv3...
Figure 1-1 OSPFv3 packet header Major fields: Version #: Version of OSPF, which is 3 for OSPFv3. Type: Type of OSPF packet; Types 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively. Packet Length: Packet length in bytes, including header. Instance ID: Instance ID for a link.
SPF timer GR timer OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election. The hello interval must be identical on neighboring interfaces. The smaller the hello interval, the faster the network convergence speed and the bigger the network load.
IPv6 OSPFv3 Configuration Task List Complete the following tasks to configure OSPFv3: Task Remarks Enabling OSPFv3 Required Configuring an OSPFv3 Stub Area Optional Configuring OSPFv3 Area Parameters Configuring an OSPFv3 Virtual Link Optional Configuring the OSPFv3 Network Type for an Optional Configuring OSPFv3 Interface...
To do… Use the command… Remarks Enter system view system-view — Required Enable an OSPFv3 process ospfv3 [ process-id ] By default, no OSPFv3 process and enter its view is enabled. Specify a router ID Required router-id router-id interface interface-type Enter interface view —...
You cannot remove an OSPFv3 area directly. Only when you remove all configurations in area view and all interfaces attached to the area become down, can the area be removed. All the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only available on the ABR of the stub area.
Prerequisites Before configuring OSPFv3 network types, you have configured: IPv6 functions OSPFv3 basic functions Configuring the OSPFv3 Network Type for an Interface Follow these steps to configure the OSPFv3 network type for an interface: To do… Use the command… Remarks Enter system view system-view —...
Follow these steps to configure route summarization: To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Enter OSPFv3 area view area area-id — Required abr-summary ipv6-address Configure a summary route prefix-length [ not-advertise ] Not configured by default The abr-summary command takes effect on ABRs only.
Follow these steps to configure an OSPFv3 cost for an interface: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional By default, OSPFv3 computes an interface’s Configure an cost according to its bandwidth. ospfv3 cost value OSPFv3 cost for the [ instance instance-id ]...
To do… Use the command… Remarks Optional preference [ ase ] Configure a priority for [ route-policy By default, the priority of OSPFv3 OSPFv3 route-policy-name ] internal routes is 10, and priority of preference OSPFv3 external routes is 150. Configuring OSPFv3 Route Redistribution Follow these steps to configure OSPFv3 route redistribution: To do…...
Packet timer: Specified to adjust topology convergence speed and network load LSA delay timer: Specified especially for low-speed links SPF timer: Specified to protect networks from being over-loaded due to frequent network changes. For a broadcast network, you can configure DR priorities for interfaces to affect DR/BDR election. By disabling an interface from sending OSPFv3 packets, you can make other routers on the network obtain no information from the interface.
The dead interval set on neighboring interfaces cannot be too short. Otherwise, a neighbor is easily considered down. The LSA retransmission interval cannot be too short; otherwise, unnecessary retransmissions occur. Configuring a DR Priority for an Interface Follow these steps to configure a DR priority for an interface: To do…...
Disable Interfaces from Sending OSPFv3 Packets Follow these steps to disable interfaces from sending OSPFv3 packets: To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Required Disable interfaces from silent-interface { interface-type sending OSPFv3 packets interface-number | all } Not disabled by default...
thus called GR Helpers). Then, the GR Restarter retrieves its adjacencies and LSDB with the help of the GR Helpers. Thus, the normal data forwarding is ensured. Configuring GR Restarter You can configure the GR Restarter capability on a GR Restarter. Follow these steps to configure GR Restarter: To do…...
OSPFv3 Configuration Examples Configuring OSPFv3 Areas Network requirements In the following figure, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas. It is required to configure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability.
Page 762
4.4.4.4 Full/DR 00:00:38 Vlan400 # Display OSPFv3 routing table information on Switch D. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Seleted route OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: 2001::/64...
*Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area # Configure Area 2 as a totally stub area on Switch C.
Page 764
Figure 1-3 Network diagram for OSPFv3 DR election configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure OSPFv3 basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 765
<SwitchD> system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. You can find the switches have the same default DR priority 1.
2.2.2.2 2-Way/DROther 00:00:38 Vlan200 3.3.3.3 Full/Backup 00:00:32 Vlan100 4.4.4.4 Full/DR 00:00:36 Vlan200 # Display neighbor information on Switch D. You can find Switch D is still the DR. [SwitchD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface...
Page 767
Figure 1-4 Network diagram for OSPFv3 GR configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted). Configure OSPFv3 basic functions # On Switch A, enable OSPFv3 process 1, enable GR and set the router ID to 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] graceful-restart enable...
# After all switches function properly, perform a master/backup switchover on Switch A to trigger a OSPFv3 GR operation. Troubleshooting OSPFv3 Configuration No OSPFv3 Neighbor Relationship Established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower protocol work well, check OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask and network type.
Page 769
Table of Contents 1 IPv6 IS-IS Configuration····························································································································1-1 Introduction to IPv6 IS-IS ························································································································1-1 Configuring IPv6 IS-IS Basic Functions ··································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Configuring IPv6 IS-IS Routing Information Control ···············································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Displaying and Maintaining IPv6 IS-IS····································································································1-4 IPv6 IS-IS Configuration Example ··········································································································1-5...
IPv6 IS-IS Configuration IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, refer to IS-IS Configuration in the IP Routing Volume. When configuring IPv6 IS-IS, go to these sections for information you are interested in: Introduction to IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions...
Configuring IPv6 IS-IS Basic Functions You can implement IPv6 inter-networking through configuring IPv6 IS-IS in IPv6 network environment. Configuration Prerequisites Before the configuration, accomplish the following tasks first: Enable IPv6 globally Configure IP addresses for interfaces, and make sure all neighboring nodes are reachable. Enable IS-IS Configuration Procedure Follow these steps to configure the basic functions of IPv6 IS-IS:...
Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do… Use command to… Remarks Enter system view system-view –– Enter IS-IS view isis [ process-id ] –– Optional Define the priority for IPv6 ipv6 preference { route-policy IS-IS routes route-policy-name | preference } * 15 by default...
The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement.
To do… Use the command… Remarks Clear the IS-IS data information reset isis peer system-id [ process-id | Available in user view of a neighbor vpn vpn-instance-name ] IPv6 IS-IS Configuration Example Network requirements As shown in Figure 1-1, Switch A, Switch B, Switch C and Switch D reside in the same autonomous system, and all are enabled with IPv6.
Page 776
Table of Contents 1 IPv6 BGP Configuration····························································································································1-1 IPv6 BGP Overview ································································································································1-1 Configuration Task List ···························································································································1-2 Configuring IPv6 BGP Basic Functions ··································································································1-3 Prerequisites····································································································································1-3 Specifying an IPv6 BGP Peer ·········································································································1-3 Injecting a Local IPv6 Route············································································································1-3 Configuring a Preferred Value for Routes from a Peer/Peer Group ···············································1-3 Specifying the Source Interface for Establishing TCP Connections ···············································1-4 Allowing the establishment of a Non-Direct eBGP connection ·······················································1-5 Configuring a Description for an IPv6 Peer/Peer Group ·································································1-5...
Page 777
IPv6 BGP Route Reflector Configuration ······················································································1-22 Troubleshooting IPv6 BGP Configuration ·····························································································1-24 No IPv6 BGP Peer Relationship Established ················································································1-24...
IPv6 BGP Configuration This chapter describes only configuration for IPv6 BGP. For BGP related information, refer to BGP Configuration in the IP Routing Volume. When configuring IPv6 BGP, go to these sections for information you are interested in: IPv6 BGP Overview Configuration Task List Configuring IPv6 BGP Basic Functions Controlling Route Distribution and Reception...
Configuration Task List Complete the following tasks to configure IPv6 BGP: Task Remarks Specifying an IPv6 BGP Peer Required Injecting a Local IPv6 Route Optional Configuring a Preferred Value for Routes from Optional a Peer/Peer Group Specifying the Source Interface for Optional Establishing TCP Connections Configuring IPv6 BGP...
Configuring IPv6 BGP Basic Functions Prerequisites Before configuring this task, you need to: Specify IP addresses for interfaces. Enable IPv6. You need create a peer group before configuring basic functions for it. For related information, refer to Configuring IPv6 BGP Peer Group.
To do… Use the command… Remarks Enter system view system-view — Enter BGP view — bgp as-number Enter IPv6 address family view ipv6-family — Optional Configure a preferred value for peer { ipv6-group-name | routes received from an IPv6 ipv6-address } preferred-value By default, the preferred value peer/peer group value...
To improve stability and reliability, you can specify a loopback interface as the source interface for establishing TCP connections to a BGP peer. By doing so, a connection failure upon redundancy availability will not affect TCP connection establishment. To establish multiple BGP connections to a BGP router, you need to specify on the local router the respective source interfaces for establishing TCP connections to the peers on the peering BGP router;...
