Page 1: Configuration Guide
3Com Switch 4800G Family Configuration Guide Switch 4800G 24-Port Switch 4800G 48-Port Switch 4800G PWR 24-Port Switch 4800G PWR 48-Port Switch 4800G 24-Port SFP Product Version: Release 2202 Manual Version: 6W101-20091012 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...
Page 2 Copyright © 2009, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
Page 3: About This Manual
About This Manual Organization 3Com Switch 4800G Family Configuration Guide is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Service Loopback Ethernet Interface Link Aggregation Port Isolation Group 01-Access Volume MSTP LLDP VLAN GVRP QinQ BPDU Tunneling VLAN Mapping...
Page 4 Volume Features Basic System Device File System Login Configuration Management Management MAC Address HTTP SNMP RMON Table Management System 08-System Information Maintaining and Hotfix Volume Center Debugging Cluster Management Automatic Configuration Conventions The manual uses the following conventions: Command conventions Convention Description The keywords of a command line are in Boldface.
Page 5: Related Documentation
Means reader be careful. Improper operation may cause data loss or damage to equipment. Means a complementary description. Related Documentation In addition to this manual, each 3com Switch 4800G documentation set includes the following: Manual Description 3Com Switch 4800G Family Command...
Page 6: Table Of Contents
Table of Contents 1 Product Features ·······································································································································1-1 Introduction to Product ····························································································································1-1 Feature Lists ···········································································································································1-1 2 Features······················································································································································2-1 Access Volume ·······································································································································2-1 IP Services Volume·································································································································2-3 IP Routing Volume ··································································································································2-4 Multicast Volume·····································································································································2-6 QoS Volume············································································································································2-8 Security Volume ······································································································································2-8 High Availability Volume························································································································2-10 System Volume ·····································································································································2-11...
Page 7: Product Features
(MANs). They can also be used for connecting server groups in data centers. The 3Com Switches 4800G support the innovative Intelligent Resilient Framework (IRF) technology. With IRF, multiple 4800G switches can be interconnected as a logical entity to form a new intelligent network featuring high availability, scalability, and manageability.
Page 8 Volume Features 802.1X HABP Authentication Portal Port Security IP Source Guard SSH2.0 06-Security Volume Public Key ARP Attack URPF Protection VRRP Smart Link Monitor Link RRPP 07-High Connectivity Fault Availability DLDP Ethernet OAM Detection Volume Track GR Overview Basic System Device File System Login...
Page 9: Features
Features The following sections provide an overview of the main features of each module supported by the Switch 4800G. Access Volume Table 2-1 Features in Access volume Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface...
Page 10 Features Description LLDP enables a device to maintain and manage its own and its immediate neighbor’s device information, based on which the network management system detects and determines the conditions of the communications links. This document describes: LLDP Introduction to LLDP Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping...
Page 11: Ip Services Volume
IP Services Volume Table 2-2 Features in the IP Services volume Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.
Page 12: Ip Routing Volume
Features Description A network node that supports both IPv4 and IPv6 is called a dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can have both IPv4 and IPv6 packets transmitted. This document Dual Stack describes: Dual stack overview...
Page 13 Features Description Intermediate System-to-Intermediate System (IS-IS) is a link state protocol, which uses the shortest path first (SPF) algorithm. This document describes: Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control IS-IS Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes...
Page 14: Multicast Volume
IP address. Policy Routing The Switch 4800G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.
Page 15 Features Description Multicast source discovery protocol (MSDP) describes interconnection mechanism of multiple PIM-SM domains. It is used is to discover multicast source information in other PIM-SM domains. This document describes: MSDP MSDP configuration Configuring an MSDP Peer Connection Configuring SA Messages Related Parameters As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications.
Page 16: Qos Volume
QoS Volume Table 2-5 Features in the QoS ACL volume Features Description This document describes: QoS overview Traffic classification configuration Traffic policing Configuration Traffic shaping Configuration Line rate configuration QoS policy configuration Congestion management Congestion avoidance configuration Priority mapping configuration Traffic mirroring configuration User profile provides a configuration template to save predefined configurations.
Page 17 Features Description Portal authentication, as its name implies, helps control access to the Internet. This document describes: Portal Portal overview Portal configuration Port security is a MAC address-based security mechanism for network access controlling. It is an extension to the existing 802.1X authentication and MAC authentication.
Page 18: High Availability Volume
Features Description Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. This document describes: URPF URPF Overview URPF configuration High Availability Volume Table 2-7 Features in the High Availability volume Features Description Virtual Router Redundancy Protocol (VRRP) combines a group of switches (including a master and multiple backups) on a LAN into a virtual router called VRRP group.
Page 19: System Volume
Features Description Ethernet OAM is a tool monitoring Layer-2 link status. It helps network administrators manage their networks effectively. This document describes: Ethernet OAM Ethernet OAM overview Configuring Basic Ethernet OAM Functions Configuring Link Monitoring Enabling OAM Loopback Testing Connectivity fault detection is an end-to-end, per-VLAN link-layer OAM mechanism for link connectivity detection, fault verification, and fault location.
Page 20 Features Description Basic system configuration involves the configuration of device name, system clock, welcome message, user privilege levels and so on. This document describes: Basic System Configuration Configuration display Basic configurations CLI features Through the device management function, you can view the current condition of your device and configure running parameters.
Page 21 Features Description For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors. This System Maintenance document describes: and Debugging Maintenance and debugging overview Maintenance and debugging configuration As the system information hub, Information Center classifies and manages all types of system information.
Page 22 Features Description Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network. This document describes: NTP overview Configuring the Operation Modes of NTP Configuring Optional Parameters of NTP Configuring Access-Control Rights Configuring NTP Authentication A cluster is a group of network devices. Cluster management is to implement management of large numbers of distributed network devices.
Page 23 Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...
Page 24 Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...
Page 25 Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...
Page 26 Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...
Page 27 Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...
Page 28 Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol...
Page 29 Acronyms Full spelling Multicast Listener Discovery Protocol MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP...
Page 30 Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...
Page 31 Acronyms Full spelling Power over Ethernet Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return...
Page 32 Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active...
Page 33 Acronyms Full spelling Shortest Path First Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree...
Page 34 Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch...
Page 35: Manual Version
Access Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The Access Volume is organized as follows: Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface Ethernet Interface...
Page 36 Features Description To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group. Service Loopback This document describes: Group Introduction to Service Loopback Groups Configuring a Service Loopback Group MSTP is used to eliminate loops in a LAN. It is compatible with STP and RSTP.
Page 37 Features Description Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network monitoring and troubleshooting. This document describes: Port Mirroring Port Mirroring overview Local port mirroring configuration Remote port mirroring configuration...
Page 38 Table of Contents 1 Ethernet Interface Configuration ·············································································································1-1 Ethernet Interface Configuration ·············································································································1-1 Combo Port Configuration ···············································································································1-1 Basic Ethernet Interface Configuration····························································································1-1 Configuring an Auto-negotiation Transmission Rate·······································································1-2 Configuring Flow Control on an Ethernet Interface ·········································································1-3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface ········1-4 Configuring Loopback Testing on an Ethernet Interface·································································1-4 Configuring a Port Group·················································································································1-5 Configuring Storm Suppression ······································································································1-5...
Page 39: Ethernet Interface Configuration
Ethernet Interface Configuration Ethernet Interface Configuration Combo Port Configuration Introduction to Combo port A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding interface. For a Combo port, the electrical port and the corresponding optical port are TX-SFP multiplexed.
Page 40: Configuring An Auto-Negotiation Transmission Rate
Auto-negotiation mode (auto). Interfaces operating in this mode determine their duplex mode through auto-negotiation. Similarly, if you configure the transmission rate for an Ethernet interface by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a Gigabit Ethernet interface, you can specify the transmission rate by its auto-negotiation capacity.
Page 41: Configuring Flow Control On An Ethernet Interface
Figure 1-1 An application diagram of auto-negotiation transmission rate As shown in Figure 1-1, the network card transmission rate of the server group (Server 1, Server 2, and Server 3) is 1000 Mbps, and the transmission rate of GigabitEthernet 1/0/4, which provides access to the external network for the server group, is 1000 Mbps too.
Page 42: Configuring The Suppression Time Of Physical-Link-State Change On An Ethernet Interface
Follow these steps to enable flow control on an Ethernet interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter Ethernet interface view — interface-number Required Enable flow control flow-control Disabled by default Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface An Ethernet interface operates in one of the two physical link states: up or down.
Page 43: Configuring A Port Group
To do… Use the command… Remarks Optional Enable loopback testing loopback { external | internal } Disabled by default. As for the internal loopback test and external loopback test, if an interface is down, only the former is available on it; if the interface is shut down, both are unavailable. The speed, duplex, mdi, and shutdown commands are not applicable during loopback testing.
Page 44: Setting The Interval For Collecting Ethernet Interface Statistics
The storm suppression ratio settings configured for an Ethernet interface may get invalid if you enable the storm constrain for the interface. For information about the storm constrain function, see Configuring the Storm Constrain Function on an Ethernet Interface. Follow these steps to set storm suppression ratios for one or multiple Ethernet interfaces: To do…...
Page 45: Enabling Forwarding Of Jumbo Frames
To do… Use the command… Remarks Optional Set the interval for collecting By default, the interval for flow-interval interval statistics on the Ethernet port collecting port statistics is 300 seconds. Enabling Forwarding of Jumbo Frames Due to tremendous amount of traffic occurring on an Ethernet interface, it is likely that some frames greater than the standard Ethernet frame size are received.
Page 46: Configuring The Mdi Mode For An Ethernet Interface
To do… Use the command… Remarks Enter system view — system-view Required Enable global loopback loopback-detection enable detection Disabled by default Optional Configure the interval for port loopback-detection loopback detection 30 seconds by default interval-time time interface interface-type Enter Ethernet interface view —...
Page 47: Testing The Cable On An Ethernet Interface
signals; pin 3 and pin 6 are used for transmitting signals. To enable normal communication, you should connect the local transmit pins to the remote receive pins. Therefore, you should configure the MDI mode depending on the cable types. Normally, the auto mode is recommended. The other two modes are useful only when the device cannot determine the cable type.
Page 48 periodically and takes corresponding actions (that is, blocking or shutting down the interface and sending trap messages and logs) when the traffic detected exceeds the threshold. Alternatively, you can configure the storm suppression function to control a specific type of traffic. As the function and the storm constrain function are mutually exclusive, do not enable them at the same time on an Ethernet interface.
Page 49: Displaying And Maintaining An Ethernet Interface
To do… Use the command… Remarks Optional Specify to send log when the By default, the system sends traffic detected exceeds the log when the traffic detected upper threshold or drops down exceeds the upper threshold or storm-constrain enable log below the lower threshold from drops down below the lower a point higher than the upper...
Page 50 To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about Available in any view display loopback-detection the loopback function display storm-constrain...
Page 51 Table of Contents 1 Link Aggregation Configuration ··············································································································1-1 Overview ·················································································································································1-1 Basic Concepts of Link Aggregation ·······························································································1-1 Link Aggregation Modes··················································································································1-3 Load Sharing Mode of an Aggregation Group ················································································1-5 Link Aggregation Configuration Task List ·······························································································1-5 Configuring an Aggregation Group ·········································································································1-6 Configuring a Static Aggregation Group··························································································1-6 Configuring a Dynamic Aggregation Group·····················································································1-7 Configuring an Aggregate Interface ········································································································1-8 Configuring the Description of an Aggregate Interface ···································································1-8...
Page 52: Link Aggregation Configuration
Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups Displaying and Maintaining Link Aggregation Link Aggregation Configuration Examples Overview...
Page 53 Selected: a selected port can forward user traffic. Unselected: an unselected port cannot forward user traffic. The rate of an aggregate interface is the sum of the selected member ports’ rates. The duplex mode of an aggregate interface is consistent with that of the selected member ports. Note that all selected member ports use the same duplex mode.
Page 54: Link Aggregation Modes
Some configurations are called class-one configurations. Such configurations, for example, GVRP and MSTP, can be configured on aggregate interfaces and member ports but are not considered during operational key calculation. The change of a class-two configuration setting may affect the select state of link aggregation member ports and thus the ongoing service.
Page 55 A port that joins the aggregation group after the limit on the number of selected ports has been reached will not be placed in the selected state even if it should be in normal cases. This can prevent the ongoing traffic on the current selected ports from being interrupted.
Page 56: Load Sharing Mode Of An Aggregation Group
Load Sharing Mode of an Aggregation Group The link aggregation groups created on the 3Com Switch 4800G always operates in load sharing mode, even when they contain only one member port. Link Aggregation Configuration Task List...
Page 57: Configuring An Aggregation Group
Configuring an Aggregation Group The following ports cannot be assigned to an aggregation group: Stack ports, RRPP-enabled ports, MAC address authentication-enabled ports, port security-enabled ports, IP source guard-enabled ports, and 802.1x-enabled ports. You are recommended not to assign reflector ports of port mirroring to an aggregation group. For details about reflector ports, refer to Port Mirroring Configuration in the Access Volume.
Page 58: Configuring A Dynamic Aggregation Group
Configuring a Dynamic Aggregation Group Follow these steps to configure a Layer 2 dynamic aggregation group: To do... Use the command... Remarks Enter system view — system-view Optional By default, the system LACP priority is 32768. Set the system LACP lacp system-priority Changing the system LACP priority priority...
Page 59: Configuring An Aggregate Interface
Removing a dynamic aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful dynamic aggregation, ensure that the peer ports of the ports aggregated at one end are also aggregated.
Page 60: Shutting Down An Aggregate Interface
Follow these steps to enable linkUp/linkDown trap generation for an aggregate interface: To do... Use the command... Remarks Enter system view — system-view Optional snmp-agent trap enable Enable the trap function By default, linkUp/linkDown [ standard [ linkdown | linkup ] globally trap generation is enabled globally and on all interfaces.
Page 61: Displaying And Maintaining Link Aggregation
sharing mode. You can change the load sharing mode of a link aggregation group for different types of traffic as needed. Follow these steps to configure load sharing mode for link aggregation groups: To do... Use the command... Remarks Enter system view —...
Page 62: Link Aggregation Configuration Examples
Link Aggregation Configuration Examples In an aggregation group, the port to be a selected port must be the same as the reference port in port attributes, and class-two configurations. To keep these configurations consistent, you should configure the port manually. Reference port: Select a port as the reference port from the ports that are in up state and with the same class-two configurations as the corresponding aggregate interface.
Page 63: Layer 2 Dynamic Aggregation Configuration Example
[DeviceA-Bridge-Aggregation1] quit # Assign Layer 2 Ethernet interfaces GigabitEthernet1/0/1 through GigabitEthernet1/0/3 to aggregation group 1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B.
Page 64 # Assign Layer 2 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA- GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B.
Page 65 Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group ··············································································································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...
Page 66: Port Isolation Configuration
VLAN, allowing for great flexibility and security. Currently: 3Com Switch 4800G support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.
Page 67: Displaying And Maintaining Isolation Groups
Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group Available in any view display port-isolate group information Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.
Page 68 Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
Page 69 Table of Contents 1 Service Loopback Group Configuration ·································································································1-1 Overview ·················································································································································1-1 Functions of Service Loopback Groups ··························································································1-1 Port Configuration Prerequisites of Service Loopback Groups·······················································1-1 States of the Ports in a Service Loopback Group ···········································································1-2 Configuring a Service Loopback Group ··································································································1-2 Displaying and Maintaining Service Loopback Groups ··········································································1-3 Configuration Example····························································································································1-3...
Page 70: Service Loopback Group Configuration
Displaying and Maintaining Service Loopback Groups Configuration Example Overview The SFP+ subcards and GE subcards of the 3Com Switch 4800G do not support service loopback groups. Functions of Service Loopback Groups To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group.
Page 71: States Of The Ports In A Service Loopback Group
The port is not configured with MSTP, 802.1x, MAC address authentication, port security mode, or IP source guard. Additionally, the member port of a service loopback group cannot be configured with any of the above-mentioned configurations. The port belongs to VLAN 1. The port is not a member of any aggregation group or service loopback group.
Page 72: Displaying And Maintaining Service Loopback Groups
You can change the service type of an existing service loopback group. For the change to be successful, you must ensure that the service group has not been referenced; the attributes of all member ports (if any) are not conflicting with the target service type; and no service loopback group has been created for the target service type, because only one service loopback group is allowed for a service type.
Page 73 Table of Contents 1 MSTP Configuration ··································································································································1-1 Overview ·················································································································································1-1 Introduction to STP ·································································································································1-1 Why STP ·········································································································································1-1 Protocol Packets of STP··················································································································1-1 Basic Concepts in STP····················································································································1-2 How STP works ·······························································································································1-3 Introduction to RSTP·······························································································································1-9 Introduction to MSTP ····························································································································1-10 Why MSTP ····································································································································1-10 Basic Concepts in MSTP···············································································································1-11 How MSTP Works ·························································································································1-14 Implementation of MSTP on Devices ····························································································1-15 Protocols and Standards ···············································································································1-15...
Page 74: Mstp Configuration
MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: Overview Introduction to STP Introduction to RSTP Introduction to MSTP MSTP Configuration Task List Configuring MSTP Displaying and Maintaining MSTP MSTP Configuration Example Overview As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy.
Page 75: Basic Concepts In Stp
Topology change notification (TCN) BPDUs, used for notifying the concerned devices of network topology changes, if any. Basic Concepts in STP Root bridge A tree network must have a root; hence the concept of root bridge was introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology.
Page 76: How Stp Works
Figure 1-1 A schematic diagram of designated bridges and designated ports All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree.
Page 77 For simplicity, the descriptions and examples below involve only four fields of configuration BPDUs: Root bridge ID (represented by device priority) Root path cost (related to the rate of the link connecting the port) Designated bridge ID (represented by device priority) Designated port ID (represented by port name) Calculation process of the STP algorithm Initial state...
Page 78 Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge. Selection of the root port and designated ports on a non-root device Table 1-3 describes the process of selecting the root port and designated ports.
Page 79 Figure 1-2 Network diagram for the STP algorithm Device A With priority 0 Device B With priority 1 Device C With priority 2 Initial state of each device Table 1-4 shows the initial state of each device. Table 1-4 Initial state of each device Device Port name BPDU of port...
Page 80 BPDU of port Device Comparison process after comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1.
Page 81 BPDU of port Device Comparison process after comparison After comparison: Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU Blocked port CP2: of CP2 is elected as the optimum BPDU, and CP2 is elected...
Page 82: Introduction To Rstp
If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the device will generate a configuration BPDU with itself as the root and send out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
Page 83: Introduction To Mstp
Introduction to MSTP Why MSTP Weaknesses of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment.
Page 84: Basic Concepts In Mstp
Basic Concepts in MSTP Figure 1-4 Basic concepts in MSTP Region A0 VLAN 1 mapped to instance 1 VLAN 2 mapped to instance 2 Other VLANs mapped to CIST BPDU BPDU Region D0 BPDU Region B0 VLAN 1 mapped to instance 1, VLAN 1 mapped to instance 1 B as regional root bridge VLAN 2 mapped to instance 2...
Page 85 VLAN-to-instance mapping table As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs. In Figure 1-4, for example, the VLAN-to-instance mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
Page 86 During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.
Page 87: How Mstp Works
Port states In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.
Page 88: Implementation Of Mstp On Devices
Within an MST region, the packet is forwarded along the corresponding MSTI. Between two MST regions, the packet is forwarded along the CST. Implementation of MSTP on Devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation.
Page 89 Task Remarks Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring the Configuring Path Costs of Ports Optional leaf nodes Configuring Port Priority...
Page 90: Configuring Mstp
Configuring MSTP Configuring an MST Region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view — system-view Enter MST region view —...
Page 91: Configuring The Root Bridge Or A Secondary Root Bridge
Configuring the Root Bridge or a Secondary Root Bridge MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, you can specify the current device as the root bridge or a secondary root bridge using the commands provided by the system.
Page 92: Configuring The Work Mode Of An Mstp Device
After specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. Alternatively, you can also configure the current device as the root bridge by setting the priority of the device to 0. For the device priority configuration, refer to Configuring the Priority of a Device.
Page 93: Configuring The Maximum Hops Of An Mst Region
After configuring a device as the root bridge or a secondary root bridge, you cannot change the priority of the device. During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address will be selected as the root bridge of the spanning tree. Configuring the Maximum Hops of an MST Region By setting the maximum hops of an MST region, you can restrict the region size.
Page 94: Configuring Timers Of Mstp
Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device. The configured network diameter is effective for the CIST only, and not for MSTIs. Each MST region is considered as a device. The network diameter must be configured on the root bridge.
Page 95: Configuring The Timeout Factor
To do... Use the command... Remarks Optional Configure the max age timer stp timer max-age time 2,000 centiseconds (20 seconds) by default The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced;...
Page 96: Configuring The Maximum Port Rate
To do... Use the command... Remarks Enter system view — system-view Required Configure the timeout factor of the device stp timer-factor factor 3 by default Configuring the Maximum Port Rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time.
Page 97: Configuring Path Costs Of Ports
To do... Use the command... Remarks Enter Ethernet interface interface interface-type Enter view, or Layer 2 aggregate interface-number Required interface interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default.
Page 98 Table 1-7 Link speed vs. path cost Duplex state Link speed 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...
Page 99: Configuring Port Priority
If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.
Page 100: Configuring The Link Type Of Ports
When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a device, the specific priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.
Page 101: Enabling The Output Of Port State Transition Information
dot1s: 802.1s-compliant standard format, and legacy: Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
Page 102: Enabling The Mstp Feature
To do... Use the command... Remarks Required Enable output of port state transition stp port-log { all | This function is enabled by information instance instance-id } default. Enabling the MSTP Feature You must enable MSTP for the device before any other MSTP-related configurations can take effect. Make this configuration on the root bridge and on the leaf nodes separately.
Page 103: Configuring Digest Snooping
By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do...
Page 104 Before enabling digest snooping, ensure that associated devices of different vendors are interconnected and run MSTP. Configuring the Digest Snooping feature You can enable Digest Snooping only on a device that is connected to a third-party device that uses its private key to calculate the configuration digest.
Page 105: Configuring No Agreement Check
Digest Snooping configuration example Network requirements Device A and Device B connect to Device C, a third-party device, and all these devices are in the same region. Enable Digest Snooping on Device A and Device B so that the three devices can communicate with one another.
Page 106 Figure 1-7 shows the rapid state transition mechanism on MSTP designated ports. Figure 1-7 Rapid state transition of an MSTP designated port Figure 1-8 shows rapid state transition of an RSTP designated port. Figure 1-8 Rapid state transition of an RSTP designated port Downstream device Upstream device Proposal for rapid transition...
Page 107: Configuring Protection Functions
To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter interface Layer 2 aggregate interface-number Required or port group interface view Use either command. view port-group manual Enter port group view port-group-name Required Enable No Agreement Check...
Page 108 Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process.
Page 109 Follow these steps to enable root guard: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter Layer 2 interface-number Required interface view aggregate or port group interface view Use either command. view Enter port group port-group manual...
Page 110: Displaying And Maintaining Mstp
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU. For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only when the time period expires.
Page 111: Mstp Configuration Example
MSTP Configuration Example Network requirements All devices on the network are in the same MST region. Device A and Device B work on the distribution layer, while Device C and Device D work on the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: Packets of VLAN 10 are forwarded along MSTI 1, those of VLAN 30 are forwarded along MSTI 3, those of VLAN 40 are forwarded along MSTI 4, and those of VLAN 20 are forwarded along MSTI 0.
Page 112 [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the current device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable MSTP globally. [DeviceA] stp enable Configuration on Device B # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.
Page 113 Configuration on Device D. # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.
Page 114 GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MSTID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE...
Page 115 Table of Contents 1 LLDP Configuration···································································································································1-1 Overview ·················································································································································1-1 Background ·····································································································································1-1 Basic Concepts································································································································1-1 Operating Modes of LLDP···············································································································1-5 How LLDP Works ····························································································································1-6 Protocols and Standards ·················································································································1-6 LLDP Configuration Task List ·················································································································1-6 Performing Basic LLDP Configuration ····································································································1-7 Enabling LLDP·································································································································1-7 Setting LLDP Operating Mode ········································································································1-7 Setting the LLDP Re-Initialization Delay ·························································································1-8 Enabling LLDP Polling·····················································································································1-8 Configuring the TLVs to Be Advertised ···························································································1-8...
Page 116: Lldp Configuration
LLDP Configuration When configuring LLDP, go to these sections for information you are interested in: Overview LLDP Configuration Task List Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping Displaying and Maintaining LLDP LLDP Configuration Examples Overview Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one other and exchange configuration for interoperability and management sake.
Page 117 Figure 1-1 Ethernet II-encapsulated LLDP frame format The fields in the frame are described in Table 1-1: Table 1-1 Description of the fields in an Ethernet II-encapsulated LLDP frame Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address.
Page 118 Field Description The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used. The SNAP type for the upper layer protocol. It is Type 0xAAAA-0300-0000-88CC for LLDP.
Page 119 VLAN Name A specific VLAN name on the port Protocol Identity Protocols supported on the port Currently, 3Com switches 4800G support receiving but not sending protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 1-5 IEEE 802.3 organizationally specific TLVs Type...
Page 120: Operating Modes Of Lldp
management. In addition, LLDP-MED TLVs make deploying voice devices in Ethernet easier. LLDP-MED TLVs are shown in Table 1-6: Table 1-6 LLDP-MED TLVs Type Description Allows a MED endpoint to advertise the supported LLDP-MED LLDP-MED Capabilities TLVs and its device type. Allows a network device or MED endpoint to advertise LAN type Network Policy and VLAN ID of the specific port, and the Layer 2 and Layer 3...
Page 121: How Lldp Works
How LLDP Works Transmitting LLDP frames An LLDP-enabled port operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent the network from being overwhelmed by LLDP frames at times of frequent local device information change, an interval is introduced between two successive LLDP frames.
Page 122: Performing Basic Lldp Configuration
LLDP-related configurations made in Ethernet interface view takes effect only on the current port, and those made in port group view takes effect on all ports in the current port group. Performing Basic LLDP Configuration Enabling LLDP To make LLDP take effect on certain ports, you need to enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do…...
Page 123: Setting The Lldp Re-Initialization Delay
Setting the LLDP Re-Initialization Delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused by frequent LLDP operating mode changes on a port. Follow these steps to set the LLDP re-initialization delay for ports: To do…...
Page 124: Configuring The Management Address And Its Encoding Format
To do… Use the command… Remarks lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id | Optional protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic | By default, all types of Configure the TLVs to be max-frame-size | power } | med-tlv { all |...
Page 125: Setting An Encapsulation Format For Lldpdus
You can configure the TTL of locally sent LLDP frames to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier. The TTL is expressed as follows: TTL = Min (65535, (TTL multiplier × LLDPDU transmit interval)) As the expression shows, the TTL can be up to 65535 seconds.
Page 126: Configuring Cdp Compatibility
To do… Use the command… Remarks Enter Ethernet interface interface-type Enter Ethernet interface view Required interface-number interface view or Use either command. Enter port port group view port-group manual port-group-name group view Required Ethernet II encapsulation format Set the encapsulation format for applies by default.
Page 127: Configuring Cdp Compatibility
Configuring CDP Compatibility CDP-compatible LLDP operates in one of the follows two modes: TxRx, where CDP packets can be transmitted and received. Disable, where CDP packets can neither be transmitted nor be received. To make CDP-compatible LLDP take effect on certain ports, first enable CDP-compatible LLDP globally and configure CDP-compatible LLDP to operate in TxRx mode.
Page 128: Displaying And Maintaining Lldp
To do… Use the command… Remarks Required lldp notification remote-change Enable LLDP trap sending Disabled by default enable Quit to system view — quit Optional Set the interval to send LLDP lldp timer notification-interval traps 5 seconds by default interval Displaying and Maintaining LLDP To do…...
Page 129: Configuration Procedure
Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...
Page 130 Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors...
Page 131: Cdp-Compatible Lldp Configuration Example
Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect any neighboring devices.
Page 132 # Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
Page 133 Table of Contents 1 VLAN Configuration ··································································································································1-1 Introduction to VLAN ·······························································································································1-1 VLAN Overview ·······························································································································1-1 VLAN Fundamentals ·······················································································································1-2 Types of VLAN ································································································································1-3 Configuring Basic VLAN Settings ···········································································································1-3 Configuring Basic Settings of a VLAN Interface ·····················································································1-4 Port-Based VLAN Configuration ·············································································································1-5 Introduction to Port-Based VLAN ····································································································1-5 Assigning an Access Port to a VLAN ······························································································1-6 Assigning a Trunk Port to a VLAN···································································································1-8 Assigning a Hybrid Port to a VLAN ·································································································1-9...
Page 134: Vlan Configuration
VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...
Page 135: Vlan Fundamentals
Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.
Page 136: Types Of Vlan
The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.
Page 137: Configuring Basic Settings Of A Vlan Interface
As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.
Page 138: Port-Based Vlan Configuration
Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.
Page 139: Assigning An Access Port To A Vlan
Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. Otherwise, the system prompts error information. For information about voice VLAN, refer to Voice VLAN Configuration. The local and remote ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
