About This Manual Organization 3Com Switch 4800G Family Configuration Guide is organized as follows: Volume Features 00-Product Product Overview Acronyms Overview Service Loopback Ethernet Interface Link Aggregation Port Isolation Group 01-Access Volume MSTP LLDP VLAN GVRP QinQ BPDU Tunneling VLAN Mapping...
Page 4
Volume Features Basic System Device File System Login Configuration Management Management MAC Address HTTP SNMP RMON Table Management System 08-System Information Maintaining and Hotfix Volume Center Debugging Cluster Management Automatic Configuration Conventions The manual uses the following conventions: Command conventions Convention Description The keywords of a command line are in Boldface.
Means reader be careful. Improper operation may cause data loss or damage to equipment. Means a complementary description. Related Documentation In addition to this manual, each 3com Switch 4800G documentation set includes the following: Manual Description 3Com Switch 4800G Family Command...
(MANs). They can also be used for connecting server groups in data centers. The 3Com Switches 4800G support the innovative Intelligent Resilient Framework (IRF) technology. With IRF, multiple 4800G switches can be interconnected as a logical entity to form a new intelligent network featuring high availability, scalability, and manageability.
Page 8
Volume Features 802.1X HABP Authentication Portal Port Security IP Source Guard SSH2.0 06-Security Volume Public Key ARP Attack URPF Protection VRRP Smart Link Monitor Link RRPP 07-High Connectivity Fault Availability DLDP Ethernet OAM Detection Volume Track GR Overview Basic System Device File System Login...
Features The following sections provide an overview of the main features of each module supported by the Switch 4800G. Access Volume Table 2-1 Features in Access volume Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface...
Page 10
Features Description LLDP enables a device to maintain and manage its own and its immediate neighbor’s device information, based on which the network management system detects and determines the conditions of the communications links. This document describes: LLDP Introduction to LLDP Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping...
IP Services Volume Table 2-2 Features in the IP Services volume Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration Address Resolution Protocol (ARP) is used to resolve an IP address into a data link layer address.
Features Description A network node that supports both IPv4 and IPv6 is called a dual stack node. A dual stack node configured with an IPv4 address and an IPv6 address can have both IPv4 and IPv6 packets transmitted. This document Dual Stack describes: Dual stack overview...
Page 13
Features Description Intermediate System-to-Intermediate System (IS-IS) is a link state protocol, which uses the shortest path first (SPF) algorithm. This document describes: Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control IS-IS Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes...
IP address. Policy Routing The Switch 4800G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.
Page 15
Features Description Multicast source discovery protocol (MSDP) describes interconnection mechanism of multiple PIM-SM domains. It is used is to discover multicast source information in other PIM-SM domains. This document describes: MSDP MSDP configuration Configuring an MSDP Peer Connection Configuring SA Messages Related Parameters As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications.
QoS Volume Table 2-5 Features in the QoS ACL volume Features Description This document describes: QoS overview Traffic classification configuration Traffic policing Configuration Traffic shaping Configuration Line rate configuration QoS policy configuration Congestion management Congestion avoidance configuration Priority mapping configuration Traffic mirroring configuration User profile provides a configuration template to save predefined configurations.
Page 17
Features Description Portal authentication, as its name implies, helps control access to the Internet. This document describes: Portal Portal overview Portal configuration Port security is a MAC address-based security mechanism for network access controlling. It is an extension to the existing 802.1X authentication and MAC authentication.
Features Description Unicast Reverse Path Forwarding (URPF) protects a network against source address spoofing attacks. This document describes: URPF URPF Overview URPF configuration High Availability Volume Table 2-7 Features in the High Availability volume Features Description Virtual Router Redundancy Protocol (VRRP) combines a group of switches (including a master and multiple backups) on a LAN into a virtual router called VRRP group.
Features Description Ethernet OAM is a tool monitoring Layer-2 link status. It helps network administrators manage their networks effectively. This document describes: Ethernet OAM Ethernet OAM overview Configuring Basic Ethernet OAM Functions Configuring Link Monitoring Enabling OAM Loopback Testing Connectivity fault detection is an end-to-end, per-VLAN link-layer OAM mechanism for link connectivity detection, fault verification, and fault location.
Page 20
Features Description Basic system configuration involves the configuration of device name, system clock, welcome message, user privilege levels and so on. This document describes: Basic System Configuration Configuration display Basic configurations CLI features Through the device management function, you can view the current condition of your device and configure running parameters.
Page 21
Features Description For the majority of protocols and features supported, the system provides corresponding debugging information to help users diagnose errors. This System Maintenance document describes: and Debugging Maintenance and debugging overview Maintenance and debugging configuration As the system information hub, Information Center classifies and manages all types of system information.
Page 22
Features Description Network Time Protocol (NTP) is the TCP/IP that advertises the accurate time throughout the network. This document describes: NTP overview Configuring the Operation Modes of NTP Configuring Optional Parameters of NTP Configuring Access-Control Rights Configuring NTP Authentication A cluster is a group of network devices. Cluster management is to implement management of large numbers of distributed network devices.
Page 23
Appendix A Acronyms # A B C D E F G H I K L M N O P Q R S T U V W X Z Acronyms Full spelling Return 10GE Ten-GigabitEthernet Return Authentication, Authorization and Accounting Activity Based Costing Area Border Router Alternating Current ACKnowledgement...
Page 24
Acronyms Full spelling Border Gateway Protocol BIMS Branch Intelligent Management System BOOTP Bootstrap Protocol BPDU Bridge Protocol Data Unit Basic Rate Interface Bootstrap Router BitTorrent Burst Tolerance Return Call Appearance Certificate Authority Committed Access Rate Committed Burst Size Class Based Queuing Constant Bit Rate Core-Based Tree International Telephone and Telegraph Consultative...
Page 25
Acronyms Full spelling Connectivity Verification Return Deeper Application Recognition Data Circuit-terminal Equipment Database Description Digital Data Network DHCP Dynamic Host Configuration Protocol Designated IS DLCI Data Link Connection Identifier DLDP Device Link Detection Protocol Domain Name System Downstream on Demand Denial of Service Designated Router DSCP...
Page 26
Acronyms Full spelling Forward Defect Indication Forwarding Equivalence Class Fast Failure Detection Forwarding Group Forwarding information base FIFO First In First Out FQDN Full Qualified Domain Name Frame Relay Fast ReRoute FRTT Fairness Round Trip Time Functional Test File Transfer Protocol Return GARP Generic Attribute Registration Protocol...
Page 27
Acronyms Full spelling International Business Machines ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol for IPv6 IDentification/IDentity IEEE Institute of Electrical and Electronics Engineers IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGMP-Snooping Internet Group Management Protocol Snooping Interior Gateway Protocol Incoming Label Map Internet Locator Service...
Page 28
Acronyms Full spelling LACP Link Aggregation Control Protocol LACPDU Link Aggregation Control Protocol Data Unit Local Area Network Link Control Protocol LDAP Lightweight Directory Access Protocol Label Distribution Protocol Label Edge Router LFIB Label Forwarding Information Base Label Information Base Link Layer Control LLDP Link Layer Discovery Protocol...
Page 29
Acronyms Full spelling Multicast Listener Discovery Protocol MLD-Snooping Multicast Listener Discovery Snooping Meet-Me Conference MODEM MOdulator-DEModulator Multilink PPP MP-BGP Multiprotocol extensions for BGP-4 Middle-level PE MP-group Multilink Point to Point Protocol group MPLS Multiprotocol Label Switching MPLSFW Multi-protocol Label Switch Forward Multicast Port Management Mobile Switching Center MSDP...
Page 30
Acronyms Full spelling Network Management Station NPDU Network Protocol Data Unit Network Provider Edge Network Quality Analyzer NSAP Network Service Access Point NetStream Collector N-SEL NSAP Selector NSSA Not-So-Stubby Area NTDP Neighbor Topology Discovery Protocol Network Time Protocol Return Operation Administration and Maintenance OAMPDU OAM Protocol Data Units OC-3...
Page 31
Acronyms Full spelling Power over Ethernet Point Of Presence Packet Over SDH Point-to-Point Protocol PPTP Point to Point Tunneling Protocol PPVPN Provider-provisioned Virtual Private Network Priority Queuing Primary Reference Clock Primary Rate Interface Protection Switching Power Sourcing Equipment PSNP Partial SNP Permanent Virtual Channel Pseudo wires Return...
Page 32
Acronyms Full spelling Resilient Packet Ring Rendezvous Point Tree RRPP Rapid Ring Protection Protocol Reservation State Block RSOH Regenerator Section Overhead RSTP Rapid Spanning Tree Protocol RSVP Resource ReserVation Protocol RTCP Real-time Transport Control Protocol Route Table Entry Real-time Transport Protocol Real-time Transport Protocol Return Source Active...
Page 33
Acronyms Full spelling Shortest Path First Shortest Path Tree Secure Shell Synchronization Status Marker Source-Specific Multicast Shared Tree STM-1 SDH Transport Module -1 STM-16 SDH Transport Module -16 STM-16c SDH Transport Module -16c STM-4c SDH Transport Module -4c Spanning Tree Protocol Signalling Virtual Connection Switch-MDT Switch-Multicast Distribution Tree...
Page 34
Acronyms Full spelling Return Variable Bit Rate Virtual Channel Identifier Virtual Ethernet Virtual File System VLAN Virtual Local Area Network Virtual Leased Lines Video On Demand VoIP Voice over IP Virtual Operate System VPDN Virtual Private Dial-up Network VPDN Virtual Private Data Network Virtual Path Identifier VPLS Virtual Private Local Switch...
Access Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The Access Volume is organized as follows: Features Description This document describes: Basic Ethernet Interface Configuration Combo Port Configuration Configuring Flow Control on an Ethernet Interface Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface Configuring Loopback Testing on an Ethernet Interface Ethernet Interface...
Page 36
Features Description To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group. Service Loopback This document describes: Group Introduction to Service Loopback Groups Configuring a Service Loopback Group MSTP is used to eliminate loops in a LAN. It is compatible with STP and RSTP.
Page 37
Features Description Port mirroring copies packets passing through a port to another port connected with a monitoring device for packet analysis to help implement network monitoring and troubleshooting. This document describes: Port Mirroring Port Mirroring overview Local port mirroring configuration Remote port mirroring configuration...
Page 38
Table of Contents 1 Ethernet Interface Configuration ·············································································································1-1 Ethernet Interface Configuration ·············································································································1-1 Combo Port Configuration ···············································································································1-1 Basic Ethernet Interface Configuration····························································································1-1 Configuring an Auto-negotiation Transmission Rate·······································································1-2 Configuring Flow Control on an Ethernet Interface ·········································································1-3 Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface ········1-4 Configuring Loopback Testing on an Ethernet Interface·································································1-4 Configuring a Port Group·················································································································1-5 Configuring Storm Suppression ······································································································1-5...
Ethernet Interface Configuration Ethernet Interface Configuration Combo Port Configuration Introduction to Combo port A Combo port can operate as either an optical port or an electrical port. Inside the device there is only one forwarding interface. For a Combo port, the electrical port and the corresponding optical port are TX-SFP multiplexed.
Auto-negotiation mode (auto). Interfaces operating in this mode determine their duplex mode through auto-negotiation. Similarly, if you configure the transmission rate for an Ethernet interface by using the speed command with the auto keyword specified, the transmission rate is determined through auto-negotiation too. For a Gigabit Ethernet interface, you can specify the transmission rate by its auto-negotiation capacity.
Figure 1-1 An application diagram of auto-negotiation transmission rate As shown in Figure 1-1, the network card transmission rate of the server group (Server 1, Server 2, and Server 3) is 1000 Mbps, and the transmission rate of GigabitEthernet 1/0/4, which provides access to the external network for the server group, is 1000 Mbps too.
Follow these steps to enable flow control on an Ethernet interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter Ethernet interface view — interface-number Required Enable flow control flow-control Disabled by default Configuring the Suppression Time of Physical-Link-State Change on an Ethernet Interface An Ethernet interface operates in one of the two physical link states: up or down.
To do… Use the command… Remarks Optional Enable loopback testing loopback { external | internal } Disabled by default. As for the internal loopback test and external loopback test, if an interface is down, only the former is available on it; if the interface is shut down, both are unavailable. The speed, duplex, mdi, and shutdown commands are not applicable during loopback testing.