The peer group to be configured with a description must have been created. Disabling Session Establishment to an IPv6 Peer/Peer Group Follow these steps to disable session establishment to a peer/peer group: To do… Use the command… Remarks Enter system view system-view —...
Enable IPv6 Configure the IPv6 BGP basic functions Configuring IPv6 BGP Route Redistribution Follow these steps to configure IPv6 BGP route redistribution: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family —...
To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family — Required peer { ipv6-group-name | ipv6-address } Advertise a default route to an default-route-advertise [ route-policy Not advertised by IPv6 peer/peer group route-policy-name ]...
IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command. Configuring Inbound Route Filtering Follow these steps to configure inbound route filtering: To do…...
By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the iBGP route is advertised by IGP can the route be advertised to eBGP peers. Follow these steps to configure IPv6 BGP and IGP route synchronization: To do…...
To do… Use the command… Remarks Enter system view system-view — Enter BGP view — bgp as-number Enter IPv6 address family view ipv6-family — preference Optional { external-preference Configure preference values for internal-preference The default preference values of IPv6 BGP external, internal, local-preference | external, internal and local routes are local routes...
To do… Use the command… Remarks Enable the comparison of MED Optional for routes from confederation bestroute med-confederation Disabled by default peers Configuring the AS_PATH Attribute Follow these steps to configure the AS_PATH attribute: To do… Use the command… Remarks Enter system view system-view —...
route-refresh feature that enables dynamic IPv6 BGP routing table refresh without needing to disconnect IPv6 BGP links. With this feature enabled on all IPv6 BGP routers in a network, when a routing policy modified on a router, the router advertises a route-refresh message to its peers, which then send their routing information back to the router.
To do… Use the command… Remarks Required Configure the maximum balance number By default, no load balancing is number of load balanced routes enabled. Configuring a Large Scale IPv6 BGP Network In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too many peers.
Page 793
Creating a pure eBGP peer group Follow these steps to configure a pure eBGP group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family — group ipv6-group-name Create an eBGP peer group Required external...
Configuring IPv6 BGP Community Advertise community attribute to an IPv6 peer/peer group Follow these steps to advertise community attribute to an IPv6 peer/peer group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number —...
Page 795
To do… Use the command… Remarks Configure the router as a route Required peer { ipv6-group-name | reflector and specify an IPv6 ipv6-address } reflect-client Not configured by default. peer/peer group as a client Optional Enable route reflection reflect between-clients between clients Enabled by default.
Displaying and Maintaining IPv6 BGP Displaying BGP To do… Use the command… Remarks Display IPv6 BGP peer group display bgp ipv6 group [ ipv6-group-name ] information Display IPv6 BGP advertised display bgp ipv6 network routing information Display IPv6 BGP AS path display bgp ipv6 paths information [ as-regular-expression ]...
[SwitchD-bgp] ipv6-family [SwitchD-bgp-af-ipv6] peer 102::1 as-number 200 Configure route reflector # Configure Switch C as a route reflector, Switch B and Switch D as its clients. [SwitchC-bgp-af-ipv6] peer 101::2 reflect-client [SwitchC-bgp-af-ipv6] peer 102::2 reflect-client Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64.
Page 802
Table of Contents 1 Route Policy Configuration ······················································································································1-1 Introduction to Route Policy ····················································································································1-1 Route Policy ····································································································································1-1 Filters ···············································································································································1-1 Route Policy Application··················································································································1-2 Route Policy Configuration Task List ······································································································1-2 Defining Filters ········································································································································1-3 Prerequisites····································································································································1-3 Defining an IP-prefix List ·················································································································1-3 Defining an AS Path List··················································································································1-4 Defining a Community List ··············································································································1-4 Defining an Extended Community List ····························································································1-5 Configuring a Route Policy ·····················································································································1-5...
Route Policy Configuration A route policy is used on a router for route filtering and attributes modification when routes are received, advertised, or redistributed. When configuring route policy, go to these sections for information you are interested in: Introduction to Route Policy Route Policy Configuration Task List Defining Filters Configuring a Route Policy...
An IP prefix list is configured to match the destination address of routing information. Moreover, you can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, refer to RIP Commands and OSPF Commands in the IP Routing Volume. An IP prefix list, identified by name, can comprise multiple items.
Task Creating a Route Policy Configuring a Route Policy Defining if-match Clauses Defining apply Clauses Defining Filters Prerequisites Before configuring this task, you need to decide on: IP-prefix list name Matching address range Extcommunity list sequence number Defining an IP-prefix List Define an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items.
Define an IPv6 prefix list Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number. An item with a smaller index number is matched first. If one item is matched, the IPv6 prefix list is passed, and the routing information will not go to the next item.
Follow these steps to define a community list: To do… Use the command… Remarks Enter system view system-view — ip community-list basic-comm-list-num Define a basic { deny | permit } [ community-number-list ] Required to community list [ internet | no-advertise | no-export | Define a define either;...
Creating a Route Policy Follow these steps to create a route policy: To do… Use the command… Remarks Enter system view system-view — Create a route policy, specify a route-policy route-policy-name { permit | node for it and enter route Required deny } node node-number policy node view...
To do… Use the command… Remarks if-match ipv6 { address | Optional Match IPv6 routing information whose next-hop | route-source } { acl next hop or source is specified in the ACL Not configured by acl-number | prefix-list or IP prefix list default.
Page 810
To do… Use the command… Remarks Enter system view system-view — route-policy route-policy-name Required Enter route policy node view { permit | deny } node Not created by default. node-number Optional Set the AS-PATH attribute for apply as-path BGP routing information as-number&<1-10>...
To do… Use the command… Remarks Optional Set a preferred value for BGP apply preferred-value routing information preferred-value Not set by default. Optional Set a tag value for RIP, OSPF or apply tag value IS-IS routing information Not set by default. The difference between IPv4 and IPv6 apply clauses is the command for setting the next hop for routing information.
*> 9.9.9.0/24 1.1.3.1 300 200i The display above shows that Switch D has learned routes 4.4.4.0/24, 5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from AS 200. Configure Switch D to reject routes from AS 200. # Configure AS_PATH list 1 on Switch D. [SwitchD] ip as-path 1 permit .*200.* # Configure a route policy named rt1 on Switch D.
IPv6 Routing Information Filtering Failure Symptom Filtering routing information failed, while the routing protocol runs normally. Analysis At least one item of the IPv6 prefix list should be configured as permit mode, and at least one node of the Route policy should be configured as permit mode. Solution Use the display ip ipv6-prefix command to display IP prefix list information.
Page 820
Table of Contents 1 BFD Configuration·····································································································································1-1 Introduction to BFD ·································································································································1-1 How BFD Works ······························································································································1-1 BFD Packet Format ·························································································································1-4 Protocols and Standards ·················································································································1-5 BFD Configuration Task List ···················································································································1-6 Configuring BFD Basic Functions ···········································································································1-6 Configuration Prerequisites ·············································································································1-6 Configuration Procedure··················································································································1-6 Configuring Protocol-based BFD ············································································································1-7 Configuring BFD for OSPF··············································································································1-7 Configuring BFD for IS-IS················································································································1-7 Configuring BFD for RIP··················································································································1-8...
BFD Configuration When configuring BFD, go to these sections for information you are interested in: Introduction to BFD BFD Configuration Task List Configuring BFD Basic Functions Configuring Protocol-based BFD Enabling Trap Displaying and Maintaining BFD BFD Configuration Examples The term “router” or router icon in this document refers to a router in a generic sense or an Ethernet switch running routing protocols.
Page 822
BFD provides no neighbor discovery mechanism. Protocols that BFD services notify BFD of routers to which it needs to establish sessions. After a session is established, if no BFD control packet is received from the peer within the negotiated BFD interval, BFD notifies a failure to the protocol, which takes appropriate measures.
Page 823
No detection time resolution is defined in the BFD draft. At present, most devices supporting BFD provide detection measured in milliseconds. BFD session modes Control packet mode: Both ends of the link exchange BFD control packets to monitor link status. Echo mode: One end of the link sends Echo packets to the other end, which then forwards the packets back to the originating end, thereby monitoring link status in both directions.
Dynamic BFD parameter changes After a BFD session is established, both ends can negotiate the related BFD parameters, such as the minimum transmit interval, minimum receive interval, initialization mode, and packet authentication mode. After that, both ends use the negotiated parameters, without affecting the current session state. Authentication modes BFD provides the following authentication methods: Simple: Plain text authentication...
Demand (D): If set, Demand mode is active in the transmitting system (the system wishes to operate in Demand mode, knows that the session is up in both directions, and is directing the remote system to cease the periodic transmission of BFD Control packets). If clear, Demand mode is not active in the transmitting system.
To do… Use the command… Remarks Optional bfd authentication-mode Configure the authentication By default, the interface { md5 key-id key | sha1 key-id type operates in the key | simple key-id password } non-authentication mode. Configuring Protocol-based BFD Configuring BFD for OSPF After discovering neighbors by sending hello packets, OSPF notifies BFD of the neighbor addresses, and BFD uses theses addresses to establish sessions.