Page 140 To do… Use the command… Remarks Assign one or a group of Required access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN In VLAN view to assign a Layer-2 aggregate interface to a VLAN, this command assigns the Layer-2 aggregate interface but not its member ports to the current VLAN.
Page 141: Assigning A Trunk Port To A Vlan
Before assigning an access port to a VLAN, create the VLAN first. After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.
Page 142: Assigning A Hybrid Port To A Vlan
To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
Page 143: Mac-Based Vlan Configuration
To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Before assigning a hybrid port to a VLAN, create the VLAN first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
Page 144: Configuring A Mac Address-Based Vlan
The device associates MAC addresses with VLANs dynamically based on the information provided by the authentication server. If a user goes offline, the corresponding MAC address-to-VLAN association is removed automatically. Automatic configuration requires MAC address-to–VLAN mapping be configured on the authentication server. For detailed information, refer to 802.1X Configuration in the Security Volume.
Page 145: Protocol-Based Vlan Configuration
Protocol-Based VLAN Configuration Introduction to Protocol-Based VLAN Protocol-based VLANs are only applicable on hybrid ports. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT).
Page 146 To do… Use the command… Remarks group view Use either command. Enter Layer-2 interface aggregate In Ethernet interface view, bridge-aggregation interface view subsequent interface-number configurations apply to the current port. In port group view, the subsequent configurations apply to all ports in the port group.
Page 147: Ip Subnet-Based Vlan Configuration
IP Subnet-Based VLAN Configuration Introduction In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet. This feature is used to assign packets from the specified network segment or IP address to a specific VLAN.
Page 148: Displaying And Maintaining Vlan
To do… Use the command… Remarks Associate the hybrid port(s) with port hybrid ip-subnet-vlan the specified IP subnet-based Required vlan vlan-id VLAN After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.
Page 149: Vlan Configuration Example
To do... Use the command… Remarks reset counters interface Clear statistics on a port [ interface-type Available in user view [ interface-number ] ] The reset counters interface command can be used to clear statistics on a VLAN interface. For more information, refer to Ethernet Interface Commands in the Access Volume.
Page 150 # Configure GigabitEthernet 1/0/1 to permit packets from VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through. [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100 Please wait... Done. [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] quit Configure Device B as you configure Device A. Verification Verifying the configuration on Device A is similar to that of Device B.
Page 151 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier The output above shows that: The port (GigabitEthernet 1/0/1) is a trunk port.
Page 152: Isolate-User-Vlan Configuration
Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.
Page 153 Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.
Page 154: Displaying And Maintaining Isolate-User-Vlan
Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.
Page 155 [DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.
Page 156 gigabitethernet 1/0/2 gigabitethernet 1/0/5 VLAN ID: 3 VLAN Type: static Isolate-user-VLAN type : secondary Route Interface: not configured Description: VLAN 0003 Name: VLAN 0003 Tagged Ports: none Untagged Ports: gigabitethernet 1/0/1 gigabitethernet 1/0/5...
Page 157: Voice Vlan Configuration
Voice VLAN Configuration When configuring a voice VLAN, go to these sections for information you are interested in: Overview Configuring a Voice VLAN Displaying and Maintaining Voice VLAN Voice VLAN Configuration Overview A voice VLAN is configured specially for voice traffic. After assigning the ports connecting to voice devices to a voice VLAN, you can configure quality of service (QoS) parameters for the voice traffic, thus improving transmission priority and ensuring voice quality.
Page 158: Voice Vlan Assignment Modes
In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet.
Page 159: Security Mode And Normal Mode Of Voice Vlans
Voice VLAN assignment Voice traffic Port link type mode type Access: not supported Trunk: supported if the default VLAN of the connecting port exists and is not the voice VLAN and the connecting port belongs to the default VLAN Tagged voice traffic Hybrid: supported if the default VLAN of the connecting port exists and is not the voice VLAN, the...
Page 160: Configuring A Voice Vlan
Table 3-3 How a voice VLAN-enable port processes packets in security/normal mode Voice VLAN Packet type Packet processing mode working mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the Packets carrying the voice VLAN;...
Page 161: Setting A Port To Operate In Manual Voice Vlan Assignment Mode
Not enabled by default An switch 4800G supports up to eight voice VLANs globally. A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Therefore, do not configure a VLAN as both a protocol-based VLAN and a voice VLAN.
Page 162: Displaying And Maintaining Voice Vlan
Required voice vlan enable An switch 4800G supports up to eight voice VLANs globally. You can configure different voice VLANs on different ports at the same time. However, one port can be configured with only one voice VLAN, and this voice VLAN must be a static VLAN that already exists on the device.
Page 163 Figure 3-1 Network diagram for automatic voice VLAN assignment mode configuration Device A Device B Internet GE1/0/1 GE1/0/1 GE1/0/2 VLAN 3 VLAN 2 IP phone A IP phone B 010-1001 010-1002 MAC: 0011-1100-0001 MAC: 0011-2200-0001 0755-2002 Mask: ffff-ff00-0000 Mask: ffff-ff00-0000 PC A PC B MAC: 0022-1100-0002...
Page 164: Manual Voice Vlan Assignment Mode Configuration Example
[DeviceA-GigabitEthernet1/0/2] voice vlan mode auto [DeviceA-GigabitEthernet1/0/2] port link-type access Please wait... Done. [DeviceA-GigabitEthernet1/0/2] port link-type hybrid [DeviceA-GigabitEthernet1/0/2] voice vlan 3 enable Verification # Display the OUI addresses, OUI address masks, and description strings supported currently. <DeviceA> display voice vlan oui Oui Address Mask Description...
Page 165 Figure 3-2 Network diagram for manual voice VLAN assignment mode configuration Configuration procedure # Configure the voice VLAN to operate in security mode. (Optional. A voice VLAN operates in security mode by default.) <DeviceA> system-view [DeviceA] voice vlan security enable # Add a recognizable OUI address 0011-2200-0000.
Page 166 0011-2200-0000 ffff-ff00-0000 test 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 0060-b900-0000 ffff-ff00-0000 Philips/NEC phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3com phone # Display the current voice VLAN state. <DeviceA> display voice vlan state Maximum of Voice VLANs: 16 Current Voice VLANs: 2 Voice VLAN security mode: Security Voice VLAN aging time: 100 minutes Voice VLAN enabled port and its mode:...
Page 167 Table of Contents 1 GVRP Configuration ··································································································································1-1 Introduction to GVRP ······························································································································1-1 GARP···············································································································································1-1 GVRP···············································································································································1-3 Protocols and Standards ·················································································································1-4 GVRP Configuration Task List ················································································································1-4 Configuring GVRP Functions··················································································································1-4 Configuring GARP Timers·······················································································································1-5 Displaying and Maintaining GVRP··········································································································1-6 GVRP Configuration Examples···············································································································1-7 GVRP Configuration Example I·······································································································1-7 GVRP Configuration Example II······································································································1-8 GVRP Configuration Example III·····································································································1-9...
Page 168: Gvrp Configuration
GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...
Page 169 Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...
Page 170: Gvrp
GARP message format Figure 1-1 GARP message format Figure 1-1 illustrates the GARP message format. Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message ––...
Page 171: Protocols And Standards
about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.
Page 172: Configuring Garp Timers
To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface view, interface view or Layer interface interface-type Required Layer 2 2 aggregate interface interface-number aggregate view Perform either of the interface view, commands. or port-group port-group manual Enter port-group view view port-group-name Required...
Page 173: Displaying And Maintaining Gvrp
To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 Perform either of the interface interface-type interface aggregate commands. interface-number view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on a view, or Enter port-group port-group manual...
Page 174: Gvrp Configuration Examples
To do… Use the command… Remarks display gvrp state interface Display the current GVRP state Available in any view interface-type interface-number vlan vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state Available in any view display gvrp status Display the information about...
Page 175: Gvrp Configuration Example Ii
[DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).
Page 176: Gvrp Configuration Example Iii
[DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.
Page 177 [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.
Page 178 Table of Contents 1 QinQ Configuration ···································································································································1-1 Introduction to QinQ ································································································································1-1 Background ·····································································································································1-1 QinQ Mechanism and Benefits········································································································1-1 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modifying the TPID in a VLAN Tag ·································································································1-3 QinQ Configuration Task List··················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring Selective QinQ·····················································································································1-5 Configuring Selective QinQ Based on Ports ···················································································1-6...
Page 179: Qinq Configuration
QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...
Page 180: Qinq Frame Structure
Figure 1-1 Schematic diagram of the QinQ feature Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has...
Page 181: Implementations Of Qinq
Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.
Page 182 Figure 1-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.
Page 183: Qinq Configuration Task List
QinQ Configuration Task List Table 1-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Based on Ports Use either Configuring Selective QinQ Configuring Selective QinQ through QoS approach Policies Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network.
Page 184: Configuring Selective Qinq Based On Ports
Configuring Selective QinQ Based on Ports Switch 4800G switches support the configuration of basic QinQ and selective QinQ at the same time on a port and when the two features are both enabled on the port, frames that meet the selective QinQ condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ.
Page 185: Configuring The Tpid Value In Vlan Tags
To do... Use the command... Remarks Required Create a class and enter By default, the relationship traffic classifier classifier-name class view [ operator { and | or } ] between the match criteria in a class is logical AND. Specify the inner VLAN if-match customer-vlan-id Required ID(s) of matching frames...
Page 186: Qinq Configuration Examples
Follow these steps to configure a TPID value globally: To do... Use the command... Remarks Enter system view — system-view qinq ethernet-type Optional Configure the TPID value in the [ customer-tag | CVLAN tag or the SVLAN tag Both 0x8100 by default service-tag ] hex-value QinQ Configuration Examples Basic QinQ Configuration Example...
Page 187 Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure VLAN 10 as the default VLAN of GigabitEthernet 1/0/1. <ProviderA> system-view [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port access vlan 10 # Enable basic QinQ on GigabitEthernet 1/0/1.
Page 188: Selective Qinq Configuration Example (Port-Based Configuration)
# Configure GigabitEthernet 1/0/2 as a hybrid port and configure VLAN 10 as the default VLAN of the port. [ProviderB] interface gigabitethernet 1/0/2 [ProviderB-GigabitEthernet1/0/2] port link-type hybrid [ProviderB-GigabitEthernet1/0/2] port hybrid pvid vlan 10 [ProviderB-GigabitEthernet1/0/2] port hybrid vlan 10 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderB-GigabitEthernet1/0/2] qinq enable [ProviderB-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3...
Page 189 Figure 1-5 Network diagram for comprehensive selective QinQ configuration Configuration procedure Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 1000 and VLAN 2000 to pass through, and configure GigabitEthernet 1/0/1 to send packets of these VLANs with tags removed.
Page 190 [ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 1000 untagged # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/2] qinq vid 1000 [ProviderA-GigabitEthernet1/0/2-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/2-vid-1000] quit [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through.
Page 191: Selective Qinq Configuration Example (Qos Policy-Based Configuration)
Selective QinQ Configuration Example (QoS Policy-Based Configuration) Network requirements As shown in Figure 1-6, Provider A and Provider B are service provider network access devices. Customer A, Customer B, Customer C, and Customer D are customer network access devices. Provider A and Provider B are interconnected through a trunk port, which permits the frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.
Page 192 Configuration on GigabitEthernet 1/0/1 # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port link-type hybrid [ProviderA-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 3000 untagged # Configure VLAN 3000 as the default VLAN of GigabitEthernet 1/0/1, and enable basic QinQ on GigabitEthernet 1/0/1.
Page 193 # Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configuration on GigabitEthernet 1/0/3. # Configure the port as a trunk port permitting frames of VLAN 1000, VLAN 2000 and VLAN 3000 to pass through.
Page 194 so that their corresponding ports send tagged frames of VLAN 1000, VLAN 2000 and VLAN 3000. The configuration steps are omitted here. 1-16...
Page 195 Table of Contents 1 BPDU Tunneling Configuration················································································································1-1 Introduction to BPDU Tunneling ·············································································································1-1 Configuring BPDU Transparent Transmission························································································1-3 Configuring Destination Multicast MAC Address for BPDU Tunnel Frames ··········································1-3 BPDU Tunneling Configuration Example································································································1-3...
Page 196: Bpdu Tunneling Configuration
BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames BPDU Tunneling Configuration Example Introduction to BPDU Tunneling To avoid loops in your network, you can enable the Spanning Tree Protocol (STP) on your device.
Page 197 Figure 1-1 Network hierarchy of BPDU tunneling At the input side of the service provider network, the edge device changes the destination MAC address of a BPDU from a customer network from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 by default. In the service provider’s network, the modified BPDUs are forwarded as data packets in the user VLAN.
Page 198: Configuring Bpdu Transparent Transmission
Configuring BPDU Transparent Transmission Perform the following tasks to configure BPDU transparent transmission: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet or Required interface interface-type Layer-2 aggregate Use either command. interface-number interface view Settings made in interface view take effect only on the current Enter port.
Page 199 Provider A and Provider B are service provider network edge devices, which are interconnected through configured trunk ports. The configuration is required to satisfy the following requirements: Geographically dispersed customer network access devices Customer A and Customer B can implement consistent spanning tree calculation across the service provider network. destination multicast address...
Page 200 [ProviderB-GigabitEthernet1/0/2] undo stp enable [ProviderB-GigabitEthernet1/0/2] bpdu-tunnel dot1q stp...
Page 201 Table of Contents 1 VLAN Mapping Configuration ··················································································································1-1 VLAN Mapping Overview ························································································································1-1 One-to-One VLAN Mapping and Many-to-One VLAN Mapping······················································1-2 Two-to-Two VLAN Mapping ············································································································1-3 Basic Concepts of VLAN Mapping ··································································································1-3 How VLAN Mapping Is Implemented ······························································································1-4 VLAN Mapping Configuration Task List ··································································································1-5 Configuring One-to-One VLAN Mapping ································································································1-6 Configuring One-to-One VLAN Mapping·························································································1-6 Configuring Many-to-One VLAN Mapping ······························································································1-8...
Page 202: Vlan Mapping Configuration
VLAN Mapping Configuration When configuring VLAN mapping, go to these sections for information you are interested in: VLAN Mapping Overview VLAN Mapping Configuration Task List Configuring One-to-One VLAN Mapping Configuring Many-to-One VLAN Mapping Configuring Two-to-Two VLAN Mapping VLAN Mapping Configuration Examples VLAN Mapping Overview VLAN mapping maps the customer VLANs (CVLANs) to service-provider VLANs (SVLANs).
Page 203: One-To-One Vlan Mapping And Many-To-One Vlan Mapping
One-to-One VLAN Mapping and Many-to-One VLAN Mapping Figure 1-1 Scenario for one-to-one/many-to-one VLAN mapping DHCP client VLAN 1 VLAN 2 Home gateway VLAN 1-> VLAN 101 VLAN 2-> VLAN 201 VLAN 3-> VLAN 301 VoIP VLAN 3 Corridor switch VLAN 1 VLAN 1->...
Page 204: Two-To-Two Vlan Mapping
Two-to-Two VLAN Mapping Figure 1-2 Scenario for two-to-two VLAN mapping SP 1 SP 2 Device A Device D VLAN VLAN VLAN VLAN 10/200 30/200 10/100 10/100 Device B VLAN VLAN Device C 10/100 30/200 VLAN 10 VLAN 30 VPN 1 VPN 1 Two-to-two VLAN mapping are mainly applied in networking environments as shown in Figure...
Page 205: How Vlan Mapping Is Implemented
Uplink policy: A QoS policy containing VLAN mappings for uplink traffic. Downlink policy: A QoS policy containing VLAN mappings for downlink traffic. How VLAN Mapping Is Implemented This section describes how VLAN mapping is implemented on your device. One-to-one VLAN mapping On the downlink port For uplink traffic For downlink traffic...
Page 206: Vlan Mapping Configuration Task List
Two-to-two VLAN mapping In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are called the new SVLAN and CVLAN.
Page 207: Configuring One-To-One Vlan Mapping
For many-to-one VLAN mapping, enable customer-side QinQ on the downlink port and service provider-side QinQ on the uplink port. To save system resources, disable user bindings recording on the DHCP snooping trusted ports that forward DHCP packets. For information about this feature, refer to DHCP Configuration in the IP Services Volume.
Page 208 To do... Use the command... Remarks Set the link type of the uplink port to Required port link-type trunk trunk Required Configure the uplink port to permit the By default, a trunk port port trunk permit vlan specified SVLANs to pass through { vlan-id-list | all } permits only VLAN 1 to pass through.
Page 209: Configuring Many-To-One Vlan Mapping
To do... Use the command... Remarks Map the SVLAN to the CVLAN classifier tcl-name behavior by associating the traffic class Required behavior-name with the traffic behavior Exit to system view — quit Configuring Many-to-One VLAN Mapping Perform many-to-one VLAN mapping on the campus switches shown in Figure 1-1 to carry the same service of different users using the same VLAN on the service provider’s network.
Page 210 To do... Use the command... Remarks Exit to system view — quit Enter the interface view of the uplink interface interface-type — port interface-number Required By default, all ports with Configure the uplink port as a DHCP DHCP snooping dhcp-snooping trust snooping trusted port enabled are DHCP snooping untrusted...
Page 211: Configuring Two-To-Two Vlan Mapping
To do... Use the command... Remarks Create a traffic behavior and traffic behavior Required enter traffic behavior view behavior-name Specify the SVLAN for the remark service-vlan-id Required VLAN mapping vlan-id-value Exit to system view — quit Create a QoS policy and enter Required qos policy policy-name QoS policy view...
Page 212 To do... Use the command... Remarks Required Configure the downlink port to permit By default, a trunk port port trunk permit vlan the packets of the SVLANs to pass permits only the packets { vlan-id-list | all } through of VLAN 1 to pass through.
Page 213 To do... Use the command... Remarks Map the original CVLAN and the new SVLAN classifier tcl-name behavior to the new CVLAN by associating the traffic Required behavior-name class with the traffic behavior Exit to system view — quit Table 1-5 Configure an uplink policy for the downlink port To do...
Page 214: Vlan Mapping Configuration Examples
To do... Use the command... Remarks Specify the original SVLAN used for Required remark service-vlan-id vlan-id-value replacing the new SVLAN Exit to system view — quit Create a QoS policy and enter QoS Required qos policy policy-name policy view Map the new CVLAN and SVLAN to the original CVLAN and SVLAN by classifier tcl-name behavior Required...
Page 215 Figure 1-3 Network diagram for one-to-one/many-to-one VLAN mapping configuration VLAN 1 Home gateway VLAN 2 VLAN 1-> VLAN 101 VLAN 2-> VLAN 201 VLAN 3-> VLAN 301 VoIP VLAN 3 Corridor switch GE1/0/1 GE1/0/3 Switch A GE1/0/2 VLAN 1 VLAN 1-> VLAN 102 VLAN 2->...
Page 216 [SwitchA] traffic behavior b1 [SwitchA-behavior-b1] remark service-vlan-id 101 [SwitchA-behavior-b1] traffic behavior b2 [SwitchA-behavior-b2] remark service-vlan-id 201 [SwitchA-behavior-b2] traffic behavior b3 [SwitchA-behavior-b3] remark service-vlan-id 301 [SwitchA-behavior-b3] traffic behavior b4 [SwitchA-behavior-b4] remark service-vlan-id 102 [SwitchA-behavior-b4] traffic behavior b5 [SwitchA-behavior-b5] remark service-vlan-id 202 [SwitchA-behavior-b5] traffic behavior b6 [SwitchA-behavior-b6] remark service-vlan-id 302 [SwitchA-behavior-b6] quit...
Page 217 [SwitchA-policy-p11] classifier c33 behavior b33 [SwitchA-policy-p11] quit [SwitchA] qos policy p22 [SwitchA-policy-p22] classifier c44 behavior b11 [SwitchA-policy-p22] classifier c55 behavior b22 [SwitchA-policy-p22] classifier c66 behavior b33 [SwitchA-policy-p22] quit # Configure GigabitEthernet 1/0/1 to permit frames of the specified CVLANs and SLVANs to pass through.
Page 218 # Configure uplink policies to map the CVLANs to the SVLANs. [SwitchB] traffic classifier c1 [SwitchB-classifier-c1] if-match customer-vlan-id 1 [SwitchB-classifier-c1] traffic classifier c2 [SwitchB-classifier-c2] if-match customer-vlan-id 2 [SwitchB-classifier-c2] traffic classifier c3 [SwitchB-classifier-c3] if-match customer-vlan-id 3 [SwitchB-classifier-c3] quit [SwitchB] traffic behavior b1 [SwitchB-behavior-b1] remark service-vlan-id 111 [SwitchB-behavior-b1] traffic behavior b2 [SwitchB-behavior-b2] remark service-vlan-id 211...
Page 219 [SwitchB-behavior-b11] traffic behavior b22 [SwitchB-behavior-b22] remark customer-vlan-id 2 [SwitchB-behavior-b22] traffic behavior b33 [SwitchB-behavior-b33] remark customer-vlan-id 3 [SwitchB-behavior-b33] quit [SwitchB] qos policy p11 [SwitchB-policy-p11] classifier c11 behavior b11 [SwitchB-policy-p11] classifier c22 behavior b22 [SwitchB-policy-p11] classifier c33 behavior b33 [SwitchB-policy-p11] quit [SwitchB] qos policy p22 [SwitchB-policy-p22] classifier c44 behavior b11 [SwitchB-policy-p22] classifier c55 behavior b22 [SwitchB-policy-p22] classifier c66 behavior b33...
Page 220: Enable Dhcp Snooping
Configuration on Switch C # Enable DHCP snooping. <SwitchC> system-view [SwitchC] dhcp-snooping # Enable ARP detection on each VLAN involved in VLAN mapping. [SwitchC] vlan 101 [SwitchC-vlan101] arp detection enable [SwitchC-vlan101] vlan 201 [SwitchC-vlan201] arp detection enable [SwitchC-vlan201] vlan 301 [SwitchC-vlan301] arp detection enable [SwitchC-vlan301] vlan 102 [SwitchC-vlan102] arp detection enable...
Page 221 [SwitchC-classifier-c4] traffic classifier c5 [SwitchC-classifier-c5] if-match customer-vlan-id 211 to 310 [SwitchC-classifier-c5] traffic classifier c6 [SwitchC-classifier-c6] if-match customer-vlan-id 311 to 410 [SwitchC-classifier-c6] quit [SwitchC] traffic behavior b1 [SwitchC-behavior-b1] remark service-vlan-id 501 [SwitchC-behavior-b1] traffic behavior b2 [SwitchC-behavior-b2] remark service-vlan-id 502 [SwitchC-behavior-b2] traffic behavior b3 [SwitchC-behavior-b3] remark service-vlan-id 503 [SwitchC-behavior-b3] quit [SwitchC] qos policy p1...
Page 222: Two-To-Two Vlan Mapping Configuration Example
[SwitchC-GigabitEthernet1/0/3] port link-type trunk [SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503 # Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted port. [SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust # Configure GigabitEthernet 1/0/3 as an ARP trusted port. [SwitchC-GigabitEthernet1/0/3] arp detection trust # Enable SP-side QinQ on GigabitEthernet 1/0/3. [SwitchC-GigabitEthernet1/0/3] qinq enable uplink Configuration on Switch D # Enable DHCP snooping.
Page 223 Configuration procedure Configuration on Device A # Configure QinQ function on GigabitEthernet 1/0/1 to add outer VLAN tag 100 to the traffic tagged with VLAN 10. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 100 [DeviceA-GigabitEthernet1/0/1] qinq enable [DeviceA-GigabitEthernet1/0/1] quit # Configure the uplink port GigabitEthernet 1/0/2 to permit frames of VLAN 100 to pass through.
Page 224 [DeviceC] traffic classifier downlink_out [DeviceC-classifier-downlink_out] if-match customer-vlan-id 30 [DeviceC-classifier-downlink_out] if-match service-vlan-id 200 [DeviceC-classifier-downlink_out] quit # Specify the original CVLAN and SVLAN for outgoing VPN 1 traffic on GigabitEthernet 1/0/1. [DeviceC] traffic behavior downlink_out [DeviceC-behavior-downlink_out] remark customer-vlan-id 10 [DeviceC-behavior-downlink_out] remark service-vlan-id 100 [DeviceC-behavior-downlink_out] quit # Configure a downlink policy to map the new CVLAN and SVLAN to the original CVLAN and SVLAN for the outgoing VPN 1 traffic on GigabitEthernet 1/0/1.
Page 225 <DeviceD> system-view [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port access vlan 200 [DeviceD-GigabitEthernet1/0/2] qinq enable # Configure GigabitEthernet 1/0/1 to permit frames of VLAN 200 to pass through. [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] port link-type trunk [DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 200 1-24...
Page 226 Table of Contents 1 Port Mirroring Configuration ····················································································································1-1 Introduction to Port Mirroring ··················································································································1-1 Classification of Port Mirroring ········································································································1-1 Implementing Port Mirroring ············································································································1-1 Configuring Local Port Mirroring ·············································································································1-3 Configuring Remote Port Mirroring ·········································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-4 Configuring a Remote Destination Mirroring Group (on the Destination Device) ···························1-6 Displaying and Maintaining Port Mirroring ······························································································1-7 Port Mirroring Configuration Examples ···································································································1-7...
Page 227: Port Mirroring Configuration
Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.
Page 228 Figure 1-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device Remote port mirroring Remote port mirroring can mirror all packets but protocol packets. Remote port mirroring is implemented through the cooperation of a remote source mirroring group and a remote destination mirroring group as shown Figure 1-2.
Page 229: Configuring Local Port Mirroring
Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group. When receiving a packet, the destination device compares the VLAN ID carried in the packet with the ID of the probe VLAN configured in the remote destination mirroring group.
Page 230: Configuring Remote Port Mirroring
A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port. A mirroring or monitor port to be configured cannot belong to an existing port mirroring group.
Page 231 To do… Use the command… Remarks Required mirroring-group groupid In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group. interface interface-type In system view, you can interface-number Configure assign a list of mirroring mirroring [ mirroring-group groupid ] ports to the mirroring...
Page 232: Configuring A Remote Destination Mirroring Group (On The Destination Device)
To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. Configuring a Remote Destination Mirroring Group (on the Destination Device) A remote destination mirroring group comprises a remote probe VLAN and a monitor port.
Page 233: Displaying And Maintaining Port Mirroring
When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. To ensure operation of your device, do not assign the monitor port to a mirroring VLAN. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring.
Page 234: Remote Port Mirroring Configuration Example
Figure 1-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.
Page 235 As shown in Figure 1-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.
Page 236 [SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-type trunk [SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet1/0/1] quit...
Page 237 IP Services Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration...
Page 238 Features Description UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified server. This document describes: UDP Helper UDP Helper overview UDP Helper configuration Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4).
Page 239 Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...
Page 240: Ip Addressing Configuration
IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes...
Page 241: Special Ip Addresses
Table 1-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link.
Page 242: Configuring Ip Addresses
In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.
Page 243: Ip Addressing Configuration Example
The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has BOOTP or DHCP configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.
Page 244: Displaying And Maintaining Ip Addressing
<Switch> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted...
Page 245 Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-1 ARP Address Resolution Process···································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-4 Configuring a Static ARP Entry ·······································································································1-4 Configuring the Maximum Number of ARP Entries for an Interface ···············································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-4 Enabling the ARP Entry Check ·······································································································1-5 ARP Configuration Example············································································································1-5...
Page 246: Arp Configuration
This document is organized as follows: ARP Configuration Proxy ARP Configuration ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP ARP Overview ARP Function The Address Resolution Protocol (ARP) is used to resolve an IP address into an Ethernet MAC address (or physical address).
Page 247: Arp Address Resolution Process
hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length field is “4”. OP: Operation code. This field specifies the type of ARP message. The value “1” represents an ARP request and “2” represents an ARP reply. Sender hardware address: This field specifies the hardware address of the device sending the message.
Page 248: Arp Table
which the target IP address is the IP address of Host B. After obtaining the MAC address of Host B, the gateway sends the packet to Host B. ARP Table After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its own ARP table.
Page 249: Configuring Arp
Configuring ARP Configuring a Static ARP Entry A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-permanent and resolved, will become unresolved.
Page 250: Enabling The Arp Entry Check
To do… Use the command… Remarks Enter system view — system-view Optional Set the aging time for dynamic arp timer aging aging-time ARP entries 20 minutes by default. Enabling the ARP Entry Check The ARP entry check function disables the device from learning multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address, and configuring such a static ARP entry is not allowed;...
Page 251: Configuring Gratuitous Arp
Configuring Gratuitous ARP Introduction to Gratuitous ARP A gratuitous ARP packet is a special ARP packet, in which the sender IP address and the target IP address are both the IP address of the sender, the sender MAC address is the MAC address of the sender, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.
Page 252 Clearing ARP entries from the ARP table may cause communication failures.
Page 253: Proxy Arp Configuration
Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview If a host sends an ARP request for the MAC address of another host that actually resides on another network (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts.
Page 254: Local Proxy Arp
You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, Switch seems to be a proxy of Host B. A main advantage of proxy ARP is that it is added on a single router without disturbing routing tables of other routers in the network.
Page 255: Displaying And Maintaining Proxy Arp
To do… Use the command… Remarks Required Enable local proxy ARP local-proxy-arp enable Disabled by default. Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is display proxy-arp [ interface Available in any view enabled vlan-interface vlan-id ] Display whether local proxy...
Page 256: Local Proxy Arp Configuration Example In Case Of Port Isolation
[Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3, respectively.
Page 257: Local Proxy Arp Configuration Example In Isolate-User-Vlan
# Configure an IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3.
Page 258 [SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/3 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port gigabitethernet 1/0/1 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A # Create VLAN 5 and add GigabitEthernet 1/0/1 to it. <SwitchA>...
Page 259 Table of Contents 1 DHCP Overview··········································································································································1-1 Introduction to DHCP ······························································································································1-1 DHCP Address Allocation ·······················································································································1-2 Allocation Mechanisms····················································································································1-2 Dynamic IP Address Allocation Process ·························································································1-2 IP Address Lease Extension ···········································································································1-3 DHCP Message Format ··························································································································1-3 DHCP Options·········································································································································1-4 DHCP Options Overview ·················································································································1-4 Introduction to DHCP Options ·········································································································1-4 Self-Defined Options ·······················································································································1-5 Protocols and Standards·························································································································1-8 2 DHCP Server Configuration······················································································································2-1...
Page 260 Self-Defined Option Configuration Example··················································································2-19 Troubleshooting DHCP Server Configuration ·······················································································2-20 3 DHCP Relay Agent Configuration ············································································································3-1 Introduction to DHCP Relay Agent ·········································································································3-1 Application Environment··················································································································3-1 Fundamentals··································································································································3-1 DHCP Relay Agent Support for Option 82 ······················································································3-2 DHCP Relay Agent Configuration Task List ···························································································3-3 Configuring the DHCP Relay Agent········································································································3-3 Enabling DHCP ·······························································································································3-3 Enabling the DHCP Relay Agent on an Interface ···········································································3-4 Correlating a DHCP Server Group with a Relay Agent Interface····················································3-4...
Page 261: Dhcp Overview
This document is organized as follows: DHCP Overview DHCP Server Configuration DHCP Relay Agent Configuration DHCP Client Configuration DHCP Snooping Configuration BOOTP Client Configuration DHCP Overview Introduction to DHCP The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts.
Page 262: Dhcp Address Allocation
DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client. Automatic allocation: DHCP assigns a permanent IP address to a client. Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease.
Page 263: Dhcp Message Format
After receiving the DHCP-ACK message, the client probes whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within a specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server and requests an IP address again.
Page 264: Dhcp Options
secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0. flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast;...
Page 265: Self-Defined Options
Option 121: Classless route option. It specifies a list of classless static routes (the destination addresses in these static routes are classless) that the requesting client should add to its routing table. Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table.
Page 266 Figure 1-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 1-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.
Page 267 Figure 1-8 Sub-option 1 in normal padding format Sub-option type (0x01) Length (0x06) Circuit ID type (0x00) Length (0x04) VLAN ID Interface number Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format.
Page 268: Protocols And Standards
Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.
Page 269: Dhcp Server Configuration
DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List Configuring an Address Pool for the DHCP Server Enabling DHCP Enabling the DHCP Server on an Interface Applying an Extended Address Pool on an Interface Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82...
Page 270 Common address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client. The common address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients.
Page 271: Ip Address Allocation Sequence
DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool. Keep the IP addresses for dynamic allocation within the subnet where the interface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation. IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following sequence: The first assignable IP address found in the extended address pool referenced on the receiving...
Page 272: Configuring An Address Pool For The Dhcp Server
Configuring an Address Pool for the DHCP Server Configuration Task List Complete the following tasks to configure an address pool: Task Remarks Creating a DHCP Address Pool Required Configuring manual address allocation Required to configure Configuring an Address either of the two for the Allocation Mode for a common address pool Configuring dynamic address allocation...
Page 273: Configuring An Address Allocation Mode For A Common Address Pool
Configuring an Address Allocation Mode for a Common Address Pool You can configure either the static binding or dynamic address allocation for a common address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
Page 274 Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier to accomplish a static binding configuration. In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa. If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.
Page 275: Configuring Dynamic Address Allocation For An Extended Address Pool
In common address pool view, using the network command repeatedly overwrites the previous configuration. After you exclude IP addresses from automatic allocation using the dhcp server forbidden-ip command, neither a common address pool nor an extended address pool can assign these IP addresses through dynamic address allocation.
Page 276: Configuring A Domain Name Suffix For The Client
Configuring a Domain Name Suffix for the Client You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client only needs to input part of a domain name, and the system will add the domain name suffix for name resolution.
Page 277: Configuring The Bims Server Information For The Client