The storm suppression ratio settings configured for an Ethernet interface may get invalid if you enable the storm constrain for the interface. For information about the storm constrain function, see Configuring the Storm Constrain Function on an Ethernet Interface. Follow these steps to set storm suppression ratios for one or multiple Ethernet interfaces: To do…...
To do… Use the command… Remarks Optional Set the interval for collecting By default, the interval for flow-interval interval statistics on the Ethernet port collecting port statistics is 300 seconds. Enabling Forwarding of Jumbo Frames Due to tremendous amount of traffic occurring on an Ethernet interface, it is likely that some frames greater than the standard Ethernet frame size are received.
To do… Use the command… Remarks Enter system view — system-view Required Enable global loopback loopback-detection enable detection Disabled by default Optional Configure the interval for port loopback-detection loopback detection 30 seconds by default interval-time time interface interface-type Enter Ethernet interface view —...
signals; pin 3 and pin 6 are used for transmitting signals. To enable normal communication, you should connect the local transmit pins to the remote receive pins. Therefore, you should configure the MDI mode depending on the cable types. Normally, the auto mode is recommended. The other two modes are useful only when the device cannot determine the cable type.
Page 48
periodically and takes corresponding actions (that is, blocking or shutting down the interface and sending trap messages and logs) when the traffic detected exceeds the threshold. Alternatively, you can configure the storm suppression function to control a specific type of traffic. As the function and the storm constrain function are mutually exclusive, do not enable them at the same time on an Ethernet interface.
To do… Use the command… Remarks Optional Specify to send log when the By default, the system sends traffic detected exceeds the log when the traffic detected upper threshold or drops down exceeds the upper threshold or storm-constrain enable log below the lower threshold from drops down below the lower a point higher than the upper...
Page 50
To do… Use the command… Remarks Display the information about a display port-group manual manual port group or all the Available in any view [ all | name port-group-name ] port groups Display the information about Available in any view display loopback-detection the loopback function display storm-constrain...
Page 51
Table of Contents 1 Link Aggregation Configuration ··············································································································1-1 Overview ·················································································································································1-1 Basic Concepts of Link Aggregation ·······························································································1-1 Link Aggregation Modes··················································································································1-3 Load Sharing Mode of an Aggregation Group ················································································1-5 Link Aggregation Configuration Task List ·······························································································1-5 Configuring an Aggregation Group ·········································································································1-6 Configuring a Static Aggregation Group··························································································1-6 Configuring a Dynamic Aggregation Group·····················································································1-7 Configuring an Aggregate Interface ········································································································1-8 Configuring the Description of an Aggregate Interface ···································································1-8...
Link Aggregation Configuration When configuring link aggregation, go to these sections for information you are interested in: Overview Link Aggregation Configuration Task List Configuring an Aggregation Group Configuring an Aggregate Interface Configuring a Load Sharing Mode for Load-Sharing Link Aggregation Groups Displaying and Maintaining Link Aggregation Link Aggregation Configuration Examples Overview...
Page 53
Selected: a selected port can forward user traffic. Unselected: an unselected port cannot forward user traffic. The rate of an aggregate interface is the sum of the selected member ports’ rates. The duplex mode of an aggregate interface is consistent with that of the selected member ports. Note that all selected member ports use the same duplex mode.
Some configurations are called class-one configurations. Such configurations, for example, GVRP and MSTP, can be configured on aggregate interfaces and member ports but are not considered during operational key calculation. The change of a class-two configuration setting may affect the select state of link aggregation member ports and thus the ongoing service.
Page 55
A port that joins the aggregation group after the limit on the number of selected ports has been reached will not be placed in the selected state even if it should be in normal cases. This can prevent the ongoing traffic on the current selected ports from being interrupted.
Load Sharing Mode of an Aggregation Group The link aggregation groups created on the 3Com Switch 4800G always operates in load sharing mode, even when they contain only one member port. Link Aggregation Configuration Task List...
Configuring an Aggregation Group The following ports cannot be assigned to an aggregation group: Stack ports, RRPP-enabled ports, MAC address authentication-enabled ports, port security-enabled ports, IP source guard-enabled ports, and 802.1x-enabled ports. You are recommended not to assign reflector ports of port mirroring to an aggregation group. For details about reflector ports, refer to Port Mirroring Configuration in the Access Volume.
Configuring a Dynamic Aggregation Group Follow these steps to configure a Layer 2 dynamic aggregation group: To do... Use the command... Remarks Enter system view — system-view Optional By default, the system LACP priority is 32768. Set the system LACP lacp system-priority Changing the system LACP priority priority...
Removing a dynamic aggregate interface also removes the corresponding aggregation group. At the same time, the member ports of the aggregation group, if any, leave the aggregation group. To guarantee a successful dynamic aggregation, ensure that the peer ports of the ports aggregated at one end are also aggregated.
Follow these steps to enable linkUp/linkDown trap generation for an aggregate interface: To do... Use the command... Remarks Enter system view — system-view Optional snmp-agent trap enable Enable the trap function By default, linkUp/linkDown [ standard [ linkdown | linkup ] globally trap generation is enabled globally and on all interfaces.
sharing mode. You can change the load sharing mode of a link aggregation group for different types of traffic as needed. Follow these steps to configure load sharing mode for link aggregation groups: To do... Use the command... Remarks Enter system view —...
Link Aggregation Configuration Examples In an aggregation group, the port to be a selected port must be the same as the reference port in port attributes, and class-two configurations. To keep these configurations consistent, you should configure the port manually. Reference port: Select a port as the reference port from the ports that are in up state and with the same class-two configurations as the corresponding aggregate interface.
[DeviceA-Bridge-Aggregation1] quit # Assign Layer 2 Ethernet interfaces GigabitEthernet1/0/1 through GigabitEthernet1/0/3 to aggregation group 1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B.
Page 64
# Assign Layer 2 Ethernet interfaces GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to aggregation group 1. [DeviceA] interface GigabitEthernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceA- GigabitEthernet1/0/1] quit [DeviceA] interface GigabitEthernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 1 [DeviceA-GigabitEthernet1/0/2] quit [DeviceA] interface GigabitEthernet 1/0/3 [DeviceA-GigabitEthernet1/0/3] port link-aggregation group 1 Configure Device B Follow the same configuration procedure performed on Device A to configure Device B.
Page 65
Table of Contents 1 Port Isolation Configuration ·····················································································································1-1 Introduction to Port Isolation ···················································································································1-1 Configuring the Isolation Group ··············································································································1-1 Assigning a Port to the Isolation Group···························································································1-1 Displaying and Maintaining Isolation Groups··························································································1-2 Port Isolation Configuration Example······································································································1-2...
VLAN, allowing for great flexibility and security. Currently: 3Com Switch 4800G support only one isolation group that is created automatically by the system as isolation group 1. You can neither remove the isolation group nor create other isolation groups on such devices.
Displaying and Maintaining Isolation Groups To do… Use the command… Remarks Display the isolation group Available in any view display port-isolate group information Port Isolation Configuration Example Network requirements Users Host A, Host B, and Host C are connected to GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 of Device.
Page 68
Uplink port support: NO Group ID: 1 Group members: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3...
Page 69
Table of Contents 1 Service Loopback Group Configuration ·································································································1-1 Overview ·················································································································································1-1 Functions of Service Loopback Groups ··························································································1-1 Port Configuration Prerequisites of Service Loopback Groups·······················································1-1 States of the Ports in a Service Loopback Group ···········································································1-2 Configuring a Service Loopback Group ··································································································1-2 Displaying and Maintaining Service Loopback Groups ··········································································1-3 Configuration Example····························································································································1-3...
Displaying and Maintaining Service Loopback Groups Configuration Example Overview The SFP+ subcards and GE subcards of the 3Com Switch 4800G do not support service loopback groups. Functions of Service Loopback Groups To increase service redirecting throughput, you can bundle multiple service loopback ports into a logical link, called a service loopback group.
The port is not configured with MSTP, 802.1x, MAC address authentication, port security mode, or IP source guard. Additionally, the member port of a service loopback group cannot be configured with any of the above-mentioned configurations. The port belongs to VLAN 1. The port is not a member of any aggregation group or service loopback group.
You can change the service type of an existing service loopback group. For the change to be successful, you must ensure that the service group has not been referenced; the attributes of all member ports (if any) are not conflicting with the target service type; and no service loopback group has been created for the target service type, because only one service loopback group is allowed for a service type.
Page 73
Table of Contents 1 MSTP Configuration ··································································································································1-1 Overview ·················································································································································1-1 Introduction to STP ·································································································································1-1 Why STP ·········································································································································1-1 Protocol Packets of STP··················································································································1-1 Basic Concepts in STP····················································································································1-2 How STP works ·······························································································································1-3 Introduction to RSTP·······························································································································1-9 Introduction to MSTP ····························································································································1-10 Why MSTP ····································································································································1-10 Basic Concepts in MSTP···············································································································1-11 How MSTP Works ·························································································································1-14 Implementation of MSTP on Devices ····························································································1-15 Protocols and Standards ···············································································································1-15...
MSTP Configuration When configuring MSTP, go to these sections for information you are interested in: Overview Introduction to STP Introduction to RSTP Introduction to MSTP MSTP Configuration Task List Configuring MSTP Displaying and Maintaining MSTP MSTP Configuration Example Overview As a Layer 2 management protocol, the Spanning Tree Protocol (STP) eliminates Layer 2 loops by selectively blocking redundant links in a network, and in the mean time, allows for link redundancy.
Topology change notification (TCN) BPDUs, used for notifying the concerned devices of network topology changes, if any. Basic Concepts in STP Root bridge A tree network must have a root; hence the concept of root bridge was introduced in STP. There is one and only one root bridge in the entire network, and the root bridge can change along with changes of the network topology.
Figure 1-1 A schematic diagram of designated bridges and designated ports All the ports on the root bridge are designated ports. Path cost Path cost is a reference value used for link selection in STP. By calculating path costs, STP selects relatively robust links and blocks redundant links, and finally prunes the network into a loop-free tree.
Page 77
For simplicity, the descriptions and examples below involve only four fields of configuration BPDUs: Root bridge ID (represented by device priority) Root path cost (related to the rate of the link connecting the port) Designated bridge ID (represented by device priority) Designated port ID (represented by port name) Calculation process of the STP algorithm Initial state...
Page 78
Initially, each STP-enabled device on the network assumes itself to be the root bridge, with the root bridge ID being its own device ID. By exchanging configuration BPDUs, the devices compare their root bridge IDs to elect the device with the smallest root bridge ID as the root bridge. Selection of the root port and designated ports on a non-root device Table 1-3 describes the process of selecting the root port and designated ports.
Page 79
Figure 1-2 Network diagram for the STP algorithm Device A With priority 0 Device B With priority 1 Device C With priority 2 Initial state of each device Table 1-4 shows the initial state of each device. Table 1-4 Initial state of each device Device Port name BPDU of port...
Page 80
BPDU of port Device Comparison process after comparison Port BP1 receives the configuration BPDU of Device A {0, 0, 0, AP1}. Device B finds that the received configuration BPDU is superior to the configuration BPDU of the local port {1, 0, 1, BP1}, and updates the configuration BPDU of BP1.
Page 81
BPDU of port Device Comparison process after comparison After comparison: Because the root path cost of CP2 (9) (root path cost of the BPDU (5) plus path cost corresponding to CP2 (4)) is smaller than the root path cost of CP1 (10) (root path cost of the BPDU (0) + path cost corresponding to CP2 (10)), the BPDU Blocked port CP2: of CP2 is elected as the optimum BPDU, and CP2 is elected...
If a path becomes faulty, the root port on this path will no longer receive new configuration BPDUs and the old configuration BPDUs will be discarded due to timeout. In this case, the device will generate a configuration BPDU with itself as the root and send out the BPDUs and TCN BPDUs. This triggers a new spanning tree calculation process to establish a new path to restore the network connectivity.
Introduction to MSTP Why MSTP Weaknesses of STP and RSTP STP does not support rapid state transition of ports. A newly elected root port or designated port must wait twice the forward delay time before transiting to the forwarding state, even if it is a port on a point-to-point link or an edge port, which directly connects to a user terminal rather than to another device or a shared LAN segment.