To do… Use the command… Remarks Required Enable BFD on the IS-IS isis bfd enable interface Not enabled by default For details about IS-IS, refer to IS-IS Configuration in the IP Routing Volume. Configuring BFD for RIP RIP periodically sends route update requests to neighbors. If no route update response for a route is received within the specified interval, RIP considers the route unreachable.
Bidirectional detection in BFD control packet mode Follow these steps to configure BFD for RIP (bidirectional detection in BFD control packet mode): To do… Use the command… Remarks Enter system view system-view — Required Create a RIP process rip [ process-id ] [ vpn-instance and enter RIP view vpn-instance-name ] By default, RIP is disabled.
At present, you can configure BFD for IPv4 BGP neighbors only. If GR capability is enabled for BGP, use BFD with caution. For BGP configuration, refer to BGP Configuration in the IP Routing Volume. Configuring BFD for VRRP To configure BFD for VRRP, you need to configure a BFD track entry and then bind the track entry to a VRRP group.
Page 831
BFD control packet mode To use BFD control packets for bidirectional detection between two devices, you need to enable BFD control packet mode for each device’s static route destined to the peer. Follow these steps to configure BFD control packet mode for static routes: To do…...
If route flaps occur, enabling BFD may worsen the route flaps. Therefore, enable BFD with care in such cases. The source address of echo packets must be configured if the BFD session operates in the echo mode. If you configure BFD for a static route, you need to specify the outbound interface and next hop IP address for the route.
To do… Use the command… Remarks On a centralized Available in any display bfd session [ verbose ] Display BFD device view session On a distributed display bfd session [ verbose ] [ slot Available in any information device slot-number [ all | verbose ] ] view On a centralized Available in...
Page 835
# Display OSPF neighbor information of Switch A. <SwitchA> display ospf peer OSPF Process 1 with Router ID 192.168.1.40 Neighbor Brief Information Area: 0.0.0.1 Router ID Address Pri Dead-Time Interface State 10.1.0.102 10.1.0.100 vlan10 Full/DR # Enable BFD debugging on Switch A. <SwitchA>...
# Display OSPF neighbor information of Switch A. Because Switch A has removed its neighbor relationship with Switch B, no information is output. <SwitchA> display ospf peer OSPF Process 1 with Router ID 192.168.1.40 Neighbor Brief Information Configuring BFD for IS-IS Network requirements Switch A and Switch B are interconnected through a Layer-2 switch.
<SwitchA> terminal debugging # When the link between Switch B and the Layer 2 switch fails, you can see that Switch A can quickly detect the changes on Switch B. #Aug 8 14:54:05:362 2008 SwitchA IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983041 is Down, ifAdminStatus is 1, ifOperStatus is 2 #Aug 8 14:54:05:363 2008 SwitchA ISIS/4/ADJ_CHANGE:TrapID(1.3.6.1.2.1.138.0.17<...
Page 839
When the link between Switch C and the Layer 2 switch fails, BFD can quickly detect the link failure and notify it to RIP, and the BFD session goes down. In response, RIP deletes the neighbor relationship with Switch C and the route information received from Switch C. Then, Switch A learns the static route sent by Switch C with the outbound interface being the interface connected to Switch B.
RelyNextHop: 0.0.0.0 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h18m40s Tag: 0 Configuring BFD for RIP (Bidirectional Detection in BFD Control Packet Mode) Network requirements Switch A is connected to Switch C through Switch B. VLAN-interface 100 on Switch A, VLAN-interface 200 on Switch C, and VLAN-interface 200 and VLAN-interface 100 on Switch B run RIP process 1.
Page 843
[SwitchA] interface vlan-interface 300 [SwitchA-Vlan-interface300] ip address 192.168.3.1 24 [SwitchA-Vlan-interface300] quit # Configure Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.168.1.2 24 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ip address 192.168.2.1 24 # Configure Switch C. <SwitchC> system-view [SwitchC] interface vlan 200 [SwitchC-Vlan-interface200] ip address 192.168.2.2 24 [SwitchC-Vlan-interface200] quit...
NextHop: 192.168.3.2 Interface: vlan-interface 300 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h18m40s Tag: 0 Configuring BFD for BGP Network requirements Switch A and Switch B are interconnected through a Layer 2 switch. BFD is enabled on the connected interfaces.
# When the link between Switch A and Switch B fails, display the detailed BGP neighbor information of Switch A. Switch A has removed its neighbor relationship with Switch B. <SwitchA> display bgp peer 10.1.0.100 verbose Peer: 10.1.0.100 Local: 1.1.1.1 Type: IBGP link BGP version 4, remote router ID 2.2.2.2 BGP current state: Idle...
Page 849
Figure 1-9 Network diagram for monitoring the master on the backup Configuration procedure # Configure Switch A. <SwitchA> system-view [SwitchA] interface vlan-interface 2 [SwitchA–vlan-interface2] ip address 192.168.0.101 24 [SwitchA–vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchA–vlan-interface2] vrrp vrid 1 priority 110 [SwitchA–vlan-interface2] return # Configure Switch B.
[SwitchB] interface vlan-interface 2 [SwitchB–vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB–vlan-interface2] vrrp vrid 1 track 1 switchover [SwitchB–vlan-interface2] return Use the display vrrp verbose command to display the configuration. # Display the detailed information of VRRP group 1 on Switch A. <SwitchA>...
Track Object Switchover Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.102 # Display the track entry information of Switch B. <SwitchB> display track 1 Track ID: 1 Status: Negative Reference Object: BFD Session: Packet type: Echo Interface : vlan-interface2 Remote IP...
Page 852
Figure 1-10 Network diagram for monitoring the uplink through VRRP Internet Backup Master uplink uplink device device forwarding Vlan-int3 1.1.1.2/24 Vlan-int3 1.1.1.1/24 Virtual Router Switch A Switch B Master Backup Heartbeat Vlan-int2 Vlan-int2 192.168.0.101/24 192.168.0.102/24 Trunk Trunk MSTP enabled L2 switch L2 switch BFD probe packet User data...
Page 853
[SwitchB–vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB–vlan-interface2] return Use the display vrrp verbose command to display the configuration. # Display the detailed information of VRRP group 1 on Switch A. <SwitchA> display vrrp verbose IPv4 Standby Information: Run Method : VIRTUAL-MAC Total number of virtual routers: 1 Interface : vlan-interface2...
Master IP : 192.168.0.102 # When the uplink of Switch A goes down, display the detailed information of VRRP group 1 on Switch <SwitchB> display vrrp verbose IPv4 Standby Information: Run Method : VIRTUAL-MAC Total number of virtual routers: 1 Virtual IP Ping : Enable Interface...
Page 855
# Configure a static route on Switch A and enable BFD on it. Implement BFD through BFD echo packets. <SwitchA> system-view [SwitchA] bfd echo-source-ip 123.1.1.1 [SwitchA] interface vlan-interface 10 [SwitchA-vlan-interface10] bfd min-echo-receive-interval 300 [SwitchA-vlan-interface10] bfd detect-multiplier 7 [SwitchA-vlan-interface10] quit [SwitchA] ip route-static 120.1.1.1 24 vlan-interface 10 10.1.1.100 bfd echo-packet [SwitchA] ip route-static 120.1.1.1 24 vlan-interface 11 11.1.1.2 preference 65 [SwitchA] quit Verify the configuration...
Page 858
*Jul 27 10:18:19:172 2007 SwitchA BFD/7/EVENT:Receive Delete-sess, [Src:12.1.1.1 ,Dst:12.1.1.2, Vlan12,Ctrl], Direct, Instance:0x0, Proto:STATIC *Jul 27 10:18:19:172 2007 SwitchA BFD/7/EVENT:Notify driver to stop receiving bf # Display the static route on Switch A, which is in the inactive state. <SwitchA> display ip routing-table protocol static Public Routing Table : Static Summary Count : 1 Static Routing table Status : <...
Page 859
Table of Contents 1 MCE Overview············································································································································1-1 MCE Overview ········································································································································1-1 Introduction to BGP/MPLS VPN······································································································1-1 BGP/MPLS VPN Concepts ·············································································································1-2 Introduction to MCE·························································································································1-4 How MCE Works ·····························································································································1-5 Routing Information Exchange for MCE ·································································································1-5 Route Exchange between a CE and the Private Network·······························································1-5 Route Exchange between CE and PE ····························································································1-7 2 MCE Configuration ····································································································································2-1 Configuring a VPN Instance····················································································································2-1 VPN Instance Configuration Task List·····························································································2-1...
MCE Overview The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running routing protocols. MCE Overview Multi-CE (MCE) enables a switch to function as the CEs of multiple VPN instances in a BGP/MPLS VPN network, thus reducing the investment on network equipment.