h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response is received, then broadcasts it to get the destination IP address. Follow these steps to configure WINS servers and NetBIOS node type in the DHCP address pool: To do…...
Page 278: Configuring Option 184 Parameters For The Client With Voice Service
Follow these steps to configure the gateways in the DHCP address pool: To do… Use the command… Remarks Enter system view — system-view Enter DHCP address dhcp server ip-pool pool-name — pool view [ extended ] Required Specify gateways gateway-list ip-address&<1-8> No gateway is specified by default.
Page 279: Configuring Self-Defined Dhcp Options
When a router starts up without loading any configuration file, the system sets an active interface (such as the interface of the default VLAN) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name. After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.
Page 280: Enabling Dhcp
To do… Use the command… Remarks Required option code { ascii ascii-string Configure a self-defined DHCP | hex hex-string&<1-16> | No DHCP option is configured option ip-address ip-address&<1-8> } by default. Table 2-1 Description of common options Option Option name Corresponding command Command parameter Router Option...
Page 281: Applying An Extended Address Pool On An Interface
To do… Use the command… Remarks Enter system view — system-view Enter interface view — interface interface-type interface-number Optional Enable the DHCP server on an dhcp select server global-pool interface [ subaddress ] Enabled by default. If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of whether the subaddress keyword is used, will select an IP address from the address pool containing the primary IP address of the DHCP relay agent’s interface (connected to the client) for a requesting client.
Page 282: Configuring The Dhcp Server Security Functions
Only an extended address pool can be applied on the interface. The address pool to be referenced must already exist. Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server. Configuration Prerequisites Before performing this configuration, complete the following configurations on the DHCP server: Enable DHCP Configure the DHCP address pool...
Page 283: Configuring The Handling Mode For Option 82
Follow these steps to configure IP address conflict detection: To do… Use the command… Remarks Enter system view — system-view Optional Specify the number of ping One ping packet by default. dhcp server ping packets packets number The value 0 indicates that no ping operation is performed.
Page 284: Displaying And Maintaining The Dhcp Server
Displaying and Maintaining the DHCP Server To do… Use the command… Remarks Display information about IP address display dhcp server conflict { all | ip conflicts ip-address } Display information about lease display dhcp server expired { all | ip expiration ip-address | pool [ pool-name ] } Display information about assignable...
Page 285: Static Ip Address Assignment Configuration Example
Static IP Address Assignment Configuration Example Network requirements As shown in Figure 2-1, Switch B (DHCP client) obtains a static IP address, DNS server address, and gateway address from Switch A (DHCP server). Figure 2-1 Network diagram for static IP address assignment Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A.
Page 286 The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for subnet 10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 less than 124.
Page 287: Self-Defined Option Configuration Example
[SwitchA-dhcp-pool-1] network 10.1.1.0 mask 255.255.255.128 [SwitchA-dhcp-pool-1] gateway-list 10.1.1.126 [SwitchA-dhcp-pool-1] expired day 10 hour 12 [SwitchA-dhcp-pool-1] nbns-list 10.1.1.4 [SwitchA-dhcp-pool-1] quit # Configure DHCP address pool 2 (address range, gateway, and lease duration). [SwitchA] dhcp server ip-pool 2 [SwitchA-dhcp-pool-2] network 10.1.1.128 mask 255.255.255.128 [SwitchA-dhcp-pool-2] expired day 5 [SwitchA-dhcp-pool-2] gateway-list 10.1.1.254 Self-Defined Option Configuration Example...
Page 288: Troubleshooting Dhcp Server Configuration
Troubleshooting DHCP Server Configuration Symptom A client’s IP address obtained from the DHCP server conflicts with another IP address. Analysis A host on the subnet may have the same IP address. Solution Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
Page 289: Dhcp Relay Agent Configuration
DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration The DHCP relay agent configuration is supported only on VLAN interfaces.
Page 290: Dhcp Relay Agent Support For Option 82
Figure 3-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process).
Page 291: Dhcp Relay Agent Configuration Task List
If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing normal the original Option 82 with the Option 82 padded in normal format.
Page 292: Enabling The Dhcp Relay Agent On An Interface
Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view — system-view Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.
Page 293: Configuring The Dhcp Relay Agent Security Functions
To do… Use the command… Remarks Required Correlate the DHCP server By default, no interface is dhcp relay server-select group with the current interface correlated with any DHCP group-id server group. You can specify up to twenty DHCP server groups on the relay agent and eight DHCP server addresses for each DHCP server group.
Page 294 The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. You are recommended to configure IP address check on the interface enabled with the DHCP relay agent;...
Page 295: Configuring The Dhcp Relay Agent To Send A Dhcp-Release Request
Follow these steps to enable unauthorized DHCP server detection: To do… Use the command… Remarks Enter system view — system-view Required Enable unauthorized DHCP dhcp relay server-detect server detection Disabled by default. With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.
Page 296 Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the relay agent to support Option dhcp relay information...
Page 297: Displaying And Maintaining Dhcp Relay Agent Configuration
To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82.
Page 298: Dhcp Relay Agent Option 82 Support Configuration Example
Figure 3-3 Network diagram for DHCP relay agent DHCP client DHCP client Vlan-int1 Vlan-int2 10.10.1.1/24 10.1.1.2/24 Vlan-int2 10.1.1.1/24 Switch A Switch B DHCP relay agent DHCP server DHCP client DHCP client Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP.
Page 299: Troubleshooting Dhcp Relay Agent Configuration
Switch A forwards DHCP requests to the DHCP server (Switch B) after replacing Option 82 in the requests, so that the DHCP clients can obtain IP addresses. Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP. <SwitchA>...
Page 300 The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct. 3-12...
Page 301: Dhcp Client Configuration
DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.
Page 302: Displaying And Maintaining The Dhcp Client
An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
Page 303: Dhcp Snooping Configuration
DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Page 304: Application Environment Of Trusted Ports
Recording IP-to-MAC mappings of DHCP clients DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries.
Page 305: Dhcp Snooping Support For Option 82
Figure 5-2 Configure trusted ports in a cascaded network DHCP client Host A DHCP snooping DHCP server Switch A GE1/0/1 GE1/0/2 Eth1/1 GE1/0/1 GE1/0/2 GE1/0/4 DHCP snooping GE1/0/3 GE1/0/3 DHCP client Switch C Host B GE1/0/1 GE1/0/4 GE1/0/2 DHCP snooping DHCP client GE1/0/3 Switch B...
Page 306: Configuring Dhcp Snooping Basic Functions
If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.
Page 307: Configuring Dhcp Snooping To Support Option 82
You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports.
Page 308 To do… Use the command… Remarks dhcp-snooping information format Configure the Optional { normal | verbose padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format of Option 82.
Page 309: Displaying And Maintaining Dhcp Snooping
Displaying and Maintaining DHCP Snooping To do… Use the command… Remarks display dhcp-snooping [ ip Display DHCP snooping entries ip-address ] display dhcp-snooping Display Option 82 configuration information information { all | interface Available in any on the DHCP snooping device interface-type interface-number } view Display DHCP packet statistics on the...
Page 310: Dhcp Snooping Option 82 Support Configuration Example
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP Snooping Option 82 Support Configuration Example Network requirements As shown in Figure 5-3, enable DHCP snooping and Option 82 support on Switch B. Configure the handling strategy for DHCP requests containing Option 82 as replace. On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as company001 and for the remote ID sub-option as device001.
Page 311: Bootp Client Configuration
BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.
Page 312: Obtaining An Ip Address Dynamically
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server. Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.
Page 313: Displaying And Maintaining Bootp Client Configuration
Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks Display related information on a display bootp client [ interface Available in any BOOTP client interface-type interface-number ] view BOOTP Client Configuration Example Network requirement As shown in Figure 2-2, Switch B’s port belonging to VLAN 1 is connected to the LAN.
Page 314 Table of Contents 1 DNS Configuration·····································································································································1-1 DNS Overview·········································································································································1-1 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the DNS Client·····················································································································1-4 Configuring Static Domain Name Resolution ··················································································1-4 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-5 Displaying and Maintaining DNS ············································································································1-5 DNS Configuration Examples ·················································································································1-5 Static Domain Name Resolution Configuration Example································································1-5 Dynamic Domain Name Resolution Configuration Example···························································1-6...
Page 315: Dns Configuration
DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the DNS Client Configuring the DNS Proxy Displaying and Maintaining DNS DNS Configuration Examples Troubleshooting DNS Configuration This document only covers IPv4 DNS configuration. For information about IPv6 DNS configuration, refer to IPv6 Basics Configuration in the IP Services Volume.
Page 316 The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned. The DNS client returns the resolution result to the application after receiving a response from the DNS server.
Page 317: Dns Proxy
If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 1-2, a DNS client sends a DNS request to the DNS proxy, which forwards the...
Page 318: Configuring The Dns Client
Configuring the DNS Client Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do… Use the command… Remarks Enter system view –– system-view Configure a mapping between a host Required name and IP address in the static ip host hostname ip-address Not configured by default.
Page 319: Configuring The Dns Proxy
Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view — system-view Required Enable DNS proxy dns proxy enable Disabled by default. Displaying and Maintaining DNS To do… Use the command… Remarks Display the static domain name display ip host...
Page 320: Dynamic Domain Name Resolution Configuration Example
data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
Page 321 Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 1-5 Create a zone # Create a mapping between the host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure...
Page 322 Figure 1-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Execute the ping host command on the Switch to verify that the communication between the Switch...
Page 323: Dns Proxy Configuration Example
DNS Proxy Configuration Example Network requirements Specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A. Figure 1-8 Network diagram for DNS proxy Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are...
Page 324: Troubleshooting Dns Configuration
# Specify the DNS server 2.1.1.2. [SwitchB] dns server 2.1.1.2 Configuration verification # Execute the ping host.com command on Switch B to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)
Page 325 Table of Contents 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Overview ·······················································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2 Configuring TCP Optional Parameters ···································································································1-3 Configuring ICMP to Send Error Packets ·······························································································1-4...
Page 326: Ip Performance Optimization Configuration
IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Optional Parameters Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization IP Performance Overview In some network environments, you can adjust the IP parameters to achieve best network performance.
Page 327: Enabling Forwarding Of Directed Broadcasts To A Directly Connected Network
Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the interface to forward ip forward-broadcast [ acl By default, the device is...
Page 328: Configuring Tcp Optional Parameters
[SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B # Enable Switch B to receive directed broadcasts. <SwitchB> system-view [SwitchB] ip forward-broadcast # Configure a static route to the host. [SwitchB] ip route-static 1.1.1.1 24 2.2.2.2 # Configure an IP address for VLAN-interface 2.
Page 329: Configuring Icmp To Send Error Packets
The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer Configuring ICMP to Send Error Packets Sending error packets is a major function of ICMP.
Page 330 When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet’s port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet. If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure”...
Page 331: Displaying And Maintaining Ip Performance Optimization
Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Display TCP connection statistics display tcp statistics Display UDP statistics display udp statistics display ip statistics [ slot Display statistics of IP packets slot-number ] display icmp statistics [ slot Display statistics of ICMP flows...
Page 332 Table of Contents 1 UDP Helper Configuration ························································································································1-1 Introduction to UDP Helper ·····················································································································1-1 Configuring UDP Helper ·························································································································1-1 Displaying and Maintaining UDP Helper·································································································1-2 UDP Helper Configuration Examples······································································································1-2 UDP Helper Configuration Example································································································1-2...
Page 333: Udp Helper Configuration
UDP Helper Configuration When configuring UDP Helper, go to these sections for information you are interested in: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples UDP Helper can be currently configured on VLAN interfaces only. Introduction to UDP Helper Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network.
Page 334: Displaying And Maintaining Udp Helper
To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Specify the destination server to which UDP packets No destination server is specified udp-helper server ip-address are to be forwarded by default. The UDP Helper enabled device cannot forward DHCP broadcast packets. That is to say, the UDP port number cannot be set to 67 or 68.
Page 335 Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1.
Page 336 Table of Contents 1 IPv6 Basics Configuration ························································································································1-1 IPv6 Overview ·········································································································································1-1 IPv6 Features ··································································································································1-1 Introduction to IPv6 Address ···········································································································1-3 Introduction to IPv6 Neighbor Discovery Protocol···········································································1-5 IPv6 PMTU Discovery ·····················································································································1-8 Introduction to IPv6 DNS ·················································································································1-9 Protocols and Standards ·················································································································1-9 IPv6 Basics Configuration Task List ·······································································································1-9 Configuring Basic IPv6 Functions ·········································································································1-10 Enabling IPv6 ································································································································1-10 Configuring an IPv6 Unicast Address····························································································1-10...
Page 337: Ipv6 Basics Configuration
IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Configuring IPv6 DNS Client Displaying and Maintaining IPv6 Basics Configuration IPv6 Configuration Example...
Page 338 the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field). Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format Adequate address space The source and destination IPv6 addresses are both 128 bits (16 bytes) long.
Page 339: Introduction To Ipv6 Address
Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.
Page 340 Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).
Page 341: Introduction To Ipv6 Neighbor Discovery Protocol
Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all nodes multicast address FF02::1 Link-local scope all nodes multicast address FF01::2 Node-local scope all routers multicast address FF02::2 Link-local scope all routers multicast address FF05::2...
Page 342 Duplicate address detection Router/prefix discovery and address autoconfiguration Redirection Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP. Table 1-3 Types and functions of ICMPv6 messages ICMPv6 message Number Function Used to acquire the link-layer address of a neighbor Neighbor solicitation (NS) Used to verify whether the neighbor is reachable message...
Page 343 After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address. Node A acquires the link-layer address of node B from the NA message.
Page 344: Ipv6 Pmtu Discovery
The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically generates an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message. In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix.
Page 345: Introduction To Ipv6 Dns
The source host uses its MTU to send packets to the destination host. If the MTU supported by a forwarding interface is smaller than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.
Page 346: Configuring Basic Ipv6 Functions
Task Remarks Configuring ICMPv6 Packet Sending Optional Configuring IPv6 DNS Client Optional Configuring Basic IPv6 Functions Enabling IPv6 Before performing IPv6-related configurations, you need to Enable IPv6. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. Follow these steps to Enable IPv6: To do...
Page 347: Configuring Ipv6 Ndp
To do... Use the command... Remarks Automatically Optional generate a link-local ipv6 address auto By default, after an IPv6 address for the Configure link-local site-local address or interface an IPv6 aggregatable global unicast link-local address is configured for an Manually assign a address interface, a link-local address ipv6 address...
Page 348: Configuring The Maximum Number Of Neighbors Dynamically Learned
Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view — system-view ipv6 neighbor ipv6-address mac-address { vlan-id Configure a static port-type port-number | interface interface-type Required neighbor entry interface-number } You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.
Page 349 Table 1-4 Parameters in an RA message and their descriptions Parameters Description When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit Cur hop limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device.
Page 350 To do… Use the command… Remarks Required Disable the RA message By default, RA messages are undo ipv6 nd ra halt suppression suppressed. Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. Configure the maximum and ipv6 nd ra interval The device sends RA messages...
Page 351: Configuring The Maximum Number Of Attempts To Send An Ns Message For Dad
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages. Configuring the Maximum Number of Attempts to Send an NS Message for DAD An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address.
Page 352: Configuring Ipv6 Tcp Properties
MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism. The aging time is invalid for a static PMTU. Follow these steps to configure the aging time for dynamic PMTUs: To do…...
Page 353: Enable Sending Of Multicast Echo Replies
successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until the capacity of the token bucket is restored. Follow these steps to configure the capacity and update interval of the token bucket: To do…...
Page 354: Configuring Ipv6 Dns Client
Configuring IPv6 DNS Client Configuring Static IPv6 Domain Name Resolution Configuring static IPv6 domain name resolution is to establish the mapping between a host name and an IPv6 address. When using such applications as Telnet, you can directly input a host name and the system will resolve the host name into an IPv6 address.
Page 355: Displaying And Maintaining Ipv6 Basics Configuration
Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name display dns ipv6 dynamic-host cache information Display IPv6 DNS server information display dns ipv6 server [ dynamic ] display ipv6 fib [ slot-number ] Display the IPv6 FIB entries [ ipv6-address ]...
Page 356: Ipv6 Configuration Example
The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to DNS Commands in the IP Services Volume. IPv6 Configuration Example Network requirements Host, Switch A and Switch B are directly connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them.
Page 357 Configure Switch B # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure an aggregatable global unicast address for VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 # Configure an IPv6 static route with destination IP address 2001::/64 and next hop address 3001::1. [SwitchB-Vlan-interface2] ipv6 route-static 2001:: 64 3001::1 Configure Host Enable IPv6 for Host to automatically get an IPv6 address through IPv6 NDP.
Page 358 ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA-Vlan-interface1] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...
Page 359 ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...
Page 360 OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.
Page 361: Troubleshooting Ipv6 Basics Configuration
Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.
Page 362 Table of Contents 1 Dual Stack Configuration··························································································································1-1 Dual Stack Overview·······························································································································1-1 Configuring Dual Stack ···························································································································1-1...
Page 363: Dual Stack Overview
Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.
Page 364 To do… Use the command… Remarks Required ip address ip-address By default, no IP Configure an IPv4 address for the interface { mask | mask-length } address is [ sub ] configured. Use either ipv6 address Manually specify { ipv6-address prefix-length command.
Page 365 Table of Contents 1 Tunneling Configuration···························································································································1-1 Introduction to Tunneling ························································································································1-1 IPv6 over IPv4 Tunnel ·····················································································································1-2 Protocols and Standards ·················································································································1-4 Tunneling Configuration Task List ··········································································································1-5 Configuring IPv6 Manual Tunnel·············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuration Example ····················································································································1-6 Configuring 6to4 Tunnel························································································································1-10 Configuration Prerequisites ···········································································································1-10 Configuration Procedure················································································································1-10 6to4 Tunnel Configuration Example ······························································································1-11 Configuring ISATAP Tunnel··················································································································1-14...
Page 366: Tunneling Configuration
Tunneling Configuration When configuring tunneling, go to these sections for information you are interested in: Introduction to Tunneling Tunneling Configuration Task List Configuring IPv6 Manual Tunnel Configuring 6to4 Tunnel Configuring ISATAP Tunnel Displaying and Maintaining Tunneling Configuration Troubleshooting Tunneling Configuration The tunnel interface number is in the A/B/C format, where A, B, and C represent the IRF member device ID, the sub-slot number, and the tunnel interface number respectively.
Page 367: Ipv6 Over Ipv4 Tunnel
For related configuration about the dual protocol stack, refer to Dual Stack Configuration in the IP Services Volume. The 3Com Switches 4800G do not support NAT-PT. IPv6 over IPv4 Tunnel Implementation The IPv6 over IPv4 tunneling mechanism encapsulates an IPv4 header in IPv6 data packets so that...
Page 368 The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself. The destination device forwards the packet according to the destination address in the decapsulated IPv6 packet.
Page 369: Protocols And Standards
A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manually configured tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks. 6to4 tunnel An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks.
Page 370: Tunneling Configuration Task List
Tunneling Configuration Task List Complete the following tasks to configure the tunneling feature: Task Remarks Configuring IPv6 Manual Tunnel Optional Configuring IPv6 Configuring 6to4 Tunnel Optional over IPv4 tunnel Configuring ISATAP Tunnel Optional Configuring IPv6 Manual Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
Page 371: Configuration Example
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for the interface-number } tunnel. Required Configure a destination By default, no destination destination ip-address address for the tunnel address is configured for the...
Page 372 Figure 1-3 Network diagram for an IPv6 manual tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 373 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route to IPv6 Group 2 through tunnel 1/0/0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
Page 374 Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:6401 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: [SwitchB] display ipv6 interface tunnel 1/0/0 verbose Tunnel1/0/0 current state :UP...
Page 375: Configuring 6To4 Tunnel
bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 3003::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring 6to4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
Page 376: 6To4 Tunnel Configuration Example
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for interface-number } the tunnel. Required Reference a service loopback service-loopback-group By default, no service loopback group...
Page 377 Figure 1-4 Network diagram for a 6to4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 378 [SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
Page 379: Configuring Isatap Tunnel
from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring ISATAP Tunnel...
Page 380: Configuration Example
To do… Use the command… Remarks Required By default, the tunnel is an IPv6 manual tunnel. The tunnel-protocol ipv6-ipv4 Set an ISATAP tunnel same tunnel mode should isatap be configured at both ends of the tunnel. Otherwise, packet delivery will fail. Required source { ip-address | Configure a source address or...
Page 381 Figure 1-5 Network diagram for an ISATAP tunnel Configuration procedure Make sure that the corresponding VLAN interfaces have been created on the switch. Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other. Configuration on the switch # Enable IPv6.
Page 382 # Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel1/0/0] undo ipv6 nd ra halt [Switch-Tunnel1/0/0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 1/0/0 Configuration on the ISATAP host The specific configuration on the ISATAP host is related to its operating system.
Page 383: Displaying And Maintaining Tunneling Configuration
DAD transmits 0 default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.
Page 384 Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-1 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-2 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...
Page 385: Sflow Configuration
sFlow Configuration When configuring sFlow, go to these sections for information you are interested in: sFlow Overview Configuring sFlow Displaying and Maintaining sFlow sFlow Configuration Example Troubleshooting sFlow Configuration sFlow Overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics.
Page 386: Configuring Sflow
Specify the sFlow sampling sflow sampling-mode Currently, the determine mode mode { determine | random } is not supported on 3Com Switch 4800G. Specify the number of packets Optional out of which the interface will sflow sampling-rate rate 200000 by default.
Page 387: Sflow Configuration Example
sFlow Configuration Example Network requirements Host A and Server are connected to Switch through GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 1/0/3. GigabitEthernet 1/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.
Page 388: Troubleshooting Sflow Configuration
Collector IP:3.3.3.2 Port:6343 Interval(s): 30 sFlow Port Information: Interface Direction Rate Mode Status Eth1/1 In/Out 100000 Random Active Troubleshooting sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis sFlow is not enabled globally because the sFlow agent or/and the sFlow collector is/are not specified.
Page 389 IP Routing Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Routing Volume is organized as follows: Features Description This document describes: IP Routing Overview Introduction to IP routing and routing table Routing protocol overview A static route is manually configured by the administrator. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications.
Page 390 Features Description Intermediate System-to-Intermediate System (IS-IS) is a link state protocol, which uses the shortest path first (SPF) algorithm. This document describes: Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks IS-IS Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes...
Page 391 IP address. Policy Routing The Switch 4800G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.
Page 392 Table of Contents 1 IP Routing Overview··································································································································1-1 IP Routing and Routing Table·················································································································1-1 Routing ············································································································································1-1 Routing Table ··································································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Classification of Dynamic Routing Protocols···················································································1-3 Routing Protocols and Routing Priority ···························································································1-4 Load Balancing and Route Backup ·································································································1-4 Route Recursion······························································································································1-5 Sharing of Routing Information········································································································1-5 Configuring a Router ID ··························································································································1-5...
Page 393: Ip Routing Overview
IP Routing Overview Go to these sections for information you are interested in: IP Routing and Routing Table Routing Protocol Overview Configuring a Router ID Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing and Routing Table Routing Routing in the Internet is achieved through routers.
Page 394 Outbound interface: Specifies the interface through which the IP packets are to be forwarded. IP address of the next hop: Specifies the address of the next router on the path. If only the outbound interface is configured, its address will be the IP address of the next hop. Priority for the route.
Page 395: Routing Protocol Overview
Routing Protocol Overview Static Routing and Dynamic Routing Static routing is easy to configure and requires less system resources. It works well in small, stable networks with simple topologies. Its major drawback is that you must perform routing configuration again whenever the network topology changes; it cannot adjust to network changes by itself. Dynamic routing is based on dynamic routing protocols, which can detect network topology changes and recalculate the routes accordingly.
Page 396: Routing Protocols And Routing Priority
Routing Protocols and Routing Priority Different routing protocols may find different routes to the same destination. However, not all of those routes are optimal. In fact, at a particular moment, only one protocol can uniquely determine the current optimal route to the destination. For the purpose of route selection, each routing protocol (including static routes) is assigned a priority.
Page 397: Route Recursion
The number of routes for load balancing varies by device. In current implementations, routing protocols supporting load balancing are static routing, RIP, OSPF, BGP, and IS-IS. Route backup Route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority to be the main route and all the rest backup routes.
Page 398: Displaying And Maintaining A Routing Table
Displaying and Maintaining a Routing Table To do… Use the command… Remarks Display brief information about display ip routing-table [ vpn-instance Available in any the active routes in the routing vpn-instance-name ] [ verbose | | { begin | view table exclude | include } regular-expression ] Display information about...
Page 399 Table of Contents 1 Static Routing Configuration····················································································································1-1 Introduction ·············································································································································1-1 Static Route ·····································································································································1-1 Default Route···································································································································1-1 Application Environment of Static Routing ······················································································1-2 Configuring a Static Route ······················································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Detecting Reachability of the Static Route’s Nexthop ············································································1-3 Detecting Nexthop Reachability Through BFD ···············································································1-3 Detecting Nexthop Reachability Through Track··············································································1-4 Displaying and Maintaining Static Routes·······························································································1-5 Static Route Configuration Example ·······································································································1-6...
Page 400: Static Routing Configuration
Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Static Route Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction Static Route A static route is a manually configured.
Page 401: Application Environment Of Static Routing
The network administrator can configure a default route with both destination and mask being 0.0.0.0. The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route. Some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate a default route.
Page 402: Configuration Procedure
Configuration Procedure Follow these steps to configure a static route: To do… Use the command… Remarks Enter system view — system-view ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number next-hop-address | vpn-instance Required d-vpn-instance-name next-hop-address } [ preference preference-value ] [ tag tag-value ] By default, [ description description-text ]...
Page 403: Detecting Nexthop Reachability Through Track
protocols and Multiprotocol Label Switching (MPLS). For details about BFD, refer to BFD Configuration in the High Availability Volume. After a static route is configured, you can enable BFD to detect the reachability of the static route's nexthop. Network requirements To detect the reachability of the static route's nexthop through BFD, you need to enable BFD first.
Page 404: Displaying And Maintaining Static Routes
Configuration procedure Follow these steps to detect the reachability of a static route's nexthop through Track: To do… Use the command… Remarks Enter system view — system-view ip route-static dest-address { mask | mask-length } { next-hop-address | vpn-instance d-vpn-instance-name next-hop-address } track track-entry-number [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
Page 405: Static Route Configuration Example
Static Route Configuration Example Basic Static Route Configuration Example Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. Figure 1-1 Network diagram for static route configuration Configuration procedure Configuring IP addresses for interfaces (omitted) Configuring static routes...
Page 406 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.
Page 407 <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.
Page 408 Table of Contents 1 RIP Configuration ······································································································································1-1 RIP Overview ··········································································································································1-1 Operation of RIP······························································································································1-1 Operation of RIP······························································································································1-2 RIP Version ·····································································································································1-2 RIP Message Format·······················································································································1-3 Supported RIP Features··················································································································1-5 Protocols and Standards ·················································································································1-5 Configuring RIP Basic Functions ············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuring RIP Route Control ···············································································································1-7 Configuring an Additional Routing Metric ························································································1-7 Configuring RIPv2 Route Summarization························································································1-8 Disabling Host Route Reception ·····································································································1-9...
Page 409: Rip Configuration
RIP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in: RIP Overview Configuring RIP Basic Functions Configuring RIP Route Control Configuring RIP Network Optimization Displaying and Maintaining RIP...
Page 410: Rip Version
Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.
Page 411: Rip Message Format
RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets. RIPv2 is a classless routing protocol.
Page 412 RIPv2 message format The format of RIPv2 message is similar to RIPv1. Figure 1-2 shows it. Figure 1-2 RIPv2 Message Format The differences from RIPv1 are stated as following. Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address.
Page 413: Protocols And Standards
RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC 2453 “RIP Version 2”. With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication. Supported RIP Features The current implementation supports the following RIP features.
Page 414 If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
Page 415: Configuring Rip Route Control
To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one. If no RIP Specify a global RIP version { 1 | 2 } version is specified for an...
Page 416: Configuring Ripv2 Route Summarization
To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Optional Define an inbound rip metricin [ route-policy additional routing metric route-policy-name ] value 0 by default Optional Define an outbound rip metricout [ route-policy additional routing metric route-policy-name ] value 1 by default...
Page 417: Disabling Host Route Reception
You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.
Page 418: Configuring Inbound/Outbound Route Filtering
To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Optional rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] | advertise a default route if the to advertise a default route no-originate } RIP process is configured with...
Page 419: Configuring A Priority For Rip
Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.
Page 420: Configuring Rip Timers
Configuring RIP Timers You can change the RIP network convergence speed by adjusting RIP timers. Follow these steps to configure RIP timers: To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view ––...
Page 421: Configuring The Maximum Number Of Load Balanced Routes
Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable. Follow these steps to enable poison reverse: To do… Use the command… Remarks Enter system view —...
Page 422: Configuring Ripv2 Message Authentication
For a message received, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. Follow these steps to enable source IP address check on incoming RIP updates: To do…...
Page 423: Configuring Rip-To-Mib Binding
Follow these steps to specify a RIP neighbor: To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Specify a RIP neighbor Required peer ip-address Required Disable source address check undo validate-source-address on incoming RIP updates Not disabled by default...
Page 424: Displaying And Maintaining Rip