Basic Concepts in MSTP Figure 1-4 Basic concepts in MSTP Region A0 VLAN 1 mapped to instance 1 VLAN 2 mapped to instance 2 Other VLANs mapped to CIST BPDU BPDU Region D0 BPDU Region B0 VLAN 1 mapped to instance 1, VLAN 1 mapped to instance 1 B as regional root bridge VLAN 2 mapped to instance 2...
Page 85
VLAN-to-instance mapping table As an attribute of an MST region, the VLAN-to-instance mapping table describes the mapping relationships between VLANs and MSTIs. In Figure 1-4, for example, the VLAN-to-instance mapping table of region A0 is as follows: VLAN 1 is mapped to MSTI 1, VLAN 2 to MSTI 2, and the rest to CIST. MSTP achieves load balancing by means of the VLAN-to-instance mapping table.
Page 86
During MSTP calculation, a boundary port’s role on an MSTI is consistent with its role on the CIST. But that is not true with master ports. A master port on MSTIs is a root port on the CIST. Roles of ports MSTP calculation involves these port roles: root port, designated port, master port, alternate port, backup port, and so on.
Port states In MSTP, port states fall into the following three: Forwarding: the port learns MAC addresses and forwards user traffic; Learning: the port learns MAC addresses but does not forward user traffic; Discarding: the port neither learns MAC addresses nor forwards user traffic. When in different MSTIs, a port can be in different states.
Within an MST region, the packet is forwarded along the corresponding MSTI. Between two MST regions, the packet is forwarded along the CST. Implementation of MSTP on Devices MSTP is compatible with STP and RSTP. STP and RSTP protocol packets can be recognized by devices running MSTP and used for spanning tree calculation.
Page 89
Task Remarks Configuring an MST Region Required Configuring the Work Mode of an MSTP Device Optional Configuring the Timeout Factor Optional Configuring the Maximum Port Rate Optional Configuring Ports as Edge Ports Optional Configuring the Configuring Path Costs of Ports Optional leaf nodes Configuring Port Priority...
Configuring MSTP Configuring an MST Region Make the following configurations on the root bridge and on the leaf nodes separately. Follow these steps to configure an MST region: To do... Use the command... Remarks Enter system view — system-view Enter MST region view —...
Configuring the Root Bridge or a Secondary Root Bridge MSTP can determine the root bridge of a spanning tree through MSTP calculation. Alternatively, you can specify the current device as the root bridge or a secondary root bridge using the commands provided by the system.
After specifying the current device as the root bridge or a secondary root bridge, you cannot change the priority of the device. Alternatively, you can also configure the current device as the root bridge by setting the priority of the device to 0. For the device priority configuration, refer to Configuring the Priority of a Device.
After configuring a device as the root bridge or a secondary root bridge, you cannot change the priority of the device. During root bridge selection, if all devices in a spanning tree have the same priority, the one with the lowest MAC address will be selected as the root bridge of the spanning tree. Configuring the Maximum Hops of an MST Region By setting the maximum hops of an MST region, you can restrict the region size.
Based on the network diameter you configured, MSTP automatically sets an optimal hello time, forward delay, and max age for the device. The configured network diameter is effective for the CIST only, and not for MSTIs. Each MST region is considered as a device. The network diameter must be configured on the root bridge.
To do... Use the command... Remarks Optional Configure the max age timer stp timer max-age time 2,000 centiseconds (20 seconds) by default The length of the forward delay time is related to the network diameter of the switched network. Typically, the larger the network diameter is, the longer the forward delay time should be. Note that if the forward delay setting is too small, temporary redundant paths may be introduced;...
To do... Use the command... Remarks Enter system view — system-view Required Configure the timeout factor of the device stp timer-factor factor 3 by default Configuring the Maximum Port Rate The maximum rate of a port refers to the maximum number of BPDUs the port can send within each hello time.
To do... Use the command... Remarks Enter Ethernet interface interface interface-type Enter view, or Layer 2 aggregate interface-number Required interface interface view view or port Use either command. group view port-group manual Enter port group view port-group-name Required Configure the current ports as edge ports stp edged-port enable All ports are non-edge ports by default.
Page 98
Table 1-7 Link speed vs. path cost Duplex state Link speed 802.1d-1998 802.1t Private standard — 65535 200,000,000 200,000 Single Port 2,000,000 2,000 Aggregate Link 2 Ports 1,000,000 1,800 10 Mbps Aggregate Link 3 Ports 666,666 1,600 Aggregate Link 4 Ports 500,000 1,400 Single Port...
If you change the standard that the device uses in calculating the default path cost, the port path cost value set through the stp cost command will be invalid. When the path cost of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition.
When the priority of a port is changed, MSTP will re-calculate the role of the port and initiate a state transition. Generally, a lower priority value indicates a higher priority. If you configure the same priority value for all the ports on a device, the specific priority of a port depends on the index number of the port. Changing the priority of a port triggers a new spanning tree calculation process.
dot1s: 802.1s-compliant standard format, and legacy: Compatible format By default, the packet format recognition mode of a port is auto, namely the port automatically distinguishes the two MSTP packet formats, and determines the format of packets it will send based on the recognized format.
To do... Use the command... Remarks Required Enable output of port state transition stp port-log { all | This function is enabled by information instance instance-id } default. Enabling the MSTP Feature You must enable MSTP for the device before any other MSTP-related configurations can take effect. Make this configuration on the root bridge and on the leaf nodes separately.
By then, you can perform an mCheck operation to force the port to migrate to the MSTP (or RSTP) mode. You can perform mCheck on a port through the following two approaches, which lead to the same result. Performing mCheck globally Follow these steps to perform global mCheck: To do...
Page 104
Before enabling digest snooping, ensure that associated devices of different vendors are interconnected and run MSTP. Configuring the Digest Snooping feature You can enable Digest Snooping only on a device that is connected to a third-party device that uses its private key to calculate the configuration digest.
Digest Snooping configuration example Network requirements Device A and Device B connect to Device C, a third-party device, and all these devices are in the same region. Enable Digest Snooping on Device A and Device B so that the three devices can communicate with one another.
Page 106
Figure 1-7 shows the rapid state transition mechanism on MSTP designated ports. Figure 1-7 Rapid state transition of an MSTP designated port Figure 1-8 shows rapid state transition of an RSTP designated port. Figure 1-8 Rapid state transition of an RSTP designated port Downstream device Upstream device Proposal for rapid transition...
To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter interface Layer 2 aggregate interface-number Required or port group interface view Use either command. view port-group manual Enter port group view port-group-name Required Enable No Agreement Check...
Page 108
Configuration prerequisites MSTP has been correctly configured on the device. Enabling BPDU guard For access layer devices, the access ports generally connect directly with user terminals (such as PCs) or file servers. In this case, the access ports are configured as edge ports to allow rapid transition. When these ports receive configuration BPDUs, the system will automatically set these ports as non-edge ports and start a new spanning tree calculation process.
Page 109
Follow these steps to enable root guard: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet interface view, or interface interface-type Enter Layer 2 interface-number Required interface view aggregate or port group interface view Use either command. view Enter port group port-group manual...
With the TC-BPDU guard function, you can set the maximum number of immediate forwarding address entry flushes that the switch can perform within a certain period of time after receiving the first TC-BPDU. For TC-BPDUs received in excess of the limit, the switch performs forwarding address entry flush only when the time period expires.
MSTP Configuration Example Network requirements All devices on the network are in the same MST region. Device A and Device B work on the distribution layer, while Device C and Device D work on the access layer. Configure MSTP so that packets of different VLANs are forwarded along different spanning trees: Packets of VLAN 10 are forwarded along MSTI 1, those of VLAN 30 are forwarded along MSTI 3, those of VLAN 40 are forwarded along MSTI 4, and those of VLAN 20 are forwarded along MSTI 0.
Page 112
[DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Specify the current device as the root bridge of MSTI 1. [DeviceA] stp instance 1 root primary # Enable MSTP globally. [DeviceA] stp enable Configuration on Device B # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.
Page 113
Configuration on Device D. # Enter MST region view, configure the MST region name as example, map VLAN 10, VLAN 30, and VLAN 40 to MSTI 1, MSTI 3, and MSTI 4 respectively, and configure the revision level of the MST region as 0.
Page 114
GigabitEthernet1/0/3 DESI FORWARDING NONE GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE GigabitEthernet1/0/3 DESI FORWARDING NONE # Display brief spanning tree information on Device D. [DeviceD] display stp brief MSTID Port Role STP State Protection GigabitEthernet1/0/1 ROOT FORWARDING NONE GigabitEthernet1/0/2 ALTE DISCARDING NONE...
Page 115
Table of Contents 1 LLDP Configuration···································································································································1-1 Overview ·················································································································································1-1 Background ·····································································································································1-1 Basic Concepts································································································································1-1 Operating Modes of LLDP···············································································································1-5 How LLDP Works ····························································································································1-6 Protocols and Standards ·················································································································1-6 LLDP Configuration Task List ·················································································································1-6 Performing Basic LLDP Configuration ····································································································1-7 Enabling LLDP·································································································································1-7 Setting LLDP Operating Mode ········································································································1-7 Setting the LLDP Re-Initialization Delay ·························································································1-8 Enabling LLDP Polling·····················································································································1-8 Configuring the TLVs to Be Advertised ···························································································1-8...
LLDP Configuration When configuring LLDP, go to these sections for information you are interested in: Overview LLDP Configuration Task List Performing Basic LLDP Configuration Configuring CDP Compatibility Configuring LLDP Trapping Displaying and Maintaining LLDP LLDP Configuration Examples Overview Background In a heterogeneous network, it is important that different types of network devices from different vendors can discover one other and exchange configuration for interoperability and management sake.
Page 117
Figure 1-1 Ethernet II-encapsulated LLDP frame format The fields in the frame are described in Table 1-1: Table 1-1 Description of the fields in an Ethernet II-encapsulated LLDP frame Field Description The MAC address to which the LLDPDU is advertised. It is fixed to Destination MAC address 0x0180-C200-000E, a multicast MAC address.
Page 118
Field Description The MAC address of the sending port. If the port does not have a MAC Source MAC address address, the MAC address of the sending bridge is used. The SNAP type for the upper layer protocol. It is Type 0xAAAA-0300-0000-88CC for LLDP.
Page 119
VLAN Name A specific VLAN name on the port Protocol Identity Protocols supported on the port Currently, 3Com switches 4800G support receiving but not sending protocol identity TLVs. IEEE 802.3 organizationally specific TLVs Table 1-5 IEEE 802.3 organizationally specific TLVs Type...
management. In addition, LLDP-MED TLVs make deploying voice devices in Ethernet easier. LLDP-MED TLVs are shown in Table 1-6: Table 1-6 LLDP-MED TLVs Type Description Allows a MED endpoint to advertise the supported LLDP-MED LLDP-MED Capabilities TLVs and its device type. Allows a network device or MED endpoint to advertise LAN type Network Policy and VLAN ID of the specific port, and the Layer 2 and Layer 3...
How LLDP Works Transmitting LLDP frames An LLDP-enabled port operating in TxRx mode or Tx mode sends LLDP frames to its directly connected devices both periodically and when the local configuration changes. To prevent the network from being overwhelmed by LLDP frames at times of frequent local device information change, an interval is introduced between two successive LLDP frames.
LLDP-related configurations made in Ethernet interface view takes effect only on the current port, and those made in port group view takes effect on all ports in the current port group. Performing Basic LLDP Configuration Enabling LLDP To make LLDP take effect on certain ports, you need to enable LLDP both globally and on these ports. Follow these steps to enable LLDP: To do…...
Setting the LLDP Re-Initialization Delay When LLDP operating mode changes on a port, the port initializes the protocol state machines after a certain delay. By adjusting the LLDP re-initialization delay, you can avoid frequent initializations caused by frequent LLDP operating mode changes on a port. Follow these steps to set the LLDP re-initialization delay for ports: To do…...
To do… Use the command… Remarks lldp tlv-enable { basic-tlv { all | port-description | system-capability | system-description | system-name } | dot1-tlv { all | port-vlan-id | Optional protocol-vlan-id [ vlan-id ] | vlan-name [ vlan-id ] } | dot3-tlv { all | link-aggregation | mac-physic | By default, all types of Configure the TLVs to be max-frame-size | power } | med-tlv { all |...