Figure 1-1 A BGP/MPLS VPN implementation CEs and PEs mark the boundary between the service providers and the customers. A CE is usually a router. After a CE establishes adjacency with a directly connected PE, it redistributes its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information.
Page 862
Address space overlapping Each VPN independently manages the addresses that it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses in network segment 10.110.10.0/24, address space overlapping occurs.
You are recommended to configure a distinct RD for each VPN instance on a PE, guaranteeing that routes to the same CE use the same RD. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address. By prefixing a distinct RD to a specific IPv4 address prefix, you make it a globally unique VPN IPv4 address prefix.
An S5500-EI switch with MCE enabled can solve this problem. By binding the VLAN interfaces to the VPNs in a network on an S5500-EI switch of this kind, you can create and maintain a routing table for each of the VPNs. In this way, packets of different VPNs in the private network can be isolated. Moreover, with the cooperation of the PE, the routes of each VPN can be advertised to the corresponding remote PE properly, so that packets of each VPN in the private network can be transmitted securely through the public network.
Page 865
Static route OSPF IS-IS EBGP This introduces the cooperation of routing protocols and MCE in brief. For details on routing protocols, see the IPv4 Routing module of this manual. Static routes A CE can communicate with a site through static routes. As static routes configure for traditional CEs take effect globally, address overlapping between multiple VPNs remains a problem till the emergence of MCE.
Normally, when an OSPF route is imported to the BGP routing table as a BGP route on a PE, some attributes of the OSPF route get lost. When the BGP route is imported to the OSPF routing table on the remote CE, not all the attributes of the original OSPF routes can be restored.
Page 867
OSPF IS-IS EBGP For information on how to configure the routing protocols and how to import routes, refer to the IPv4 Routing module of this manual.
MCE Configuration For detailed information on the routing protocol configuration mentioned in this chapter, see the IPv4 Routing module of this manual. Configuring a VPN Instance VPN Instance Configuration Task List Complete the following tasks to configure a VPN instance: Task Remarks Creating a VPN Instance...
To do… Use the command… Remarks Optional Set the description information for the VPN description text By default, a VPN instance has no instance description configured. The RD configured for a VPN instance on the MCE device must be same as that configured for the VPN instance on the PE device.
To do… Use the command… Remarks Enter system view — system-view ip vpn-instance Enter VPN instance view — vpn-instance-name Required Associate the current VPN vpn-target vpn-target&<1-8> By default, a VPN instance has instance with one or multiple [ both | export-extcommunity no VPN target associated with VPN targets | import-extcommunity ]...
To do… Use the command… Remarks Enter system view system-view — Required ip route-static vpn-instance s-vpn-instance-name&<1-5> dest-address This operation is { mask | mask-length } { gateway-address performed on the MCE Define a static route for [ public ] | interface-type interface-number device.
To do… Use the command… Remarks Enter system view — system-view Required Enable OSPF for a ospf [ process-id | This operation is performed on the MCE VPN instance (this router-id router-id | device. As for the corresponding operation also leads vpn-instance configuration on the site, you can just you to OSPF view)
To do… Use the command… Remarks Enter system view — system-view Required Enable IS-IS for a isis [ process-id ] This operation is performed on the MCE device. VPN instance and vpn-instance As for the corresponding configuration on the enter IS-IS view vpn-instance-name site, you can just enable IS-IS as usual.
Page 874
To do… Use the command… Remarks Optional filter-policy { acl-number | Apply a filter policy to routes ip-prefix ip-prefix-name } By default, received routes are received import not filtered. Configure to permit the routes Optional with their AS numbers contained in their AS_PATH peer { group-name | By default, routes with their AS attributes being the local AS...
In a VPN instance with BGP enabled, the BGP route exchange is processed in the same way as those in a normal BGP-enabled network. Configuring Route Exchange between a MCE and a PE Configuring Route Exchange between a MCE and a PE Complete the following tasks to configure route exchange between a MCE and a PE: Task Remarks...
A static route configured for a VPN instance does not take effect if you configure the next hop address of the route as the IP address of a local interface (such as Ethernet interface, VLAN interface). If the default static route preference is not configured, the preference of a newly defined static route adopts the system default preference value, which is 60.
To do… Use the command… Remarks Required import-route protocol [ process-id | Enable OSPF to import allow-ibgp ] [ cost cost | type type | By default, OSPF does not routes of other protocols tag tag | route-policy import the routes of other route-policy-name ] * protocols.
Configure to Use EBGP between a MCE and a PE To use EBGP to exchange routing information between a MCE and a PE, you need to configure the peer end as a peer in the BGP-VPNs on both ends, import VPN routes in the site to the MCE, and then advertise these routes to the PE.
Page 879
To do… Use the command… Remarks display bgp vpnv4 vpn-instance Display information about vpn-instance-name peer [ group-name Available in any view BGP VPNv4 peers log-info | ip-address { log-info | verbose } | verbose ] display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community...
MCE Configuration Example MCE Configuration Example (A) Network requirements An MCE device connects to VPN1 (with the address range being 192.168.0.0/16) through VLAN-interface 10 (with the IP address being 10.214.10.3) and connects to VPN2 (with the address range being 192.168.10.0/24) through VLAN-interface 20 (with the IP address being 10.214.20.3).
Page 881
[MCE] ip vpn-instance vpn2 [MCE-vpn-instance-vpn2] route-distinguisher 20:1 # Create VLAN 10, add GigabitEthernet 1/0/10 to VLAN 10, and create VLAN-interface 10. [MCE-vpn-instance-vpn2] quit [MCE] vlan 10 [MCE-vlan10] port GigabitEthernet 1/0/10 [MCE-vlan10] quit [MCE] interface Vlan-interface 10 # Bind VLAN-interface 10 to VPN1, and configure IP address 10.214.10.3/24 for VLAN-interface 10. [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Create VLAN 20, add GigabitEthernet 1/0/20 to VLAN 20, create VLAN-interface 20, bind...
Page 882
# Define a static route on MCE, specify the next hop address 10.214.10.2 for packets destined for the network segment 192.168.0.0, and bind this route to VPN1. [MCE-Vlan-interface10] quit [MCE] ip route-static vpn-instance vpn1 192.168.0.0 16 10.214.10.2 # Display the information about the routes of VPN1 maintained on MCE. [MCE] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5...
Page 883
192.168.10.0/24 10.214.20.2 Vlan20 As shown in the displayed information above, MCE has obtained the routes of VPN2 through RIP, and maintains these routes in a routing table different from the routing table for routing information of VPN1 to the network segment 192.168.0.0, thus isolating the routes of VPN1 from the routes of VPN2. Configure the routing protocol running between the MCE and a PE # MCE uses GigabitEthernet 1/0/3 to connect to GigabitEthernet 1/0/18 of PE.
Destinations : 6 Routes : 6 Destination/Mask Proto Cost NextHop Interface 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 10.214.30.0/24 Direct 0 10.214.30.1 Vlan30 10.214.30.2/32 Direct 0 127.0.0.1 InLoop0 100.100.10.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/16 O_ASE 10.214.30.1 Vlan30 As shown in the displayed information above, the static routes of VPN1 have been imported to the OSPF routing table between MCE and PE.
Page 886
# Create VLAN 3, add GigabitEthernet 1/0/20 to VLAN 3, create VLAN-interface 3, bind VLAN-interface 3 to VPN2, and configure IP address 10.214.20.3/24 for VLAN-interface 3. [MCE-Vlan-interface10] quit [MCE] vlan 3 [MCE-vlan3] port GigabitEthernet 1/0/20 [MCE-vlan3] quit [MCE] interface Vlan-interface 3 [MCE-Vlan-interface3] ip binding vpn-instance vpn2 [MCE-Vlan-interface3] ip address 10.214.20.3 24 [MCE-Vlan-interface3] quit...
Page 887
10.100.10.1/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 OSPF 10.100.10.2 Vlan2 As shown in the displayed information above, MCE has obtained the routing information of VPN1 through OSPF process 10. # Create OSPF process 20 for MCE whose router ID is 10.10.20.1, bind the process to VPN2. Redistribute BGP routes from VPN2, enable OSPF multi-instance, and advertise the network segment 10.100.20.0.
Page 888
127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 10.100.30.0/24 Direct 0 10.100.10.3 Vlan2 10.100.30.3/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 10.100.10.2 Vlan2 # For VPN2, perform the configurations similar to the above on MCE and PE to import the OSPF routing information of VPN2 to the EBGP routing table.
Page 889
IP Multicast Volume Organization Manual Version 20090108-C-1.01 Product Version Release 2202 Organization The IP Multicast Volume is organized as follows: Features Description This document describes the main concepts in multicast: Introduction to Multicast Multicast Overview Multicast Models Multicast Architecture Multicast Packets Forwarding Mechanism Multicast routing and forwarding refer to some policies that filter RPF routing information for IP multicast support.