To do… Use the command… Remarks Optional Configure the maximum number of RIP packets that By default, an interface sends output-delay time count count can be sent at the specified up to three RIP packets every interval 20 milliseconds. Displaying and Maintaining RIP To do…...
Page 425 [SwitchA-Vlan-interface101] ip address 172.17.1.1 24 [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] ip address 172.16.1.1 24 # Configure Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.168.1.2 24 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 10.2.1.1 24 [SwitchB-Vlan-interface101] quit Configure basic RIP functions # Configure Switch A.
Page 426: Configuring Rip Route Redistribution
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect -------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100 Destination/Mask Nexthop Cost Flags 10.0.0.0/8 192.168.1.2 10.2.1.0/24 192.168.1.2 10.1.1.0/24 192.168.1.2 From the routing table, you can see RIPv2 uses classless subnet mask. Since the routing information advertised by RIPv1 has a long aging time, it will still exist until it ages out after RIPv2 is configured.
Page 427 [SwitchA-rip-100] undo summary [SwitchA-rip-100] quit # Enable RIP 100 and RIP 200 and specify RIP version 2 on Switch B. <SwitchB> system-view [SwitchB] rip 100 [SwitchB-rip-100] network 11.0.0.0 [SwitchB-rip-100] version 2 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit...
Page 428: Configuring An Additional Metric For A Rip Interface
12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure an filtering policy to filter redistributed routes # Configure ACL 2000 to filter routes redistributed from RIP 100 on Switch B, making the route 10.2.1.0/24 not advertised to Switch C.
Page 429 Figure 1-6 Network diagram for RIP interface additional metric configuration Configuration procedure Configure IP addresses for the interfaces (omitted). Configure RIP basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] rip 1 [SwitchA-rip-1] network 1.0.0.0 [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] quit # Configure Switch B.
Page 430: Configuring Rip To Advertise A Summary Route
# Display the IP routing table of Switch A. [SwitchA] display rip 1 database 1.0.0.0/8, cost 0, ClassfulSumm 1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 1, nexthop 1.1.2.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.2.2 The display shows that there are two RIP routes to network 1.1.5.0/24.
Page 431 Figure 1-7 Network diagram for RIP summary route advertisement Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B.
Page 432 <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 11.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Switch C. [SwitchC-rip-1] import-route direct [SwitchC-rip-1] import-route ospf 1 # Display the routing table information of Switch D.
Page 433: Troubleshooting Rip
Troubleshooting RIP No RIP Updates Received Symptom: No RIP updates are received when the links work well. Analysis: After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end.
Page 434 Table of Contents 1 OSPF Configuration ··································································································································1-1 Introduction to OSPF·······························································································································1-1 Basic Concepts································································································································1-2 OSPF Area Partition ························································································································1-3 Classification of Routers··················································································································1-6 Classification of OSPF Networks ····································································································1-8 DR and BDR····································································································································1-8 OSPF Packet Formats·····················································································································1-9 Supported OSPF Features············································································································1-18 Protocols and Standards ···············································································································1-19 OSPF Configuration Task List ··············································································································1-19 Enabling OSPF ·····································································································································1-21 Prerequisites··································································································································1-21 Configuration Procedure················································································································1-21...
Page 435 Disabling Interfaces from Sending OSPF Packets········································································1-36 Configuring Stub Routers ··············································································································1-36 Configuring OSPF Authentication ·································································································1-37 Adding the Interface MTU into DD Packets···················································································1-38 Configuring the Maximum Number of External LSAs in LSDB ·····················································1-38 Making External Route Selection Rules Defined in RFC1583 Compatible···································1-38 Logging Neighbor State Changes ·································································································1-39 Configuring OSPF Network Management ·····················································································1-39 Enabling Message Logging ···········································································································1-40...
Page 436: Ospf Configuration
OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used. When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPF OSPF Configuration Task List Enabling OSPF...
Page 437: Basic Concepts
Area partition: Allows an AS to be split into different areas for ease of management and routing information transmitted between areas is summarized to reduce network bandwidth consumption. Equal-cost multi-route: Supports multiple equal-cost routes to a destination. Routing hierarchy: Supports a four-level routing hierarchy that prioritizes routes into intra-area, inter-area, external Type-1, and external Type-2 routes.
Page 438: Ospf Area Partition
Router LSA: Type-1 LSA, originated by all routers, flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. Network LSA: Type-2 LSA, originated for broadcast and NBMA networks by the designated router, flooded throughout a single area only.
Page 439 Figure 1-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas.
Page 440 Figure 1-3 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. Therefore, you can configure interface parameters such as hello packet interval on the virtual link as they are configured on physical interfaces. The two ABRs on the virtual link exchange OSPF packets with each other directly, and the OSPF routers in between simply convey these OSPF packets as normal IP packets.
Page 441: Classification Of Routers
On the left of the figure, RIP routes are translated into Type-5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS. However, Area 1 is an NSSA area, so these Type-5 LSAs cannot travel to Area 1. Like stub areas, virtual links cannot transit NSSA areas.
Page 442 Backbone Router At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and internal routers in area 0 are backbone routers. Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS.
Page 443: Classification Of Ospf Networks
the same destination have the same cost, then take the cost from the router to the ASBR into consideration. Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol: Broadcast: When the link layer protocol is Ethernet or FDDI, OSPF considers the network type broadcast by default.
Page 444: Ospf Packet Formats
If the DR fails to work, routers on the network have to elect another DR and synchronize information with the new DR. It is time-consuming and prone to routing calculation errors. The Backup Designated Router (BDR) is introduced to reduce the synchronization period. The BDR is elected along with the DR and establishes adjacencies for routing information exchange with all other routers.
Page 445 Figure 1-8 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 1-9 OSPF packet header Version: OSPF version number, which is 2 for OSPFv2. Type: OSPF packet type from 1 to 5, corresponding with hello, DD, LSR, LSU and LSAck respectively.
Page 446 Figure 1-10 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields: Network mask: Network mask associated with the router’s sending interface. If two routers have different network masks, they cannot become neighbors.
Page 447 Figure 1-11 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I DD sequence number LSA header LSA header Major fields: Interface MTU: Size in bytes of the largest IP datagram that can be sent out the associated interface, without fragmentation.
Page 448 Figure 1-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. Link State ID: Determined by LSA type. Advertising Router: ID of the router that sent the LSA. LSU packet LSU (Link State Update) packets are used to send the requested LSAs to peers, and each packet carries a collection of LSAs.
Page 449 Figure 1-14 LSAck packet format LSA header format All LSAs have the same header, as shown in the following figure. Figure 1-15 LSA header format Major fields: LS age: Time in seconds elapsed since the LSA was originated. A LSA ages in the LSDB (added by 1 per second), but does not in transmission.
Page 450 Figure 1-16 Router LSA format LS age Options Linke state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields: Link State ID: ID of the router that originated the LSA. V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint.
Page 451 Figure 1-17 Network LSA format Major fields: Link State ID: The interface address of the DR Network mask: The mask of the network (a broadcast or NBMA network) Attached router: The IDs of the routers, which are adjacent to the DR, including the DR itself Summary LSA Network summary LSAs (Type-3 LSAs) and ASBR summary LSAs (Type-4 LSAs) are originated by ABRs.
Page 452 A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Page 453: Supported Ospf Features
Figure 1-20 NSSA external LSA format Supported OSPF Features Multi-process With multi-process support, multiple OSPF processes can run on a router simultaneously and independently. Routing information interactions between different processes seem like interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.
Page 454: Protocols And Standards
forwarding table based on the new routing information received from neighbors and removes the stale routes. OSPF supports multi-instance, which can run in VPN networks. In BGP MPLS VPN networks, multiple sites in the same VPN can use OSPF as the internal routing protocol, but they are treated as different ASs.
Page 455 Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required Configuring a Stub Area Configuring OSPF Optional Configuring an NSSA Area Areas Configuring a Virtual Link Configuring the OSPF Network Type for an Interface as Optional Broadcast Configuring OSPF Configuring the OSPF Network Type for an Interface as NBMA Optional Network Types...
Page 456: Enabling Ospf
Task Remarks Configuration Prerequisites Optional Configuring a Loopback Interface Optional Configuring OSPF Sham Link Advertising Routes of a Loopback Interface Optional Creating a Sham Link Optional Configuring the OSPF GR Restarter Optional Configuring OSPF Configuring the OSPF GR Helper Optional Graceful Restart Triggering OSPF Graceful Restart Optional...
Page 457: Configuring Ospf Areas
To do… Use the command… Remarks Required Configure an OSPF area and area area-id enter OSPF area view Not configured by default. Optional Configure a description for description description the area Not configured by default. Specify a network to enable Required network ip-address OSPF on the interface...
Page 458: Configuring An Nssa Area
To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Enter area view — area area-id Required Configure the area as a stub stub [ no-summary ] area Not configured by default.
Page 459: Configuring A Virtual Link
It is required to use the nssa command on all the routers attached to an NSSA area. Using the default-cost command only takes effect on the ABR/ASBR of an NSSA area. Configuring a Virtual Link Non-backbone areas exchange routing information via the backbone area. Therefore, connectivity between the backbone and non-backbone areas and within the backbone itself must be maintained.
Page 460: Prerequisites
Prerequisites Before configuring OSPF network types, you have configured: IP addresses for interfaces, making neighboring nodes accessible with each other at network layer. OSPF basic functions. Configuring the OSPF Network Type for an Interface as Broadcast Follow these steps to configure the OSPF network type for an interface as broadcast: To do…...
Page 461: Configuring The Ospf Network Type For An Interface As P2Mp
The DR priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences: The former is for actual DR election. The latter is to indicate whether a neighbor has the election right or not. If you configure the DR priority for a neighbor as 0, the local router will consider the neighbor has no election right, and thus no hello packet is sent to this neighbor, reducing the number of hello packets for DR/BDR election on networks.
Page 462: Configuring Ospf Route Summarization
OSPF basic functions Corresponding filters if routing information filtering is needed. Configuring OSPF Route Summarization Route summarization: An ABR or ASBR summarizes routes with the same prefix into a single route and distribute it to other areas. Through route summarization, routing information across areas and the size of routing tables on routers will be reduced, improving calculation speed of routers.
Page 463: Configuring Ospf Inbound Route Filtering
To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ]* Required asbr-summary ip-address { mask Configure ASBR route The command is available on an | mask-length } [ tag tag | summarization ASBR only.
Page 464: Configuring An Ospf Cost For An Interface
To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Enter area view — area area-id Required Configure ABR Type-3 LSA filter { acl-number | ip-prefix Not configured by filtering ip-prefix-name } { import | export }...
Page 465: Configuring The Maximum Number Of Load-Balanced Routes
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, the maximum number Configure the maximum-routes { external | inter | of AS external routes, inter-area maximum number of intra } number...
Page 466: Configuring Ospf Route Redistribution
Configuring OSPF Route Redistribution Configure route redistribution into OSPF If the router runs OSPF and other routing protocols, you can configure OSPF to redistribute RIP, IS-IS, BGP, static, or direct routes and advertise these routes in Type-5 LSAs or Type-7 LSAs. By filtering redistributed routes, OSPF translates only routes not filtered out into Type-5 LSAs or Type-7 LSAs for advertisement.
Page 467: Advertising A Host Route
The default-route-advertise summary cost command is applicable only to VPN, and the default route is redistributed in a Type-3 LSA. The PE router will advertise the default route to the CE router. Configure the default parameters for redistributed routes You can configure default parameters such as the cost, upper limit, tag and type for redistributed routes. Tags are used to indicate information related to protocols.
Page 468: Prerequisites
Configure OSPF authentication to meet high security requirements of some mission-critical networks. Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. Prerequisites Before configuring OSPF network optimization, you have configured: IP addresses for interfaces;...
Page 469: Specifying An Lsa Transmission Delay
The hello and dead intervals restore to default values after you change the network type for an interface. The dead interval should be at least four times the hello interval on an interface. The poll interval is at least four times the hello interval. The retransmission interval should not be so small for avoidance of unnecessary LSA retransmissions.
Page 470: Specifying The Lsa Minimum Repeat Arrival Interval
With this task configured, when network changes are not frequent, SPF calculation applies at the minimum-interval. If network changes become frequent, SPF calculation interval is incremented by incremental-interval × 2 (n is the number of calculation times) each time a calculation occurs, up to the maximum-interval.
Page 471: Disabling Interfaces From Sending Ospf Packets
With this command configured, when network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, LSA generation interval is incremented by incremental-interval•2n-2 (n is the number of generation times) each time a generation occurs, up to the maximum-interval.
Page 472: Configuring Ospf Authentication
Follow these steps to configure a router as a stub router: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | vpn-instance Enter OSPF view — instance-name ] * Required Configure the router as a stub-router stub router Not configured by default.
Page 473: Adding The Interface Mtu Into Dd Packets
Adding the Interface MTU into DD Packets Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...
Page 474: Logging Neighbor State Changes
To avoid routing loops, it is recommended to configure all the routers to be either compatible or incompatible with the external route selection rules defined in RFC 1583. Logging Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do…...
Page 475: Enabling Message Logging
Enabling Message Logging Follow these steps to enable message logging: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Required Enable message enable log [ config | error | state ] logging Not enabled by default.
Page 476: Configuring Ospf Sham Link
Follow these steps to configure the LSU transmit rate: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, an OSPF Configure the LSU transmit-pacing interval interval count interface sends up to three...
Page 477: Creating A Sham Link
To do… Use the command… Remarks ipv4-family vpn-instance Enter BGP VPN instance view Required vpn-instance-name Inject direct routes, that is, Required import-route direct loopback host routes For BGP VPN information, refer to MCE Configuration in the IP Routing Volume. Creating a Sham Link Follow these steps to create a sham link: To do…...
Page 478: Configuring Ospf Graceful Restart
Configuring OSPF Graceful Restart One device can act as both a GR Restarter and GR Helper at the same time. OSPF GR can be implemented through: IETF standard GR capable routers. The GR restarter communicates with GR helpers by exchanging Type-9 Opaque LSAs called Grace LSAs. Non IETF standard GR capable routers.
Page 479: Configuring The Ospf Gr Helper
To do… Use the command… Remarks enable Required Enable the out-of-band out-of-band-resynchronizati re-synchronization capability Disabled by default Enable non IETF standard Required graceful-restart Graceful Restart capability for [ nonstandard ] Disabled by default OSPF Optional Configure Graceful Restart graceful-restart interval timer interval for OSPF 120 seconds by default Configuring the OSPF GR Helper...
Page 480: Triggering Ospf Graceful Restart
Triggering OSPF Graceful Restart Performing the following configuration on an OSPF router will trigger an OSPF Graceful Restart process. Follow these steps to trigger OSPF Graceful Restart: To do… Use the command… Remarks Required reset ospf [ process-id ] Trigger OSPF Graceful Restart Available in user view process graceful-restart Displaying and Maintaining OSPF...
Page 481: Ospf Configuration Examples
To do… Use the command… Remarks reset ospf [ process-id ] process Reset an OSPF process [ graceful-restart ] Re-enable OSPF route reset ospf [ process-id ] redistribution redistribution OSPF Configuration Examples These examples only cover commands for OSPF configuration. Configuring OSPF Basic Functions Network requirements As shown in the following figure, all switches run OSPF.
Page 482 [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 [SwitchB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quit # Configure Switch C <SwitchC>...
Page 483 Neighbor state change count: 5 Neighbors Area 0.0.0.1 interface 10.2.1.1(Vlan-interface200)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Switch A.
Page 484: Configuring Ospf Route Redistribution
Network 10.2.1.1 10.2.1.1 80000010 Sum-Net 10.5.1.0 10.2.1.1 80000003 Sum-Net 10.3.1.0 10.2.1.1 1069 8000000F Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Switch D. [SwitchD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination...
Page 485 Figure 1-22 Network diagram for OSPF redistributing routes from outside of an AS Configuration procedure Configure IP addresses for interfaces (omitted). Configure OSPF basic functions (Refer to Configuring OSPF Basic Functions). Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.2.0/24. <SwitchC>...
Page 486: Configuring Ospf To Advertise A Summary Route
10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to Advertise a Summary Route Network requirements As shown in the following figure: Switch A and Switch B are in AS 200, which runs OSPF.
Page 487 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.
Page 488: Configuring An Ospf Stub Area
[SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 O_ASE 11.2.1.1 Vlan100 10.2.1.0/24 O_ASE 11.2.1.1 Vlan100 10.3.1.0/24 O_ASE 11.2.1.1...
Page 489 Figure 1-24 Network diagram for OSPF Stub area configuration Switch A Switch B Area 0 Vlan-int100 10.1.1.1/24 Vlan-int100 10.1.1.2/24 Vlan-int200 Vlan-int200 10.2.1.1/24 10.3.1.1/24 Vlan-int200 Vlan-int200 Area 1 Area 2 10.3.1.2/24 10.2.1.2/24 Stub ASBR Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces (omitted).
Page 490 Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route.
Page 491: Configuring An Ospf Nssa Area
When Switch C resides in the Stub area, a default route takes the place of the external route. # Filter Type-3 LSAs out the stub area [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] stub no-summary [SwitchA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Switch C. [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables...
Page 492 Figure 1-25 Network diagram for OSPF NSSA area configuration Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Area 1 as an NSSA area. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit...
Page 493: Configuring Ospf Dr Election
0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure Switch C to redistribute static routes. [SwitchC] ip route-static 3.1.3.1 24 11.1.1.1 [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...
Page 494 Figure 1-26 Network diagram for OSPF DR election configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.
Page 495 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4...
Page 496 # Display neighbor information on Switch D. [SwitchD] display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...
Page 497 Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode: Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way...
Page 498: Configuring Ospf Virtual Links
192.168.1.2 Broadcast DROther 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR/BDR. Configuring OSPF Virtual Links Network requirements In the following figure, Area 2 has no direct connection to Area 0, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C.
Page 499 <SwitchC> system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] area 2 [SwitchC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchC–ospf-1-area-0.0.0.2] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit # Display the OSPF routing table of Switch B.
Page 500: Ospf Graceful Restart Configuration Example
[SwitchB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.3.1.0/24 Inter 10.2.1.2 3.3.3.3 0.0.0.0 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0...
Page 501 [SwitchA-ospf-100-area-0.0.0.0] return Configure Switch B <SwitchB> system-view [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule 10 permit source 192.1.1.1 0.0.0.0 [SwitchB-acl-basic-2000] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] graceful-restart help 2000 [SwitchB-ospf-100] area 0 [SwitchB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 Configure Switch C...
Page 502: Configuring Route Filtering
OSPF 1 restarted OOB Progress timer for neighbor 192.1.1.2. %Oct 22 09:36:12:566 2008 RouterA RM/3/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbour 192.1.1.2(Ethernet1/1) from Loading to Full OSPF 1 restarted OOB Progress timer for neighbor 192.1.1.2. OSPF 1 deleted OOB Progress timer for neighbor 192.1.1.2. OSPF 1 Gr Wait Timeout timer fired.
Page 503 # On Switch C, configure a static route destined for network 3.1.2.0/24. [SwitchC] ip route-static 3.1.2.0 24 10.4.1.2 # On Switch C, configure a static route destined for network 3.1.3.0/24. [SwitchC] ip route-static 3.1.3.0 24 10.4.1.2 # On Switch C, configure OSPF to redistribute static routes. [SwitchC] ospf 1 [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...
Page 504: Troubleshooting Ospf Configuration
10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 10.5.1.0/24 OSPF 10.1.1.2 Vlan100 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The route destined for network 3.1.3.0/24 is filtered out. On Switch A, filter out the route 10.5.1.1/24.
Page 505: Incorrect Routing Information
Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment and mask (a P2P or virtual link may have different network segments and masks). Processing steps Display OSPF neighbor information using the display ospf peer command.
Page 506 Table of Contents 1 IS-IS Configuration ····································································································································1-1 IS-IS Overview ········································································································································1-1 Basic Concepts································································································································1-1 IS-IS Area ········································································································································1-3 IS-IS Network Type ·························································································································1-5 IS-IS PDU Format····························································································································1-6 Supported IS-IS Features··············································································································1-12 Protocols and Standards ···············································································································1-14 IS-IS Configuration Task List ················································································································1-15 Configuring IS-IS Basic Functions ········································································································1-16 Configuration Prerequisites ···········································································································1-16 Enabling IS-IS································································································································1-16 Configuring the IS Level and Circuit Level ····················································································1-16 Configuring the Network Type of an Interface as P2P ··································································1-17...
Page 507 Enabling the Logging of Neighbor State Changes················································································1-33 Enabling IS-IS SNMP Trap ···················································································································1-33 Binding an IS-IS Process with MIBs ·····································································································1-33 Displaying and Maintaining IS-IS ··········································································································1-34 IS-IS Configuration Example·················································································································1-35 IS-IS Basic Configuration ··············································································································1-35 DIS Election Configuration ············································································································1-39 Configuring IS-IS Route Redistribution ·························································································1-44 IS-IS-based Graceful Restart Configuration Example···································································1-47 IS-IS Authentication Configuration Example ·················································································1-49...
Page 508: Is-Is Configuration
IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes Enabling IS-IS SNMP Trap...
Page 509 Routing domain (RD). A group of ISs exchanges routing information with each other using the same routing protocol in a routing domain. Area. An area is a unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas.
Page 510: Is-Is Area
Divide the extended IP address into 3 sections with 4 digits in each section to get the system ID 1680.1000.1001. There are other methods to define a system ID. The principle is to make sure it can uniquely identify a host or router.
Page 511 The Level-1 routers in different areas can not establish neighbor relationships. The neighbor relationship establishment of Level-2 routers has nothing to do with area. Figure 1-2 shows an IS-IS network topology. Area 1 comprises a set of Level-2 routers and is the backbone.
Page 512: Is-Is Network Type
The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree (SPT). Routing method A Level-1 router makes routing decisions based on the system ID. If the destination is not in the area, the packet is forwarded to the nearest Level-1-2 router.
Page 513: Is-Is Pdu Format
The Level-1 and Level-2 DISs are elected respectively. You can assign different priorities for different level DIS elections. The higher a router’s priority is, the more likelihood the router becomes the DIS. If there are multiple routers with the same highest DIS priority, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected.
Page 514 Figure 1-5 PDU format Common header format Figure 1-6 shows the PDU common header format. Figure 1-6 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Intradomain Routing Protocol Discriminator: Set to 0x83.
Page 515 Hello Hello packets are used by routers to establish and maintain neighbor relationships. A hello packet is also called an IS-to-IS hello PDU (IIH). For broadcast networks, the Level-1 routers use the Level-1 LAN IIHs; and the Level-2 routers use the Level-2 LAN IIHs. The P2P IIHs are used on point-to-point networks.
Page 516 Figure 1-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carry link state information. LSP involves two types: Level-1 LSP and Level-2 LSP.
Page 517 PDU Length: Total length of the PDU in bytes. Remaining Lifetime: LSP remaining lifetime in seconds. LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). Sequence Number: LSP sequence number. Checksum: LSP checksum.
Page 518 Figure 1-11 L1/L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors. Figure 1-12 shows the PSNP packet format.
Page 519: Supported Is-Is Features
Figure 1-13 CLV format Table 1-2 shows that different PDUs contain different CLVs. Table 1-2 CLV name and the corresponding PDU type CLV Code Name PDU Type Area Addresses IIH, LSP IS Neighbors (LSP) Partition Designated Level2 IS L2 LSP IS Neighbors (MAC Address) LAN IIH IS Neighbors (SNPA Address)
Page 520 IS-IS Graceful Restart For detailed GR information, refer to GR Overview in the High Availability Volume. After an IS-IS GR Restarter restarts IS-IS, it needs to complete the following two tasks to synchronize the LSDB with its neighbors. To obtain effective IS-IS neighbor information without changing adjacencies. To obtain the LSDB contents.
Page 521: Protocols And Standards
A virtual system is identified by an additional system ID and generates extended LSP fragments. Original LSP It is the LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system. Extended LSP Extended LSPs are generated by virtual systems.
Page 522: Configuring Is-Is Basic Functions
RFC 2763 - Dynamic Hostname Exchange Mechanism for IS-IS RFC 2966 - Domain-wide Prefix Distribution with Two-Level IS-IS RFC 2973 - IS-IS Mesh Groups RFC 3277 - IS-IS Transient Blackhole Avoidance RFC 3358 - Optional Checksums in ISIS RFC 3373 - Three-Way Handshake for IS-IS Point-to-Point Adjacencies RFC 3567 - Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication RFC 3719 - Recommendations for Interoperable Networks using IS-IS RFC 3786 - Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit...
Page 523: Configuration Prerequisites
Task Remarks Configuring IS-IS GR Optional Enabling the Logging of Neighbor State Changes Optional Enabling IS-IS SNMP Trap Optional Binding an IS-IS Process with MIBs Optional Configuring IS-IS Basic Functions Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure the link layer protocol. Configure an IP address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer.
Page 524: Configuring The Network Type Of An Interface As P2P
To do… Use the command… Remarks Enter system view –– system-view isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Optional is-level { level-1 | level-1-2 | Specify the IS level level-2 } The default is Level-1-2. Return to system view ––...
Page 525: Configuring Is-Is Link Cost
Configuring IS-IS Link Cost The IS-IS cost of an interface is determined in the following order: ISIS cost specified in interface view. ISIS cost specified in system view. The cost is applied to the interfaces associated to the IS-IS process. Automatically calculated cost: When the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost= (bandwidth reference value/interface bandwidth) ×10.
Page 526: Specifying A Priority For Is-Is
Enable automatic IS-IS cost calculation Follow these steps to enable automatic IS-IS cost calculation: To do… Use the command… Remarks Enter system view — system-view isis [ process-id ] [ vpn-instance Enter IS-IS view — vpn-instance-name ] Required Specify an IS-IS cost style cost-style { wide | wide-compatible } narrow by default Required...
Page 527: Configuring Is-Is Route Summarization
Configuring IS-IS Route Summarization This task is to configure a summary route, so routes falling into the network range of the summary route are summarized into one route for advertisement. Doing so can reduce the size of routing tables, as well as the scale of LSP and LSDB.
Page 528 Configuring IS-IS Route Redistribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network. In that case, you can configure a limit on the number of redistributed routes to limit the number of routes to be advertised.
Page 529: Configuring Is-Is Route Leaking
To do… Use the command… Remarks Required filter-policy { acl-number | ip-prefix Filter routes calculated No filtering is configured ip-prefix-name | route-policy from received LSPs route-policy-name } import by default. Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them into the IS-IS routing table and advertise them in LSPs.
Page 530: Tuning And Optimizing Is-Is Networks
Tuning and Optimizing IS-IS Networks Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure IP addresses for interfaces, and make adjacent nodes reachable to each other at the network layer. Enable IS-IS. Specifying Intervals for Sending IS-IS Hello and CSNP Packets Follow these steps to configure intervals for sending IS-IS hello and CSNP packets: To do…...
Page 531: Configuring A Dis Priority For An Interface
On a broadcast link, Level-1 and Level-2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level. On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets, and you need not specify Level-1 or Level-2. Configuring a DIS Priority for an Interface On an IS-IS broadcast network, a router should be elected as the DIS at a routing level.
Page 532: Configuring Lsp Parameters
To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required Enable the interface to send small hello packets without Standard hello packets are sent isis small-hello CLVs by default. Configuring LSP Parameters Configuring LSP timers Specify the maximum age of LSPs Each LSP has an age that decreases in the LSDB.
Page 533 Specify LSP sending intervals If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs. On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP.
Page 534 Enabling LSP flash flooding Since changed LSPs may trigger SPF recalculation, you can enable LSP flash flooding to advertise the changed LSPs before the router recalculates routes. Doing so can speed up network convergence. Follow these steps to enable LSP flash flooding: To do…...
Page 535: Configuring Spf Parameters
Figure 1-14 Network diagram of a fully meshed network To avoid this, you can configure some interfaces as a mesh group or/and configure the blocked interfaces. After receiving an LSP, a member interface in a mesh group floods it out the interfaces that does not belong to the mesh group.
Page 536: Setting The Lsdb Overload Bit
To do… Use the command... Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Optional Configure the SPF timer spf maximum-interval The default SPF calculation calculation interval [ initial-interval [ second-wait-interval ] ] interval is 10 seconds.
Page 537: Configuring Area Authentication
Follow these steps to configure neighbor relationship authentication: To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required isis authentication-mode { simple | Specify the authentication md5 } password [ level-1 | level-2 ] Not authentication is mode and password [ ip | osi ]...
Page 538: Configuring System Id To Host Name Mappings
To do… Use the command… Remarks Required Specify the routing domain domain-authentication-mode No routing domain authentication mode and { simple | md5 } password [ ip | authentication is configured by password osi ] default. Configuring System ID to Host Name Mappings In IS-IS, a system ID identifies a router or host uniquely.
Page 539: Configuring Is-Is Gr
Follow these steps to configure dynamic system ID to host name mapping: To do… Use the command... Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Specify a host name for is-name sys-name the router No specified by default.
Page 540: Enabling The Logging Of Neighbor State Changes
Enabling the Logging of Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do… Use the command… Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Enable the logging of neighbor log-peer-change...
Page 541: Displaying And Maintaining Is-Is
Displaying and Maintaining IS-IS To do… Use the command… Remarks Display brief IS-IS configuration display isis brief [ process-id | vpn-instance Available in any information vpn-instance-name ] view Display the status of IS-IS display isis debug-switches { process-id | Available in any debug switches vpn-instance vpn-instance-name } view...
Page 542: Is-Is Configuration Example
IS-IS Configuration Example IS-IS Basic Configuration Network requirements As shown in Figure 1-15, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch. Switch A, B and C are in Area 10, while Switch D is in Area 20.
Page 543 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD>...
Page 544 -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00* 0x00000008 0xe651 1189 0/0/0 0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 0/0/0 0000.0000.0003.00-00 0x00000014 0x194a 1190 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchC] display isis lsdb Database information for ISIS(1) --------------------------------...
Page 545 Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL ------------------------------------------------------------------------------- 0000.0000.0003.00-00 0x00000013 0xc73d 1003 0/0/0 0000.0000.0004.00-00* 0x0000003c 0xd647 1194 0/0/0 0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches should have a default route with the next hop being the Level-1-2 switch.
Page 546: Dis Election Configuration
ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan200 Direct D/L/- 172.16.0.0/16 NULL Vlan300 192.168.0.2 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchD] display isis route Route information for ISIS(1) -----------------------------...
Page 547 Figure 1-16 Network diagram for DIS selection Configuration procedure Configure an IP address for each interface (omitted) Enable IS-IS # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 548 [SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01 State: Up HoldTime: 21s...
Page 549 Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/Yes By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively. Configure the DIS priority of Switch A.
Page 550 Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01...
Page 551 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS Route Redistribution Network requirements As shown in the following figure, Switch A, Switch B, Switch C and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.
Page 552 # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D.
Page 553 ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100 Direct D/L/- 10.1.2.0/24 NULL VLAN200 Direct D/L/- 192.168.0.0/24 NULL VLAN300 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost...
Page 554: Is-Is-Based Graceful Restart Configuration Example
[SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Configure route redistribution from RIP to IS-IS on Switch D. [SwitchD-rip-1] quit [SwitchD] isis 1 [SwitchD–isis] import-route rip level-2 # Display IS-IS routing information on Switch C. [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 555 Figure 1-18 Network diagram for IS-IS-based GR configuration GR restarter Switch A Vlan-int100 10.0.0.1/24 Vlan-int100 Vlan-int100 10.0.0.2/24 10.0.0.3/24 Switch B Switch C GR helper GR helper Configuration procedure Configure IP addresses of the interfaces on each switch and configure IS-IS. Follow Figure 1-18 to configure the IP address and subnet mask of each interface.
Page 556: Is-Is Authentication Configuration Example
T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS Authentication Configuration Example...
Page 557 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable 1 [RouterB--Vlan-interface200] quit # Configure Switch C. <SwitchC>...
Page 558 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis authentication-mode md5 t5Hr [SwitchB-Vlan-interface200] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis authentication-mode md5 t5Hr [SwitchC-Vlan-interface200] quit # Specify the MD5 authentication mode and password hSec on VLAN-interface 300 of Switch D and on VLAN-interface 300 of Switch C. [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis authentication-mode md5 hSec [SwitchC-Vlan-interface300] quit...
Page 559 Table of Contents 1 BGP Configuration ····································································································································1-1 BGP Overview·········································································································································1-1 Formats of BGP Messages ·············································································································1-2 BGP Path Attributes ························································································································1-4 BGP Route Selection·······················································································································1-8 iBGP and IGP Synchronization ·····································································································1-10 Settlements for Problems in Large Scale BGP Networks ·····························································1-11 BGP GR·········································································································································1-14 MP-BGP ········································································································································1-15 Protocols and Standards ···············································································································1-16 BGP Configuration Task List·················································································································1-16 Configuring BGP Basic Functions·········································································································1-17 Prerequisites··································································································································1-17...