You can configure the TTL of locally sent LLDP frames to determine how long information about the local device can be saved on a neighbor device by setting the TTL multiplier. The TTL is expressed as follows: TTL = Min (65535, (TTL multiplier × LLDPDU transmit interval)) As the expression shows, the TTL can be up to 65535 seconds.
To do… Use the command… Remarks Enter Ethernet interface interface-type Enter Ethernet interface view Required interface-number interface view or Use either command. Enter port port group view port-group manual port-group-name group view Required Ethernet II encapsulation format Set the encapsulation format for applies by default.
Configuring CDP Compatibility CDP-compatible LLDP operates in one of the follows two modes: TxRx, where CDP packets can be transmitted and received. Disable, where CDP packets can neither be transmitted nor be received. To make CDP-compatible LLDP take effect on certain ports, first enable CDP-compatible LLDP globally and configure CDP-compatible LLDP to operate in TxRx mode.
To do… Use the command… Remarks Required lldp notification remote-change Enable LLDP trap sending Disabled by default enable Quit to system view — quit Optional Set the interval to send LLDP lldp timer notification-interval traps 5 seconds by default interval Displaying and Maintaining LLDP To do…...
Configuration procedure Configure Switch A. # Enable LLDP globally. <SwitchA> system-view [SwitchA] lldp enable # Enable LLDP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 (you can skip this step because LLDP is enabled on ports by default), and set the LLDP operating mode to Rx. [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] lldp enable [SwitchA-GigabitEthernet1/0/1] lldp admin-status rx...
Page 130
Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors...
Port 2 [GigabitEthernet1/0/2]: Port status of LLDP : Enable Admin status : Rx_Only Trap flag : No Roll time : 0s Number of neighbors Number of MED neighbors Number of CDP neighbors Number of sent optional TLV Number of received unknown TLV As the sample output shows, GigabitEthernet 1/0/2 of Switch A does not connect any neighboring devices.
Page 132
# Enable LLDP globally and enable LLDP to be compatible with CDP globally. [SwitchA] lldp enable [SwitchA] lldp compliance cdp # Enable LLDP (you can skip this step because LLDP is enabled on ports by default), configure LLDP to operate in TxRx mode, and configure CDP-compatible LLDP to operate in TxRx mode on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
Page 133
Table of Contents 1 VLAN Configuration ··································································································································1-1 Introduction to VLAN ·······························································································································1-1 VLAN Overview ·······························································································································1-1 VLAN Fundamentals ·······················································································································1-2 Types of VLAN ································································································································1-3 Configuring Basic VLAN Settings ···········································································································1-3 Configuring Basic Settings of a VLAN Interface ·····················································································1-4 Port-Based VLAN Configuration ·············································································································1-5 Introduction to Port-Based VLAN ····································································································1-5 Assigning an Access Port to a VLAN ······························································································1-6 Assigning a Trunk Port to a VLAN···································································································1-8 Assigning a Hybrid Port to a VLAN ·································································································1-9...
VLAN Configuration When configuring VLAN, go to these sections for information you are interested in: Introduction to VLAN Configuring Basic VLAN Settings Configuring Basic Settings of a VLAN Interface Port-Based VLAN Configuration MAC-Based VLAN Configuration Protocol-Based VLAN Configuration Displaying and Maintaining VLAN VLAN Configuration Example Introduction to VLAN VLAN Overview...
Confining broadcast traffic within individual VLANs. This reduces bandwidth waste and improves network performance. Improving LAN security. By assigning user groups to different VLANs, you can isolate them at Layer 2. To enable communication between VLANs, routers or Layer 3 switches are required. Flexible virtual workgroup creation.
The Ethernet II encapsulation format is used here. Besides the Ethernet II encapsulation format, other encapsulation formats, including 802.2 LLC, 802.2 SNAP, and 802.3 raw, are also supported by Ethernet. The VLAN tag fields are also added to frames encapsulated in these formats for VLAN identification.
As the default VLAN, VLAN 1 cannot be created or removed. You cannot manually create or remove VLANs reserved for special purposes. Dynamic VLANs cannot be removed with the undo vlan command. A VLAN with a QoS policy applied cannot be removed. For isolate-user-VLANs or secondary VLANs, if you have used the isolate-user-vlan command to create mappings between them, you cannot remove them until you remove the mappings between them first.
Before creating a VLAN interface for a VLAN, create the VLAN first. Port-Based VLAN Configuration Introduction to Port-Based VLAN Port-based VLANs group VLAN members by port. A port forwards traffic for a VLAN only after it is assigned to the VLAN. Port link type You can configure the link type of a port as access, trunk, or hybrid.
Do not set the voice VLAN as the default VLAN of a port in automatic voice VLAN assignment mode. Otherwise, the system prompts error information. For information about voice VLAN, refer to Voice VLAN Configuration. The local and remote ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
Page 140
To do… Use the command… Remarks Assign one or a group of Required access ports to the current port interface-list By default, all ports belong to VLAN 1. VLAN In VLAN view to assign a Layer-2 aggregate interface to a VLAN, this command assigns the Layer-2 aggregate interface but not its member ports to the current VLAN.
Before assigning an access port to a VLAN, create the VLAN first. After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.
To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
To change the link type of a port from trunk to hybrid or vice versa, you must set the link type to access first. Before assigning a hybrid port to a VLAN, create the VLAN first. The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly.
The device associates MAC addresses with VLANs dynamically based on the information provided by the authentication server. If a user goes offline, the corresponding MAC address-to-VLAN association is removed automatically. Automatic configuration requires MAC address-to–VLAN mapping be configured on the authentication server. For detailed information, refer to 802.1X Configuration in the Security Volume.
Protocol-Based VLAN Configuration Introduction to Protocol-Based VLAN Protocol-based VLANs are only applicable on hybrid ports. In this approach, inbound packets are assigned to different VLANs based on their protocol types and encapsulation formats. The protocols that can be used for VLAN assignment include IP, IPX, and AppleTalk (AT).
Page 146
To do… Use the command… Remarks group view Use either command. Enter Layer-2 interface aggregate In Ethernet interface view, bridge-aggregation interface view subsequent interface-number configurations apply to the current port. In port group view, the subsequent configurations apply to all ports in the port group.
IP Subnet-Based VLAN Configuration Introduction In this approach, packets are assigned to VLANs based on their source IP addresses and subnet masks. A port configured with IP subnet-based VLANs assigns a received untagged packet to a VLAN based on the source address of the packet. This feature is used to assign packets from the specified network segment or IP address to a specific VLAN.
To do… Use the command… Remarks Associate the hybrid port(s) with port hybrid ip-subnet-vlan the specified IP subnet-based Required vlan vlan-id VLAN After you configure a command on a Layer-2 aggregate interface, the system starts applying the configuration to the aggregate interface and its aggregation member ports. If the system fails to do that on the aggregate interface, it stops applying the configuration to the aggregation member ports.
To do... Use the command… Remarks reset counters interface Clear statistics on a port [ interface-type Available in user view [ interface-number ] ] The reset counters interface command can be used to clear statistics on a VLAN interface. For more information, refer to Ethernet Interface Commands in the Access Volume.
Page 150
# Configure GigabitEthernet 1/0/1 to permit packets from VLAN 2, VLAN 6 through VLAN 50, and VLAN 100 to pass through. [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 2 6 to 50 100 Please wait... Done. [DeviceA-GigabitEthernet1/0/1] quit [DeviceA] quit Configure Device B as you configure Device A. Verification Verifying the configuration on Device A is similar to that of Device B.
Page 151
0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output (normal): 0 packets, - bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions 0 lost carrier, - no carrier The output above shows that: The port (GigabitEthernet 1/0/1) is a trunk port.
Isolate-User-VLAN Configuration When configuring an isolate-user VLAN, go to these sections for information you are interested in: Overview Configuring Isolate-User-VLAN Displaying and Maintaining Isolate-User-VLAN Isolate-User-VLAN Configuration Example Overview An isolate-user-VLAN adopts a two-tier VLAN structure. In this approach, two types of VLANs, isolate-user-VLAN and secondary VLAN, are configured on the same device.
Page 153
Assign non-trunk ports to the isolate-user-VLAN and ensure that at least one port takes the isolate-user-VLAN as its default VLAN; Assign non-trunk ports to each secondary VLAN and ensure that at least one port in a secondary VLAN takes the secondary VLAN as its default VLAN; Associate the isolate-user-VLAN with the specified secondary VLANs.
Displaying and Maintaining Isolate-User-VLAN To do... Use the command... Remarks Display the mapping between an display isolate-user-vlan isolate-user-VLAN and its secondary Available in any view [ isolate-user-vlan-id ] VLAN(s) Isolate-User-VLAN Configuration Example Network requirements Connect Device A to downstream devices Device B and Device C; Configure VLAN 5 on Device B as an isolate-user-VLAN, assign the uplink port GigabitEthernet 1/0/5 to VLAN 5, and associate VLAN 5 with secondary VLANs VLAN 2 and VLAN 3.
Page 155
[DeviceB] vlan 2 [DeviceB-vlan2] port gigabitethernet 1/0/2 [DeviceB-vlan2] quit # Associate the isolate-user-VLAN with the secondary VLANs. [DeviceB] isolate-user-vlan 5 secondary 2 to 3 Configure Device C # Configure the isolate-user-VLAN. <DeviceC> system-view [DeviceC] vlan 6 [DeviceC-vlan6] isolate-user-vlan enable [DeviceC-vlan6] port gigabitethernet 1/0/5 [DeviceC-vlan6] quit # Configure the secondary VLANs.
Voice VLAN Configuration When configuring a voice VLAN, go to these sections for information you are interested in: Overview Configuring a Voice VLAN Displaying and Maintaining Voice VLAN Voice VLAN Configuration Overview A voice VLAN is configured specially for voice traffic. After assigning the ports connecting to voice devices to a voice VLAN, you can configure quality of service (QoS) parameters for the voice traffic, thus improving transmission priority and ensuring voice quality.
In general, as the first 24 bits of a MAC address (in binary format), an OUI address is a globally unique identifier assigned to a vendor by IEEE. OUI addresses mentioned in this document, however, are different from those in common sense. OUI addresses in this document are used by the system to determine whether a received packet is a voice packet.
Voice VLAN assignment Voice traffic Port link type mode type Access: not supported Trunk: supported if the default VLAN of the connecting port exists and is not the voice VLAN and the connecting port belongs to the default VLAN Tagged voice traffic Hybrid: supported if the default VLAN of the connecting port exists and is not the voice VLAN, the...
Table 3-3 How a voice VLAN-enable port processes packets in security/normal mode Voice VLAN Packet type Packet processing mode working mode Untagged packets If the source MAC address of a packet matches an OUI address configured for the device, it is forwarded in the Packets carrying the voice VLAN;...
Not enabled by default An switch 4800G supports up to eight voice VLANs globally. A protocol-based VLAN on a hybrid port can process only untagged inbound packets, whereas the voice VLAN in automatic mode on a hybrid port can process only tagged voice traffic. Therefore, do not configure a VLAN as both a protocol-based VLAN and a voice VLAN.
Required voice vlan enable An switch 4800G supports up to eight voice VLANs globally. You can configure different voice VLANs on different ports at the same time. However, one port can be configured with only one voice VLAN, and this voice VLAN must be a static VLAN that already exists on the device.
Page 163
Figure 3-1 Network diagram for automatic voice VLAN assignment mode configuration Device A Device B Internet GE1/0/1 GE1/0/1 GE1/0/2 VLAN 3 VLAN 2 IP phone A IP phone B 010-1001 010-1002 MAC: 0011-1100-0001 MAC: 0011-2200-0001 0755-2002 Mask: ffff-ff00-0000 Mask: ffff-ff00-0000 PC A PC B MAC: 0022-1100-0002...
GVRP Configuration The GARP VLAN Registration Protocol (GVRP) is a GARP application. It functions based on the operating mechanism of GARP to maintain and propagate dynamic VLAN registration information for the GVRP devices on the network. When configuring GVRP, go to these sections for information you are interested in: Introduction to GVRP GVRP Configuration Task List Configuring GVRP Functions...
Page 169
Hold timer –– When a GARP application entity receives the first registration request, it starts a Hold timer and collects succeeding requests. When the timer expires, the entity sends all these requests in one Join message. This helps you save bandwidth. Join timer ––...