Page 890
Features Description As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications. This document describes: MBGP Configuring MBGP Basic Functions Configuring MBGP Route Attributes Configuring a Large Scale MBGP Network Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.
Page 891
Table of Contents 1 Multicast Overview ····································································································································1-1 Introduction to Multicast ··························································································································1-1 Comparison of Information Transmission Techniques····································································1-1 Features of Multicast ·······················································································································1-4 Common Notations in Multicast·······································································································1-5 Advantages and Applications of Multicast·······················································································1-5 Multicast Models ·····································································································································1-6 Multicast Architecture······························································································································1-6 Multicast Addresses ························································································································1-7 Multicast Protocols ························································································································1-11 Multicast Packet Forwarding Mechanism ·····························································································1-13...
Multicast Overview This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. Introduction to Multicast As a technique coexisting with unicast and broadcast, the multicast technique effectively addresses the issue of point-to-multipoint data transmission.
Page 893
Figure 1-1 Unicast transmission Host A Receiver Host B Source Host C Receiver Host D IP network Receiver Packets for Host B Host E Packets for Host D Packets for Host E Assume that Host B, Host D and Host E need the information. A separate transmission channel needs to be established from the information source to each of these hosts.
Page 894
Figure 1-2 Broadcast transmission Assume that only Host B, Host D, and Host E need the information. If the information is broadcast to the subnet, Host A and Host C also receive it. In addition to information security issues, this also causes traffic flooding on the same subnet.
Figure 1-3 Multicast transmission The multicast source (Source in the figure) sends only one copy of the information to a multicast group. Host B, Host D and Host E, which are receivers of the information, need to join the multicast group. The routers on the network duplicate and forward the information based on the distribution of the group members.
For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission TV transmission Multicast transmission A TV station transmits a TV program through A multicast source sends multicast data to a a channel.
Data warehouse and financial applications (stock quotes). Any other point-to-multipoint data distribution application. Multicast Models Based on how the receivers treat the multicast sources, there are three multicast models: any-source multicast (ASM), source-filtered multicast (SFM), and source-specific multicast (SSM). ASM model In the ASM model, any sender can send information to a multicast group as a multicast source, and numbers of receivers can join a multicast group identified by a group address and obtain multicast information addressed to that multicast group.
Multicast applications: A software system that supports multicast applications, such as video conferencing, must be installed on multicast sources and receiver hosts, and the TCP/IP stack must support reception and transmission of multicast data. Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided.
Page 899
Address Description 224.0.0.5 Open Shortest Path First (OSPF) routers 224.0.0.6 OSPF designated routers/backup designated routers 224.0.0.7 Shared Tree (ST) routers 224.0.0.8 ST hosts 224.0.0.9 Routing Information Protocol version 2 (RIPv2) routers 224.0.0.11 Mobile agents 224.0.0.12 Dynamic Host Configuration Protocol (DHCP) server/relay agent 224.0.0.13 All Protocol Independent Multicast (PIM) routers 224.0.0.14...
Page 900
Description When set to 0, it indicates that this address is an IPv6 multicast address not based on a unicast prefix When set to 1, it indicates that this address is an IPv6 multicast address based on a unicast prefix (the T bit must also be set to 1) When set to 0, it indicates that this address is an IPv6 multicast address permanently-assigned by IANA When set to 1, it indicates that this address is a transient, or dynamically...
Page 901
Figure 1-6 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost.
Multicast Protocols Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, MSDP, and MBGP/IPv6 MBGP; we refer to IP multicast working at the data link layer as Layer 2 multicast and the corresponding multicast protocols as Layer 2 multicast protocols, which include IGMP Snooping/MLD Snooping, and multicast VLAN/IPv6 multicast VLAN.
Page 903
A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicast routes constitute a loop-free data transmission path from a data source to multiple receivers, namely, a multicast distribution tree. In the ASM model, multicast routes come in intra-domain routes and inter-domain routes.
data to each VLAN of the Layer 2 device. With the multicast VLAN or IPv6 multicast VLAN feature enabled on the Layer 2 device, the Layer 3 multicast device needs to send only one copy of multicast to the multicast VLAN or IPv6 multicast VLAN on the Layer 2 device. This avoids waste of network bandwidth and extra burden on the Layer 3 device.
Page 905
Table of Contents 1 Multicast Routing and Forwarding Configuration··················································································1-1 Multicast Routing and Forwarding Overview ··························································································1-1 Introduction to Multicast Routing and Forwarding···········································································1-1 RPF Check Mechanism···················································································································1-1 Multicast Static Routes ····················································································································1-4 Multicast Traceroute ························································································································1-5 Configuration Task List ···························································································································1-6 Enabling IP Multicast Routing ·················································································································1-6 Configuring Multicast Routing and Forwarding·······················································································1-7 Configuration Prerequisites ·············································································································1-7 Configuring Multicast Static Routes ································································································1-7...
Multicast Routing and Forwarding Configuration When configuring multicast routing and forwarding, go to these sections for information you are interested in: Multicast Routing and Forwarding Overview Configuration Task List Displaying and Maintaining Multicast Routing and Forwarding Configuration Examples Troubleshooting Multicast Routing and Forwarding The term "router"...
Page 907
A unicast routing table contains the shortest path to each destination subnet, An MBGP routing table contains multicast routing information, and A multicast static routing table contains the RPF routing information defined by the user through static configuration. When performing an RPF check, a router searches its unicast routing table and multicast static routing table at the same time.
Page 908
routing entry and a multicast forwarding entry for a multicast packet, the router sets the RPF interface of the packet as the incoming interface of the (S, G) entry. Upon receiving an (S, G) multicast packet, the router first searches its multicast forwarding table: If the corresponding (S, G) entry does not exist in the multicast forwarding table, the packet is subject to an RPF check.
is Vlan-interface 20. This means the (S, G) entry is correct and packet arrived along a wrong path. The RPF check fails and the packet is discarded. Multicast Static Routes A multicast static route is an important basis for RPF check. Depending on the application environment, a multicast static route has the following two functions: Changing an RPF route Typically, the topology structure of a multicast network is the same as that of a unicast network, and...
Figure 1-3 Creating an RPF route As shown in Figure 1-3, the RIP domain and the OSPF domain are unicast isolated from each other. When no multicast static route is configured, the hosts (Receivers) in the OSPF domain cannot receive the multicast packets sent by the multicast source (Source) in the RIP domain.
Introduction to multicast traceroute packets A multicast traceroute packet is a special IGMP packet, which differs from common IGMP packets in that its IGMP Type field is set to 0x1F or 0x1E and that its destination IP address is a unicast address. There are three types of multicast traceroute packets: Query, with the IGMP Type field set to 0x1F, Request, with the IGMP Type field set to 0x1F, and...
Enabling IP multicast routing in the public instance Follow these steps to enable IP multicast routing in the public instance: To do... Use the command... Remarks Enter system view system-view — Required Enable IP multicast routing multicast routing-enable Disabled by default Configuring Multicast Routing and Forwarding Configuration Prerequisites Before configuring multicast routing and forwarding, complete the following tasks:...
Configuring a Multicast Routing Policy You can configure the router to determine the RPF route based on the longest match principle. For details about RPF route selection, refer to RPF check process. By configuring per-source or per-source-and-group load splitting, you can optimize the traffic delivery when multiple data flows are handled.
To do... Use the command... Remarks Required multicast boundary Configure a multicast group-address { mask | No forwarding boundary by forwarding boundary mask-length } default Configuring the Multicast Forwarding Table Size The router maintains the corresponding forwarding entry for each multicast packet it receives. Excessive multicast routing entries, however, can exhaust the router’s memory and thus result in lower router performance.
Displaying and Maintaining Multicast Routing and Forwarding To do... Use the command... Remarks display multicast boundary [ group-address [ mask View the multicast boundary Available in | mask-length ] ] [ interface interface-type information any view interface-number ] display multicast forwarding-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | View the multicast...
Page 916
Switch A, Switch B and Switch C run OSPF. Typically, Receiver can receive the multicast data from Source through the path Switch A – Switch B, which is the same as the unicast route. Perform the following configuration so that Receiver can receive the multicast data from Source through the path Switch A –...
Page 917
[SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] pim dm [SwitchB-Vlan-interface102] quit # Enable IP multicast routing on Switch A, and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] pim dm [SwitchA-Vlan-interface200] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim dm [SwitchA-Vlan-interface102] quit [SwitchA] interface vlan-interface 103...
Creating an RPF Route Network requirements PIM-DM runs in the network and all switches in the network support IP multicast. Switch B and Switch C run OSPF, and have no unicast routes to Switch A. Typically, Receiver can receive the multicast data from Source 1 in the OSPF domain. Perform the following configuration so that Receiver can receive multicast data from Source 2, which is outside the OSPF domain.