Page 560 Enabling Quick eBGP Session Reestablishment··········································································1-33 Enabling MD5 Authentication for TCP Connections ·····································································1-34 Configuring BGP Load Balancing··································································································1-34 Forbiding Session Establishment with a Peer or Peer Group ·······················································1-35 Configuring a Large Scale BGP Network······························································································1-35 Configuration Prerequisites ···········································································································1-35 Configuring BGP Peer Groups ······································································································1-35 Configuring BGP Community ········································································································1-37 Configuring a BGP Route Reflector ······························································································1-38 Configuring a BGP Confederation·································································································1-38...
Page 561: Bgp Configuration
BGP Configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. When configuring BGP, go to these sections for information you are interested in: BGP Overview BGP Configuration Task List Configuring BGP Basic Functions Controlling Route Generation Controlling Route Distribution and Reception Configuring BGP Route Attributes Tuning and Optimizing BGP Networks...
Page 562: Formats Of Bgp Messages
A router advertising BGP messages is called a BGP speaker. It establishes peer relationships with other BGP speakers to exchange routing information. When a BGP speaker receives a new route or a route better than the current one from another AS, it will advertise the route to all the other BGP peers in the local AS.
Page 563 Figure 1-2 BGP open message format Version: This 1-byte unsigned integer indicates the protocol version number. The current BGP version is 4. My autonomous system: This 2-byte unsigned integer indicates the Autonomous System number of the sender. Hold time: When establishing a peer relationship, two parties negotiate an identical hold time. If no Keepalive or Update is received from a peer within the hold time, the BGP connection is considered down.
Page 564: Bgp Path Attributes
NLRI (Network Layer Reachability Information): Each feasible route is represented as <length, prefix>. Notification A Notification message is sent when an error is detected. The BGP connection is closed immediately after sending it. The Notification message format is shown below: Figure 1-4 BGP Notification message format Error code: Type of Notification.
Page 565 Optional non-transitive: If a BGP router does not support this attribute, it will not advertise routes with this attribute. The usage of each BGP path attribute is described in the following table. Table 1-1 Usage of BGP path attributes Name Category ORIGIN Well-known mandatory...
Page 566 Figure 1-6 AS_PATH attribute 8.0.0.0 AS 10 D = 8.0.0.0 D = 8.0.0.0 (10) (10) AS 40 AS 20 D = 8.0.0.0 D = 8.0.0.0 (40,10) (20,10) D = 8.0.0.0 (30,20,10) AS 30 AS 50 In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements.
Page 567 Figure 1-7 NEXT_HOP attribute MED (MULTI_EXIT_DISC) The MED attribute is exchanged between two neighboring ASs, each of which does not advertise the attribute to any other AS. Similar with metrics used by IGP, MED is used to determine the best route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value the best route if other conditions are the same.
Page 568: Bgp Route Selection
The LOCAL_PREF attribute is exchanged between iBGP peers only, and thus is not advertised to any other AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several iBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route.
Page 569 Select the route with the smallest next hop cost Select the route with the shortest CLUSTER_LIST Select the route with the smallest ORIGINATOR_ID Select the route advertised by the router with the smallest Router ID Select the route with the lowest IP address CLUSTER_IDs of route reflectors form a CLUSTER_LIST.
Page 570: Ibgp And Igp Synchronization
Figure 1-10 Network diagram for BGP load balancing In the above figure, Router D and Router E are iBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C. If load balancing is configured and the two routes have the same AS_PATH attribute, ORIGIN attribute, LOCAL_PREF and MED, Router C installs both the two routes to its route table for load balancing.
Page 571: Settlements For Problems In Large Scale Bgp Networks
Figure 1-11 iBGP and IGP synchronization If synchronization is enabled in this example, only when the route 8.0.0.0/24 received from Router B is available in its IGP routing table, can Router D add the route into its BGP routing table and advertise the route to the eBGP peer.
Page 572 Figure 1-12 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify configurations on them. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed accordingly.
Page 573 A router that is neither a route reflector nor a client is a non-client, which has to establish BGP sessions to the route reflector and other non-clients, as shown below. Figure 1-13 Network diagram for route reflector The route reflector and clients form a cluster. In some cases, you can configure more than one route reflector in a cluster to improve network reliability and prevent single point failure, as shown in the following figure.
Page 574: Bgp Gr
For GR (Graceful Restart) information, refer to GR Overview in the High Availability Volume. The 4800G series switches are centralized devices that support IRF. They can act as a GR Helper before forming an IRF; they can form a distributed chassis switch in a logical sense and act as a GR Restarter after forming an IRF.
Page 575 session. If neither party has the GR capability, the session established between them will not be GR capable. When an active/standby switchover occurs on a distributed device that acts as the GR Restarter, sessions on it will go down. Then, GR capable peers will mark all routes associated with the GR Restarter as stale.
Page 576: Bgp Configuration Task List
For information about the VPN extension application, refer to MCE Configuration in the IP Routing Volume. For information about the IPv6 extension application, refer to IPv6 BGP Configuration in the IP Routing Volume. This chapter gives no detailed commands related to any specific extension application in MP-BGP address family view.
Page 577: Configuring Bgp Basic Functions
Task Remarks Configuring BGP Route Dampening Configuring a Shortcut Route Specifying a Preferred Value for Routes Optional Received Configuring Preferences for BGP Routes Optional Configuring BGP Route Configure the Default Local Preference Optional Attributes Configuring the MED Attribute Optional Configuring the Next Hop Attribute Optional Configuring the AS-PATH Attribute Optional...
Page 578: Creating A Bgp Connection
Creating a BGP Connection A router ID is the unique identifier of a BGP router in an AS. To ensure the uniqueness of a router ID and enhance network reliability, you can specify in BGP view the IP address of a local loopback interface as the router ID. If no router ID is specified in BGP view, the global router ID is used.
Page 579: Allowing Establishment Of Ebgp Connection To A Non Directly Connected Peer/Peer Group
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Required Specify the source peer { group-name | By default, BGP uses the outbound interface for ip-address } interface of the best route to the BGP establishing TCP connect-interface peer/peer group as the source interface for...
Page 580: Injecting A Local Network
There are to ways to generate BGP routes: Configure BGP to advertise local networks Configure BGP to redistribute routes from other routing protocols, including the default route Prerequisites BGP connections have been created. Injecting a Local Network In BGP view, you can inject a local network to allow BGP to advertise it to BGP peers. The origin attribute of routes advertised in this way is IGP.
Page 581: Controlling Route Distribution And Reception
To do… Use the command… Remarks import-route protocol [ process-id | all-processes ] Required Enable route redistribution from [ med med-value | a routing protocol into BGP Not redistributed by default route-policy route-policy-name ] * Optional Enable default route default-route imported redistribution into BGP Not enabled by default Controlling Route Distribution and Reception...
Page 582: Advertising A Default Route To A Peer Or Peer Group
Advertising a Default Route to a Peer or Peer Group After this task is configured, the BGP router sends a default route with the next hop being itself to the specified peer/peer group, regardless of whether the default route is available in the routing table. Follow these steps to advertise a default route to a peer or peer group: To do…...
Page 583 To do… Use the command… Remarks filter-policy { acl-number | Required to choose any; ip-prefix ip-prefix-name } Configure the filtering of Not configured by default. export [ direct | isis process-id redistributed routes You can configure a filtering | ospf process-id | rip policy as needed;...
Page 584: Enabling Bgp And Igp Route Synchronization
Enabling BGP and IGP Route Synchronization By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. With BGP and IGP synchronization enabled, the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table. Follow these steps to enable BGP and IGP synchronization: To do…...
Page 585: Configuring Bgp Route Attributes
To do… Use the command… Remarks Required dampening [ half-life-reachable Configure BGP route Not configured by half-life-unreachable reuse suppress dampening ceiling | route-policy route-policy-name ] * default. Configuring a Shortcut Route An eBGP route received has a priority of 255, lower than a local route. This task allows you configure an eBGP route as a shortcut route that has the same priority as a local route and thus has greater likehood to become the optimal route.
Page 586: Configure The Default Local Preference
Follow these steps to configure preferences for BGP routes: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number preference Optional Configure preferences { external-preference The default preferences of external, for external, internal, internal-preference internal, and local BGP routes are 255, local BGP routes...
Page 587 To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Required Enable the comparison of MED of compare-different-as-med routes from different ASs Not enabled by default Enable the comparison of MED of routes from each AS Route learning sequence may affect optimal route selection.
Page 588 Note that, in this case, BGP load balancing cannot be implemented because load balanced routes must have the same AS-path attribute. Follow these steps to enable the comparison of MED of routes from each AS: To do… Use the command… Remarks Enter system view —...
Page 589 Figure 1-17 Next hop attribute configuration If a BGP router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an eBGP peer by default. As shown below, Router A and Router B establish an eBGP neighbor relationship, and Router B and Router C establish an iBGP neighbor relationship.
Page 590 To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Optional Permit local AS number to appear in peer { group-name | routes from a peer/peer group and ip-address } allow-as-loop By default, the local AS specify the appearance times [ number ] number is not allowed.
Page 591: Tuning And Optimizing Bgp Networks
Figure 1-19 AS number substitution configuration AS 100 PE 1 PE 2 MPLS backbone EBGP_Update:10.1.1.1/32 EBGP_Update:10.1.1.1/32 VPNv4_Update:10.1.0.0/16 AS_PATH:100,100 AS_PATH:800 RD:10.1.1.1/32 AS_PATH:800 CE 1 CE 2 AS 800 AS 800 As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, when PE 2 receives a BGP update sent from CE 1, it replaces AS number 800 as its own AS number 100.
Page 592: Configuring Bgp Keepalive Interval And Holdtime
Configuring BGP Keepalive Interval and Holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the connection. If two parties have the same timer assigned with different values, the smaller one is used by the two parties.
Page 593: Enabling Quick Ebgp Session Reestablishment
The current BGP implementation supports the route-refresh capability, with which, a router can dynamically refresh its BGP routing table when the route selection policy is modified, without tearing down BGP connections. If a BGP peer does not support route-refresh, you need to save updates from the peer on the local router.
Page 594: Enabling Md5 Authentication For Tcp Connections
With quick eBGP connection reestablishment enabled, the router, when the link to a directly connected eBGP peer is down, will reestablish a session to the eBGP peer immediately. Follow these steps to enable quick eBGP session reestablishment: To do… Use the command… Remarks Enter system view —...
Page 595: Configuring A Large Scale Bgp Network
Forbiding Session Establishment with a Peer or Peer Group Follow these steps to forbid session establishment with a peer or peer group: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Optional Forbid session establishment with a peer { group-name | peer or peer group...
Page 596 Configure an eBGP peer group If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group; if not, it is a mixed eBGP peer group. There are three approaches for configuring an eBGP peer group: Create the eBGP peer group, specify its AS number, and add peers into it.
Page 597: Configuring Bgp Community
Peers added in the group can have different AS numbers. Follow these steps to configure an eBGP peer group using the third approach: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Create an eBGP peer group Required group group-name external...
Page 598: Configuring A Bgp Route Reflector
To do… Use the command… Remarks peer/peer group by default. Advertise the extended community peer { group-name | ip-address } attribute to a peer/peer advertise-ext-community group Required peer { group-name | ip-address } Apply a routing policy to routes advertised Not configured route-policy route-policy-name to a peer/peer group...
Page 599: Configuring Bgp Gr
A confederation contains sub ASs. In each sub AS, iBGP peers are fully meshed. Between sub ASs, eBGP connections are established. If routers not compliant with RFC 3065 exist in the confederation, you can use the confederation nonstandard command to make the local router compatible with these routers. Configure a BGP confederation After you split an AS into multiple sub ASs, you can configure a router in a sub AS in the following way: Enable BGP and specify the AS number of the router.
Page 600: Enabling Logging Of Peer State Changes
Follow these steps to configure BGP GR: To do… Use the command… Remarks Enter system view — system-view Enable BGP, and enter its view — bgp as-number Required Enable GR Capability for BGP graceful-restart Disabled by default Configure the maximum time Optional graceful-restart timer allowed for the peer to...
Page 601 To do… Use the command… Remarks peer state Optional for a peer or peer { group-name | ip-address } changes peer group Enabled by default log-change 1-41...
Page 602: Displaying And Maintaining Bgp
Displaying and Maintaining BGP Displaying BGP To do… Use the command… Remarks Display peer group information display bgp group [ group-name ] Display advertised BGP routing display bgp network information Display AS path information display bgp paths [ as-regular-expression ] Display BGP peer/peer group display bgp peer [ ip-address { log-info | information...
Page 603: Bgp Configuration Examples
Resetting BGP Connections To do… Use the command… Remarks Reset all BGP connections reset bgp all Reset the BGP connections to an AS reset bgp as-number Reset the BGP connection to a peer reset bgp ip-address [ flap-info ] Reset all eBGP connections Available in user reset bgp external view...
Page 604 # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] peer 9.1.3.2 as-number 65009 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 9.1.3.1 as-number 65009 [SwitchC-bgp] peer 9.1.2.2 as-number 65009 [SwitchC-bgp] quit # Configure Switch D.
Page 605 200.1.1.2 4 65008 1 00:44:03 Established You can find Switch B has established BGP connections to other switches. # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, >...
Page 606 # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] import-route direct # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 7 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 607: Bgp And Igp Synchronization Configuration
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/31/47 ms BGP and IGP Synchronization Configuration Network requirements As shown below, OSPF is used as the IGP protocol in AS65009, where Switch C is a non-BGP switch.
Page 608 [SwitchB-bgp] import-route ospf 1 [SwitchB-bgp] quit # Display routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 609: Bgp Load Balancing Configuration
Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 8.1.1.0/24 0.0.0.0 *> 9.0.0.0 3.1.1.1 65009? # Use ping for verification. [SwitchA] ping -a 8.1.1.1 9.1.2.1 PING 9.1.2.1: 56 data bytes, press CTRL_C to break Reply from 9.1.2.1: bytes=56 Sequence=1 ttl=254 time=15 ms Reply from 9.1.2.1: bytes=56 Sequence=2 ttl=254 time=31 ms Reply from 9.1.2.1: bytes=56 Sequence=3 ttl=254 time=47 ms...
Page 610 [SwitchA-bgp] peer 200.1.1.1 as-number 65009 [SwitchA-bgp] peer 200.1.2.1 as-number 65009 # Inject route 8.0.0.0/8 to BGP routing table. [SwitchA-bgp] network 8.0.0.0 255.0.0.0 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.1.2 as-number 65008 [SwitchB-bgp] peer 9.1.1.2 as-number 65009 [SwitchB-bgp] network 9.1.1.0 255.255.255.0 [SwitchB-bgp] quit...
Page 611: Bgp Community Configuration
[SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 612 <SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 30 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.3.1 as-number 20 [SwitchC-bgp] quit # Display the BGP routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20...
Page 613: Bgp Route Reflector Configuration
[SwitchA-route-policy] apply community no-export [SwitchA-route-policy] quit # Apply the routing policy. [SwitchA] bgp 10 [SwitchA-bgp] peer 200.1.2.2 route-policy comm_policy export [SwitchA-bgp] peer 200.1.2.2 advertise-community # Display the routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20 Paths: 1 available, 1 best...
Page 614 Configuration procedure Configure IP addresses for interfaces (omitted) Configure BGP connections # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B.
Page 615: Bgp Confederation Configuration
BGP Local router ID is 200.1.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 616 Configuration procedure Configure IP addresses for interfaces (omitted) Configure BGP confederation # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 65001 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] confederation id 200 [SwitchA-bgp] confederation peer-as 65002 65003 [SwitchA-bgp] peer 10.1.1.2 as-number 65002 [SwitchA-bgp] peer 10.1.1.2 next-hop-local [SwitchA-bgp] peer 10.1.2.2 as-number 65003 [SwitchA-bgp] peer 10.1.2.2 next-hop-local [SwitchA-bgp] quit...
Page 617 [SwitchD-bgp] quit # Configure Switch E. <SwitchE> system-view [SwitchE] bgp 65001 [SwitchE-bgp] router-id 5.5.5.5 [SwitchE-bgp] confederation id 200 [SwitchE-bgp] peer 10.1.4.1 as-number 65001 [SwitchE-bgp] peer 10.1.5.1 as-number 65001 [SwitchE-bgp] quit Configure the eBGP connection between AS100 and AS200. # Configure Switch A. [SwitchA] bgp 65001 [SwitchA-bgp] peer 200.1.1.2 as-number 100 [SwitchA-bgp] quit...
Page 618: Bgp Path Selection Configuration
Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, external-confed, best, Not advertised to any peers yet # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, >...
Page 619 Figure 1-26 Network diagram for BGP path selection configuration Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24 Vlan-int300 194.1.1.1/24 Vlan-int200 193.1.1.1/24 Switch C Vlan-int400 195.1.1.2/24 Switch B Vlan-int100 192.1.1.2/24 Vlan-int200 193.1.1.2/24 Vlan-int300 194.1.1.2/24...
Page 620 <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table on Switch A. [SwitchA-bgp] network 1.0.0.0 8 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 200 [SwitchB-bgp] peer 192.1.1.1 as-number 100 [SwitchB-bgp] peer 194.1.1.1 as-number 200 [SwitchB-bgp] quit...
Page 621 [SwitchA-bgp] quit # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Page 622: Troubleshooting Bgp
Troubleshooting BGP No BGP Peer Relationship Established Symptom Display BGP peer information using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers need to establish a TCP session using port 179 and exchange open messages successfully.
Page 623 Table of Contents 1 IPv6 Static Routing Configuration ···········································································································1-1 Introduction to IPv6 Static Routing··········································································································1-1 Features of IPv6 Static Routes········································································································1-1 Default IPv6 Route ··························································································································1-1 Configuring an IPv6 Static Route············································································································1-1 Configuration prerequisites ·············································································································1-2 Configuring an IPv6 Static Route ····································································································1-2 Displaying and Maintaining IPv6 Static Routes ······················································································1-2 IPv6 Static Routing Configuration Example ····························································································1-2...
Page 624: Ipv6 Static Routing Configuration
IPv6 Static Routing Configuration When configuring IPv6 Static Routing, go to these sections for information you are interested in: Introduction to IPv6 Static Routing Configuring an IPv6 Static Route Displaying and Maintaining IPv6 Static Routes IPv6 Static Routing Configuration Example The term “router”...
Page 625: Displaying And Maintaining Ipv6 Static Routes
Configuration prerequisites Configuring parameters for the related interfaces Configuring link layer attributes for the related interfaces Enabling IPv6 packet forwarding Ensuring that the neighboring nodes are IPv6 reachable Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do…...
Page 626 Figure 1-1 Network diagram for static routes Configuration procedure Configure the IPv6 addresses of all VLAN interfaces (Omitted) Configure IPv6 static routes. # Configure the default IPv6 static route on SwitchA. <SwitchA> system-view [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on SwitchB. <SwitchB>...
Page 627 Destination : 1:: /64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan-interface100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command.
Page 628 Table of Contents 1 RIPng Configuration··································································································································1-1 Introduction to RIPng ······························································································································1-1 RIPng Working Mechanism ·············································································································1-1 RIPng Packet Format ······················································································································1-2 RIPng Packet Processing Procedure ······························································································1-3 Protocols and Standards ·················································································································1-3 Configuring RIPng Basic Functions ········································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuration Procedure··················································································································1-4 Configuring RIPng Route Control ···········································································································1-4 Configuring an Additional Routing Metric ························································································1-4 Configuring RIPng Route Summarization ·······················································································1-5 Advertising a Default Route·············································································································1-5...
Page 629: Ripng Configuration
RIPng Configuration When configuring RIPng, go to these sections for information you are interested in: Introduction to RIPng Configuring RIPng Basic Functions Configuring RIPng Route Control Tuning and Optimizing the RIPng Network Displaying and Maintaining RIPng RIPng Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4.
Page 630: Ripng Packet Format
Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information: Destination address: IPv6 address of a host or a network. Next hop address: IPv6 address of a neighbor along the path to the destination. Egress interface: Outbound interface that forwards IPv6 packets.
Page 631: Ripng Packet Processing Procedure
Figure 1-3 IPv6 prefix RTE format IPv6 prefix (16 octets) Route tag Prefix length Metric IPv6 prefix: Destination IPv6 address prefix. Route tag: Route tag. Prefix len: Length of the IPv6 address prefix. Metric: Cost of a route. RIPng Packet Processing Procedure Request packet When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.
Page 632: Configuration Procedure
Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration Procedure Follow these steps to configure the basic RIPng functions: To do… Use the command… Remarks Enter system view –– system-view Required Create a RIPng process and ripng [ process-id ] enter RIPng view...
Page 633: Configuring Ripng Route Summarization
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. Follow these steps to configure an inbound/outbound additional routing metric: To do… Use the command…...
Page 634: Configuring A Ripng Route Filtering Policy
Configuring a RIPng Route Filtering Policy You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed. Follow these steps to configure a RIPng route filtering policy: To do…...
Page 635: Tuning And Optimizing The Ripng Network
Tuning and Optimizing the RIPng Network This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface Configure the basic RIPng functions This section covers the following topics: Configuring RIPng Timers...
Page 636: Configuring Split Horizon And Poison Reverse
Configuring Split Horizon and Poison Reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect. Configure split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors.
Page 637: Configuring The Maximum Number Of Equal Cost Routes For Load Balancing
Follow these steps to configure RIPng zero field check: To do… Use the command… Remarks Enter system view –– system-view Enter RIPng view ripng [ process-id ] –– Optional Enable the zero field check checkzero Enabled by default Configuring the Maximum Number of Equal Cost Routes for Load Balancing Follow these steps to configure the maximum number of equal cost RIPng routes for load balancing: To do…...
Page 638 Figure 1-4 Network diagram for RIPng configuration Configuration procedure Configure the IPv6 address for each interface (omitted) Configure basic RIPng functions # Configure Switch A. <SwitchA> system-view [SwitchA] ripng 1 [SwitchA-ripng-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 1 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 400 [SwitchA-Vlan-interface400] ripng 1 enable...
Page 639 [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 3::/64,...
Page 640 via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [SwitchA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect...
Page 641 Table of Contents 1 OSPFv3 Configuration ······························································································································1-1 Introduction to OSPFv3···························································································································1-1 OSPFv3 Overview ···························································································································1-1 OSPFv3 Packets ·····························································································································1-1 OSPFv3 LSA Types ························································································································1-2 Timers of OSPFv3 ···························································································································1-2 OSPFv3 Features Supported ··········································································································1-3 Protocols and Standards ·················································································································1-3 IPv6 OSPFv3 Configuration Task List ····································································································1-4 Enabling OSPFv3····································································································································1-4 Prerequisites····································································································································1-4 Enabling OSPFv3 ····························································································································1-4 Configuring OSPFv3 Area Parameters···································································································1-5...
Page 642 Troubleshooting OSPFv3 Configuration························································································1-24 No OSPFv3 Neighbor Relationship Established ···········································································1-24 Incorrect Routing Information ········································································································1-24...
Page 643: Ospfv3 Configuration
OSPFv3 Configuration When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPFv3 IPv6 OSPFv3 Configuration Task List Enabling OSPFv3 Configuring OSPFv3 Area Parameters Configuring OSPFv3 Network Types Configuring OSPFv3 Routing Information Control Tuning and Optimizing OSPFv3 Networks Displaying and Maintaining OSPFv3 OSPFv3 Configuration Examples Introduction to OSPFv3...
Page 644: Ospfv3 Lsa Types
Figure 1-1 OSPFv3 packet header Major fields: Version #: Version of OSPF, which is 3 for OSPFv3. Type: Type of OSPF packet; Types 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively. Packet Length: Packet length in bytes, including header. Instance ID: Instance ID for a link.
Page 645: Ospfv3 Features Supported
SPF timer GR timer OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election. The hello interval must be identical on neighboring interfaces. The smaller the hello interval, the faster the network convergence speed and the bigger the network load.
Page 646: Ipv6 Ospfv3 Configuration Task List
IPv6 OSPFv3 Configuration Task List Complete the following tasks to configure OSPFv3: Task Remarks Enabling OSPFv3 Required Configuring an OSPFv3 Stub Area Optional Configuring OSPFv3 Area Parameters Configuring an OSPFv3 Virtual Link Optional Configuring the OSPFv3 Network Type for an Optional Configuring OSPFv3 Interface...
Page 647: Configuring Ospfv3 Area Parameters
To do… Use the command… Remarks Enter system view system-view — Required Enable an OSPFv3 process ospfv3 [ process-id ] By default, no OSPFv3 process and enter its view is enabled. Specify a router ID Required router-id router-id interface interface-type Enter interface view —...
Page 648: Configuring An Ospfv3 Virtual Link
You cannot remove an OSPFv3 area directly. Only when you remove all configurations in area view and all interfaces attached to the area become down, can the area be removed. All the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only available on the ABR of the stub area.
Page 649: Prerequisites
Prerequisites Before configuring OSPFv3 network types, you have configured: IPv6 functions OSPFv3 basic functions Configuring the OSPFv3 Network Type for an Interface Follow these steps to configure the OSPFv3 network type for an interface: To do… Use the command… Remarks Enter system view —...
Page 650: Configuring Ospfv3 Inbound Route Filtering
Follow these steps to configure route summarization: To do… Use the command… Remarks Enter system view — system-view Enter OSPFv3 view ospfv3 [ process-id ] — Enter OSPFv3 area view — area area-id Required abr-summary ipv6-address Configure a summary route prefix-length [ not-advertise ] Not configured by default The abr-summary command takes effect on ABRs only.
Page 651: Configuring The Maximum Number Of Ospfv3 Load-Balanced Routes
Follow these steps to configure an OSPFv3 cost for an interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional By default, OSPFv3 computes an interface’s Configure an cost according to its bandwidth. ospfv3 cost value OSPFv3 cost for the [ instance instance-id ]...
Page 652: Configuring Ospfv3 Route Redistribution
To do… Use the command… Remarks Optional preference [ ase ] Configure a priority for [ route-policy By default, the priority of OSPFv3 OSPFv3 route-policy-name ] internal routes is 10, and priority of OSPFv3 external routes is 150. preference Configuring OSPFv3 Route Redistribution Follow these steps to configure OSPFv3 route redistribution: To do…...
Page 653: Prerequisites
Packet timer: Specified to adjust topology convergence speed and network load LSA delay timer: Specified especially for low-speed links SPF timer: Specified to protect networks from being over-loaded due to frequent network changes. For a broadcast network, you can configure DR priorities for interfaces to affect DR/BDR election. By disabling an interface from sending OSPFv3 packets, you can make other routers on the network obtain no information from the interface.
Page 654: Configuring A Dr Priority For An Interface
The dead interval set on neighboring interfaces cannot be too short. Otherwise, a neighbor is easily considered down. The LSA retransmission interval cannot be too short; otherwise, unnecessary retransmissions occur. Configuring a DR Priority for an Interface Follow these steps to configure a DR priority for an interface: To do…...
Page 655: Disable Interfaces From Sending Ospfv3 Packets
The 4800G series switches are centralized devices that support IRF. They can act as a GR Helper before forming an IRF; they can form a distributed chassis switch in a logical sense and act as a GR Restarter after forming an IRF.
Page 656: Configuring Gr Restarter
Keep the GR Restarter forwarding entries stable during reboot. Establish all adjacencieis and obtain complete topology information after reboot. After reboot, the GR Restarter sends a Grace-LSA to tell its neighbors that it performs a GR. Upon receiving the Grace-LSA, the neighbors with the GR Helper capability enter the helper mode (and are thus called GR Helpers).
Page 657: Displaying And Maintaining Ospfv3
Displaying and Maintaining OSPFv3 To do… Use the command… Remarks Display OSPFv3 debugging display debugging ospfv3 state information Display OSPFv3 process brief display ospfv3 [ process-id ] information Display OSPFv3 interface display ospfv3 interface [ interface-type information interface-number | statistic ] display ospfv3 [ process-id ] lsdb [ [ external | Display OSPFv3 LSDB inter-prefix | inter-router | intra-prefix | link |...
Page 658: Ospfv3 Configuration Examples
OSPFv3 Configuration Examples Configuring OSPFv3 Areas Network requirements In the following figure, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas. It is required to configure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability.
Page 659 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 [SwitchC-ospfv3-1] router-id 3.3.3.3 [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ospfv3 1 area 2 [SwitchC-Vlan-interface400] quit # Configure Switch D.
Page 660 4.4.4.4 Full/DR 00:00:38 Vlan400 # Display OSPFv3 routing table information on Switch D. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Seleted route OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: 2001::/64...
Page 661: Configuring Ospfv3 Dr Election
*Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area # Configure Area 2 as a totally stub area on Switch C.
Page 662 Figure 1-3 Network diagram for OSPFv3 DR election configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure OSPFv3 basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 663 <SwitchD> system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. You can find the switches have the same default DR priority 1.
Page 664: Configuring Ospfv3
2.2.2.2 2-Way/DROther 00:00:38 Vlan200 3.3.3.3 Full/Backup 00:00:32 Vlan100 4.4.4.4 Full/DR 00:00:36 Vlan200 # Display neighbor information on Switch D. You can find Switch D is still the DR. [SwitchD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface...
Page 665 Figure 1-4 Network diagram for OSPFv3 GR configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted). Configure OSPFv3 basic functions # On Switch A, enable OSPFv3 process 1, enable GR and set the router ID to 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] graceful-restart enable...
Page 666: Troubleshooting Ospfv3 Configuration
# After all switches function properly, perform a master/backup switchover on Switch A to trigger a OSPFv3 GR operation. Troubleshooting OSPFv3 Configuration No OSPFv3 Neighbor Relationship Established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower protocol work well, check OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask and network type.
Page 667 Table of Contents 1 IPv6 IS-IS Configuration····························································································································1-1 Introduction to IPv6 IS-IS ························································································································1-1 Configuring IPv6 IS-IS Basic Functions ··································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Configuring IPv6 IS-IS Routing Information Control ···············································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Displaying and Maintaining IPv6 IS-IS····································································································1-4 IPv6 IS-IS Configuration Example ··········································································································1-5...
Page 668: Ipv6 Is-Is Configuration
IPv6 IS-IS Configuration IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, refer to IS-IS Configuration in the IP Routing Volume. When configuring IPv6 IS-IS, go to these sections for information you are interested in: Introduction to IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions...
Page 669: Configuring Ipv6 Is-Is Basic Functions
Configuring IPv6 IS-IS Basic Functions You can implement IPv6 inter-networking through configuring IPv6 IS-IS in IPv6 network environment. Configuration Prerequisites Before the configuration, accomplish the following tasks first: Enable IPv6 globally Configure IP addresses for interfaces, and make sure all neighboring nodes are reachable. Enable IS-IS Configuration Procedure Follow these steps to configure the basic functions of IPv6 IS-IS:...
Page 670: Configuration Procedure
Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do… Use command to… Remarks Enter system view –– system-view Enter IS-IS view isis [ process-id ] –– Optional Define the priority for IPv6 ipv6 preference { route-policy IS-IS routes route-policy-name | preference } * 15 by default...
Page 671: Displaying And Maintaining Ipv6 Is
The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement.
Page 672: Ipv6 Is-Is Configuration Example
To do… Use the command… Remarks Clear the IS-IS data information reset isis peer system-id [ process-id | Available in user view of a neighbor vpn vpn-instance-name ] IPv6 IS-IS Configuration Example Network requirements As shown in Figure 1-1, Switch A, Switch B, Switch C and Switch D reside in the same autonomous system, and all are enabled with IPv6.
Page 673 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis ipv6 enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] ipv6 enable [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis ipv6 enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1 [SwitchC-Vlan-interface200] quit...
Page 674 Table of Contents 1 IPv6 BGP Configuration····························································································································1-1 IPv6 BGP Overview ································································································································1-1 Configuration Task List ···························································································································1-2 Configuring IPv6 BGP Basic Functions ··································································································1-3 Prerequisites····································································································································1-3 Specifying an IPv6 BGP Peer ·········································································································1-3 Injecting a Local IPv6 Route············································································································1-3 Configuring a Preferred Value for Routes from a Peer/Peer Group ···············································1-3 Specifying the Source Interface for Establishing TCP Connections ···············································1-4 Allowing the establishment of a Non-Direct eBGP connection ·······················································1-5 Configuring a Description for an IPv6 Peer/Peer Group ·································································1-5...
Page 675 IPv6 BGP Route Reflector Configuration ······················································································1-22 Troubleshooting IPv6 BGP Configuration ·····························································································1-24 No IPv6 BGP Peer Relationship Established ················································································1-24...
Page 676: Ipv6 Bgp Configuration
IPv6 BGP Configuration This chapter describes only configuration for IPv6 BGP. For BGP related information, refer to BGP Configuration in the IP Routing Volume. When configuring IPv6 BGP, go to these sections for information you are interested in: IPv6 BGP Overview Configuration Task List Configuring IPv6 BGP Basic Functions Controlling Route Distribution and Reception...
Page 677: Configuration Task List
Configuration Task List Complete the following tasks to configure IPv6 BGP: Task Remarks Specifying an IPv6 BGP Peer Required Injecting a Local IPv6 Route Optional Configuring a Preferred Value for Routes from Optional a Peer/Peer Group Specifying the Source Interface for Optional Establishing TCP Connections Configuring IPv6 BGP...
Page 678: Configuring Ipv6 Bgp Basic Functions
Configuring IPv6 BGP Basic Functions Prerequisites Before configuring this task, you need to: Specify IP addresses for interfaces. Enable IPv6. You need create a peer group before configuring basic functions for it. For related information, refer to Configuring IPv6 BGP Peer Group.
Page 679: Specifying The Source Interface For Establishing Tcp Connections
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family Optional Configure a preferred value for peer { ipv6-group-name | routes received from an IPv6 ipv6-address } preferred-value By default, the preferred value peer/peer group is 0.
Page 680: Allowing The Establishment Of A Non-Direct Ebgp Connection
To improve stability and reliability, you can specify a loopback interface as the source interface for establishing TCP connections to a BGP peer. By doing so, a connection failure upon redundancy availability will not affect TCP connection establishment. To establish multiple BGP connections to a BGP router, you need to specify on the local router the respective source interfaces for establishing TCP connections to the peers on the peering BGP router;...
Page 681: Disabling Session Establishment To An Ipv6 Peer/Peer Group
The peer group to be configured with a description must have been created. Disabling Session Establishment to an IPv6 Peer/Peer Group Follow these steps to disable session establishment to a peer/peer group: To do… Use the command… Remarks Enter system view —...
Page 682: Configuring Ipv6 Bgp Route Redistribution
Enable IPv6 Configure the IPv6 BGP basic functions Configuring IPv6 BGP Route Redistribution Follow these steps to configure IPv6 BGP route redistribution: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view —...