GARP message format Figure 1-1 GARP message format Figure 1-1 illustrates the GARP message format. Table 1-1 describes the GARP message fields. Table 1-1 Description on the GARP message fields Field Description Value Protocol ID Protocol identifier for GARP One or multiple messages, each containing Message ––...
about active VLAN members and through which port they can be reached. It thus ensures that all GVRP participants on a bridged LAN maintain the same VLAN registration information. The VLAN registration information propagated by GVRP includes both manually configured local static entries and dynamic entries from other devices.
To do… Use the command… Remarks Enter Ethernet Enter Ethernet interface view, interface view or Layer interface interface-type Required Layer 2 2 aggregate interface interface-number aggregate view Perform either of the interface view, commands. or port-group port-group manual Enter port-group view view port-group-name Required...
To do… Use the command… Remarks Enter Required Enter Ethernet or Ethernet Layer 2 Perform either of the interface interface-type interface aggregate commands. interface-number view, Layer interface view Depending on the view you 2 aggregate accessed, the subsequent interface configuration takes effect on a view, or Enter port-group port-group manual...
To do… Use the command… Remarks display gvrp state interface Display the current GVRP state Available in any view interface-type interface-number vlan vlan-id display gvrp statistics [ interface Display statistics about GVRP Available in any view interface-list ] Display the global GVRP state Available in any view display gvrp status Display the information about...
[DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on trunk port GigabitEthernet 1/0/1. [DeviceB-GigabitEthernet1/0/1] gvrp [DeviceB-GigabitEthernet1/0/1] quit # Create VLAN 3 (a static VLAN).
[DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally. <DeviceB> system-view [DeviceB] gvrp # Configure port GigabitEthernet 1/0/1 as a trunk port, allowing all VLANs to pass through. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1.
Page 177
[DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan all # Enable GVRP on GigabitEthernet 1/0/1 and set the GVRP registration type to forbidden on the port. [DeviceA-GigabitEthernet1/0/1] gvrp [DeviceA-GigabitEthernet1/0/1] gvrp registration forbidden [DeviceA-GigabitEthernet1/0/1] quit # Create VLAN 2 (a static VLAN). [DeviceA] vlan 2 Configure Device B # Enable GVRP globally.
Page 178
Table of Contents 1 QinQ Configuration ···································································································································1-1 Introduction to QinQ ································································································································1-1 Background ·····································································································································1-1 QinQ Mechanism and Benefits········································································································1-1 QinQ Frame Structure ·····················································································································1-2 Implementations of QinQ·················································································································1-3 Modifying the TPID in a VLAN Tag ·································································································1-3 QinQ Configuration Task List··················································································································1-5 Configuring Basic QinQ ··························································································································1-5 Enabling Basic QinQ ·······················································································································1-5 Configuring Selective QinQ·····················································································································1-5 Configuring Selective QinQ Based on Ports ···················································································1-6...
QinQ Configuration When configuring QinQ, go to these sections for information you are interested in: Introduction to QinQ QinQ Configuration Task List Configuring Basic QinQ Configuring Selective QinQ Configuring the TPID Value in VLAN Tags QinQ Configuration Examples Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network;...
Figure 1-1 Schematic diagram of the QinQ feature Customer network A VLAN 1~10 Customer network A VLAN 1~10 VLAN 3 VLAN 3 Network VLAN 4 VLAN 4 Service provider network VLAN 1~20 VLAN 1~20 Customer network B Customer network B As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has...
Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. Therefore, you are recommended to increase the MTU of each interface on the service provider network.
Page 182
Figure 1-3 VLAN tag structure of an Ethernet frame The device determines whether a received frame carries a SVLAN tag or a CVLAN tag by checking the corresponding TPID value. Upon receiving a frame, the device compares the configured TPID value with the value of the TPID field in the frame.
QinQ Configuration Task List Table 1-2 QinQ configuration task list Configuration task Remarks Configuring Basic QinQ Optional Configuring Selective QinQ Based on Ports Use either Configuring Selective QinQ Configuring Selective QinQ through QoS approach Policies Configuring the TPID Value in VLAN Tags Optional QinQ requires configurations only on the service provider network, not on the customer network.
Configuring Selective QinQ Based on Ports Switch 4800G switches support the configuration of basic QinQ and selective QinQ at the same time on a port and when the two features are both enabled on the port, frames that meet the selective QinQ condition are handled with selective QinQ on this port first, and the left frames are handled with basic QinQ.
To do... Use the command... Remarks Required Create a class and enter By default, the relationship traffic classifier classifier-name class view [ operator { and | or } ] between the match criteria in a class is logical AND. Specify the inner VLAN if-match customer-vlan-id Required ID(s) of matching frames...
Follow these steps to configure a TPID value globally: To do... Use the command... Remarks Enter system view — system-view qinq ethernet-type Optional Configure the TPID value in the [ customer-tag | CVLAN tag or the SVLAN tag Both 0x8100 by default service-tag ] hex-value QinQ Configuration Examples Basic QinQ Configuration Example...
Page 187
Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure VLAN 10 as the default VLAN of GigabitEthernet 1/0/1. <ProviderA> system-view [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port access vlan 10 # Enable basic QinQ on GigabitEthernet 1/0/1.
# Configure GigabitEthernet 1/0/2 as a hybrid port and configure VLAN 10 as the default VLAN of the port. [ProviderB] interface gigabitethernet 1/0/2 [ProviderB-GigabitEthernet1/0/2] port link-type hybrid [ProviderB-GigabitEthernet1/0/2] port hybrid pvid vlan 10 [ProviderB-GigabitEthernet1/0/2] port hybrid vlan 10 untagged # Enable basic QinQ on GigabitEthernet 1/0/2. [ProviderB-GigabitEthernet1/0/2] qinq enable [ProviderB-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3...
Page 189
Figure 1-5 Network diagram for comprehensive selective QinQ configuration Configuration procedure Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. Configuration on Provider A Configure GigabitEthernet 1/0/1 # Configure GigabitEthernet 1/0/1 as a hybrid port to permit frames of VLAN 1000 and VLAN 2000 to pass through, and configure GigabitEthernet 1/0/1 to send packets of these VLANs with tags removed.
Page 190
[ProviderA] interface gigabitethernet 1/0/2 [ProviderA-GigabitEthernet1/0/2] port link-type hybrid [ProviderA-GigabitEthernet1/0/2] port hybrid vlan 1000 untagged # Tag CVLAN 10 frames with SVLAN 1000. [ProviderA-GigabitEthernet1/0/2] qinq vid 1000 [ProviderA-GigabitEthernet1/0/2-vid-1000] raw-vlan-id inbound 10 [ProviderA-GigabitEthernet1/0/2-vid-1000] quit [ProviderA-GigabitEthernet1/0/2] quit Configure GigabitEthernet 1/0/3 # Configure GigabitEthernet 1/0/3 as a trunk port to permit frames of VLAN 1000 and VLAN 2000 to pass through.
Selective QinQ Configuration Example (QoS Policy-Based Configuration) Network requirements As shown in Figure 1-6, Provider A and Provider B are service provider network access devices. Customer A, Customer B, Customer C, and Customer D are customer network access devices. Provider A and Provider B are interconnected through a trunk port, which permits the frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.
Page 192
Configuration on GigabitEthernet 1/0/1 # Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through with the outer VLAN tag removed. [ProviderA] interface gigabitethernet 1/0/1 [ProviderA-GigabitEthernet1/0/1] port link-type hybrid [ProviderA-GigabitEthernet1/0/1] port hybrid vlan 1000 2000 3000 untagged # Configure VLAN 3000 as the default VLAN of GigabitEthernet 1/0/1, and enable basic QinQ on GigabitEthernet 1/0/1.
Page 193
# Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000. [ProviderA-GigabitEthernet1/0/2] qinq enable [ProviderA-GigabitEthernet1/0/2] quit Configuration on GigabitEthernet 1/0/3. # Configure the port as a trunk port permitting frames of VLAN 1000, VLAN 2000 and VLAN 3000 to pass through.
Page 194
so that their corresponding ports send tagged frames of VLAN 1000, VLAN 2000 and VLAN 3000. The configuration steps are omitted here. 1-16...
Page 195
Table of Contents 1 BPDU Tunneling Configuration················································································································1-1 Introduction to BPDU Tunneling ·············································································································1-1 Configuring BPDU Transparent Transmission························································································1-3 Configuring Destination Multicast MAC Address for BPDU Tunnel Frames ··········································1-3 BPDU Tunneling Configuration Example································································································1-3...
BPDU Tunneling Configuration When configuring BPDU tunneling, go to these sections for information you are interested in: Introduction to BPDU Tunneling Configuring BPDU Transparent Transmission Configuring Destination Multicast MAC Address for BPDU Tunnel Frames BPDU Tunneling Configuration Example Introduction to BPDU Tunneling To avoid loops in your network, you can enable the Spanning Tree Protocol (STP) on your device.
Page 197
Figure 1-1 Network hierarchy of BPDU tunneling At the input side of the service provider network, the edge device changes the destination MAC address of a BPDU from a customer network from 0x0180-C200-0000 to a special multicast MAC address, 0x010F-E200-0003 by default. In the service provider’s network, the modified BPDUs are forwarded as data packets in the user VLAN.
Configuring BPDU Transparent Transmission Perform the following tasks to configure BPDU transparent transmission: To do... Use the command... Remarks Enter system view — system-view Enter Ethernet or Required interface interface-type Layer-2 aggregate Use either command. interface-number interface view Settings made in interface view take effect only on the current Enter port.
Page 199
Provider A and Provider B are service provider network edge devices, which are interconnected through configured trunk ports. The configuration is required to satisfy the following requirements: Geographically dispersed customer network access devices Customer A and Customer B can implement consistent spanning tree calculation across the service provider network. destination multicast address...
VLAN Mapping Configuration When configuring VLAN mapping, go to these sections for information you are interested in: VLAN Mapping Overview VLAN Mapping Configuration Task List Configuring One-to-One VLAN Mapping Configuring Many-to-One VLAN Mapping Configuring Two-to-Two VLAN Mapping VLAN Mapping Configuration Examples VLAN Mapping Overview VLAN mapping maps the customer VLANs (CVLANs) to service-provider VLANs (SVLANs).
Uplink policy: A QoS policy containing VLAN mappings for uplink traffic. Downlink policy: A QoS policy containing VLAN mappings for downlink traffic. How VLAN Mapping Is Implemented This section describes how VLAN mapping is implemented on your device. One-to-one VLAN mapping On the downlink port For uplink traffic For downlink traffic...
Two-to-two VLAN mapping In two-to-two VLAN mapping, the outer VLAN and the inner VLAN carried in a double-tagged uplink frame received at the downlink port on the edge device of an SP network are called the original SVLAN and CVLAN, and the VLANs that the edge device substitutes for the original SVLAN and CVLAN are called the new SVLAN and CVLAN.
For many-to-one VLAN mapping, enable customer-side QinQ on the downlink port and service provider-side QinQ on the uplink port. To save system resources, disable user bindings recording on the DHCP snooping trusted ports that forward DHCP packets. For information about this feature, refer to DHCP Configuration in the IP Services Volume.
Page 208
To do... Use the command... Remarks Set the link type of the uplink port to Required port link-type trunk trunk Required Configure the uplink port to permit the By default, a trunk port port trunk permit vlan specified SVLANs to pass through { vlan-id-list | all } permits only VLAN 1 to pass through.
To do... Use the command... Remarks Map the SVLAN to the CVLAN classifier tcl-name behavior by associating the traffic class Required behavior-name with the traffic behavior Exit to system view — quit Configuring Many-to-One VLAN Mapping Perform many-to-one VLAN mapping on the campus switches shown in Figure 1-1 to carry the same service of different users using the same VLAN on the service provider’s network.
Page 210
To do... Use the command... Remarks Exit to system view — quit Enter the interface view of the uplink interface interface-type — port interface-number Required By default, all ports with Configure the uplink port as a DHCP DHCP snooping dhcp-snooping trust snooping trusted port enabled are DHCP snooping untrusted...