Page 919
# Enable IP multicast routing on Switch A and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here.
Troubleshooting Multicast Routing and Forwarding Multicast Static Route Failure Symptom No dynamic routing protocol is enabled on the routers, and the physic status and link layer status of interfaces are both up, but the multicast static route fails. Analysis If the multicast static route is not configured or updated correctly to match the current network conditions, the route entry and the configuration information of multicast static routes do not exist in the multicast routing table.
Page 921
In the case of PIM-SM, use the display current-configuration command to check the BSR and RP information. 1-16...
Page 922
Table of Contents 1 IGMP Configuration ···································································································································1-1 IGMP Overview ·······································································································································1-1 IGMP Versions ································································································································1-1 Introduction to IGMPv1····················································································································1-1 Enhancements in IGMPv2···············································································································1-3 Enhancements in IGMPv3···············································································································1-4 IGMP SSM Mapping························································································································1-5 IGMP Proxying ································································································································1-6 Protocols and Standards ·················································································································1-7 IGMP Configuration Task List ·················································································································1-7 Configuring Basic Functions of IGMP ·····································································································1-8 Configuration Prerequisites ·············································································································1-8 Enabling IGMP ································································································································1-9 Configuring IGMP Versions·············································································································1-9...
IGMP Configuration When configuring IGMP, go to the following sections for the information you are interested in: IGMP Overview IGMP Configuration Task List IGMP Configuration Examples Troubleshooting IGMP The term "router" in this document refers to a router in a generic sense or a Layer 3 switch running an IP routing protocol.
Page 924
Of multiple multicast routers on the same subnet, all the routers can hear IGMP membership report messages (often referred to as reports) from hosts, but only one router is needed for sending IGMP query messages (often referred to as queries). So, a querier election mechanism is required to determine which router will act as the IGMP querier on the subnet.
At the same time, because Host A is interested in G2, it sends a report to the multicast group address of G2. Through the above-mentioned query/report process, the IGMP routers learn that members of G1 and G2 are attached to the local subnet, and the multicast routing protocol (PIM for example) running on the routers generates (*, G1) and (*, G2) multicast forwarding entries, which will be the basis for subsequent multicast forwarding, where * represents any multicast source.
If the querier receives a membership report for the group within the maximum response time, it will maintain the memberships of the group; otherwise, the querier will assume that no hosts on the subnet are still interested in multicast traffic to that group and will stop maintaining the memberships of the group.
IGMPv3 supports not only general queries (feature of IGMPv1) and group-specific queries (feature of IGMPv2), but also group-and-source-specific queries. A general query does not carry a group address, nor a source address; A group-specific query carries a group address, but no source address; A group-and-source-specific query carries a group address and one or more source addresses.
Figure 1-3 Network diagram for IGMP SSM mapping IGMPv1 report IGMPv2 report Querier IGMPv3 report Router A Receiver Receiver Receiver Host A (IGMPv1) Host B (IGMPv2) Host C (IGMPv3) As shown in Figure 1-3, on an SSM network, Host A, Host B and Host C are running IGMPv1, IGMPv2 and IGMPv3 respectively.
Figure 1-4 Network diagram for IGMP proxying Proxy & Querier Querier Router B Router A PIM domain Ethernet Receiver Receiver Host B Host A Host C Query from Router A Report from Host Report from Router B Host interface Query from Router B Router interface As shown in Figure...
Task Remarks Enabling IGMP Required Configuring IGMP Versions Optional Configuring Basic Functions Configuring Static Joining Optional of IGMP Configuring a Multicast Group Filter Optional Configuring the Maximum Number of Multicast Optional Groups on an Interface Configuring IGMP Message Options Optional Adjusting IGMP Configuring IGMP Query and Response Optional...
Enabling IGMP First, IGMP must be enabled on the interface on which the multicast group memberships are to be established and maintained. Enabling IGMP Follow these steps to enable IGMP: To do... Use the command... Remarks Enter system view system-view —...
To do... Use the command... Remarks Optional Configure an IGMP version on igmp version version-number the interface IGMPv2 by default Configuring Static Joining After an interface is configured as a static member of a multicast group or a multicast source and group, it will act as a virtual member of the multicast group to receive multicast data addressed to that multicast group for the purpose of testing multicast data forwarding.
Follow these steps to configure a multicast group filter: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Configure a multicast group igmp group-policy No multicast group filter filter acl-number [ version-number ] configured by default Configuring the Maximum Number of Multicast Groups on an Interface You can configure the allowed maximum number of multicast groups on an interface to flexibly control...
Startup query count IGMP general query interval IGMP querier’s robustness variable Maximum response time for IGMP general queries IGMP last-member query interval Other querier present interval Configuring IGMP Message Options IGMP queries include group-specific queries and group-and-source-specific queries, and multicast groups change dynamically, so a device cannot maintain the information for all multicast sources and groups, For this reason, when receiving a multicast packet but unable to locate the outgoing interface for the destination multicast group, an IGMP router needs to leverage the Router-Alert option to pass...
To do... Use the command... Remarks Configure the interface to Optional discard any IGMP message igmp require-router-alert By default, the device does not that does not carry the check the Router-Alert option. Router-Alert option Optional Enable insertion of the Router-Alert option into IGMP igmp send-router-alert By default, IGMP messages messages...
Page 936
To do... Use the command... Remarks Optional Configure the startup query startup-query-interval interval For the system default, see interval “Note” below. Optional Configure the startup query startup-query-count value For the system default, see count “Note” below. Optional Configure the IGMP query timer query interval interval 60 seconds by default...
To do... Use the command... Remarks Optional Configure the other querier igmp timer For the system default, see present interval other-querier-present interval “Note” below. If not statically configured, the startup query interval is 1/4 of the “IGMP query interval”. By default, the IGMP query interval is 60 seconds, so the startup query interval = 60 / 4 = 15 (seconds).
To do... Use the command... Remarks Required Configure IGMP fast leave fast-leave [ group-policy processing acl-number ] Disabled by default The IGMP fast leave processing configuration is effective only if the device is running IGMPv2 or IGMPv3. Configuring IGMP SSM Mapping Due to some possible restrictions, some receiver hosts on an SSM network may run IGMPv1 or IGMPv2.
Follow these steps to configure an IGMP SSM mapping: To do… Use the command… Remarks Enter system view system-view — Enter IGMP view igmp — Required ssm-mapping group-address Configure an IGMP SSM { mask | mask-length } No IGMP mappings are mapping source-address configured by default.
Each device can have only one interface serving as the proxy interface. In scenarios with multiple instances, IGMP proxying is configured on only one interface per instance. You cannot enable IGMP on interfaces with IGMP proxying enabled. Moreover, only the igmp require-router-alert, igmp send-router-alert, and igmp version commands can take effect on such interfaces.
Displaying and Maintaining IGMP To do... Use the command... Remarks display igmp group [ group-address | View IGMP multicast group Available in interface interface-type interface-number ] information any view [ static | verbose ] View layer 2 port information about display igmp group port-info [ vlan Available in IGMP multicast groups...
IGMP Configuration Examples Basic IGMP Functions Configuration Example Network requirements Receivers receive VOD information through multicast. Receivers of different organizations form stub networks N1 and N2, and Host A and Host C are receivers in N1 and N2 respectively. Switch A in the PIM network connects to N1, and both Switch B and Switch C connect to N2. Switch A connects to N1 through VLAN-interface 100, and to other devices in the PIM network through VLAN-interface 101.
Page 943
[SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] igmp enable [SwitchA-Vlan-interface100] pim dm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim dm [SwitchA-Vlan-interface101] quit # Enable IP multicast routing on Switch B, enable PIM-DM on each interface, and enable IGMP on VLAN-interface 200.
SSM Mapping Configuration Example Network requirements On the PIM-SSM network shown in Figure 1-6, the receiver host receives VOD information through multicast. The receiver host runs IGMPv2, so it cannot specify the expected multicast sources in its membership reports. It is required to configure the IGMP SSM mapping feature on Switch D so that the receiver host will receive multicast data from Source 1 and Source 3 only.
Page 945
[SwitchD-Vlan-interface400] igmp enable [SwitchD-Vlan-interface400] igmp version 3 [SwitchD-Vlan-interface400] igmp ssm-mapping enable [SwitchD-Vlan-interface400] pim sm [SwitchD-Vlan-interface400] quit [SwitchD] interface vlan-interface 103 [SwitchD-Vlan-interface103] pim sm [SwitchD-Vlan-interface103] quit [SwitchD] interface vlan-interface 104 [SwitchD-Vlan-interface104] pim sm [SwitchD-Vlan-interface104] quit # Enable IP multicast routing on Switch A, and enable PIM-SM on each interface. <SwitchA>...
133.133.1.1 133.133.3.1 Use the display igmp ssm-mapping group command to view the multicast group information created based on the configured IGMP SSM mappings. # View the IGMP multicast group information created based on the IGMP SSM mappings on Switch D. [SwitchD] display igmp ssm-mapping group Total 1 IGMP SSM-mapping Group(s).