Page 683: Configuring Outbound Route Filtering
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family Required peer { ipv6-group-name | ipv6-address } Advertise a default route to an default-route-advertise [ route-policy Not advertised by IPv6 peer/peer group route-policy-name ]...
Page 684: Configuring Inbound Route Filtering
IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command. Configuring Inbound Route Filtering Follow these steps to configure inbound route filtering: To do…...
Page 685: Configuring Route Dampening
By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the iBGP route is advertised by IGP can the route be advertised to eBGP peers. Follow these steps to configure IPv6 BGP and IGP route synchronization: To do…...
Page 686: Configuring The Med Attribute
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family preference Optional { external-preference Configure preference values for The default preference values of internal-preference IPv6 BGP external, internal, local-preference | external, internal and local routes are local routes...
Page 687: Configuring The As_Path Attribute
To do… Use the command… Remarks Enable the comparison of MED Optional for routes from confederation bestroute med-confederation Disabled by default peers Configuring the AS_PATH Attribute Follow these steps to configure the AS_PATH attribute: To do… Use the command… Remarks Enter system view —...
Page 688: Prerequisites
route-refresh feature that enables dynamic IPv6 BGP routing table refresh without needing to disconnect IPv6 BGP links. With this feature enabled on all IPv6 BGP routers in a network, when a routing policy modified on a router, the router advertises a route-refresh message to its peers, which then send their routing information back to the router.
Page 689: Configuring Ipv6 Bgp Soft Reset
Configuring IPv6 BGP Soft Reset Enable route refresh Follow these steps to enable route refresh: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address — ipv6-family family view Optional peer { ipv6-group-name | ipv6-address } Enable route refresh Enabled by default.
Page 690: Configuring A Large Scale Ipv6 Bgp Network
To do… Use the command… Remarks Required Configure the maximum By default, no load balancing is balance number number of load balanced routes enabled. Configuring a Large Scale IPv6 BGP Network In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too many peers.
Page 691 Creating a pure eBGP peer group Follow these steps to configure a pure eBGP group: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family group ipv6-group-name Create an eBGP peer group Required external...
Page 692: Configuring Ipv6 Bgp Community
Configuring IPv6 BGP Community Advertise community attribute to an IPv6 peer/peer group Follow these steps to advertise community attribute to an IPv6 peer/peer group: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view —...
Page 693 To do… Use the command… Remarks Configure the router as a route Required peer { ipv6-group-name | reflector and specify an IPv6 ipv6-address } reflect-client Not configured by default. peer/peer group as a client Optional Enable route reflection reflect between-clients between clients Enabled by default.
Page 694: Displaying And Maintaining Ipv6 Bgp
Displaying and Maintaining IPv6 BGP Displaying BGP To do… Use the command… Remarks Display IPv6 BGP peer group display bgp ipv6 group [ ipv6-group-name ] information Display IPv6 BGP advertised display bgp ipv6 network routing information Display IPv6 BGP AS path display bgp ipv6 paths information [ as-regular-expression ]...
Page 695: Resetting Ipv6 Bgp Connections
Resetting IPv6 BGP Connections To do… Use the command… Remarks Perform soft reset on refresh bgp ipv6 { ipv4-address | ipv6-address | all | IPv6 BGP external | group ipv6-group-name | internal } { export | Available in connections import } user view Reset IPv6 BGP reset bgp ipv6 { as-number | ipv4-address | ipv6-address...
Page 696 Figure 1-1 IPv6 BGP basic configuration network diagram Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure iBGP connections # Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit...
Page 697: Ipv6 Bgp Route Reflector Configuration
# Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 10::1 as-number 65009 [SwitchA-bgp-af-ipv6] quit [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 10::2 as-number 65008 # Display IPv6 peer information on Switch B. [SwitchB] display bgp ipv6 peer BGP local router ID : 2.2.2.2 Local AS number : 65009...
Page 698 Figure 1-2 Network diagram for IPv6 BGP route reflector configuration Route reflector Vlan-int300 Vlan-int100 101::1/96 102::1/96 Switch C IBGP IBGP Vlan-int200 Switch A 100::1/96 Vlan-int100 102::2/96 Vlan-int200 Vlan-int300 100::2/96 101::2/96 AS 100 AS 200 Switch D Switch B Configuration procedure Configure IPv6 addresses for VLAN interfaces (omitted) Configure IPv6 BGP basic functions # Configure Switch A.
Page 699: Troubleshooting Ipv6 Bgp Configuration
[SwitchD-bgp] ipv6-family [SwitchD-bgp-af-ipv6] peer 102::1 as-number 200 Configure route reflector # Configure Switch C as a route reflector, Switch B and Switch D as its clients. [SwitchC-bgp-af-ipv6] peer 101::2 reflect-client [SwitchC-bgp-af-ipv6] peer 102::2 reflect-client Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64.
Page 700 Table of Contents 1 Route Policy Configuration ······················································································································1-1 Introduction to Route Policy ····················································································································1-1 Route Policy ····································································································································1-1 Filters ···············································································································································1-1 Route Policy Application··················································································································1-2 Route Policy Configuration Task List ······································································································1-2 Defining Filters ········································································································································1-3 Prerequisites····································································································································1-3 Defining an IP-prefix List ·················································································································1-3 Defining an AS Path List··················································································································1-4 Defining a Community List ··············································································································1-4 Defining an Extended Community List ····························································································1-5 Configuring a Route Policy ·····················································································································1-5...
Page 701: Route Policy Configuration
Route Policy Configuration A route policy is used on a router for route filtering and attributes modification when routes are received, advertised, or redistributed. When configuring route policy, go to these sections for information you are interested in: Introduction to Route Policy Route Policy Configuration Task List Defining Filters Configuring a Route Policy...
Page 702: Route Policy Application
An IP prefix list is configured to match the destination address of routing information. Moreover, you can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, refer to RIP Commands and OSPF Commands in the IP Routing Volume. An IP prefix list, identified by name, can comprise multiple items.
Page 703: Prerequisites
Task Creating a Route Policy Configuring a Route Policy Defining if-match Clauses Defining apply Clauses Defining Filters Prerequisites Before configuring this task, you need to decide on: IP-prefix list name Matching address range Extcommunity list sequence number Defining an IP-prefix List Define an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items.
Page 704: Defining An As Path List
Define an IPv6 prefix list Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number. An item with a smaller index number is matched first. If one item is matched, the IPv6 prefix list is passed, and the routing information will not go to the next item.
Page 705: Defining An Extended Community List
Follow these steps to define a community list: To do… Use the command… Remarks Enter system view — system-view ip community-list basic-comm-list-num Define a basic { deny | permit } [ community-number-list ] Required to community list [ internet | no-advertise | no-export | Define a define either;...
Page 706: Creating A Route Policy
Creating a Route Policy Follow these steps to create a route policy: To do… Use the command… Remarks Enter system view — system-view Create a route policy, specify a route-policy route-policy-name { permit | node for it and enter route Required deny } node node-number policy node view...
Page 707: Defining Apply Clauses
To do… Use the command… Remarks if-match ipv6 { address | Optional Match IPv6 routing information whose next-hop | route-source } { acl next hop or source is specified in the ACL Not configured by acl-number | prefix-list or IP prefix list default.
Page 708 To do… Use the command… Remarks Enter system view — system-view route-policy route-policy-name Required Enter route policy node view { permit | deny } node Not created by default. node-number Optional Set the AS-PATH attribute for apply as-path BGP routing information as-number&<1-10>...
Page 709: Displaying And Maintaining The Route Policy
To do… Use the command… Remarks Optional Set a preferred value for BGP apply preferred-value routing information Not set by default. preferred-value Optional Set a tag value for RIP, OSPF or apply tag value IS-IS routing information Not set by default. The difference between IPv4 and IPv6 apply clauses is the command for setting the next hop for routing information.
Page 710 Figure 1-1 Network diagram for route policy application to route redistribution Configuration procedure Specify IP addresses for interfaces (omitted). Configure IS-IS. # Configure Switch C. <SwitchC> system-view [SwitchC] isis [SwitchC-isis-1] is-level level-2 [SwitchC-isis-1] network-entity 10.0000.0000.0001.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 201...
Page 711 <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # On Switch B, configure OSPF and enable route redistribution from IS-IS. [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] import-route isis 1 [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A to view redistributed routes.
Page 712: Applying A Route Policy To Ipv6 Route Redistribution
[SwitchB-route-policy] if-match acl 2002 [SwitchB-route-policy] apply tag 20 [SwitchB-route-policy] quit [SwitchB] route-policy isis2ospf permit node 30 [SwitchB-route-policy] quit Apply the route policy to route redistribution. # On Switch B, apply the route policy when redistributing routes. [SwitchB] ospf [SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A.
Page 713 Figure 1-2 Network diagram for route policy application to route redistribution Configuration procedure Configure Switch A. # Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 10::1 32 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ipv6 address 11::1 32 [SwitchA-Vlan-interface200] quit...
Page 714: Applying A Route Policy To Filter Received Bgp Routes
[SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Enable RIPng. [SwitchB] ripng # Display RIPng routing table information. [SwitchB-ripng-1] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::7D58:0:CA03:1 on Vlan-interface 100 Dest 10::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec Dest 20::/32,...
Page 715 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 1.1.1.2 as-number 300 # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 1.1.2.2 as-number 300 # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 300 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 1.1.1.1 as-number 100 [SwitchC-bgp] peer 1.1.2.1 as-number 200 [SwitchC-bgp] peer 1.1.3.2 as-number 400 # Configure Switch D.
Page 716: Troubleshooting Route Policy Configuration
*> 9.9.9.0/24 1.1.3.1 300 200i The display above shows that Switch D has learned routes 4.4.4.0/24, 5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from AS 200. Configure Switch D to reject routes from AS 200. # Configure AS_PATH list 1 on Switch D. [SwitchD] ip as-path 1 permit .*200.* # Configure a route policy named rt1 on Switch D.
Page 717: Ipv6 Routing Information Filtering Failure
IPv6 Routing Information Filtering Failure Symptom Filtering routing information failed, while the routing protocol runs normally. Analysis At least one item of the IPv6 prefix list should be configured as permit mode, and at least one node of the Route policy should be configured as permit mode. Solution Use the display ip ipv6-prefix command to display IP prefix list information.
Page 718 Table of Contents 1 MCE Overview············································································································································1-1 MCE Overview ········································································································································1-1 Introduction to BGP/MPLS VPN······································································································1-1 BGP/MPLS VPN Concepts ·············································································································1-2 Introduction to MCE·························································································································1-4 How MCE Works ·····························································································································1-5 Routing Information Exchange for MCE ·································································································1-5 Route Exchange between a CE and the Private Network·······························································1-5 Route Exchange between CE and PE ····························································································1-7 2 MCE Configuration ····································································································································2-1 Configuring a VPN Instance····················································································································2-1 VPN Instance Configuration Task List·····························································································2-1...
Page 719: Mce Overview
MCE Overview The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running routing protocols. MCE Overview Multi-CE (MCE) enables a switch to function as the CEs of multiple VPN instances in a BGP/MPLS VPN network, thus reducing the investment on network equipment.
Page 720: Bgp/Mpls Vpn Concepts
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress LSR, the egress PE functions as the egress LSR, while P routers function as the transit LSRs. You can use Switch 4800G series as the CEs in a BGP/MPLS VPN implementation. BGP/MPLS VPN Concepts...
Page 721 Address space overlapping Each VPN independently manages the addresses that it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses in network segment 10.110.10.0/24, address space overlapping occurs.
Page 722: Introduction To Mce
You are recommended to configure a distinct RD for each VPN instance on a PE, guaranteeing that routes to the same CE use the same RD. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address. By prefixing a distinct RD to a specific IPv4 address prefix, you make it a globally unique VPN IPv4 address prefix.
Page 723: How Mce Works
An Switch 4800G with MCE enabled can solve this problem. By binding the VLAN interfaces to the VPNs in a network on an Switch 4800G of this kind, you can create and maintain a routing table for each of the VPNs. In this way, packets of different VPNs in the private network can be isolated. Moreover,...
Page 724 MCE. MCE allows static-route-to-VPN-instance binding, which isolates the static routes of different VPNs. An Switch 4800G can bind RIP processes to VPN instances. With the same binding configured on CE and site, private network routes of different VPNs can be exchanged between CEs and sites through different RIP processes, thus isolating and securing VPN routes.
Page 725: Route Exchange Between Ce And Pe
Normally, when an OSPF route is imported to the BGP routing table as a BGP route on a PE, some attributes of the OSPF route get lost. When the BGP route is imported to the OSPF routing table on the remote CE, not all the attributes of the original OSPF routes can be restored.
Page 726 OSPF IS-IS EBGP For information on how to configure the routing protocols and how to import routes, refer to the IPv4 Routing module of this manual.
Page 727: Mce Configuration
MCE Configuration For detailed information on the routing protocol configuration mentioned in this chapter, see the IP Routing Volume of this manual. Configuring a VPN Instance VPN Instance Configuration Task List Complete the following tasks to configure a VPN instance: Task Remarks Creating a VPN Instance...
Page 728: Associating An Vpn Instance With An Interface
To do… Use the command… Remarks Optional Set the description information for the VPN By default, a VPN instance has no description text instance description configured. The RD configured for a VPN instance on the MCE device must be same as that configured for the VPN instance on the PE device.
Page 729: Configuring Route Exchange Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view ip vpn-instance Enter VPN instance view — vpn-instance-name Required Associate the current VPN vpn-target vpn-target&<1-8> By default, a VPN instance has instance with one or multiple [ both | export-extcommunity no VPN target associated with VPN targets | import-extcommunity ]...
Page 730: Configuring To Use Rip Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view Required ip route-static vpn-instance This operation is s-vpn-instance-name&<1-5> dest-address { mask | mask-length } { gateway-address performed on the MCE Define a static route for [ public ] | interface-type interface-number device.
Page 731: Configuring To Use Is-Is Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view Required Enable OSPF for a ospf [ process-id | This operation is performed on the MCE VPN instance (this router-id router-id | device. As for the corresponding operation also leads vpn-instance configuration on the site, you can just you to OSPF view)
Page 732: Configuring To Use Ebgp Between A Mce And A Site
To do… Use the command… Remarks Enter system view — system-view Required Enable IS-IS for a isis [ process-id ] This operation is performed on the MCE device. VPN instance and vpn-instance As for the corresponding configuration on the enter IS-IS view vpn-instance-name site, you can just enable IS-IS as usual.
Page 733 MCE device. Configuration on the site The site configuration procedures vary with device model. The following takes an Switch 4800G as an example. As for switches from other vendors, refer to the corresponding user manuals.
Page 734: Configuring Route Exchange Between A Mce And A
In a VPN instance with BGP enabled, the BGP route exchange is processed in the same way as those in a normal BGP-enabled network. Configuring Route Exchange between a MCE and a PE Configuring Route Exchange between a MCE and a PE Complete the following tasks to configure route exchange between a MCE and a PE: Task Remarks...
Page 735: Configuring To Use Rip Between A Mce And A Pe
A static route configured for a VPN instance does not take effect if you configure the next hop address of the route as the IP address of a local interface (such as Ethernet interface, VLAN interface). If the default static route preference is not configured, the preference of a newly defined static route adopts the system default preference value, which is 60.
Page 736: Configure To Use Is-Is Between A Mce And A Pe
To do… Use the command… Remarks Required import-route protocol [ process-id | Enable OSPF to import allow-ibgp ] [ cost cost | type type | By default, OSPF does not routes of other protocols tag tag | route-policy import the routes of other route-policy-name ] * protocols.
Page 737: Configure To Use Ebgp Between A Mce And A Pe
Configure to Use EBGP between a MCE and a PE To use EBGP to exchange routing information between a MCE and a PE, you need to configure the peer end as a peer in the BGP-VPNs on both ends, import VPN routes in the site to the MCE, and then advertise these routes to the PE.
Page 738 To do… Use the command… Remarks display bgp vpnv4 vpn-instance Display information about vpn-instance-name peer [ group-name Available in any view BGP VPNv4 peers log-info | ip-address { log-info | verbose } | verbose ] display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community...
Page 739: Mce Configuration Example
MCE Configuration Example MCE Configuration Example (A) Network requirements An MCE device connects to VPN1 (with the address range being 192.168.0.0/16) through VLAN-interface 10 (with the IP address being 10.214.10.3) and connects to VPN2 (with the address range being 192.168.10.0/24) through VLAN-interface 20 (with the IP address being 10.214.20.3).
Page 740 MCE is directly connected to VPN1, which has no routing protocol enabled. You can configure to use static routes between MCE and a site. Configuration on VR1: Assume VR1 is an Switch 4800G, configure IP address 10.214.10.2/24 for the interface connecting to MCE and IP address 192.168.0.1/24 for the interface connecting to VPN1. The operation of adding a port to a VLAN and configuring IP address for a VLAN-interface is omitted here.
Page 741 # Define a static route on MCE, specify the next hop address 10.214.10.2 for packets destined for the network segment 192.168.0.0, and bind this route to VPN1. [MCE-Vlan-interface10] quit [MCE] ip route-static vpn-instance vpn1 192.168.0.0 16 10.214.10.2 # Display the information about the routes of VPN1 maintained on MCE. [MCE] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5...
Page 742 192.168.10.0/24 10.214.20.2 Vlan20 As shown in the displayed information above, MCE has obtained the routes of VPN2 through RIP, and maintains these routes in a routing table different from the routing table for routing information of VPN1 to the network segment 192.168.0.0, thus isolating the routes of VPN1 from the routes of VPN2. Configure the routing protocol running between the MCE and a PE # MCE uses GigabitEthernet 1/0/3 to connect to GigabitEthernet 1/0/18 of PE.
Page 743: Mce Configuration Example
Network requirements An Switch 4800G functions as MCE. It is required that VPN routes of site 1 and site 2 be advertised to the PE for the purpose that VPNs at both ends of the MPLS backbone network can communicate with each other properly.
Page 744: Network Diagram
Network diagram Figure 2-2 Network diagram for MCE configuration (B) VPN 2 Site 1 BGP 200 VPN 1 BGP 100 OSPF GE1/0/18 GE1/0/3 172.16.10.0 Vlan-int30 GE1/0/10 10.100.30.1 Site 2 Vlan-int40 Vlan-int2 10.100.40.1 VPN 1 10.100.10.1 GE1/0/20 Vlan-int3 10.100.20.1 OSPF 172.16.20.0 VPN 2 Configuration procedure Configure VPN instances...
Page 745 # Create VLAN 3, add GigabitEthernet 1/0/20 to VLAN 3, create VLAN-interface 3, bind VLAN-interface 3 to VPN2, and configure IP address 10.214.20.3/24 for VLAN-interface 3. [MCE-Vlan-interface10] quit [MCE] vlan 3 [MCE-vlan3] port GigabitEthernet 1/0/20 [MCE-vlan3] quit [MCE] interface Vlan-interface 3 [MCE-Vlan-interface3] ip binding vpn-instance vpn2 [MCE-Vlan-interface3] ip address 10.214.20.3 24 [MCE-Vlan-interface3] quit...
Page 746 10.100.10.1/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 OSPF 10.100.10.2 Vlan2 As shown in the displayed information above, MCE has obtained the routing information of VPN1 through OSPF process 10. # Create OSPF process 20 for MCE whose router ID is 10.10.20.1, bind the process to VPN2. Redistribute BGP routes from VPN2, enable OSPF multi-instance, and advertise the network segment 10.100.20.0.
Page 747 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 10.100.30.0/24 Direct 0 10.100.10.3 Vlan2 10.100.30.3/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 10.100.10.2 Vlan2 # For VPN2, perform the configurations similar to the above on MCE and PE to import the OSPF routing information of VPN2 to the EBGP routing table.
Page 748 Table of Contents 1 Policy Routing Configuration···················································································································1-1 Policy Routing Overview ·························································································································1-1 Configuring Traffic Redirecting ···············································································································1-1 Configuring a QoS Policy ················································································································1-1 Applying the QoS Policy ··················································································································1-2 Displaying and Maintaining QoS Policies ·······························································································1-3 Policy Routing Configuration Examples··································································································1-3 IPv4 Policy Routing Configuration Example····················································································1-3 IPv6 Policy Routing Configuration Example····················································································1-4...
Page 749: Policy Routing Configuration
IP address. The Switch 4800G series implement policy routing through QoS policies. You can configure traffic classification and traffic redirecting action so that packets matching specific criteria will be forwarded along the specified path, thus to implement flexible routing.
Page 750: Applying The Qos Policy
To do… Use the command… Remarks Create a behavior and enter Required traffic behavior behavior-name behavior view redirect next-hop { ipv4-add Configure a traffic [ ipv4-add ] | ipv6-add [ interface-type Optional redirecting action interface-number ] [ ipv6-add [ interface-type interface-number ] ] } Exit behavior view —...
Page 751: Displaying And Maintaining Qos Policies
To do… Use the command… Remarks Enter system view — system-view Enter interface Use either command interface interface-type view Enter interface-number Settings in interface view take interface effect on the current interface; view or port settings in port group view take Enter port group port-group manual group view...
Page 752: Ipv6 Policy Routing Configuration Example
Figure 1-1 Network diagram for IPv4 policy routing configuration Configuration procedure # Configure ACL 2000. <SwitchA> system-view [SwitchA] acl number 2000 [SwitchA-acl-basic-2000] rule 0 permit source any [SwitchA-acl-basic-2000] quit # Define a match criterion for class a to match ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl 2000 [SwitchA-classifier-a] quit...
Page 753 Figure 1-2 Network diagram for IPv6 policy routing configuration Configuration procedure # Configure IPv6 ACL 2000. <SwitchA> system-view [SwitchA] acl ipv6 number 2000 [SwitchA-acl6-basic-2000] rule 0 permit source any [SwitchA-acl6-basic-2000] quit # Define a match criterion for class a to match IPv6 ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl ipv6 2000 [SwitchA-classifier-a] quit...
Page 754 IP Multicast Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Multicast Volume is organized as follows: Features Description This document describes the main concepts in multicast: Introduction to Multicast Multicast Overview Multicast Models Multicast Architecture Multicast Packets Forwarding Mechanism Multicast routing and forwarding refer to some policies that filter RPF routing information for IP multicast support.
Page 755 Features Description As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications. This document describes: MBGP Configuring MBGP Basic Functions Configuring MBGP Route Attributes Configuring a Large Scale MBGP Network Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.
Page 756 Table of Contents 1 Multicast Overview ····································································································································1-1 Introduction to Multicast ··························································································································1-1 Comparison of Information Transmission Techniques····································································1-1 Features of Multicast ·······················································································································1-4 Common Notations in Multicast·······································································································1-5 Advantages and Applications of Multicast·······················································································1-5 Multicast Models ·····································································································································1-6 Multicast Architecture······························································································································1-6 Multicast Addresses ························································································································1-7 Multicast Protocols ························································································································1-11 Multicast Packet Forwarding Mechanism ·····························································································1-13...
Page 757: Multicast Overview
Multicast Overview This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. Introduction to Multicast As a technique coexisting with unicast and broadcast, the multicast technique effectively addresses the issue of point-to-multipoint data transmission.
Page 758 Figure 1-1 Unicast transmission Host A Receiver Host B Source Host C Receiver Host D IP network Receiver Packets for Host B Host E Packets for Host D Packets for Host E Assume that Host B, Host D and Host E need the information. A separate transmission channel needs to be established from the information source to each of these hosts.
Page 759 Figure 1-2 Broadcast transmission Assume that only Host B, Host D, and Host E need the information. If the information is broadcast to the subnet, Host A and Host C also receive it. In addition to information security issues, this also causes traffic flooding on the same subnet.
Page 760: Features Of Multicast
Figure 1-3 Multicast transmission The multicast source (Source in the figure) sends only one copy of the information to a multicast group. Host B, Host D and Host E, which are receivers of the information, need to join the multicast group. The routers on the network duplicate and forward the information based on the distribution of the group members.
Page 761: Common Notations In Multicast
For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission TV transmission Multicast transmission A TV station transmits a TV program through A multicast source sends multicast data to a a channel.
Page 762: Multicast Models
Data warehouse and financial applications (stock quotes). Any other point-to-multipoint data distribution application. Multicast Models Based on how the receivers treat the multicast sources, there are three multicast models: any-source multicast (ASM), source-filtered multicast (SFM), and source-specific multicast (SSM). ASM model In the ASM model, any sender can send information to a multicast group as a multicast source, and numbers of receivers can join a multicast group identified by a group address and obtain multicast information addressed to that multicast group.
Page 763: Multicast Addresses
Multicast applications: A software system that supports multicast applications, such as video conferencing, must be installed on multicast sources and receiver hosts, and the TCP/IP stack must support reception and transmission of multicast data. Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided.
Page 764 Address Description 224.0.0.5 Open Shortest Path First (OSPF) routers 224.0.0.6 OSPF designated routers/backup designated routers 224.0.0.7 Shared Tree (ST) routers 224.0.0.8 ST hosts 224.0.0.9 Routing Information Protocol version 2 (RIPv2) routers 224.0.0.11 Mobile agents 224.0.0.12 Dynamic Host Configuration Protocol (DHCP) server/relay agent 224.0.0.13 All Protocol Independent Multicast (PIM) routers 224.0.0.14...
Page 765 Description When set to 0, it indicates that this address is an IPv6 multicast address not based on a unicast prefix When set to 1, it indicates that this address is an IPv6 multicast address based on a unicast prefix (the T bit must also be set to 1) When set to 0, it indicates that this address is an IPv6 multicast address permanently-assigned by IANA When set to 1, it indicates that this address is a transient, or dynamically...
Page 766 Figure 1-6 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost.
Page 767: Multicast Protocols
Multicast Protocols Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, MSDP, and MBGP/IPv6 MBGP; we refer to IP multicast working at the data link layer as Layer 2 multicast and the corresponding multicast protocols as Layer 2 multicast protocols, which include IGMP Snooping/MLD Snooping, and multicast VLAN/IPv6 multicast VLAN.
Page 768 A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicast routes constitute a loop-free data transmission path from a data source to multiple receivers, namely, a multicast distribution tree. In the ASM model, multicast routes come in intra-domain routes and inter-domain routes.
Page 769: Multicast Packet Forwarding Mechanism
data to each VLAN of the Layer 2 device. With the multicast VLAN or IPv6 multicast VLAN feature enabled on the Layer 2 device, the Layer 3 multicast device needs to send only one copy of multicast to the multicast VLAN or IPv6 multicast VLAN on the Layer 2 device. This avoids waste of network bandwidth and extra burden on the Layer 3 device.
Page 770 Table of Contents 1 Multicast Routing and Forwarding Configuration··················································································1-1 Multicast Routing and Forwarding Overview ··························································································1-1 Introduction to Multicast Routing and Forwarding···········································································1-1 RPF Check Mechanism···················································································································1-1 Multicast Static Routes ····················································································································1-4 Multicast Traceroute ························································································································1-5 Configuration Task List ···························································································································1-6 Enabling IP Multicast Routing ·················································································································1-6 Configuring Multicast Routing and Forwarding·······················································································1-7 Configuration Prerequisites ·············································································································1-7 Configuring Multicast Static Routes ································································································1-7...
Page 771: Multicast Routing And Forwarding Configuration
Multicast Routing and Forwarding Configuration When configuring multicast routing and forwarding, go to these sections for information you are interested in: Multicast Routing and Forwarding Overview Configuration Task List Displaying and Maintaining Multicast Routing and Forwarding Configuration Examples Troubleshooting Multicast Routing and Forwarding The term "router"...
Page 772 A unicast routing table contains the shortest path to each destination subnet, An MBGP routing table contains multicast routing information, and A multicast static routing table contains the RPF routing information defined by the user through static configuration. When performing an RPF check, a router searches its unicast routing table and multicast static routing table at the same time.
Page 773 routing entry and a multicast forwarding entry for a multicast packet, the router sets the RPF interface of the packet as the incoming interface of the (S, G) entry. Upon receiving an (S, G) multicast packet, the router first searches its multicast forwarding table: If the corresponding (S, G) entry does not exist in the multicast forwarding table, the packet is subject to an RPF check.
Page 774: Multicast Static Routes
is Vlan-interface 20. This means the (S, G) entry is correct and packet arrived along a wrong path. The RPF check fails and the packet is discarded. Multicast Static Routes A multicast static route is an important basis for RPF check. Depending on the application environment, a multicast static route has the following two functions: Changing an RPF route Typically, the topology structure of a multicast network is the same as that of a unicast network, and...
Page 775: Multicast Traceroute
Figure 1-3 Creating an RPF route As shown in Figure 1-3, the RIP domain and the OSPF domain are unicast isolated from each other. When no multicast static route is configured, the hosts (Receivers) in the OSPF domain cannot receive the multicast packets sent by the multicast source (Source) in the RIP domain.
Page 776: Configuration Task List
Introduction to multicast traceroute packets A multicast traceroute packet is a special IGMP packet, which differs from common IGMP packets in that its IGMP Type field is set to 0x1F or 0x1E and that its destination IP address is a unicast address. There are three types of multicast traceroute packets: Query, with the IGMP Type field set to 0x1F, Request, with the IGMP Type field set to 0x1F, and...
Page 777: Configuring Multicast Routing And Forwarding
Enabling IP multicast routing Follow these steps to enable IP multicast routing: To do... Use the command... Remarks Enter system view — system-view Required Enable IP multicast routing multicast routing-enable Disabled by default Configuring Multicast Routing and Forwarding Configuration Prerequisites Before configuring multicast routing and forwarding, complete the following tasks: Configure a unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Page 778: Configuring A Multicast Routing Policy
Setting the minimum time to live (TTL) value required for a multicast packet to be forwarded. Setting the minimum TTL is not supported on 3Com Switch 4800G. You can configure a forwarding boundary specific to a particular multicast group on all interfaces that support multicast forwarding.
Page 779: Configuring The Multicast Forwarding Table Size
To do... Use the command... Remarks Required multicast boundary Configure a multicast group-address { mask | No forwarding boundary by forwarding boundary mask-length } default Configuring the Multicast Forwarding Table Size The router maintains the corresponding forwarding entry for each multicast packet it receives. Excessive multicast routing entries, however, can exhaust the router’s memory and thus result in lower router performance.
Page 780: Displaying And Maintaining Multicast Routing And Forwarding
Displaying and Maintaining Multicast Routing and Forwarding To do... Use the command... Remarks display multicast boundary [ group-address [ mask View the multicast boundary Available in | mask-length ] ] [ interface interface-type information any view interface-number ] display multicast forwarding-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | View the multicast...
Page 781 Switch A, Switch B and Switch C run OSPF. Typically, Receiver can receive the multicast data from Source through the path Switch A – Switch B, which is the same as the unicast route. Perform the following configuration so that Receiver can receive the multicast data from Source through the path Switch A –...
Page 782 [SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] pim dm [SwitchB-Vlan-interface102] quit # Enable IP multicast routing on Switch A, and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] pim dm [SwitchA-Vlan-interface200] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim dm [SwitchA-Vlan-interface102] quit [SwitchA] interface vlan-interface 103...
Page 783: Creating An Rpf Route
Creating an RPF Route Network requirements PIM-DM runs in the network and all switches in the network support IP multicast. Switch B and Switch C run OSPF, and have no unicast routes to Switch A. Typically, Receiver can receive the multicast data from Source 1 in the OSPF domain. Perform the following configuration so that Receiver can receive multicast data from Source 2, which is outside the OSPF domain.
Page 784 # Enable IP multicast routing on Switch A and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here.
Page 785: Troubleshooting Multicast Routing And Forwarding
Troubleshooting Multicast Routing and Forwarding Multicast Static Route Failure Symptom No dynamic routing protocol is enabled on the routers, and the physic status and link layer status of interfaces are both up, but the multicast static route fails. Analysis If the multicast static route is not configured or updated correctly to match the current network conditions, the route entry and the configuration information of multicast static routes do not exist in the multicast routing table.
Page 786 In the case of PIM-SM, use the display current-configuration command to check the BSR and RP information. 1-16...
Page 787 Table of Contents 1 IGMP Configuration ···································································································································1-1 IGMP Overview ·······································································································································1-1 IGMP Versions ································································································································1-1 Introduction to IGMPv1····················································································································1-1 Enhancements in IGMPv2···············································································································1-3 Enhancements in IGMPv3···············································································································1-4 IGMP SSM Mapping························································································································1-5 IGMP Proxying ································································································································1-6 Protocols and Standards ·················································································································1-7 IGMP Configuration Task List ·················································································································1-7 Configuring Basic Functions of IGMP ·····································································································1-8 Configuration Prerequisites ·············································································································1-8 Enabling IGMP ································································································································1-9 Configuring IGMP Versions·············································································································1-9...
Page 788: Igmp Configuration
IGMP Configuration When configuring IGMP, go to the following sections for the information you are interested in: IGMP Overview IGMP Configuration Task List IGMP Configuration Examples Troubleshooting IGMP The term "router" in this document refers to a router in a generic sense or a Layer 3 switch running an IP routing protocol.
Page 789 Of multiple multicast routers on the same subnet, all the routers can hear IGMP membership report messages (often referred to as reports) from hosts, but only one router is needed for sending IGMP query messages (often referred to as queries). So, a querier election mechanism is required to determine which router will act as the IGMP querier on the subnet.
Page 790: Enhancements In Igmpv2
At the same time, because Host A is interested in G2, it sends a report to the multicast group address of G2. Through the above-mentioned query/report process, the IGMP routers learn that members of G1 and G2 are attached to the local subnet, and the multicast routing protocol (PIM for example) running on the routers generates (*, G1) and (*, G2) multicast forwarding entries, which will be the basis for subsequent multicast forwarding, where * represents any multicast source.
Page 791: Enhancements In Igmpv3