To do... Use the command... Remarks Create a traffic behavior and traffic behavior Required enter traffic behavior view behavior-name Specify the SVLAN for the remark service-vlan-id Required VLAN mapping vlan-id-value Exit to system view — quit Create a QoS policy and enter Required qos policy policy-name QoS policy view...
Page 212
To do... Use the command... Remarks Required Configure the downlink port to permit By default, a trunk port port trunk permit vlan the packets of the SVLANs to pass permits only the packets { vlan-id-list | all } through of VLAN 1 to pass through.
Page 213
To do... Use the command... Remarks Map the original CVLAN and the new SVLAN classifier tcl-name behavior to the new CVLAN by associating the traffic Required behavior-name class with the traffic behavior Exit to system view — quit Table 1-5 Configure an uplink policy for the downlink port To do...
To do... Use the command... Remarks Specify the original SVLAN used for Required remark service-vlan-id vlan-id-value replacing the new SVLAN Exit to system view — quit Create a QoS policy and enter QoS Required qos policy policy-name policy view Map the new CVLAN and SVLAN to the original CVLAN and SVLAN by classifier tcl-name behavior Required...
[SwitchC-GigabitEthernet1/0/3] port link-type trunk [SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 501 502 503 # Configure GigabitEthernet 1/0/3 as a DHCP snooping trusted port. [SwitchC-GigabitEthernet1/0/3] dhcp-snooping trust # Configure GigabitEthernet 1/0/3 as an ARP trusted port. [SwitchC-GigabitEthernet1/0/3] arp detection trust # Enable SP-side QinQ on GigabitEthernet 1/0/3. [SwitchC-GigabitEthernet1/0/3] qinq enable uplink Configuration on Switch D # Enable DHCP snooping.
Page 223
Configuration procedure Configuration on Device A # Configure QinQ function on GigabitEthernet 1/0/1 to add outer VLAN tag 100 to the traffic tagged with VLAN 10. <DeviceA> system-view [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port access vlan 100 [DeviceA-GigabitEthernet1/0/1] qinq enable [DeviceA-GigabitEthernet1/0/1] quit # Configure the uplink port GigabitEthernet 1/0/2 to permit frames of VLAN 100 to pass through.
Page 224
[DeviceC] traffic classifier downlink_out [DeviceC-classifier-downlink_out] if-match customer-vlan-id 30 [DeviceC-classifier-downlink_out] if-match service-vlan-id 200 [DeviceC-classifier-downlink_out] quit # Specify the original CVLAN and SVLAN for outgoing VPN 1 traffic on GigabitEthernet 1/0/1. [DeviceC] traffic behavior downlink_out [DeviceC-behavior-downlink_out] remark customer-vlan-id 10 [DeviceC-behavior-downlink_out] remark service-vlan-id 100 [DeviceC-behavior-downlink_out] quit # Configure a downlink policy to map the new CVLAN and SVLAN to the original CVLAN and SVLAN for the outgoing VPN 1 traffic on GigabitEthernet 1/0/1.
Page 225
<DeviceD> system-view [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port access vlan 200 [DeviceD-GigabitEthernet1/0/2] qinq enable # Configure GigabitEthernet 1/0/1 to permit frames of VLAN 200 to pass through. [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] port link-type trunk [DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 200 1-24...
Page 226
Table of Contents 1 Port Mirroring Configuration ····················································································································1-1 Introduction to Port Mirroring ··················································································································1-1 Classification of Port Mirroring ········································································································1-1 Implementing Port Mirroring ············································································································1-1 Configuring Local Port Mirroring ·············································································································1-3 Configuring Remote Port Mirroring ·········································································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring a Remote Source Mirroring Group (on the Source Device)·········································1-4 Configuring a Remote Destination Mirroring Group (on the Destination Device) ···························1-6 Displaying and Maintaining Port Mirroring ······························································································1-7 Port Mirroring Configuration Examples ···································································································1-7...
Port Mirroring Configuration When configuring port mirroring, go to these sections for information you are interested in: Introduction to Port Mirroring Configuring Local Port Mirroring Configuring Remote Port Mirroring Displaying and Maintaining Port Mirroring Port Mirroring Configuration Examples Introduction to Port Mirroring Port mirroring is to copy the packets passing through a port (called a mirroring port) to another port (called the monitor port) connected with a monitoring device for packet analysis.
Page 228
Figure 1-1 Local port mirroring implementation How the device processes packets Traffic mirrored to Mirroring port Monitor port Monitor port Mirroring port Data monitoring device Remote port mirroring Remote port mirroring can mirror all packets but protocol packets. Remote port mirroring is implemented through the cooperation of a remote source mirroring group and a remote destination mirroring group as shown Figure 1-2.
Destination device The destination device is the device where the monitor port is located. On it, you must create the remote destination mirroring group. When receiving a packet, the destination device compares the VLAN ID carried in the packet with the ID of the probe VLAN configured in the remote destination mirroring group.
A local port mirroring group takes effect only after its mirroring and monitor ports are configured. To ensure operation of your device, do not enable STP, MSTP, or RSTP on the monitor port. A port mirroring group can have multiple mirroring ports, but only one monitor port. A mirroring or monitor port to be configured cannot belong to an existing port mirroring group.
Page 231
To do… Use the command… Remarks Required mirroring-group groupid In system view mirroring-port mirroring-port-list You configure multiple { both | inbound | outbound } mirroring ports in a mirroring group. interface interface-type In system view, you can interface-number Configure assign a list of mirroring mirroring [ mirroring-group groupid ] ports to the mirroring...
To remove the VLAN configured as a remote probe VLAN, you must remove the remote probe VLAN with undo mirroring-group remote-probe vlan command first. Removing the probe VLAN can invalidate the remote source mirroring group. Configuring a Remote Destination Mirroring Group (on the Destination Device) A remote destination mirroring group comprises a remote probe VLAN and a monitor port.
When configuring the monitor port, use the following guidelines: The port can belong to only the current mirroring group. To ensure operation of your device, do not assign the monitor port to a mirroring VLAN. Disable these functions on the port: STP, MSTP, and RSTP. You are recommended to use a monitor port only for port mirroring.
Figure 1-3 Network diagram for local port mirroring configuration Switch A R&D department GE1/0/1 GE1/0/3 GE1/0/2 Switch C Data monitoring device Switch B Marketing department Configuration procedure Configure Switch C. # Create a local port mirroring group. <SwitchC> system-view [SwitchC] mirroring-group 1 local # Add port GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to the port mirroring group as source ports.
Page 235
As shown in Figure 1-4, the administrator wants to monitor the packets sent from Department 1 and 2 through the data monitoring device. Use the remote port mirroring function to meet the requirement. Perform the following configurations: Use Switch A as the source device, Switch B as the intermediate device, and Switch C as the destination device.
Page 236
[SwitchA-GigabitEthernet1/0/3] port link-type trunk [SwitchA-GigabitEthernet1/0/3] port trunk permit vlan 2 Configure Switch B (the intermediate device). # Configure port GigabitEthernet 1/0/1 as a trunk port and configure the port to permit the packets of VLAN 2. <SwitchB> system-view [SwitchB] interface GigabitEthernet 1/0/1 [SwitchB-GigabitEthernet1/0/1] port link-type trunk [SwitchB-GigabitEthernet1/0/1] port trunk permit vlan 2 [SwitchB-GigabitEthernet1/0/1] quit...
Page 237
IP Services Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Services Volume is organized as follows: Features Description An IP address is a 32-bit address allocated to a network interface on a device that is attached to the Internet. This document describes: IP Address Introduction to IP addresses IP address configuration...
Page 238
Features Description UDP Helper functions as a relay agent that converts UDP broadcast packets into unicast packets and forwards them to a specified server. This document describes: UDP Helper UDP Helper overview UDP Helper configuration Internet protocol version 6 (IPv6), also called IP next generation (IPng), was designed by the Internet Engineering Task Force (IETF) as the successor to Internet protocol version 4 (IPv4).
Page 239
Table of Contents 1 IP Addressing Configuration····················································································································1-1 IP Addressing Overview··························································································································1-1 IP Address Classes ·························································································································1-1 Special IP Addresses ······················································································································1-2 Subnetting and Masking ··················································································································1-2 Configuring IP Addresses ·······················································································································1-3 Assigning an IP Address to an Interface ·························································································1-3 IP Addressing Configuration Example·····························································································1-4 Displaying and Maintaining IP Addressing······························································································1-5...
IP Addressing Configuration When assigning IP addresses to interfaces on your device, go to these sections for information you are interested in: IP Addressing Overview Configuring IP Addresses Displaying and Maintaining IP Addressing IP Addressing Overview This section covers these topics: IP Address Classes Special IP Addresses IP Address Classes...
Table 1-1 IP address classes and ranges Class Address range Remarks The IP address 0.0.0.0 is used by a host at bootstrap for temporary communication. This address is never a valid destination address. 0.0.0.0 to 127.255.255.255 Addresses starting with 127 are reserved for loopback test. Packets destined to these addresses are processed locally as input packets rather than sent to the link.
In the absence of subnetting, some special addresses such as the addresses with the net ID of all zeros and the addresses with the host ID of all ones, are not assignable to hosts. The same is true for subnetting. When designing your network, you should note that subnetting is somewhat a tradeoff between subnets and accommodated hosts.
The primary IP address you assigned to the interface can overwrite the old one if there is any. You cannot assign secondary IP addresses to an interface that has BOOTP or DHCP configured. The primary and secondary IP addresses you assign to the interface can be located on the same network segment.
<Switch> ping 172.16.1.2 PING 172.16.1.2: 56 data bytes, press CTRL_C to break Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms --- 172.16.1.2 ping statistics --- 5 packet(s) transmitted...
Page 245
Table of Contents 1 ARP Configuration·····································································································································1-1 ARP Overview·········································································································································1-1 ARP Function ··································································································································1-1 ARP Message Format ·····················································································································1-1 ARP Address Resolution Process···································································································1-2 ARP Table ·······································································································································1-3 Configuring ARP ·····································································································································1-4 Configuring a Static ARP Entry ·······································································································1-4 Configuring the Maximum Number of ARP Entries for an Interface ···············································1-4 Setting the Aging Time for Dynamic ARP Entries ···········································································1-4 Enabling the ARP Entry Check ·······································································································1-5 ARP Configuration Example············································································································1-5...
This document is organized as follows: ARP Configuration Proxy ARP Configuration ARP Configuration When configuring ARP, go to these sections for information you are interested in: ARP Overview Configuring ARP Configuring Gratuitous ARP Displaying and Maintaining ARP ARP Overview ARP Function The Address Resolution Protocol (ARP) is used to resolve an IP address into an Ethernet MAC address (or physical address).
hardware address length field is "6”. For an IP(v4) address, the value of the protocol address length field is “4”. OP: Operation code. This field specifies the type of ARP message. The value “1” represents an ARP request and “2” represents an ARP reply. Sender hardware address: This field specifies the hardware address of the device sending the message.
which the target IP address is the IP address of Host B. After obtaining the MAC address of Host B, the gateway sends the packet to Host B. ARP Table After obtaining the MAC address for the destination host, the device puts the IP-to-MAC mapping into its own ARP table.
Configuring ARP Configuring a Static ARP Entry A static ARP entry is effective when the device works normally. However, when a VLAN or VLAN interface to which a static ARP entry corresponds is deleted, the entry, if permanent, will be deleted, and if non-permanent and resolved, will become unresolved.
To do… Use the command… Remarks Enter system view — system-view Optional Set the aging time for dynamic arp timer aging aging-time ARP entries 20 minutes by default. Enabling the ARP Entry Check The ARP entry check function disables the device from learning multicast MAC addresses. With the ARP entry check enabled, the device cannot learn any ARP entry with a multicast MAC address, and configuring such a static ARP entry is not allowed;...
Configuring Gratuitous ARP Introduction to Gratuitous ARP A gratuitous ARP packet is a special ARP packet, in which the sender IP address and the target IP address are both the IP address of the sender, the sender MAC address is the MAC address of the sender, and the target MAC address is the broadcast address ff:ff:ff:ff:ff:ff.
Page 252
Clearing ARP entries from the ARP table may cause communication failures.