Page 947
Network diagram Figure 1-7 Network diagram for IGMP Proxying configuration Configuration procedure Configure IP addresses Configure the IP address and subnet mask of each interface as per Figure 1-7. The detailed configuration steps are omitted here. Enable IP multicast routing, PIM-DM, IGMP, and IGMP Proxying. # Enable IP multicast routing on Switch A, PIM-DM on VLAN-interface 101, and IGMP on VLAN-interface 100.
[SwitchB] display igmp interface vlan-interface 100 verbose Vlan-interface100(192.168.1.2): IGMP proxy is enabled Current IGMP version is 2 Multicast routing on this interface: enabled Require-router-alert: disabled Version1-querier-present-timer-expiry: 00:00:20 Use the display igmp group command to view the IGMP multicast group information. For example, # View the IGMP multicast group information on Switch A.
Check the IGMP version on the interface. You can use the display igmp interface command to check whether the IGMP version on the interface is lower than that on the host. Check that no ACL rule has been configured to restrict the host from joining the multicast group G. Carry out the display current-configuration interface command to check whether the igmp group-policy command has been executed.
Page 950
Table of Contents 1 PIM Configuration······································································································································1-1 PIM Overview··········································································································································1-1 Introduction to PIM-DM····················································································································1-2 How PIM-DM Works ························································································································1-2 Introduction to PIM-SM····················································································································1-4 How PIM-SM Works ························································································································1-5 Introduction to Administrative Scoping in PIM-SM ········································································1-11 SSM Model Implementation in PIM ·······························································································1-13 Protocols and Standards ···············································································································1-14 Configuring PIM-DM······························································································································1-14 PIM-DM Configuration Task List ···································································································1-14 Configuration Prerequisites ···········································································································1-15 Enabling PIM-DM ··························································································································1-15...
Page 951
PIM-SSM Configuration Example··································································································1-50 Troubleshooting PIM Configuration ······································································································1-53 Failure of Building a Multicast Distribution Tree Correctly ····························································1-53 Multicast Data Abnormally Terminated on an Intermediate Router ··············································1-54 RPs Unable to Join SPT in PIM-SM······························································································1-54 RPT Establishment Failure or Source Registration Failure in PIM-SM·········································1-55...
PIM Configuration When configuring PIM, go to these sections for information you are interested in: PIM Overview Configuring PIM-DM Configuring PIM-SM Configuring PIM-SSM Configuring PIM Common Features Displaying and Maintaining PIM PIM Configuration Examples Troubleshooting PIM Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the PIM protocol.
Introduction to PIM-DM PIM-DM is a type of dense mode multicast protocol. It uses the “push mode” for multicast forwarding, and is suitable for small-sized networks with densely distributed multicast members. The basic implementation of PIM-DM is as follows: PIM-DM assumes that at least one multicast group member exists on each subnet of a network, and therefore multicast data is flooded to all nodes on the network.
Page 954
corresponding interface from the outgoing interface list in the (S, G) entry and stop forwarding subsequent packets addressed to that multicast group down to this node. An (S, G) entry contains the multicast source address S, multicast group address G, outgoing interface list, and incoming interface.
The node that needs to receive multicast data sends a graft message toward its upstream node, as a request to join the SPT again. Upon receiving this graft message, the upstream node puts the interface on which the graft was received into the forwarding state and responds with a graft-ack message to the graft sender.
PIM-SM is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast group members. The basic implementation of PIM-SM is as follows: PIM-SM assumes that no hosts need to receive multicast data.
Page 957
A DR must be elected in a multi-access network, no matter this network connects to multicast sources or to receivers. The DR at the receiver side sends join messages to the RP; the DR at the multicast source side sends register messages to the RP. A DR is elected on a multi-access subnet by means of comparison of the priorities and IP addresses carried in hello messages.
Page 958
optimize the topological structure of the RPT, multiple candidate RPs (C-RPs) can be configured in a PIM-SM domain, among which an RP is dynamically elected through the bootstrap mechanism. Each elected RP serves a different multicast group range. For this purpose, a bootstrap router (BSR) must be configured.
Page 959
Table 1-1 Values in the hashing algorithm Value Description Value Hash value IP address of the multicast group Hash mask length IP address of the C-RP & Logical operator of “and” Logical operator of “exclusive-or” Modulo operator, which gives the remainder of an integer division RPT establishment Figure 1-5 RPT establishment in a PIM-SM domain As shown in...
Page 960
Multicast source registration The purpose of multicast source registration is to inform the RP about the existence of the multicast source. Figure 1-6 Multicast source registration As shown in Figure 1-6, the multicast source registers with the RP as follows: When the multicast source S sends the first multicast packet to multicast group G, the DR directly connected with the multicast source, upon receiving the multicast packet, encapsulates the packet in a PIM register message, and sends the message to the corresponding RP by unicast.
Page 961
Switchover to SPT In a PIM-SM domain, a multicast group corresponds to one RP and RPT. Before the SPT switchover takes place, the DR at the multicast source side encapsulates all multicast data destined to the multicast group in register messages and sends these messages to the RP. Upon receiving these register messages, the RP abstracts the multicast data and sends the multicast data down the RPT to the DRs at the receiver side.
Introduction to Administrative Scoping in PIM-SM Division of PIM-SM domains Typically, a PIM-SM domain contains only one BSR, which is responsible for advertising RP-set information within the entire PIM-SM domain. The information for all multicast groups is forwarded within the network scope administered by the BSR. We call this non-scoped BSR mechanism. To implement refined management, a PIM-SM domain can be divided into one global scope zone and multiple administratively scoped zones (admin-scope zones).
Page 963
Figure 1-7 Relationship between admin-scope zones and the global scope zone in geographic space Admin-scope zones are geographically separated from one another. Namely, a router must not serve different admin-scope zones. In other words, different admin-scope zones contain different routers, whereas the global scope zone covers all routers in the PIM-SM domain.
SSM Model Implementation in PIM The source-specific multicast (SSM) model and the any-source multicast (ASM) model are two opposite models. Presently, the ASM model includes the PIM-DM and PIM-SM modes. The SSM model can be implemented by leveraging part of the PIM-SM technique. The SSM model provides a solution for source-specific multicast.
As shown in Figure 1-9, Host B and Host C are multicast information receivers. They send IGMPv3 report messages to the respective DRs to express their interest in the information of the specific multicast source S. Upon receiving a report message, the DR first checks whether the group address in this message falls in the SSM group range: If so, the DR sends a subscribe message for channel subscription hop by hop toward the multicast source S.
Configuration Prerequisites Before configuring PIM-DM, complete the following task: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Before configuring PIM-DM, prepare the following data: The interval between state-refresh messages Minimum time to wait before receiving a new refresh message TTL value of state-refresh messages Graft retry period Enabling PIM-DM...
Follow these steps to enable the state-refresh capability: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Enable state-refresh pim state-refresh-capable Enabled by default Configuring State-Refresh Parameters To avoid the resource-consuming reflooding of unwanted traffic caused by timeout of pruned interfaces, the router directly connected with the multicast source periodically sends an (S, G) state-refresh message, which is forwarded hop by hop along the initial multicast flooding path of the PIM-DM domain, to refresh the prune timer state of all the routers on the path.
Follow these steps to configure graft retry period: To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Configure graft retry period pim timer graft-retry interval 3 seconds by default For the configuration of other timers in PIM-DM, refer to Configuring PIM Common Timers.
Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Before configuring PIM-SM, prepare the following data: The IP address of a static RP and an ACL rule defining the range of multicast groups to be served by the static RP C-RP priority and an ACL rule defining the range of multicast groups to be served by each C-RP A legal C-RP address range and an ACL rule defining the range of multicast groups to be served...
For details about the multicast routing-enable command, see Multicast Routing and Forwarding Commands in the IP Multicast Volume. Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism. For a large PIM network, static RP configuration is a tedious job. Generally, static RP configuration is just a backup means for the dynamic RP election mechanism to enhance the robustness and operation manageability of a multicast network.
Page 971
To do... Use the command... Remarks Enter system view system-view — Enter PIM view — c-rp interface-type interface-number [ group-policy Required Configure an interface to be a acl-number | priority priority | No C-RPs are configured C-RP holdtime hold-interval | by default advertisement-interval adv-interval ] *...
Follow these steps to configure C-RP timers globally: To do... Use the command... Remarks Enter system view system-view — Enter PIM view — Optional Configure the C-RP-Adv c-rp advertisement-interval interval interval 60 seconds by default Optional Configure C-RP timeout time c-rp holdtime interval 150 seconds by default For the configuration of other timers in PIM-SM, refer to...
Page 973
value of 1, the whole network will not be affected as long as the neighbor router discards these bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the entire network, all these routers will discard bootstrap messages from out of the legal address range.
Page 974
To do… Use the command… Remarks Required Configure a PIM domain border pim bsr-boundary By default, no PIM domain border is configured. Configuring global C-BSR parameters In each PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the PIM-SM domain send advertisement messages to the BSR.