If the querier receives a membership report for the group within the maximum response time, it will maintain the memberships of the group; otherwise, the querier will assume that no hosts on the subnet are still interested in multicast traffic to that group and will stop maintaining the memberships of the group.
Page 792: Igmp Ssm Mapping
IGMPv3 supports not only general queries (feature of IGMPv1) and group-specific queries (feature of IGMPv2), but also group-and-source-specific queries. A general query does not carry a group address, nor a source address; A group-specific query carries a group address, but no source address; A group-and-source-specific query carries a group address and one or more source addresses.
Page 793: Igmp Proxying
Figure 1-3 Network diagram for IGMP SSM mapping IGMPv1 report IGMPv2 report Querier IGMPv3 report Router A Receiver Receiver Receiver Host A (IGMPv1) Host B (IGMPv2) Host C (IGMPv3) As shown in Figure 1-3, on an SSM network, Host A, Host B and Host C are running IGMPv1, IGMPv2 and IGMPv3 respectively.
Page 794: Protocols And Standards
Figure 1-4 Network diagram for IGMP proxying Proxy & Querier Querier Router B Router A PIM domain Ethernet Receiver Receiver Host B Host A Host C Query from Router A Report from Host Report from Router B Host interface Query from Router B Router interface As shown in Figure...
Page 795: Configuring Basic Functions Of Igmp
Task Remarks Enabling IGMP Required Configuring IGMP Versions Optional Configuring Basic Functions Configuring Static Joining Optional of IGMP Configuring a Multicast Group Filter Optional Configuring the Maximum Number of Multicast Optional Groups on an Interface Configuring IGMP Message Options Optional Adjusting IGMP Configuring IGMP Query and Response Optional...
Page 796: Enabling Igmp
Enabling IGMP First, IGMP must be enabled on the interface on which the multicast group memberships are to be established and maintained. Enabling IGMP Follow these steps to enable IGMP: To do... Use the command... Remarks Enter system view — system-view Required Enable IP multicast routing...
Page 797: Configuring Static Joining
To do... Use the command... Remarks Optional Configure an IGMP version on igmp version version-number the interface IGMPv2 by default Configuring Static Joining After an interface is configured as a static member of a multicast group or a multicast source and group, it will act as a virtual member of the multicast group to receive multicast data addressed to that multicast group for the purpose of testing multicast data forwarding.
Page 798: Configuring The Maximum Number Of Multicast Groups On An Interface
Follow these steps to configure a multicast group filter: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required By default, no multicast group Configure a multicast group filter is configured on this igmp group-policy filter acl-number [ version-number ]...
Page 799: Configuration Prerequisites
Configuration Prerequisites Before adjusting IGMP performance, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Configure basic functions of IGMP Before adjusting IGMP performance, prepare the following data: Startup query interval Startup query count IGMP general query interval...
Page 800: Configuring Igmp Query And Response Parameters
Configuring IGMP packet options on an interface Follow these steps to configure IGMP packet options on an interface: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Configure the interface to Optional discard any IGMP message By default, the device does not...
Page 801 To do... Use the command... Remarks Enter system view — system-view Enter IGMP view — igmp Optional Configure the startup query For the system default, see startup-query-interval interval interval “Note” below. Optional Configure the startup query For the system default, see startup-query-count value count “Note”...
Page 802: Configuring Igmp Fast Leave Processing
To do... Use the command... Remarks Optional Configure the other querier igmp timer For the system default, see present interval other-querier-present interval “Note” below. If not statically configured, the startup query interval is 1/4 of the “IGMP query interval”. By default, the IGMP query interval is 60 seconds, so the startup query interval = 60 / 4 = 15 (seconds).
Page 803: Enabling Ssm Mapping
Configure basic functions of IGMP. Enabling SSM Mapping Follow these steps to enable the IGMP SSM mapping feature: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the IGMP SSM igmp ssm-mapping enable mapping feature Disabled by default...
Page 804: Configuring Igmp Proxying
Configuring IGMP Proxying Configuration Prerequisites Before configuring the IGMP proxying feature, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Enable IP multicast routing. Enabling IGMP Proxying You can enable IGMP proxying on the interface in the direction toward the root of the multicast forwarding tree to make the device serve as an IGMP proxy.
Page 805: Displaying And Maintaining Igmp
Follow these steps to enable multicast forwarding on a downstream interface To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable multicast forwarding on a igmp proxying forwarding non-querier downstream interface Disabled by default.
Page 806: Igmp Configuration Examples
To do... Use the command... Remarks reset igmp ssm-mapping group { all | interface interface-type interface-number Available in Clear IGMP SSM mappings { all | group-address [ mask { mask | user view mask-length } ] [ source-address [ mask { mask | mask-length } ] ] } } The reset igmp group command cannot clear the IGMP multicast group information of static joins.
Page 807 Network diagram Figure 1-5 Network diagram for basic IGMP functions configuration Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask of each interface as per Figure 1-5. The detailed configuration steps are omitted here. Configure the OSPF protocol for interoperation on the PIM network.
Page 808: Ssm Mapping Configuration Example
[SwitchB-Vlan-interface200] pim dm [SwitchB-Vlan-interface200] quit [SwitchB] interface vlan-interface 201 [SwitchB-Vlan-interface201] pim dm [SwitchB-Vlan-interface201] quit # Enable IP multicast routing on Switch C, enable PIM-DM on each interface, and enable IGMP on VLAN-interface 200. <SwitchC> system-view [SwitchC] multicast routing-enable [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] igmp enable [SwitchC-Vlan-interface200] pim dm [SwitchC-Vlan-interface200] quit...
Page 809 Network diagram Figure 1-6 Network diagram for IGMP SSM mapping configuration Device Interface IP address Device Interface IP address Source 1 — 133.133.1.1/24 Source 3 — 133.133.3.1/24 Source 2 — 133.133.2.1/24 Receiver — 133.133.4.1/24 Switch A Vlan-int100 133.133.1.2/24 Switch C Vlan-int300 133.133.3.2/24 Vlan-int101...
Page 810 [SwitchD-Vlan-interface104] pim sm [SwitchD-Vlan-interface104] quit # Enable IP multicast routing on Switch A, and enable PIM-SM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 104 [SwitchA-Vlan-interface104] pim sm...
Page 811: Igmp Proxying Configuration Example
Use the display igmp ssm-mapping group command to view the multicast group information created based on the configured IGMP SSM mappings. # View the IGMP multicast group information created based on the IGMP SSM mappings on Switch D. [SwitchD] display igmp ssm-mapping group Total 1 IGMP SSM-mapping Group(s).
Page 812 Network diagram Figure 1-7 Network diagram for IGMP Proxying configuration Configuration procedure Configure IP addresses Configure the IP address and subnet mask of each interface as per Figure 1-7. The detailed configuration steps are omitted here. Enable IP multicast routing, PIM-DM, IGMP, and IGMP Proxying. # Enable IP multicast routing on Switch A, PIM-DM on VLAN-interface 101, and IGMP on VLAN-interface 100.
Page 813: Troubleshooting Igmp
[SwitchB] display igmp interface vlan-interface 100 verbose Vlan-interface100(192.168.1.2): IGMP proxy is enabled Current IGMP version is 2 Multicast routing on this interface: enabled Require-router-alert: disabled Version1-querier-present-timer-expiry: 00:00:20 Use the display igmp group command to view the IGMP multicast group information. For example, # View the IGMP multicast group information on Switch A.
Page 814: Inconsistent Memberships On Routers On The Same Subnet
Check the IGMP version on the interface. You can use the display igmp interface command to check whether the IGMP version on the interface is lower than that on the host. Check that no ACL rule has been configured to restrict the host from joining the multicast group G. Carry out the display current-configuration interface command to check whether the igmp group-policy command has been executed.
Page 815 Table of Contents 1 PIM Configuration······································································································································1-1 PIM Overview··········································································································································1-1 Introduction to PIM-DM····················································································································1-2 How PIM-DM Works ························································································································1-2 Introduction to PIM-SM····················································································································1-4 How PIM-SM Works ························································································································1-5 Introduction to Administrative Scoping in PIM-SM ········································································1-11 SSM Model Implementation in PIM ·······························································································1-13 Protocols and Standards ···············································································································1-14 Configuring PIM-DM······························································································································1-14 PIM-DM Configuration Task List ···································································································1-14 Configuration Prerequisites ···········································································································1-15 Enabling PIM-DM ··························································································································1-15...
Page 816 PIM-SSM Configuration Example··································································································1-51 Troubleshooting PIM Configuration ······································································································1-54 Failure of Building a Multicast Distribution Tree Correctly ····························································1-54 Multicast Data Abnormally Terminated on an Intermediate Router ··············································1-55 RPs Unable to Join SPT in PIM-SM······························································································1-55 RPT Establishment Failure or Source Registration Failure in PIM-SM·········································1-56...
Page 817: Pim Configuration
PIM Configuration When configuring PIM, go to these sections for information you are interested in: PIM Overview Configuring PIM-DM Configuring PIM-SM Configuring PIM-SSM Configuring PIM Common Features Displaying and Maintaining PIM PIM Configuration Examples Troubleshooting PIM Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the PIM protocol.
Page 818: Introduction To Pim-Dm
Introduction to PIM-DM PIM-DM is a type of dense mode multicast protocol. It uses the “push mode” for multicast forwarding, and is suitable for small-sized networks with densely distributed multicast members. The basic implementation of PIM-DM is as follows: PIM-DM assumes that at least one multicast group member exists on each subnet of a network, and therefore multicast data is flooded to all nodes on the network.
Page 819 corresponding interface from the outgoing interface list in the (S, G) entry and stop forwarding subsequent packets addressed to that multicast group down to this node. An (S, G) entry contains the multicast source address S, multicast group address G, outgoing interface list, and incoming interface.
Page 820: Introduction To Pim-Sm
The node that needs to receive multicast data sends a graft message toward its upstream node, as a request to join the SPT again. Upon receiving this graft message, the upstream node puts the interface on which the graft was received into the forwarding state and responds with a graft-ack message to the graft sender.
Page 821: How Pim-Sm Works
PIM-SM is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast group members. The basic implementation of PIM-SM is as follows: PIM-SM assumes that no hosts need to receive multicast data.
Page 822 A DR must be elected in a multi-access network, no matter this network connects to multicast sources or to receivers. The DR at the receiver side sends join messages to the RP; the DR at the multicast source side sends register messages to the RP. A DR is elected on a multi-access subnet by means of comparison of the priorities and IP addresses carried in hello messages.
Page 823 optimize the topological structure of the RPT, multiple candidate RPs (C-RPs) can be configured in a PIM-SM domain, among which an RP is dynamically elected through the bootstrap mechanism. Each elected RP serves a different multicast group range. For this purpose, a bootstrap router (BSR) must be configured.
Page 824 Table 1-1 Values in the hashing algorithm Value Description Value Hash value IP address of the multicast group Hash mask length IP address of the C-RP & Logical operator of “and” Logical operator of “exclusive-or” Modulo operator, which gives the remainder of an integer division RPT establishment Figure 1-5 RPT establishment in a PIM-SM domain As shown in...
Page 825 Multicast source registration The purpose of multicast source registration is to inform the RP about the existence of the multicast source. Figure 1-6 Multicast source registration As shown in Figure 1-6, the multicast source registers with the RP as follows: When the multicast source S sends the first multicast packet to multicast group G, the DR directly connected with the multicast source, upon receiving the multicast packet, encapsulates the packet in a PIM register message, and sends the message to the corresponding RP by unicast.
Page 826 Switchover to SPT In a PIM-SM domain, a multicast group corresponds to one RP and RPT. Before the SPT switchover takes place, the DR at the multicast source side encapsulates all multicast data destined to the multicast group in register messages and sends these messages to the RP. Upon receiving these register messages, the RP abstracts the multicast data and sends the multicast data down the RPT to the DRs at the receiver side.
Page 827: Introduction To Administrative Scoping In Pim-Sm
Introduction to Administrative Scoping in PIM-SM Division of PIM-SM domains Typically, a PIM-SM domain contains only one BSR, which is responsible for advertising RP-set information within the entire PIM-SM domain. The information for all multicast groups is forwarded within the network scope administered by the BSR. We call this non-scoped BSR mechanism. To implement refined management, a PIM-SM domain can be divided into one global scope zone and multiple administratively scoped zones (admin-scope zones).
Page 828 Figure 1-7 Relationship between admin-scope zones and the global scope zone in geographic space Admin-scope zones are geographically separated from one another. Namely, a router must not serve different admin-scope zones. In other words, different admin-scope zones contain different routers, whereas the global scope zone covers all routers in the PIM-SM domain.
Page 829: Ssm Model Implementation In Pim
SSM Model Implementation in PIM The source-specific multicast (SSM) model and the any-source multicast (ASM) model are two opposite models. Presently, the ASM model includes the PIM-DM and PIM-SM modes. The SSM model can be implemented by leveraging part of the PIM-SM technique. The SSM model provides a solution for source-specific multicast.
Page 830: Protocols And Standards
As shown in Figure 1-9, Host B and Host C are multicast information receivers. They send IGMPv3 report messages to the respective DRs to express their interest in the information of the specific multicast source S. Upon receiving a report message, the DR first checks whether the group address in this message falls in the SSM group range: If so, the DR sends a subscribe message for channel subscription hop by hop toward the multicast source S.
Page 831 Configuration Prerequisites Before configuring PIM-DM, complete the following task: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Before configuring PIM-DM, prepare the following data: The interval between state-refresh messages Minimum time to wait before receiving a new refresh message TTL value of state-refresh messages Graft retry period Enabling PIM-DM...
Page 832: Configuring Pim-Dm Graft Retry Period
Follow these steps to enable the state-refresh capability: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Enable state-refresh pim state-refresh-capable Enabled by default Configuring State-Refresh Parameters The router directly connected with the multicast source periodically sends state-refresh messages. You can configure the interval for sending such messages.
Page 833: Configuring Pim-Sm
To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Configure graft retry period pim timer graft-retry interval 3 seconds by default For the configuration of other timers in PIM-DM, refer to Configuring PIM Common Timers.
Page 834: Enabling Pim
Before configuring PIM-SM, prepare the following data: The IP address of a static RP and an ACL rule defining the range of multicast groups to be served by the static RP C-RP priority and an ACL rule defining the range of multicast groups to be served by each C-RP A legal C-RP address range and an ACL rule defining the range of multicast groups to be served C-RP-Adv interval C-RP timeout...
Page 835: Configuring An
For details about the multicast routing-enable command, see Multicast Routing and Forwarding Commands in the IP Multicast Volume. Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism. For a large PIM network, static RP configuration is a tedious job. Generally, static RP configuration is just a backup means for the dynamic RP election mechanism to enhance the robustness and operation manageability of a multicast network.
Page 836 To do... Use the command... Remarks Enter system view — system-view Enter PIM view — c-rp interface-type interface-number [ group-policy Required Configure an interface to be a acl-number | priority priority | No C-RPs are configured C-RP holdtime hold-interval | by default advertisement-interval adv-interval ] *...
Page 837: Configuring A Bsr
Follow these steps to configure C-RP timers globally: To do... Use the command... Remarks Enter system view — system-view Enter PIM view — Optional Configure the C-RP-Adv c-rp advertisement-interval interval 60 seconds by default interval Optional Configure C-RP timeout time c-rp holdtime interval 150 seconds by default For the configuration of other timers in PIM-SM, refer to...
Page 838 value of 1, the whole network will not be affected as long as the neighbor router discards these bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the entire network, all these routers will discard bootstrap messages from out of the legal address range.
Page 839 To do… Use the command… Remarks Required Configure a PIM domain border By default, no PIM domain pim bsr-boundary border is configured. Configuring global C-BSR parameters In each PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the PIM-SM domain send advertisement messages to the BSR.
Page 840: Configuring Administrative Scoping
Follow these steps to configure C-BSR timers: To do… Use the command… Remarks Enter system view — system-view Enter PIM view — Optional Configure the BS period c-bsr interval interval For the default value, see the note below. Optional Configure the BS timeout c-bsr holdtime interval For the default value, see the note below.
Page 841 To do… Use the command… Remarks Required Enable administrative scoping c-bsr admin-scope Disabled by default Configuring an admin-scope zone boundary The boundary of each admin-scope zone is formed by ZBRs. Each admin-scope zone maintains a BSR, which serves a specific multicast group range. Multicast protocol packets (such as assert messages and bootstrap messages) that belong to this range cannot cross the admin-scope zone boundary.
Page 842: Configuring Multicast Source Registration
To do… Use the command… Remarks Required c-bsr group group-address Configure a C-BSR for an { mask | mask-length } No C-BSRs are configured for admin-scope zone [ hash-length hash-length | an admin-scope zone by priority priority ] * default. The group-address { mask | mask-length } parameter of the c-bsr group command can specify the multicast groups the C-BSR serves, in the range of 239.0.0.0/8.
Page 843: Disabling Spt Switchover
5 seconds by default Disabling SPT Switchover If a 3Com Switch 4800G acts as an RP or the receiver-side DR, it initiates an SPT switchover process (by default) upon receiving the first multicast packet along the RPT. You can disable the switchover from RPT to SPT.
Page 844: Configuring Pim-Ssm
For a 3Com Switch 4800G, once a multicast forwarding entry is created, subsequent multicast data will not be encapsulated in register messages before being forwarded even if a register outgoing interface is available. Therefore, to avoid forwarding failure, do not use spt-switch-threshold infinity command on a switch that may become an RP (namely, a static RP or a C-RP).
Page 845: Configuring The Ssm Group Range
Enabling PIM-SM The SSM model is implemented based on some subsets of PIM-SM. Therefore, a router is PIM-SSM capable after you enable PIM-SM on it. When deploying a PIM-SM domain, you are recommended to enable PIM-SM on non-border interfaces of the routers. Follow these steps to enable PIM-SM globally To do...
Page 846: Configuring Pim Common Features
Make sure that the same SSM group range is configured on all routers in the entire domain. Otherwise, multicast information cannot be delivered through the SSM model. When a member of a multicast group in the SSM group range sends an IGMPv1 or IGMPv2 report message, the device does not trigger a (*, G) join.
Page 847: Configuring A Multicast Data Filter
PIM neighbor timeout time (global value/interface value) Prune delay (global value/interface level value) Prune override interval (global value/interface level value) Hello interval (global value/interface level value) Maximum delay between hello message (interface level value) Assert timeout time (global value/interface value) Join/prune interval (global value/interface level value) Join/prune timeout (global value/interface value) Multicast source lifetime...
Page 848: Configuring Pim Hello Options
To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required pim neighbor-policy Configure a hello message filter No hello message filter by default. acl-number With the hello message filter configured, if hello messages of an existing PIM neighbor fail to pass the filter, the PIM neighbor will be removed automatically when it times out.
Page 849 upstream router has changed, it assumes that the status of the upstream neighbor is lost or the upstream neighbor has changed. In this case, it triggers a join message for state update. If you disable join suppression (namely, enable neighbor tracking), the join suppression feature should be disabled on all PIM routers on a multi-access subnet;...
Page 850: Configuring Pim Common Timers
Configuring PIM Common Timers PIM routers discover PIM neighbors and maintain PIM neighboring relationships with other routers by periodically sending out hello messages. Upon receiving a hello message, a PIM router waits a random period, which is smaller than the maximum delay between hello messages, before sending out a hello message.
Page 851: Configuring Join/Prune Message Sizes
To do... Use the command... Remarks Optional Configure the maximum delay pim triggered-hello-delay between hello messages 5 seconds by default interval Optional Configure the join/prune pim timer join-prune interval interval 60 seconds by default Optional Configure the join/prune pim holdtime join-prune timeout time 210 seconds by default interval...
Page 852: Pim Configuration Examples
To do... Use the command... Remarks display pim control-message counters [ message-type { probe | register | View the number of PIM control register-stop } | [ interface interface-type Available in messages interface-number | message-type { assert | bsr | any view crp | graft | graft-ack | hello | join-prune | state-refresh } ] * ]...
Page 853 Network diagram Figure 1-10 Network diagram for PIM-DM configuration Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int103 192.168.1.1/24 Vlan-int103 192.168.1.2/24 Switch B Vlan-int200 10.110.2.1/24 Vlan-int101 192.168.2.2/24 Vlan-int101 192.168.2.1/24 Vlan-int102 192.168.3.2/24 Switch C Vlan-int200 10.110.2.2/24 Vlan-int102...
Page 854 The configuration on Switch B and Switch C is similar to that on Switch A. # Enable IP multicast routing on Switch D, and enable PIM-DM on each interface. <SwitchD> system-view [SwitchD] multicast routing-enable [SwitchD] interface vlan-interface 300 [SwitchD-Vlan-interface300] pim dm [SwitchD-Vlan-interface300] quit [SwitchD] interface vlan-interface 103 [SwitchD-Vlan-interface103] pim dm...
Page 855 (*, 225.1.1.1) Protocol: pim-dm, Flag: WC UpTime: 00:04:25 Upstream interface: NULL Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: igmp, UpTime: 00:04:25, Expires: never (10.110.5.100, 225.1.1.1) Protocol: pim-dm, Flag: ACT UpTime: 00:06:14 Upstream interface: Vlan-interface103, Upstream neighbor: 192.168.1.2...
Page 856: Pim-Sm Non-Scoped Zone Configuration Example
PIM-SM Non-Scoped Zone Configuration Example Network requirements Receivers receive VOD information through multicast. The receiver groups of different organizations form stub networks, and one or more receiver hosts exist in each stub network. The entire PIM-SM domain contains only one BSR. Host A and Host C are multicast receivers in two stub networks.
Page 857 Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-11. Detailed configuration steps are omitted here. Configure the OSPF protocol for interoperation among the switches in the PIM-SM domain. Ensure the network-layer interoperation in the PIM-SM domain and enable dynamic update of routing information among the switches through a unicast routing protocol.
Page 858 [SwitchE-pim] quit Verify the configuration Carry out the display pim interface command to view the PIM configuration and running status on each interface. For example: # View the PIM configuration information on Switch A. [SwitchA] display pim interface Interface NbrCnt HelloInt DR-Pri DR-Address Vlan100...
Page 859 Hash mask length: 32 State: Elected Scope: Not scoped Uptime: 00:01:18 Next BSR message scheduled at: 00:01:52 Candidate BSR Address: 192.168.9.2 Priority: 20 Hash mask length: 32 State: Elected Scope: Not scoped Candidate RP: 192.168.9.2(Vlan-interface102) Priority: 0 HoldTime: 150 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 To view the RP information discovered on a switch, use the display pim rp-info command.
Page 860 RP: 192.168.9.2 Protocol: pim-sm, Flag: WC UpTime: 00:13:46 Upstream interface: Vlan-interface102 Upstream neighbor: 192.168.9.2 RPF prime neighbor: 192.168.9.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: igmp, UpTime: 00:13:46, Expires: 00:03:06 (10.110.5.100, 225.1.1.0) RP: 192.168.9.2 Protocol: pim-sm, Flag: SPT ACT UpTime: 00:00:42 Upstream interface: Vlan-interface101 Upstream neighbor: 192.168.1.2...
Page 861: Pim-Sm Admin-Scope Zone Configuration Example
Upstream neighbor: 192.168.4.2 RPF prime neighbor: 192.168.4.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface102 Protocol: pim-sm, UpTime: 00:13:16, Expires: 00:03:22 PIM-SM Admin-Scope Zone Configuration Example Network requirements Receivers receive VOD information through multicast. The entire PIM-SM domain is divided into admin-scope zone 1, admin-scope zone 2, and the global zone.
Page 862 Network diagram Figure 1-12 Network diagram for PIM-SM admin-scope zone configuration Admin-scope 1 Vlan-int500 Receiver Switch G Host A Source 1 Vlan-int109 Source 3 Vlan-int100 Vlan-int200 Vlan-int109 Vlan-int101 Vlan-int102 Vlan-int102 Switch F Vlan-int101 Vlan-int107 Switch B Switch A Switch C Switch I Switch H Vlan-int107...
Page 863 Enable IP multicast routing and administrative scoping, and enable PIM-SM and IGMP # Enable IP multicast routing and administrative scoping on Switch A, enable PIM-SM on each interface, and enable IGMP on the host-side interface VLAN-interface 100. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] pim [SwitchA-pim] c-bsr admin-scope [SwitchA-pim] quit...
Page 864 # On Switch C, configure VLAN-interface 103 and VLAN-interface 106 to be the boundary of admin-scope zone 2. <SwitchC> system-view [SwitchC] interface vlan-interface 103 [SwitchC-Vlan-interface103] multicast boundary 239.0.0.0 8 [SwitchC-Vlan-interface103] quit [SwitchC] interface vlan-interface 106 [SwitchC-Vlan-interface106] multicast boundary 239.0.0.0 8 [SwitchC-Vlan-interface106] quit # On Switch D, configure VLAN-interface 107 to be the boundary of admin-scope zone 2.
Page 865 # View the BSR information and the locally configured C-RP information on Switch B. [SwitchB] display pim bsr-info Elected BSR Address: 10.110.9.1 Priority: 0 Hash mask length: 30 State: Accept Preferred Scope: Global Uptime: 00:01:45 Expires: 00:01:25 Elected BSR Address: 10.110.1.2 Priority: 0 Hash mask length: 30 State: Elected...
Page 866 Scope: 239.0.0.0/8 Candidate RP: 10.110.4.2(Vlan-interface104) Priority: 0 HoldTime: 150 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:10 # View the BSR information and the locally configured C-RP information on Switch F. [SwitchF] display pim bsr-info Elected BSR Address: 10.110.9.1 Priority: 0 Hash mask length: 30 State: Elected Scope: Global...
Page 867: Pim-Ssm Configuration Example
PIM-SM BSR RP information: Group/MaskLen: 224.0.0.0/4 RP: 10.110.9.1 Priority: 0 HoldTime: 150 Uptime: 00:03:42 Expires: 00:01:48 Group/MaskLen: 239.0.0.0/8 RP: 10.110.4.2 (local) Priority: 0 HoldTime: 150 Uptime: 00:06:54 Expires: 00:02:41 # View the RP information on Switch F. [SwitchF] display pim rp-info PIM-SM BSR RP information: Group/MaskLen: 224.0.0.0/4 RP: 10.110.9.1 (local)
Page 868 Network diagram Figure 1-13 Network diagram for PIM-SSM configuration Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int101 192.168.1.1/24 Vlan-int101 192.168.1.2/24 Vlan-int102 192.168.9.1/24 Vlan-int105 192.168.4.2/24 Switch B Vlan-int200 10.110.2.1/24 Switch E Vlan-int104 192.168.3.2/24 Vlan-int103 192.168.2.1/24...
Page 869 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm [SwitchA-Vlan-interface102] quit The configuration on Switch B and Switch C is similar to that on Switch A. The configuration on Switch D and Switch E is also similar to that on Switch A except that it is not necessary to enable IGMP on the corresponding interfaces on these two switches.
Page 870: Troubleshooting Pim Configuration
1: Vlan-interface100 Protocol: igmp, UpTime: 00:13:25, Expires: 00:03:25 The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D. [SwitchD] display pim routing-table Total 0 (*, G) entry; 1 (S, G) entry (10.110.5.100, 232.1.1.1) Protocol: pim-ssm, Flag: LOC UpTime: 00:12:05...
Page 871: Multicast Data Abnormally Terminated On An Intermediate Router
interface and on the corresponding interface of the RPF neighbor router, the establishment of a multicast distribution tree will surely fail, causing abnormal multicast forwarding. The same PIM mode must run on the entire network. Otherwise, the establishment of a multicast distribution tree will surely fail, causing abnormal multicast forwarding.
Page 872: Rpt Establishment Failure Or Source Registration Failure In Pim-Sm
Analysis As the core of a PIM-SM domain, the RPs serve specific multicast groups. Multiple RPs can coexist in a network. Make sure that the RP information on all routers is exactly the same, and a specific group is mapped to the same RP. Otherwise, multicast forwarding will fail. If the static RP mechanism is used, the same static RP command must be executed on all the routers in the entire network.
Page 873 Table of Contents 1 MSDP Configuration··································································································································1-1 MSDP Overview······································································································································1-1 Introduction to MSDP ······················································································································1-1 How MSDP Works···························································································································1-2 Protocols and Standards ·················································································································1-7 MSDP Configuration Task List················································································································1-7 Configuring Basic Functions of MSDP····································································································1-8 Configuration Prerequisites ·············································································································1-8 Enabling MSDP ·······························································································································1-8 Creating an MSDP Peer Connection·······························································································1-8 Configuring a Static RPF Peer ········································································································1-9 Configuring an MSDP Peer Connection ·································································································1-9 Configuration Prerequisites ·············································································································1-9 Configuring MSDP Peer Description ·····························································································1-10...
Page 874: Msdp Configuration
MSDP Configuration When configuring MSDP, go to these sections for information you are interested in: MSDP Overview MSDP Configuration Task List Displaying and Maintaining MSDP MSDP Configuration Examples Troubleshooting MSDP The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the MSDP protocol.
Page 875: How Msdp Works
MSDP is applicable only if the intra-domain multicast protocol is PIM-SM. MSDP is meaningful only for the any-source multicast (ASM) model. How MSDP Works MSDP peers With one or more pairs of MSDP peers configured in the network, an MSDP interconnection map is formed, where the RPs of different PIM-SM domains are interconnected in series.
Page 876 Router A and Router B are MSDP peers on common multicast routers. Such MSDP peers just forward received SA messages. In a PIM-SM network running the BSR mechanism, the RP is dynamically elected from C-RPs. To enhance network robustness, a PIM-SM network typically has more than one C-RP. As the RP election result is unpredictable, MSDP peering relationships should be built among all C-RPs so that the winner C-RP is always on the "MSDP interconnection map”, while loser C-RPs will assume the role of common PIM-SM routers on the “MSDP interconnection map”.
Page 877 On MSDP peers, each SA message is subject to a reverse path forwarding (RPF) check and multicast policy–based filtering, so that only SA messages that have arrived along the correct path and passed the filtering are received and forwarded. This avoids delivery loops of SA messages. In addition, you can configure MSDP peers into an MSDP mesh group so as to avoid flooding of SA messages between MSDP peers.
Page 878 Figure 1-3 Diagram for RPF check for SA messages Source RP 1 RP 5 RP 9 RP 8 AS 1 AS 5 Mesh group AS 3 RP 2 RP 3 AS 2 MSDP peers RP 4 RP 6 RP 7 Static RPF peers AS 4 SA message...
Page 879 SA messages from other paths than described above will not be accepted nor forwarded by MSDP peers. Implementing intra-domain Anycast RP by leveraging MSDP peers Anycast RP refers to such an application that enables load balancing and redundancy backup between two or more RPs within a PIM-SM domain by configuring the same IP address for, and establishing MSDP peering relationships between, these RPs.
Page 880: Protocols And Standards
Optimal RP path: A multicast source registers with the nearest RP so that an SPT with the optimal path is built; a receiver joins the nearest RP so that an RPT with the optimal path is built. Load balancing between RPs: Each RP just needs to maintain part of the source/group information within the PIM-SM domain and forward part of the multicast data, thus achieving load balancing between different RPs.
Page 881: Configuring Basic Functions Of Msdp
Configuring Basic Functions of MSDP All the configuration tasks should be carried out on RPs in PIM-SM domains, and each of these RPs acts as an MSDP peer. Configuration Prerequisites Before configuring the basic functions of MSDP, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Page 882: Configuring A Static Rpf Peer
To do... Use the command... Remarks Enter system view — system-view Enter MSDP view — msdp Required peer peer-address Create an MSDP peer No MSDP peer connection connect-interface connection created by default interface-type interface-number If an interface of the router is shared by an MSDP peer and a BGP/MBGP peer at the same time, we recommend that you use the IP address of the BGP/MBGP peer as the IP address of the for the MSDP peer.
Page 883: Configuring Msdp Peer Description
Configuring MSDP Peer Description With the MSDP peer description information, the administrator can easily distinguish different MSDP peers and thus better manage MSDP peers. Follow these steps to configure description for an MSDP peer: To do... Use the command... Remarks Enter system view —...
Page 884: Configuring Msdp Peer Connection Control
Configuring MSDP Peer Connection Control MSDP peers are interconnected over TCP (port number 639). You can flexibly control sessions between MSDP peers by manually deactivating and reactivating the MSDP peering connections. When the connection between two MSDP peers is deactivated, SA messages will no longer be delivered between them, and the TCP connection is closed without any connection setup retry, but the configuration information will remain unchanged.
Page 885: Configuring Sa Request Messages
decapsulates the SA message and delivers the multicast data contained in the register message to the receivers along the RPT. The MSDP peers deliver SA messages to one another. Upon receiving an SA message, a router performs RPF check on the message. If the router finds that the remote RP address is the same as the local RP address, it will discard the SA message.
Page 886: Configuring Sa Message Filtering Rules
Configuring SA Message Filtering Rules By configuring an SA message creation rule, you can enable the router to filter the (S, G) entries to be advertised when creating an SA message, so that the propagation of messages of multicast sources is controlled.
Page 887: Displaying And Maintaining Msdp
To protect the router effectively against denial of service (DoS) attacks, you can set a limit on the number of (S, G) entries the router can cache. Follow these steps to configure the SA message cache: To do... Use the command... Remarks Enter system view —...
Page 888 It is required that an MSDP peering relationship be set up between Switch B and Switch C through EBGP, and between Switch C and Switch E through IBGP. Network diagram Figure 1-5 Network diagram for inter-AS multicast configuration leveraging BGP routes Device Interface IP address...
Page 889 [SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] quit The configuration on Switch B, Switch C, Switch D, Switch E, and Switch F is similar to the configuration on Switch A.
Page 890 # Redistribute BGP routes into OSPF on Switch B. [SwitchB] ospf 1 [SwitchB-ospf-1] import-route bgp [SwitchB-ospf-1] quit The configuration on Switch C and Switch E is similar to the configuration on Switch B. Configure MSDP peers # Configure an MSDP peer on Switch B. [SwitchB] msdp [SwitchB-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [SwitchB-msdp] quit...
Page 891 [SwitchE] display bgp peer BGP local router ID : 3.3.3.3 Local AS number : 200 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 192.168.3.1 4 200 1 00:10:58 Established To view the BGP routing table information on the switches, use the display bgp routing-table command.
Page 892 192.168.1.2 00:12:27 # View the brief information about MSDP peering relationships on Switch C. [SwitchC] display msdp brief MSDP Peer Brief Information Configured Listen Connect Shutdown Down Peer's Address State Up/Down time SA Count Reset Count 192.168.3.2 00:15:32 192.168.1.1 00:06:39 # View the brief information about MSDP peering relationships on Switch E.
Page 893: Inter-As Multicast Configuration Leveraging Static Rpf Peers
Inter-AS Multicast Configuration Leveraging Static RPF Peers Network requirements There are two ASs in the network, AS 100 and AS 200 respectively. OSPF is running within each AS, and BGP is running between the two ASs. PIM-SM 1 belongs to AS 100, while PIM-SM 2 and PIM-SM 3 belong to AS 200. Each PIM-SM domain has zero or one multicast source and receiver.
Page 894 Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-6. Detailed configuration steps are omitted here. Configure OSPF for interconnection between the switches. Ensure the network-layer interoperation in each AS, and ensure the dynamic update of routing information among the switches through a unicast routing protocol.
Page 895 [SwitchB-msdp] peer 192.168.3.2 connect-interface vlan-interface 102 [SwitchB-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [SwitchB-msdp] static-rpf-peer 192.168.3.2 rp-policy list-df [SwitchB-msdp] static-rpf-peer 192.168.1.2 rp-policy list-df [SwitchB-msdp] quit # Configure Switch B as a static RPF peer of Switch C. [SwitchC] ip ip-prefix list-c permit 192.168.0.0 16 greater-equal 16 less-equal 32 [SwitchC] msdp [SwitchC-msdp] peer 192.168.1.1 connect-interface vlan-interface 101 [SwitchC-msdp] static-rpf-peer 192.168.1.1 rp-policy list-c...
Page 896: Anycast Rp Configuration
Configured Listen Connect Shutdown Down Peer's Address State Up/Down time SA Count Reset Count 192.168.3.1 00:16:40 Anycast RP Configuration Network requirements The PIM-SM domain has multiple multicast sources and receivers. OSPF runs within the domain to provide unicast routes. It is required to configure the anycast RP application so that the receiver-side DRs and the source-side DRs can initiate a Join message to their respective RPs that are the topologically nearest to them.
Page 897 Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-7. Detailed configuration steps are omitted here. Configure OSPF for interconnection between the switches. Ensure the network-layer interoperation among the switches, and ensure the dynamic update of routing information between the switches through a unicast routing protocol.
Page 898 [SwitchB-msdp] peer 2.2.2.2 connect-interface loopback 0 [SwitchB-msdp] quit # Configure an MSDP peer on Loopback 0 of Switch D. [SwitchD] msdp [SwitchD-msdp] originating-rp loopback 0 [SwitchD-msdp] peer 1.1.1.1 connect-interface loopback 0 [SwitchD-msdp] quit Verify the configuration You can use the display msdp brief command to view the brief information of MSDP peering relationships between the switches.
Page 899 Protocol: igmp, UpTime: 00:15:04, Expires: never (10.110.5.100, 225.1.1.1) RP: 10.1.1.1 (local) Protocol: pim-sm, Flag: SPT 2MSDP ACT UpTime: 00:46:28 Upstream interface: Vlan-interface103 Upstream neighbor: 10.110.2.2 RPF prime neighbor: 10.110.2.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: pim-sm, UpTime: - , Expires: never # View the PIM routing information on Switch D.
Page 900: Sa Message Filtering Configuration
Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface200 Protocol: pim-sm, UpTime: never , Expires: never SA Message Filtering Configuration Network requirements Three PIM-SM domains exist in the network, and OSPF runs within and among the domains to provide unicast routing. Configure respective Loopback 0 of Switch A, Switch C and Switch D as a C-BSR and C-RP in the respective PIM-SM domain.
Page 901 Configuration Procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-8. The detailed configuration steps are omitted here. Configure OSPF for interoperation among the switches. Ensure the network-layer interoperation within and between the PIM-SM domains and ensure dynamic update of routing information among the switches by leveraging unicast routing.
Page 902 [SwitchA-pim] quit The configuration on Switch C and Switch D is similar to the configuration on Switch A. The specific configuration steps are omitted here. Configure MSDP peers # Configure an MSDP peer on Switch A. [SwitchA] msdp [SwitchA-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [SwitchA-msdp] quit # Configure MSDP peers on Switch C.