Proxy ARP Configuration When configuring proxy ARP, go to these sections for information you are interested in: Proxy ARP Overview Enabling Proxy ARP Displaying and Maintaining Proxy ARP Proxy ARP Overview If a host sends an ARP request for the MAC address of another host that actually resides on another network (but the sending host considers the requested host is on the same network) or that is isolated from the sending host at Layer 2, the device in between must be able to respond to the request with the MAC address of the receiving interface to allow Layer 3 communication between the two hosts.
You can solve the problem by enabling proxy ARP on Switch. After that, Switch can reply to the ARP request from Host A with the MAC address of VLAN-interface 1, and forward packets sent from Host A to Host B. In this case, Switch seems to be a proxy of Host B. A main advantage of proxy ARP is that it is added on a single router without disturbing routing tables of other routers in the network.
To do… Use the command… Remarks Required Enable local proxy ARP local-proxy-arp enable Disabled by default. Displaying and Maintaining Proxy ARP To do… Use the command… Remarks Display whether proxy ARP is display proxy-arp [ interface Available in any view enabled vlan-interface vlan-id ] Display whether local proxy...
[Switch-Vlan-interface1] quit [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ip address 192.168.20.99 255.255.255.0 [Switch-Vlan-interface2] proxy-arp enable [Switch-Vlan-interface2] quit Local Proxy ARP Configuration Example in Case of Port Isolation Network requirements Host A and Host B belong to the same VLAN, and connect to Switch B via GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3, respectively.
# Configure an IP address of VLAN-interface 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/2 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 192.168.10.100 255.255.0.0 The ping operation from Host A to Host B is unsuccessful because they are isolated at Layer 2. # Configure local proxy ARP to let Host A and Host B communicate at Layer 3.
Page 258
[SwitchB-vlan2] port gigabitethernet 1/0/2 [SwitchB-vlan2] quit [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/3 [SwitchB-vlan3] quit [SwitchB] vlan 5 [SwitchB-vlan5] port gigabitethernet 1/0/1 [SwitchB-vlan5] isolate-user-vlan enable [SwitchB-vlan5] quit [SwitchB] isolate-user-vlan 5 secondary 2 3 Configure Switch A # Create VLAN 5 and add GigabitEthernet 1/0/1 to it. <SwitchA>...
Page 259
Table of Contents 1 DHCP Overview··········································································································································1-1 Introduction to DHCP ······························································································································1-1 DHCP Address Allocation ·······················································································································1-2 Allocation Mechanisms····················································································································1-2 Dynamic IP Address Allocation Process ·························································································1-2 IP Address Lease Extension ···········································································································1-3 DHCP Message Format ··························································································································1-3 DHCP Options·········································································································································1-4 DHCP Options Overview ·················································································································1-4 Introduction to DHCP Options ·········································································································1-4 Self-Defined Options ·······················································································································1-5 Protocols and Standards·························································································································1-8 2 DHCP Server Configuration······················································································································2-1...
Page 260
Self-Defined Option Configuration Example··················································································2-19 Troubleshooting DHCP Server Configuration ·······················································································2-20 3 DHCP Relay Agent Configuration ············································································································3-1 Introduction to DHCP Relay Agent ·········································································································3-1 Application Environment··················································································································3-1 Fundamentals··································································································································3-1 DHCP Relay Agent Support for Option 82 ······················································································3-2 DHCP Relay Agent Configuration Task List ···························································································3-3 Configuring the DHCP Relay Agent········································································································3-3 Enabling DHCP ·······························································································································3-3 Enabling the DHCP Relay Agent on an Interface ···········································································3-4 Correlating a DHCP Server Group with a Relay Agent Interface····················································3-4...
This document is organized as follows: DHCP Overview DHCP Server Configuration DHCP Relay Agent Configuration DHCP Client Configuration DHCP Snooping Configuration BOOTP Client Configuration DHCP Overview Introduction to DHCP The fast expansion and growing complexity of networks result in scarce IP addresses assignable to hosts.
DHCP Address Allocation Allocation Mechanisms DHCP supports three mechanisms for IP address allocation. Manual allocation: The network administrator assigns an IP address to a client like a WWW server, and DHCP conveys the assigned address to the client. Automatic allocation: DHCP assigns a permanent IP address to a client. Dynamic allocation: DHCP assigns an IP address to a client for a limited period of time, which is called a lease.
After receiving the DHCP-ACK message, the client probes whether the IP address assigned by the server is in use by broadcasting a gratuitous ARP packet. If the client receives no response within a specified time, the client can use this IP address. Otherwise, the client sends a DHCP-DECLINE message to the server and requests an IP address again.
secs: Filled in by the client, the number of seconds elapsed since the client began address acquisition or renewal process. Currently this field is reserved and set to 0. flags: The leftmost bit is defined as the BROADCAST (B) flag. If this flag is set to 0, the DHCP server sent a reply back by unicast;...
Option 121: Classless route option. It specifies a list of classless static routes (the destination addresses in these static routes are classless) that the requesting client should add to its routing table. Option 33: Static route option. It specifies a list of classful static routes (the destination addresses in these static routes are classful) that a client should add to its routing table.
Page 266
Figure 1-6 Format of the value field of the ACS parameter sub-option The value field of the service provider identifier sub-option contains the service provider identifier. Figure 1-7 shows the format of the value field of the PXE server address sub-option. Currently, the value of the PXE server type can only be 0.
Page 267
Figure 1-8 Sub-option 1 in normal padding format Sub-option type (0x01) Length (0x06) Circuit ID type (0x00) Length (0x04) VLAN ID Interface number Sub-option 2: Padded with the MAC address of the DHCP relay agent interface or the MAC address of the DHCP snooping device that received the client’s request. The following figure gives its format.
Sub-option 1: IP address of the primary network calling processor, which is a server serving as the network calling control source and providing program downloads. Sub-option 2: IP address of the backup network calling processor that DHCP clients will contact when the primary one is unreachable.
DHCP Server Configuration When configuring the DHCP server, go to these sections for information you are interested in: Introduction to DHCP Server DHCP Server Configuration Task List Configuring an Address Pool for the DHCP Server Enabling DHCP Enabling the DHCP Server on an Interface Applying an Extended Address Pool on an Interface Configuring the DHCP Server Security Functions Configuring the Handling Mode for Option 82...
Page 270
Common address pool structure In response to a client’s request, the DHCP server selects an idle IP address from an address pool and sends it together with other parameters such as lease and DNS server address to the client. The common address pool database is organized as a tree. The root of the tree is the address pool for natural networks, branches are address pools for subnets, and leaves are addresses statically bound to clients.
DHCP requests is 1.1.1.130/25, the DHCP server will select IP addresses for clients from the 1.1.1.0/24 address pool. Keep the IP addresses for dynamic allocation within the subnet where the interface of the DHCP server or DHCP relay agent resides to avoid wrong IP address allocation. IP Address Allocation Sequence A DHCP server assigns an IP address to a client according to the following sequence: The first assignable IP address found in the extended address pool referenced on the receiving...
Configuring an Address Pool for the DHCP Server Configuration Task List Complete the following tasks to configure an address pool: Task Remarks Creating a DHCP Address Pool Required Configuring manual address allocation Required to configure Configuring an Address either of the two for the Allocation Mode for a common address pool Configuring dynamic address allocation...
Configuring an Address Allocation Mode for a Common Address Pool You can configure either the static binding or dynamic address allocation for a common address pool as needed. It is required to specify an address range for the dynamic address allocation. A static binding is a special address pool containing only one IP address.
Page 274
Use the static-bind ip-address command together with static-bind mac-address or static-bind client-identifier to accomplish a static binding configuration. In a DHCP address pool, if you execute the static-bind mac-address command before the static-bind client-identifier command, the latter will overwrite the former and vice versa. If you use the static-bind ip-address, static-bind mac-address, or static-bind client-identifier command repeatedly in the DHCP address pool, the new configuration will overwrite the previous one.
In common address pool view, using the network command repeatedly overwrites the previous configuration. After you exclude IP addresses from automatic allocation using the dhcp server forbidden-ip command, neither a common address pool nor an extended address pool can assign these IP addresses through dynamic address allocation.
Configuring a Domain Name Suffix for the Client You can specify a domain name suffix in each DHCP address pool on the DHCP server to provide the clients with the domain name suffix. With this suffix assigned, the client only needs to input part of a domain name, and the system will add the domain name suffix for name resolution.
h (hybrid)-node: A combination of peer-to-peer first and broadcast second. The h-node client unicasts the destination name to the WINS server, if no response is received, then broadcasts it to get the destination IP address. Follow these steps to configure WINS servers and NetBIOS node type in the DHCP address pool: To do…...
Follow these steps to configure the gateways in the DHCP address pool: To do… Use the command… Remarks Enter system view — system-view Enter DHCP address dhcp server ip-pool pool-name — pool view [ extended ] Required Specify gateways gateway-list ip-address&<1-8> No gateway is specified by default.
When a router starts up without loading any configuration file, the system sets an active interface (such as the interface of the default VLAN) as the DHCP client to request from the DHCP server for parameters, such as an IP address and name of a TFTP server, and the bootfile name. After getting related parameters, the DHCP client will send a TFTP request to obtain the configuration file from the specified TFTP server for system initialization.
To do… Use the command… Remarks Required option code { ascii ascii-string Configure a self-defined DHCP | hex hex-string&<1-16> | No DHCP option is configured option ip-address ip-address&<1-8> } by default. Table 2-1 Description of common options Option Option name Corresponding command Command parameter Router Option...
To do… Use the command… Remarks Enter system view — system-view Enter interface view — interface interface-type interface-number Optional Enable the DHCP server on an dhcp select server global-pool interface [ subaddress ] Enabled by default. If a DHCP relay agent exists between the DHCP server and client, the DHCP server, regardless of whether the subaddress keyword is used, will select an IP address from the address pool containing the primary IP address of the DHCP relay agent’s interface (connected to the client) for a requesting client.
Only an extended address pool can be applied on the interface. The address pool to be referenced must already exist. Configuring the DHCP Server Security Functions This configuration is necessary to secure DHCP services on the DHCP server. Configuration Prerequisites Before performing this configuration, complete the following configurations on the DHCP server: Enable DHCP Configure the DHCP address pool...
Follow these steps to configure IP address conflict detection: To do… Use the command… Remarks Enter system view — system-view Optional Specify the number of ping One ping packet by default. dhcp server ping packets packets number The value 0 indicates that no ping operation is performed.
Displaying and Maintaining the DHCP Server To do… Use the command… Remarks Display information about IP address display dhcp server conflict { all | ip conflicts ip-address } Display information about lease display dhcp server expired { all | ip expiration ip-address | pool [ pool-name ] } Display information about assignable...
Static IP Address Assignment Configuration Example Network requirements As shown in Figure 2-1, Switch B (DHCP client) obtains a static IP address, DNS server address, and gateway address from Switch A (DHCP server). Figure 2-1 Network diagram for static IP address assignment Configuration procedure Configure the IP address of VLAN-interface 2 on Switch A.
Page 286
The domain name and DNS server address on subnets 10.1.1.0/25 and 10.1.1.128/25 are the same. Therefore, the domain name suffix and DNS server address can be configured only for subnet 10.1.1.0/24. Subnet 10.1.1.128/25 can inherit the configuration of subnet 10.1.1.0/24. In this example, the number of requesting clients connected to VLAN-interface 1 should be less than 122, and that of clients connected to VLAN-interface 2 less than 124.
Troubleshooting DHCP Server Configuration Symptom A client’s IP address obtained from the DHCP server conflicts with another IP address. Analysis A host on the subnet may have the same IP address. Solution Disconnect the client’s network cable and ping the client’s IP address on another host with a long timeout time to check whether there is a host using the same IP address.
DHCP Relay Agent Configuration When configuring the DHCP relay agent, go to these sections for information you are interested in: Introduction to DHCP Relay Agent DHCP Relay Agent Configuration Task List Configuring the DHCP Relay Agent Displaying and Maintaining DHCP Relay Agent Configuration DHCP Relay Agent Configuration Examples Troubleshooting DHCP Relay Agent Configuration The DHCP relay agent configuration is supported only on VLAN interfaces.
Figure 3-1 DHCP relay agent application DHCP client DHCP client IP network DHCP relay agent DHCP client DHCP client DHCP server No matter whether a relay agent exists or not, the DHCP server and client interact with each other in a similar way (see section Dynamic IP Address Allocation Process).