Follow these steps to configure C-BSR timers: To do… Use the command… Remarks Enter system view system-view — Enter PIM view — Optional Configure the BS period c-bsr interval interval For the default value, see the note below. Optional Configure the BS timeout c-bsr holdtime interval For the default value, see the note below.
Page 976
To do… Use the command… Remarks Required Enable administrative scoping c-bsr admin-scope Disabled by default Configuring an admin-scope zone boundary The boundary of each admin-scope zone is formed by ZBRs. Each admin-scope zone maintains a BSR, which serves a specific multicast group range. Multicast protocol packets (such as assert messages and bootstrap messages) that belong to this range cannot cross the admin-scope zone boundary.
To do… Use the command… Remarks Required Configure a C-BSR for the c-bsr global [ hash-length No C-BSRs are configured for global-scope zone hash-length | priority priority ] * the global-scope zone by default About the Hash mask length and C-BSR priority: You can configure these parameters at three levels: global configuration level, global scope zone level, and admin-scope zone level.
To do... Use the command... Remarks Enter system view system-view — Enter PIM view — Optional Configure a filtering rule for register-policy acl-number No register filtering rule by register messages default Optional Configure the device to By default, the checksum is calculate the checksum based register-whole-checksum calculated based on the header...
Task Remarks Enabling PIM-SM Required Configuring the SSM Group Range Optional Configuring PIM Common Features Optional Configuration Prerequisites Before configuring PIM-SSM, complete the following task: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Configuring the SSM Group Range As for whether the information from a multicast source is delivered to the receivers based on the PIM-SSM model or the PIM-SM model, this depends on whether the group address in the (S, G) channel subscribed by the receivers falls in the SSM group range. All PIM-SM-enabled interfaces assume that multicast groups within this address range are using the PIM-SSM model.
Task Remarks Configuring PIM Hello Options Optional Configuring PIM Common Timers Optional Configuring Join/Prune Message Sizes Optional Configuration Prerequisites Before configuring PIM common features, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering effect. This filter works not only on independent multicast data but also on multicast data encapsulated in register messages. Configuring a Hello Message Filter Along with the wide applications of PIM, the security requirement for the protocol is becoming more and more demanding.
Page 983
largest value will take effect. If you want to enable neighbor tracking, the neighbor tracking feature should be enabled on all PIM routers on a multi-access subnet. The LAN-delay setting will cause the upstream routers to delay processing received prune messages. If the LAN-delay setting is too small, it may cause the upstream router to stop forwarding multicast packets before a downstream router sends a prune override message.
To do... Use the command... Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional Configure the priority for DR pim hello-option dr-priority election priority 1 by default Optional Configure PIM neighbor pim hello-option holdtime timeout time interval 105 seconds by default Optional...
To do... Use the command... Remarks Optional Configure the join/prune timer join-prune interval interval 60 seconds by default Optional Configure the join/prune holdtime join-prune interval timeout time 210 seconds by default Optional Configure assert timeout time holdtime assert interval 180 seconds by default Optional Configure the multicast source source-lifetime interval...
To do... Use the command... Remarks Enter system view system-view — Enter PIM view — Optional Configure the maximum size of jp-pkt-size packet-size a join/prune message 8,100 bytes by default Configure the maximum Optional number of (S, G) entries in a jp-queue-size queue-size 1,020 by default join/prune message...
PIM Configuration Examples PIM-DM Configuration Example Network requirements Receivers receive VOD information through multicast. The receiver groups of different organizations form stub networks, and one or more receiver hosts exist in each stub network. The entire PIM domain operates in the dense mode. Host A and Host C are multicast receivers in two stub networks.
Page 988
Configure the IP address and subnet mask for each interface as per Figure 1-10. Detailed configuration steps are omitted here. Configure the OSPF protocol for interoperation among the switches in the PIM-DM domain. Ensure the network-layer interoperation in the PIM-DM domain and enable dynamic update of routing information among the switches through a unicast routing protocol.
Page 989
# View the PIM neighboring relationships on Switch D. [SwitchD] display pim neighbor Total Number of Neighbors = 3 Neighbor Interface Uptime Expires Dr-Priority 192.168.1.1 Vlan103 00:02:22 00:01:27 1 192.168.2.1 Vlan101 00:00:22 00:01:29 3 192.168.3.1 Vlan102 00:00:23 00:01:31 5 Assume that Host A needs to receive the information addressed to multicast group G (225.1.1.1). After multicast source S (10.110.5.100/24) sends multicast packets to the multicast group G, an SPT is established through traffic flooding.
UpTime: 00:03:27 Upstream interface: Vlan-interface300 Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 3 1: Vlan-interface103 Protocol: pim-dm, UpTime: 00:03:27, Expires: never 2: Vlan-interface101 Protocol: pim-dm, UpTime: 00:03:27, Expires: never 3: Vlan-interface102 Protocol: pim-dm, UpTime: 00:03:27, Expires: never PIM-SM Non-Scoped Zone Configuration Example Network requirements Receivers receive VOD information through multicast.
Page 991
Network diagram Figure 1-11 Network diagram for PIM-SM non- scoped zone configuration Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int101 192.168.1.1/24 Vlan-int101 192.168.1.2/24 Vlan-int102 192.168.9.1/24 Vlan-int105 192.168.4.2/24 Switch B Vlan-int200 10.110.2.1/24 Switch E Vlan-int104 192.168.3.2/24...
Page 992
[SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm [SwitchA-Vlan-interface102] quit The configuration on Switch B and Switch C is similar to that on Switch A. The configuration on Switch D and Switch E is also similar to that on Switch A except that it is not necessary to enable IGMP on the corresponding interfaces on these two switches.
Page 993
Hash mask length: 32 State: Accept Preferred Scope: Not scoped Uptime: 00:40:40 Expires: 00:01:42 # View the BSR information and the locally configured C-RP information in effect on Switch D. [SwitchD] display pim bsr-info Elected BSR Address: 192.168.9.2 Priority: 20 Hash mask length: 32 State: Accept Preferred Scope: Not scoped...
Page 994
# View the RP information on Switch A. [SwitchA] display pim rp-info PIM-SM BSR RP information: Group/MaskLen: 225.1.1.0/24 RP: 192.168.4.2 Priority: 0 HoldTime: 150 Uptime: 00:51:45 Expires: 00:02:22 RP: 192.168.9.2 Priority: 0 HoldTime: 150 Uptime: 00:51:45 Expires: 00:02:22 Assume that Host A needs to receive information addressed to the multicast group G (225.1.1.0). The RP corresponding to the multicast group G is Switch E as a result of hash calculation, so an RPT will be built between Switch A and Switch E.
Total number of downstreams: 1 1: Vlan-interface100 Protocol: pim-sm, UpTime: 00:00:42, Expires: 00:03:06 The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D. [SwitchD] display pim routing-table Total 0 (*, G) entry;...
Page 996
of admin-scope zone 2, which also serve the multicast group range 239.0.0.0/8. Both VLAN-interface 109 of Switch F and VLAN-interface 110 of Switch H act as C-BSRs and C-RPs of the global scope zone, which serve all the multicast groups other than those in the 239.0.0.0/8 range.
Page 997
Configure the IP address and subnet mask for each interface as per Figure 1-12. The detailed configuration steps are omitted here. Configure OSPF for interoperation among the switches in the PIM-SM domain. Ensure the network-layer interoperation among the switches in the PIM-SM domain and enable dynamic update of routing information among the switches through a unicast routing protocol.
Page 998
# On Switch B, configure VLAN-interface 102 and VLAN-interface 103 to be the boundary of admin-scope zone 1. [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] multicast boundary 239.0.0.0 8 [SwitchB-Vlan-interface102] quit [SwitchB] interface vlan-interface 103 [SwitchB-Vlan-interface103] multicast boundary 239.0.0.0 8 [SwitchB-Vlan-interface103] quit # On Switch C, configure VLAN-interface 103 and VLAN-interface 106 to be the boundary of admin-scope zone 2.
Page 999
[SwitchF] pim [SwitchF-pim] c-bsr global [SwitchF-pim] c-bsr vlan-interface 109 [SwitchF-pim] c-rp vlan-interface 109 [SwitchF-pim] quit Verify the configuration To view the BSR election information and the C-RP information on a switch, use the display pim bsr-info command. For example: # View the BSR information and the locally configured C-RP information on Switch B. [SwitchB] display pim bsr-info Elected BSR Address: 10.110.9.1 Priority: 0...
Page 1000
State: Elected Scope: 239.0.0.0/8 Uptime: 00:03:48 Next BSR message scheduled at: 00:01:12 Candidate BSR Address: 10.110.4.2 Priority: 0 Hash mask length: 30 State: Elected Scope: 239.0.0.0/8 Candidate RP: 10.110.4.2(Vlan-interface104) Priority: 0 HoldTime: 150 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:10 # View the BSR information and the locally configured C-RP information on Switch F.