Page 903: Troubleshooting Msdp
(Source, Group) Origin RP Uptime Expires (10.110.3.100, 225.1.1.0) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 225.1.1.1) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 225.1.1.2) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 225.1.1.3) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 226.1.1.0) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 226.1.1.1) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 226.1.1.2) 1.1.1.1 02:03:30 00:05:31 (10.110.3.100, 226.1.1.3) 1.1.1.1 02:03:30 00:05:31...
Page 904: No Sa Entries In The Router's Sa Cache
No SA Entries in the Router’s SA Cache Symptom MSDP fails to send (S, G) entries through SA messages. Analysis The import-source command is used to control sending (S, G) entries through SA messages to MSDP peers. If this command is executed without the acl-number argument, all the (S, G) entries will be filtered off, namely no (S, G) entries of the local domain will be advertised.
Page 905 Table of Contents 1 MBGP Configuration ·································································································································1-1 MBGP Overview······································································································································1-1 Protocols and Standards·························································································································1-2 MBGP Configuration Task List················································································································1-2 Configuring MBGP Basic Functions········································································································1-2 Prerequisites····································································································································1-2 Configuration Procedure··················································································································1-3 Controlling Route Advertisement and Reception····················································································1-3 Prerequisites····································································································································1-3 Configuring MBGP Route Redistribution·························································································1-3 Configure Default Route Redistribution into MBGP ········································································1-4 Configuring MBGP Route Summarization·······················································································1-4 Advertising a Default Route to an IPv4 MBGP Peer or Peer Group ···············································1-5 Configuring Outbound MBGP Route Filtering ·················································································1-5...
Page 906: Mbgp Configuration
MBGP Configuration The term “router” refers to a router or a Layer 3 switch in this document. When configuring MBGP, go to these sections for information you are interested in: MBGP Overview Protocols and Standards MBGP Configuration Task List Configuring MBGP Basic Functions Controlling Route Advertisement and Reception Configuring MBGP Route Attributes Tuning and Optimizing MBGP Networks...
Page 907: Protocols And Standards
Protocols and Standards RFC2858: Multiprotocol Extensions for BGP-4 RFC3392: Capabilities Advertisement with BGP-4 draft-ietf-idmr-bgp-mcast-attr-00: BGP Attributes for Multicast Tree Construction MBGP Configuration Task List Complete the following tasks to configure MBGP: Task Remarks Configuring MBGP Basic Functions Required Configuring MBGP Route Redistribution Optional Configure Default Route Redistribution into MBGP Optional...
Page 908: Configuration Procedure
Configuration Procedure Follow these steps to configure MBGP basic functions: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number peer { group-name | Required Specify a peer or peer group ip-address } as-number and its AS number Not specified by default.
Page 909: Configure Default Route Redistribution Into Mbgp
The Origin attribute of routes redistributed into the MBGP routing table with the import-route command is Incomplete. The Origin attribute of routes injected into the MBGP routing table with the network command is IGP. The networks to be injected must exist in the local IP routing table, and using a route policy makes route control more flexible.
Page 910: Advertising A Default Route To An Ipv4 Mbgp Peer Or Peer Group
To do… Use the command… Remarks Required Enable automatic No route route summary automatic summarization summarization is configured by default. Configure Choose either MBGP route as needed; if aggregate ip-address { mask | summarization mask-length } [ as-set | attribute-policy both are Configure manual configured, the...
Page 911: Configuring Inbound Mbgp Route Filtering
Follow these steps to configure BGP route distribution filtering policies: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv4 MBGP address — ipv4-family multicast family view filter-policy { acl-number | ip-prefix Configure the filtering of ip-prefix-name } export [ direct | isis redistributed routes...
Page 912: Configuring Mbgp Route Dampening
To do… Use the command… Remarks Filter incoming routes using an filter-policy { acl-number | ACL or IP prefix list ip-prefix ip-prefix-name } import Reference a route policy to peer { group-name | ip-address } routes from an IPv4 MBGP route-policy policy-name import peer/peer group At least one of these...
Page 913: Prerequisites
Prerequisites Before configuring this task, you need to configure MBGP basic functions. Configuring MBGP Route Preferences You can reference a route policy to set preferences for routes matching it. Routes not matching it use the default preferences. Follow these steps to configure MBGP route preferences: To do…...
Page 914: Configuring The Next Hop Attribute
To do… Use the command… Remarks Optional Configure the default default med med-value MED value 0 by default. Enable the Optional comparison of the compare-different-as-med MED of routes from Not enabled by default different ASs Configure the MED Enable the Optional attribute comparison of the...
Page 915: Tuning And Optimizing Mbgp Networks
Follow these steps to configure the AS-PATH attribute: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv4 MBGP address family view — ipv4-family multicast Optional Specify the maximum number of times the peer { group-name | By default, the local AS local AS number can...
Page 916: Configuring The Maximum Number Of Mbgp Routes For Load Balancing
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Optional Enable BGP route refresh for a peer { group-name | ip-address } peer/peer group Enabled by default capability-advertise route-refresh Perfom a manual soft reset If the peer does not support route-refresh, you can use the peer keep-all-routes command to save all the route updates from the peer, and then use the refresh bgp ipv4 multicast command to soft-reset MBGP connections to refresh the MBGP routing table and apply the new policy without tearing down...
Page 917: Configuring A Large Scale Mbgp Network
Configuring a Large Scale MBGP Network Prerequisites Before configuring this task, you need to make peering nodes accessible to each other at the network layer. Configuring IPv4 MBGP Peer Groups In a large-scale network, configuration and maintenance become difficult due to large numbers of MBGP peers.
Page 918: Configuring An Mbgp Route Reflector
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv4 MBGP address family view — ipv4-family multicast Advertise the peer { group-name | community attribute ip-address } Advertise the to an MBGP advertise-community community peer/peer group...
Page 919: Displaying And Maintaining Mbgp
In general, it is not required that clients of a route reflector be fully meshed. The route reflector forwards routing information between clients. If clients are fully meshed, you can disable route reflection between clients to reduce routing costs. In general, a cluster has only one route reflector, and the router ID of the route reflector is used to identify the cluster.
Page 920: Resetting Mbgp Connections
To do… Use the command… Remarks Display MBGP dampening Available in display bgp multicast routing-table parameter information any view dampening parameter Display MBGP routing Available in display bgp multicast routing-table information originating from any view different-origin-as different ASs display bgp multicast routing-table flap-info Display IPv4 MBGP routing flap [ regular-expression as-regular-expression | Available in...
Page 921 It is required that the respective Loopback 0 of Switch A and Switch B be configured as the C-BSR and C-RP of the respective PIM-SM domains. Switch A and Switch B establishes an MSDP peer relationship through MBGP. Figure 1-1 Network diagram for MBGP configuration Device Interface IP address...
Page 922 [SwitchC-Vlan-interface102] pim sm [SwitchC-Vlan-interface102] quit [SwitchC] interface vlan-interface 104 [SwitchC-Vlan-interface104] pim sm [SwitchC-Vlan-interface104] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] pim sm [SwitchC-Vlan-interface200] igmp enable [SwitchC-Vlan-interface200] quit # Configure a PIM domain border on Switch A. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim bsr-boundary [SwitchA-Vlan-interface101] quit # Configure a PIM domain border on Switch B.
Page 923 [SwitchA-bgp-af-mul] quit [SwitchA-bgp] quit # On Switch B, configure the MBGP peer and enable route redistribution from OSPF. [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 192.168.1.1 as-number 100 [SwitchB-bgp] import-route ospf 1 [SwitchB-bgp] ipv4-family multicast [SwitchB-bgp-af-mul] peer 192.168.1.1 enable [SwitchB-bgp-af-mul] import-route ospf 1 [SwitchB-bgp-af-mul] quit [SwitchB-bgp] quit...
Page 924 Table of Contents 1 IGMP Snooping Configuration ·················································································································1-1 IGMP Snooping Overview·······················································································································1-1 Principle of IGMP Snooping ············································································································1-1 Basic Concepts in IGMP Snooping ·································································································1-2 How IGMP Snooping Works············································································································1-3 Processing of Multicast Protocol Messages····················································································1-5 Protocols and Standards ·················································································································1-5 IGMP Snooping Configuration Task List·································································································1-6 Configuring Basic Functions of IGMP Snooping·····················································································1-7 Configuration Prerequisites ·············································································································1-7 Enabling IGMP Snooping ················································································································1-7...
Page 925: Igmp Snooping Configuration
IGMP Snooping Configuration When configuring IGMP Snooping, go to the following sections for information you are interested in: IGMP Snooping Overview IGMP Snooping Configuration Task List Displaying and Maintaining IGMP Snooping IGMP Snooping Configuration Examples Troubleshooting IGMP Snooping Configuration IGMP Snooping Overview Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups.
Page 926: Basic Concepts In Igmp Snooping
Reducing Layer 2 broadcast packets, thus saving network bandwidth. Enhancing the security of multicast traffic. Facilitating the implementation of per-host accounting. Basic Concepts in IGMP Snooping IGMP Snooping related ports As shown in Figure 1-2, Router A connects to the multicast source, IGMP Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, multicast group members).
Page 927: How Igmp Snooping Works
Aging timers for dynamic ports in IGMP Snooping and related messages and actions Table 1-1 Aging timers for dynamic ports in IGMP Snooping and related messages and actions Message before Timer Description Action after expiry expiry For each dynamic IGMP general query of router port, the switch The switch removes Dynamic router port...
Page 928 When receiving a membership report A host sends an IGMP report to the IGMP querier in the following circumstances: Upon receiving an IGMP query, a multicast group member host responds with an IGMP report. When intended to join a multicast group, a host sends an IGMP report to the IGMP querier to announce that it is interested in the multicast information addressed to that group.
Page 929: Processing Of Multicast Protocol Messages
does not immediately remove the port from the outgoing port list of the forwarding table entry for that group; instead, it resets the aging timer for the port. Upon receiving the IGMP leave message from a host, the IGMP querier resolves the multicast group address in the message and sends an IGMP group-specific query to that multicast group through the port that received the leave message.
Page 930: Igmp Snooping Configuration Task List
RFC 4541: Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches IGMP Snooping Configuration Task List Complete these tasks to configure IGMP Snooping: Task Remarks Enabling IGMP Snooping Required Configuring Basic Functions of IGMP Snooping Configuring the Version of IGMP Snooping Optional Configuring Aging Timers for Dynamic Ports...
Page 931: Configuring Basic Functions Of Igmp Snooping
Configuring Basic Functions of IGMP Snooping Configuration Prerequisites Before configuring the basic functions of IGMP Snooping, complete the following task: Configure the corresponding VLANs. Before configuring the basic functions of IGMP Snooping, prepare the following data: Version of IGMP Snooping. Enabling IGMP Snooping Follow these steps to enable IGMP Snooping: To do...
Page 932: Configuring Igmp Snooping Port Functions
To do... Use the command... Remarks Optional Configure the version of IGMP igmp-snooping version Snooping Version 2 by default version-number If you switch IGMP Snooping from version 3 to version 2, the system will clear all IGMP Snooping forwarding entries from dynamic joins, and will: Keep forwarding entries for version 3 static (*, G) joins;...
Page 933: Configuring Static Ports
To do... Use the command... Remarks Optional Configure dynamic member host-aging-time interval port aging time 260 seconds by default Configuring aging timers for dynamic ports in a VLAN Follow these steps to configure aging timers for dynamic ports in a VLAN: To do...
Page 934: Configuring Simulated Joining
A static (S, G) joining can take effect only if a valid multicast source address is specified and IGMP Snooping version 3 is currently running. A static member port does not respond to queries from the IGMP querier; when static (*, G) or (S, G) joining is enabled or disabled on a port, the port does not send an unsolicited IGMP report or an IGMP leave message.
Page 935: Configuring Fast Leave Processing
Each simulated host is equivalent to an independent host. For example, when receiving an IGMP query, the simulated host corresponding to each configuration responds respectively. Unlike a static member port, a port configured as a simulated member host will age out like a dynamic member port.
Page 936: Configuring Igmp Snooping Querier
Configuring IGMP Snooping Querier Configuration Prerequisites Before configuring IGMP Snooping querier, complete the following task: Enable IGMP Snooping in the VLAN. Before configuring IGMP Snooping querier, prepare the following data: IGMP general query interval, IGMP last-member query interval, Maximum response time to IGMP general queries, Source address of IGMP general queries, and Source address of IGMP group-specific queries.
Page 937 response time (the host obtains the value of the maximum response time from the Max Response Time field in the IGMP query it received). When the timer value comes down to 0, the host sends an IGMP report to the corresponding multicast group. An appropriate setting of the maximum response time for IGMP queries allows hosts to respond to queries quickly and avoids bursts of IGMP traffic on the network caused by reports simultaneously sent by a large number of hosts when the corresponding timers expire simultaneously.
Page 938: Configuring Source Ip Address Of Igmp Queries
Configuring Source IP Address of IGMP Queries Upon receiving an IGMP query whose source IP address is 0.0.0.0 on a port, the switch does not enlist that port as a dynamic router port. This may prevent multicast forwarding entries from being correctly created at the data link layer and cause multicast traffic forwarding failure in the end.
Page 939: Configuring Multicast Source Port Filtering
Configuring a multicast group filter globally Follow these steps to configure a multicast group filter globally: To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping view — igmp-snooping Required By default, no group filter is Configure a multicast group group-policy acl-number globally configured, that is,...
Page 940: Configuring The Function Of Dropping Unknown Multicast Data
Disabled by default 3Com Switch 4800G, when enabled to filter IPv4 multicast data based on the source ports, are automatically enabled to filter IPv6 multicast data based on the source ports. Configuring the Function of Dropping Unknown Multicast Data Unknown multicast data refers to multicast data for which no entries exist in the IGMP Snooping forwarding table.
Page 941: Configuring Maximum Multicast Groups That Can Be Joined On A Port
Follow these steps to configure IGMP report suppression: To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping view — igmp-snooping Optional Enable IGMP report report-aggregation suppression Enabled by default Configuring Maximum Multicast Groups that Can Be Joined on a Port By configuring the maximum number of multicast groups that can be joined on a port, you can limit the number of multicast programs on-demand available to users, thus to regulate traffic on the port.
Page 942: Displaying And Maintaining Igmp Snooping
To address such situations, you can enable the multicast group replacement function on the switch or certain ports. When the number of multicast groups joined on the switch or a port has joined reaches the limit: If the multicast group replacement feature is enabled, the newly joined multicast group automatically replaces an existing multicast group with the lowest address.
Page 943: Igmp Snooping Configuration Examples
To do... Use the command... Remarks Clear IGMP Snooping multicast Available in reset igmp-snooping group group information { group-address | all } [ vlan vlan-id ] user view Clear the statistics information of all Available in kinds of IGMP messages learned reset igmp-snooping statistics user view by IGMP Snooping...
Page 944 Network diagram Figure 1-3 Network diagram for group policy simulated joining configuration Configuration procedure Configure IP addresses Configure an IP address and subnet mask for each interface as per Figure 1-3. The detailed configuration steps are omitted. Configure Router A # Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMP on GigabitEthernet 1/0/1.
Page 945 # Configure a multicast group filter so that the hosts in VLAN 100 can join only the multicast group 224.1.1.1. [SwitchA] acl number 2001 [SwitchA-acl-basic-2001] rule permit source 224.1.1.1 0 [SwitchA-acl-basic-2001] quit [SwitchA] igmp-snooping [SwitchA-igmp-snooping] group-policy 2001 vlan 100 [SwitchA-igmp-snooping] quit # Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 as simulated hosts for multicast group 224.1.1.1.
Page 946: Static Port Configuration
Static Port Configuration Network requirements As shown in Figure 1-4, Router A connects to a multicast source (Source) through GigabitEthernet 1/0/2, and to Switch A through GigabitEthernet 1/0/1. IGMPv2 is to run on Router A, and IGMPv2 Snooping is to run on Switch A, Switch B and Switch C, with Router A acting as the IGMP querier.
Page 947 Configuration procedure Configure IP addresses Configure an IP address and subnet mask for each interface as per Figure 1-4. The detailed configuration steps are omitted. Configure Router A # Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMP on GigabitEthernet 1/0/1.
Page 948 <SwitchC> system-view [SwitchC] igmp-snooping [SwitchC-igmp-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/5 to this VLAN, and enable IGMP Snooping in the VLAN. [SwitchC] vlan 100 [SwitchC-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/5 [SwitchC-vlan100] igmp-snooping enable [SwitchC-vlan100] quit # Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/5 as static member ports for multicast group 224.1.1.1.
Page 949: Igmp Snooping Querier Configuration
Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):100. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 1 port. GE1/0/2 (D) ( 00:01:23 ) IP group(s):the following ip group(s) match to one mac group.
Page 950 Network diagram Figure 1-5 Network diagram for IGMP Snooping querier configuration Source 1 Source 2 192.168.1.10/24 192.168.1.20/24 Receiver Receiver GE1/0/2 GE1/0/2 GE1/0/1 GE1/0/3 GE1/0/3 GE1/0/1 Host A Host B GE1/0/4 Switch A Switch B Querier Receiver Receiver GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/3 GE1/0/1 Host D...
Page 951: Troubleshooting Igmp Snooping Configuration
[SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4 # Enable IGMP Snooping and the function of dropping unknown multicast traffic in VLAN 100. [SwitchB-vlan100] igmp-snooping enable [SwitchB-vlan100] igmp-snooping drop-unknown [SwitchB-vlan100] quit Configurations on Switch C and Switch D are similar to the configuration on Switch B. Verify the configuration After the IGMP Snooping querier starts to work, all the switches but the querier can receive IGMP general queries.
Page 952: Configured Multicast Group Policy Fails To Take Effect
Configured Multicast Group Policy Fails to Take Effect Symptom Although a multicast group policy has been configured to allow hosts to join specific multicast groups, the hosts can still receive multicast data addressed to other multicast groups. Analysis The ACL rule is incorrectly configured. The multicast group policy is not correctly applied.
Page 953 Table of Contents 1 Multicast VLAN Configuration··················································································································1-1 Introduction to Multicast VLAN················································································································1-1 Multicast VLAN Configuration Task List··································································································1-3 Configuring Sub-VLAN-Based Multicast VLAN ······················································································1-3 Configuration Prerequisites ·············································································································1-3 Configuring Sub-VLAN-Based Multicast VLAN···············································································1-3 Configuring Port-Based Multicast VLAN ·································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring User Port Attributes······································································································1-4 Configuring Multicast VLAN Ports ···································································································1-5 Displaying and Maintaining Multicast VLAN ···························································································1-6 Multicast VLAN Configuration Examples ································································································1-6...
Page 954: Multicast Vlan Configuration
Multicast VLAN Configuration When configuring multicast VLAN, go to these sections for information you are interested in: Introduction to Multicast VLAN Multicast VLAN Configuration Task List Configuring Sub-VLAN-Based Multicast VLAN Configuring Port-Based Multicast VLAN Displaying and Maintaining Multicast VLAN Multicast VLAN Configuration Examples Introduction to Multicast VLAN As shown in Figure...
Page 955 Figure 1-2 Sub-VLAN-based multicast VLAN Multicast packets VLAN 10 (Multicast VLAN) VLAN 2 VLAN 2 Receiver VLAN 3 Host A VLAN 4 VLAN 3 Receiver Host B Router A Switch A Source IGMP querier VLAN 4 Receiver Host C After the configuration, IGMP Snooping manages router ports in the multicast VLAN and member ports in the sub-VLANs.
Page 956: Multicast Vlan Configuration Task List
For information about IGMP Snooping, router ports, and member ports, refer to IGMP Snooping Configuration in the IP Multicast Volume. For information about VLAN tags, refer to VLAN Configuration in the Access Volume. Multicast VLAN Configuration Task List Complete the following tasks to configure multicast VLAN: Task Remarks Configuring Sub-VLAN-Based Multicast VLAN...
Page 957: Configuring Port-Based Multicast Vlan
You cannot configure multicast VLAN on a device with IP multicast routing enabled. The VLAN to be configured as a multicast VLAN must exist. The VLANs to be configured as sub-VLANs of the multicast VLAN must exist and must not be sub-VLANs of another multicast VLAN.
Page 958: Configuring Multicast Vlan Ports
Follow these steps to configure user port attributes: To do... Use the command... Remarks Enter system view — system-view interface interface-type interface-number Required Enter port view or port group port-group { manual view Use either command port-group-name | aggregation agg-id } Required Configure the user port link port link-type hybrid...
Page 959: Displaying And Maintaining Multicast Vlan
To do… Use this command… Remarks Enter system view — system-view Required Configure the specified VLAN as a multicast VLAN and enter Not a multicast VLAN by multicast-vlan vlan-id multicast VLAN view default. Return to system view — quit interface interface-type Required interface-number Enter port view or port group...
Page 960 Network diagram Figure 1-4 Network diagram for sub-VLAN-based multicast VLAN configuration Source IGMP querier Router A GE1/0/1 1.1.1.2/24 GE1/0/2 1.1.1.1/24 10.110.1.1/24 GE1/0/1 Switch A GE1/0/2 GE1/0/4 GE1/0/3 Receiver Receiver Receiver Host A Host B Host C VLAN 2 VLAN 3 VLAN 4 Configuration procedure Configure IP addresses...
Page 961 # Create VLAN 10, assign GigabitEthernet 1/0/1 to this VLAN and enable IGMP Snooping in the VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] igmp-snooping enable [SwitchA-vlan10] quit # Configure VLAN 10 as a multicast VLAN and configure VLAN 2 through VLAN 4 as its sub-VLANs. [SwitchA] multicast-vlan 10 [SwitchA-mvlan-10] subvlan 2 to 4 [SwitchA-mvlan-10] quit...
Page 962: Port-Based Multicast Vlan Configuration
Router port(s):total 0 port. IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Host port(s):total 1 port. GE1/0/3 MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port. GE1/0/3 Vlan(id):4. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s).
Page 963 IGMPv2 is required on Router A. IGMPv2 Snooping is required on Switch A. Router A acts as the IGMP querier. Switch A’s GigabitEthernet 1/0/1 belongs to VLAN 10, GigabitEthernet 1/0/2 through GigabitEthernet 1/0/4 belong to VLAN 2 through VLAN 4 respectively, and Host A through Host C are attached to GigabitEthernet 1/0/2 through GigabitEthernet1/0/4 of Switch A respectively.
Page 964 # Enable IGMP Snooping globally. <SwitchA> system-view [SwitchA] igmp-snooping [SwitchA-igmp-snooping] quit # Create VLAN 10, assign GigabitEthernet 1/0/1 to VLAN 10, and enable IGMP Snooping in this VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] igmp-snooping enable [SwitchA-vlan10] quit # Create VLAN 2 and enable IGMP Snooping in the VLAN.
Page 965 # View the IGMP Snooping multicast group information on Switch A. [SwitchA] display igmp-snooping group Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):10.
Page 966 Table of Contents 1 IPv6 Multicast Routing and Forwarding Configuration ·········································································1-1 IPv6 Multicast Routing and Forwarding Overview ··················································································1-1 Introduction to IPv6 Multicast Routing and Forwarding···································································1-1 RPF Check Mechanism···················································································································1-1 Configuration Task List ···························································································································1-4 Enabling IPv6 Multicast Routing ·············································································································1-4 Configuring IPv6 Multicast Routing and Forwarding···············································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring an IPv6 Multicast Routing Policy··················································································1-4 Configuring an IPv6 Multicast Forwarding Range···········································································1-5...
Page 967: Ipv6 Multicast Routing And Forwarding Overview
IPv6 Multicast Routing and Forwarding Configuration When configuring IPv6 multicast routing and forwarding, go to the following sections for information you are interested in: IPv6 Multicast Routing and Forwarding Overview Configuration Task List Displaying and Maintaining IPv6 Multicast Routing and Forwarding Troubleshooting IPv6 Multicast Policy Configuration The term “router”...
Page 968 IPv6 multicast data delivery along the correct path. In addition, the RPF check mechanism also helps avoid data loops caused by various reasons. RPF Check process The basis for an RPF check is an IPv6 unicast route or an IPv6 MBGP route. An IPv6 unicast routing table contains the shortest path to each destination subnet;...
Page 969 Implementation of the RPF check in IPv6 multicast Implementing an RPF check on each received IPv6 multicast data packet would bring a big burden to the router. The use of an IPv6 multicast forwarding table is the solution to this issue. When creating an IPv6 multicast routing entry and an IPv6 multicast forwarding entry for an IPv6 multicast packet, the router sets the RPF interface of the packet as the incoming interface of the (S, G) entry.
Page 970: Configuration Task List
When an IPv6 multicast packet arrives on Vlan-interface 10 of Router C, as the interface is not the incoming interface of the (S, G) entry, the router performs an RPF check on the packet: The router searches its IPv6 unicast routing table and finds that the outgoing interface to Source (the RPF interface) is Vlan-interface 20.
Page 971: Configuring An Ipv6 Multicast Forwarding Range
Setting the minimum hop limit value required for an IPv6 multicast packet to be forwarded. Setting the minimum hop limit value is not supported on 3Com Switch 4800G. You can configure the forwarding boundary for a specific IPv6 multicast group on all interfaces that support IPv6 multicast forwarding.
Page 972: Displaying And Maintaining Ipv6 Multicast Routing And Forwarding
table based on the actual networking situation and the performance requirements. If the configured maximum number of IPv6 multicast forwarding table entries is smaller than the current value, the entries in excess will not be immediately deleted; instead they will be deleted by the IPv6 multicast routing protocol running on the router.
Page 973: Troubleshooting Ipv6 Multicast Policy Configuration
To do... Use the command... Remarks Display the RPF route information of Available in display multicast ipv6 rpf-info the specified IPv6 multicast source ipv6-source-address [ ipv6-group-address ] any view reset multicast ipv6 forwarding-table { { ipv6-source-address [ prefix-length ] | Clear forwarding entries from the Available in ipv6-group-address [ prefix-length ] |...
Page 974 command so that the source address of the IPv6 multicast packets and the IPv6 multicast group address can both match the IPv6 ACL rule. Check the configuration of the multicast filter. Use the display current-configuration command to view the configuration of the IPv6 multicast filter, and change the IPv6 ACL rule used in the source-policy command so that the source address of the IPv6 multicast packets and the IPv6 multicast group address can both match the IPv6 ACL rule.
Page 975 Table of Contents 1 MLD Configuration ····································································································································1-1 MLD Overview·········································································································································1-1 MLD Versions ··································································································································1-1 How MLDv1 Works··························································································································1-2 How MLDv2 Works··························································································································1-3 MLD Message Types·······················································································································1-4 MLD SSM Mapping ·························································································································1-7 MLD Proxying ··································································································································1-8 Protocols and Standards ·················································································································1-9 Configuration Task List ···························································································································1-9 Configuring Basic Functions of MLD·····································································································1-10 Configuration Prerequisites ···········································································································1-10 Enabling MLD ································································································································1-10 Configuring the MLD Version ········································································································1-10...
Page 976: Mld Configuration
MLD Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the MLD protocol. When configuring MLD, go to the following sections for information you are interested in: MLD Overview Configuration Task List Displaying and Maintaining MLD Configuration MLD Configuration Examples...
Page 977: How Mldv1 Works
For more information about the ASM and SSM models, see Multicast Overview in the IP Multicast Volume. How MLDv1 Works MLDv1 implements IPv6 multicast listener management based on the query/response mechanism. MLD querier election Of multiple IPv6 multicast routers on the same subnet, all the routers can hear MLD listener report messages (often referred to as reports) from hosts, but only one router is needed for sending MLD query messages (often referred to as queries).
Page 978: How Mldv2 Works
Figure 1-1. The following describes how the hosts join the IPv6 multicast groups and the MLD querier (Router B in the figure) maintains the IPv6 multicast group memberships: The hosts send unsolicited MLD reports to the addresses of the IPv6 multicast groups that they want to join, without having to wait for the MLD queries from the MLD querier.
Page 979: Mld Message Types
If it expects IPv6 multicast data from specific IPv6 multicast sources like S1, S2, …, it sends a report with the Filter-Mode denoted as “Include Sources (S1, S2, …). If it does not expect IPv6 multicast data from specific IPv6 multicast sources like S1, S2, …, it sends a report with the Filter-Mode denoted as “Exclude Sources (S1, S2, …).
Page 980 MLD query message An MLD querier learns the multicast listening state of neighbor interfaces by sending MLD query messages. Figure 1-3 shows the format of an MLD query message. The dark blue area in the figure shows the format of an MLDv1 message. Figure 1-3 Format of MLDv2 query message Type = 130 Code...
Page 981 Field Description QQIC Querier’s Query Interval Code This field is set to 0 in a general query message or a multicast-address-specific query message. Number of Sources This field represents the number of source addresses in a multicast-address-and-source-specific query message IPv6 multicast source address in a multicast-address-specific Source Address( i ) query message (i = 1, 2, .., n, where n represents the number of multicast source addresses.)
Page 982: Mld Ssm Mapping
Field Description This field represents information of each IPv6 multicast address the host listens to on the interface from which the report message is sent, including record type, IPv6 Multicast Address Record(i) multicast address, and IPv6 multicast source address on the sender (i= 1, 2, ...
Page 983: Mld Proxying
INCLUDE, (S1, S2...)) information based on the configured MLD SSM mappings and provides SSM service accordingly. The MLD SSM mapping feature does not process MLDv2 reports. For more information about the IPv6 SSM group range, refer to IPv6 PIM Configuration in the IP Multicast Volume.
Page 984: Protocols And Standards
multicast address, filter mode, and source list. Such an entry is a collection of members in the same multicast group on each downstream interface. A proxy device performs host functions on the upstream interface based on the database. It responds to the queries according to the information in the database or sends join/leave messages when the database changes.
Page 985: Configuring Basic Functions Of Mld
Configuring Basic Functions of MLD Configuration Prerequisites Before configuring the basic functions of MLD, complete the following tasks: Configure any IPv6 unicast routing protocol so that all devices in the domain can be interoperable at the network layer. Configure IPv6 PIM-DM or IPv6 PIM-SM. In addition, prepare the following data: MLD version IPv6 multicast group address and IPv6 multicast source address for static group member...
Page 986: Configuring Static Joining
Configuring an MLD version globally Follow these steps to configure an MLD version globally: To do… Use the command… Remarks Enter system view — system-view Enter MLD view — Optional Configure an MLD version version version-number globally MLDv1 by default Configuring an MLD version on an interface Follow these steps to configure an MLD version on an interface: To do…...
Page 987: Configuring An Ipv6 Multicast Group Filter
Before you can configure an interface of an IPv6 PIM-SM device as a static member of an IPv6 multicast group or an IPv6 multicast source and group, if the interface is IPv6 PIM-SM enabled, it must be an IPv6 PIM-SM DR; if this interface is MLD enabled but not IPv6 PIM-SM enabled, it must be an MLD querier.
Page 988: Adjusting Mld Performance
This configuration takes effect for dynamically joined IPv6 multicast groups but not the statically configured multicast groups. Adjusting MLD Performance For the configuration tasks described in this section, Configurations performed in MLD view are globally effective, while configurations performed in interface view are effective on the current interface only.
Page 989: Configuring Mld Query And Response Parameters
By default, in consideration of compatibility, the device does not check the Router-Alert option, that is, it processes all received MLD messages. In this case, the device passes MLD messages to the upper layer protocol for processing, no matter whether the MLD messages carry the Router-Alert option or not.
Page 990 “robustness variable minus 1” packet losses on a network. Therefore, a greater value of the robustness variable makes the MLD querier “more robust”, but results in a longer IPv6 multicast group timeout time. Upon receiving an MLD query (general query or multicast-address-specific query) message, a host starts a timer for each IPv6 multicast group it has joined.
Page 991 Configuring MLD query and response parameters on an interface Follow these steps to configure MLD query and response parameters on an interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Configure the startup query mld startup-query-interval...
Page 992: Configuring Mld Fast Leave Processing
Make sure that the other querier present interval is greater than the MLD query interval; otherwise the MLD querier may frequently change. Make sure that the MLD query interval is greater than the maximum response delay for MLD general queries; otherwise, multicast group members may be wrongly removed. Configuring MLD Fast Leave Processing MLD fast leave processing is implemented by MLD Snooping.
Page 993: Configuring Mld Ssm Mappings
If MLDv2 is enabled on a VLAN interface of a 3Com Switch 4800G, and if a port in that VLAN is configured as a simulated host, the simulated host will send MLDv2 reports even if you did not specify an IPv6 multicast source when configuring simulated joining with the mld-snooping host-join command.
Page 994: Configuring Ipv6 Multicast Forwarding On A Downstream Interface
Each device can have only one interface serving as the MLD proxy interface. You cannot enable MLD on interfaces with MLD proxying enabled. Moreover, only the mld require-router-alert, mld send-router-alert, and mld version commands can take effect on such interfaces. You cannot enable other IPv6 multicast routing protocols (such as IPv6 PIM-DM or IPv6-SM) on interfaces with MLD proxying enabled, or vice versa.
Page 995 To do… Use the command… Remarks View MLD configuration and running information on the display mld interface [ interface-type Available specified interface or all interface-number ] [ verbose ] in any view MLD-enabled interfaces View the information of the display mld proxying group [ group-address ] Available MLD proxying groups [ verbose ]...
Page 996: Mld Configuration Examples
MLD Configuration Examples Basic MLD Functions Configuration Example Network requirements Receivers receive VOD information in the multicast mode. Receivers of different organizations form stub networks N1 and N2, and Host A and Host C are multicast receivers in N1 and N2 respectively.
Page 997 # Enable IPv6 multicast routing on Switch A, enable IPv6 PIM-DM on each interface, and enable MLD on VLAN-interface 100. <SwitchA> system-view [SwitchA] multicast ipv6 routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] mld enable [SwitchA-Vlan-interface100] pim ipv6 dm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim ipv6 dm [SwitchA-Vlan-interface101] quit # Enable IPv6 multicast routing on Switch B, enable IPv6 PIM-DM on each interface, and enable MLD...
Page 998: Mld Ssm Mapping Configuration Example
MLD SSM Mapping Configuration Example Network requirements The IPv6 PIM-SM domain applies both the ASM model and SSM model for IPv6 multicast delivery. Switch D’s VLAN-interface 104 serves as the C-BSR and C-RP. The SSM group range is FF3E::/64. MLDv2 runs on Switch D’s VLAN-interface 400. The receiver host runs MLDv1, and does not support MLDv2.
Page 999 # Enable IPv6 multicast routing on Switch D, enable IPv6 PIM-SM on each interface, and enable MLD (version 2) and MLD SSM mapping on VLAN-interface 400. <SwitchD> system-view [SwitchD] multicast ipv6 routing-enable [SwitchD] interface vlan-interface 400 [SwitchD-Vlan-interface400] mld enable [SwitchD-Vlan-interface400] mld version 2 [SwitchD-Vlan-interface400] mld ssm-mapping enable [SwitchD-Vlan-interface400] pim ipv6 sm [SwitchD-Vlan-interface400] quit...
Page 1000 # Configure MLD SSM mappings on Switch D. [SwitchD] mld [SwitchD-mld] ssm-mapping ff3e::101 128 1001::1 [SwitchD-mld] ssm-mapping ff3e::101 128 3001::1 [SwitchD-mld] quit Verify the configuration Use the display mld ssm-mapping command to view MLD SSM mappings on the switch. # View the MLD SSM mapping information for IPv6 multicast group FF3E::101 on Switch D. [SwitchD] display mld ssm-mapping ff3e::101 Group: FF3E::101 Source list:...

This manual is also suitable for:

4800g 24-port 4800g 48-port 4800g pwr 24-port 4800g pwr 48-port 4800g pwr

HP 4800G Series Configuration Manual

Table of Contents

1 Product Features

2 Features

Ethernet Interface Configuration

Link Aggregation Configuration

Port Isolation Configuration

Service Loopback Group Configuration

Mstp Configuration

Lldp Configuration

Table of Contents

1 VLAN Configuration

2 Isolate-User-VLAN Configuration

3 Voice VLAN Configuration

Gvrp Configuration

Qinq Configuration

Configuration Steps Are Omitted Here.

VLAN Mapping Configuration

Port Mirroring Configuration

IP Addressing Configuration

Arp Configuration/Proxy Arp Configuration

1 ARP Configuration

2 Proxy ARP Configuration

Dhcp Overview/Dhcp Server Configuration

1 DHCP Overview

2 DHCP Server Configuration

3 DHCP Relay Agent Configuration

4 DHCP Client Configuration

5 DHCP Snooping Configuration

6 BOOTP Client Configuration

Quick Links

Configuration Guide

Chapters

Troubleshooting

Related Manuals for HP 4800G Series

Summary of Contents for HP 4800G Series