If a client’s Handling requesting Padding format The DHCP relay agent will… strategy message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing normal the original Option 82 with the Option 82 padded in normal format.
Follow these steps to enable DHCP: To do… Use the command… Remarks Enter system view — system-view Required Enable DHCP dhcp enable Disabled by default. Enabling the DHCP Relay Agent on an Interface With this task completed, upon receiving a DHCP request from the enabled interface, the relay agent will forward the request to a DHCP server for address allocation.
To do… Use the command… Remarks Required Correlate the DHCP server By default, no interface is dhcp relay server-select group with the current interface correlated with any DHCP group-id server group. You can specify up to twenty DHCP server groups on the relay agent and eight DHCP server addresses for each DHCP server group.
Page 294
The dhcp relay address-check enable command is independent of other commands of the DHCP relay agent. That is, the invalid address check takes effect when this command is executed, regardless of whether other commands are used. The dhcp relay address-check enable command only checks IP and MAC addresses of clients. You are recommended to configure IP address check on the interface enabled with the DHCP relay agent;...
Follow these steps to enable unauthorized DHCP server detection: To do… Use the command… Remarks Enter system view — system-view Required Enable unauthorized DHCP dhcp relay server-detect server detection Disabled by default. With the unauthorized DHCP server detection enabled, the device puts a record once for each DHCP server.
Page 296
Configuring the DHCP relay agent to support Option 82 Follow these steps to configure the DHCP relay agent to support Option 82: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the relay agent to support Option dhcp relay information...
To support Option 82, it is required to perform related configuration on both the DHCP server and relay agent. Refer to Configuring the Handling Mode for Option 82 for DHCP server configuration of this kind. If the handling strategy of the DHCP relay agent is configured as replace, you need to configure a padding format for Option 82.
Switch A forwards DHCP requests to the DHCP server (Switch B) after replacing Option 82 in the requests, so that the DHCP clients can obtain IP addresses. Configuration procedure # Specify IP addresses for the interfaces (omitted). # Enable DHCP. <SwitchA>...
Page 300
The relay agent interface connected to DHCP clients is correlated with correct DHCP server group and IP addresses for the group members are correct. 3-12...
DHCP Client Configuration When configuring the DHCP client, go to these sections for information you are interested in: Introduction to DHCP Client Enabling the DHCP Client on an Interface Displaying and Maintaining the DHCP Client DHCP Client Configuration Example The DHCP client configuration is supported only on VLAN interfaces. When multiple VLAN interfaces with the same MAC address use DHCP for IP address acquisition via a relay agent, the DHCP server cannot be a Windows 2000 Server or Windows 2003 Server.
An interface can be configured to acquire an IP address in multiple ways, but these ways are mutually exclusive. The latest configuration will overwrite the previous one. After the DHCP client is enabled on an interface, no secondary IP address is configurable for the interface.
DHCP Snooping Configuration When configuring DHCP snooping, go to these sections for information you are interested in: DHCP Snooping Overview Configuring DHCP Snooping Basic Functions Configuring DHCP Snooping to Support Option 82 Displaying and Maintaining DHCP Snooping DHCP Snooping Configuration Examples The DHCP snooping enabled device does not work if it is between the DHCP relay agent and DHCP server, and it can work when it is between the DHCP client and relay agent or between the DHCP client and server.
Recording IP-to-MAC mappings of DHCP clients DHCP snooping reads DHCP-REQUEST messages and DHCP-ACK messages from trusted ports to record DHCP snooping entries, including MAC addresses of clients, IP addresses obtained by the clients, ports that connect to DHCP clients, and VLANs to which the ports belong. With DHCP snooping entries, DHCP snooping can implement the following: ARP detection: Whether ARP packets are sent from an authorized client is determined based on DHCP snooping entries.
If a client’s Handling Padding requesting The DHCP snooping device will… strategy format message has… Drop Random Drop the message. Forward the message without changing Keep Random Option 82. Forward the message after replacing the normal original Option 82 with the Option 82 padded in normal format.
You need to specify the ports connected to the valid DHCP servers as trusted to ensure that DHCP clients can obtain valid IP addresses. The trusted port and the port connected to the DHCP client must be in the same VLAN. You can specify Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces as trusted ports.
Page 308
To do… Use the command… Remarks dhcp-snooping information format Configure the Optional { normal | verbose padding format for [ node-identifier { mac | normal by default. Option 82 sysname | user-defined node-identifier } ] } Optional By default, the code type depends on the padding format of Option 82.
Displaying and Maintaining DHCP Snooping To do… Use the command… Remarks display dhcp-snooping [ ip Display DHCP snooping entries ip-address ] display dhcp-snooping Display Option 82 configuration information information { all | interface Available in any on the DHCP snooping device interface-type interface-number } view Display DHCP packet statistics on the...
[SwitchB-GigabitEthernet1/0/1] dhcp-snooping trust [SwitchB-GigabitEthernet1/0/1] quit DHCP Snooping Option 82 Support Configuration Example Network requirements As shown in Figure 5-3, enable DHCP snooping and Option 82 support on Switch B. Configure the handling strategy for DHCP requests containing Option 82 as replace. On GigabitEthernet 1/0/2, configure the padding content for the circuit ID sub-option as company001 and for the remote ID sub-option as device001.
BOOTP Client Configuration While configuring a BOOTP client, go to these sections for information you are interested in: Introduction to BOOTP Client Configuring an Interface to Dynamically Obtain an IP Address Through BOOTP Displaying and Maintaining BOOTP Client Configuration BOOTP client configuration only applies to VLAN interfaces. If several VLAN interfaces sharing the same MAC address obtain IP addresses through a BOOTP relay agent, the BOOTP server cannot be a Windows 2000 Server or Windows 2003 Server.
Because a DHCP server can interact with a BOOTP client, you can use the DHCP server to configure an IP address for the BOOTP client, without any BOOTP server. Obtaining an IP Address Dynamically A DHCP server can take the place of the BOOTP server in the following dynamic IP address acquisition.
Displaying and Maintaining BOOTP Client Configuration To do… Use the command… Remarks Display related information on a display bootp client [ interface Available in any BOOTP client interface-type interface-number ] view BOOTP Client Configuration Example Network requirement As shown in Figure 2-2, Switch B’s port belonging to VLAN 1 is connected to the LAN.
Page 314
Table of Contents 1 DNS Configuration·····································································································································1-1 DNS Overview·········································································································································1-1 Static Domain Name Resolution ·····································································································1-1 Dynamic Domain Name Resolution ································································································1-1 DNS Proxy·······································································································································1-3 Configuring the DNS Client·····················································································································1-4 Configuring Static Domain Name Resolution ··················································································1-4 Configuring Dynamic Domain Name Resolution·············································································1-4 Configuring the DNS Proxy·····················································································································1-5 Displaying and Maintaining DNS ············································································································1-5 DNS Configuration Examples ·················································································································1-5 Static Domain Name Resolution Configuration Example································································1-5 Dynamic Domain Name Resolution Configuration Example···························································1-6...
DNS Configuration When configuring DNS, go to these sections for information you are interested in: DNS Overview Configuring the DNS Client Configuring the DNS Proxy Displaying and Maintaining DNS DNS Configuration Examples Troubleshooting DNS Configuration This document only covers IPv4 DNS configuration. For information about IPv6 DNS configuration, refer to IPv6 Basics Configuration in the IP Services Volume.
Page 316
The DNS server looks up the corresponding IP address of the domain name in its DNS database. If no match is found, it sends a query to a higher level DNS server. This process continues until a result, whether successful or not, is returned. The DNS client returns the resolution result to the application after receiving a response from the DNS server.
If an alias is configured for a domain name on the DNS server, the device can resolve the alias into the IP address of the host. DNS Proxy Introduction to DNS proxy A DNS proxy forwards DNS requests and replies between DNS clients and a DNS server. As shown in Figure 1-2, a DNS client sends a DNS request to the DNS proxy, which forwards the...
Configuring the DNS Client Configuring Static Domain Name Resolution Follow these steps to configure static domain name resolution: To do… Use the command… Remarks Enter system view –– system-view Configure a mapping between a host Required name and IP address in the static ip host hostname ip-address Not configured by default.
Configuring the DNS Proxy Follow these steps to configure the DNS proxy: To do… Use the command… Remarks Enter system view — system-view Required Enable DNS proxy dns proxy enable Disabled by default. Displaying and Maintaining DNS To do… Use the command… Remarks Display the static domain name display ip host...
data bytes, press CTRL_C to break Reply from 10.1.1.2: bytes=56 Sequence=1 ttl=128 time=1 ms Reply from 10.1.1.2: bytes=56 Sequence=2 ttl=128 time=4 ms Reply from 10.1.1.2: bytes=56 Sequence=3 ttl=128 time=3 ms Reply from 10.1.1.2: bytes=56 Sequence=4 ttl=128 time=2 ms Reply from 10.1.1.2: bytes=56 Sequence=5 ttl=128 time=3 ms --- host.com ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
Page 321
Figure 1-5, right click Forward Lookup Zones, select New zone, and then follow the instructions to create a new zone named com. Figure 1-5 Create a zone # Create a mapping between the host name and IP address. Figure 1-6 Add a host Figure 1-6, right click zone com, and then select New Host to bring up a dialog box as shown in Figure...
Page 322
Figure 1-7 Add a mapping between domain name and IP address Configure the DNS client # Enable dynamic domain name resolution. <Sysname> system-view [Sysname] dns resolve # Specify the DNS server 2.1.1.2. [Sysname] dns server 2.1.1.2 # Configure com as the name suffix. [Sysname] dns domain com Configuration verification # Execute the ping host command on the Switch to verify that the communication between the Switch...
DNS Proxy Configuration Example Network requirements Specify Switch A as the DNS server of Switch B (the DNS client). Switch A acts as a DNS proxy. The IP address of the real DNS server is 4.1.1.1. Switch B implements domain name resolution through Switch A. Figure 1-8 Network diagram for DNS proxy Configuration procedure Before performing the following configuration, assume that Switch A, the DNS server, and the host are...
# Specify the DNS server 2.1.1.2. [SwitchB] dns server 2.1.1.2 Configuration verification # Execute the ping host.com command on Switch B to verify that the communication between the Switch and the host is normal and that the corresponding destination IP address is 3.1.1.1. [SwitchB] ping host.com Trying DNS resolve, press CTRL_C to break Trying DNS server (2.1.1.2)
Page 325
Table of Contents 1 IP Performance Optimization Configuration···························································································1-1 IP Performance Overview ·······················································································································1-1 Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network ············1-1 Enabling Reception of Directed Broadcasts to a Directly Connected Network·······························1-1 Enabling Forwarding of Directed Broadcasts to a Directly Connected Network ·····························1-2 Configuration Example ····················································································································1-2 Configuring TCP Optional Parameters ···································································································1-3 Configuring ICMP to Send Error Packets ·······························································································1-4...
IP Performance Optimization Configuration When optimizing IP performance, go to these sections for information you are interested in: IP Performance Overview Enabling Reception and Forwarding of Directed Broadcasts to a Directly Connected Network Configuring TCP Optional Parameters Configuring ICMP to Send Error Packets Displaying and Maintaining IP Performance Optimization IP Performance Overview In some network environments, you can adjust the IP parameters to achieve best network performance.
Enabling Forwarding of Directed Broadcasts to a Directly Connected Network Follow these steps to enable the device to forward directed broadcasts: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the interface to forward ip forward-broadcast [ acl By default, the device is...
[SwitchA-Vlan-interface3] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 2.2.2.2 24 # Enable VLAN-interface 2 to forward directed broadcasts. [SwitchA-Vlan-interface2] ip forward-broadcast Configure Switch B # Enable Switch B to receive directed broadcasts. <SwitchB> system-view [SwitchB] ip forward-broadcast # Configure a static route to the host. [SwitchB] ip route-static 1.1.1.1 24 2.2.2.2 # Configure an IP address for VLAN-interface 2.
The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer Configuring ICMP to Send Error Packets Sending error packets is a major function of ICMP.
Page 330
When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet’s port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet. If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure”...
Displaying and Maintaining IP Performance Optimization To do… Use the command… Remarks Display current TCP connection state display tcp status Display TCP connection statistics display tcp statistics Display UDP statistics display udp statistics display ip statistics [ slot Display statistics of IP packets slot-number ] display icmp statistics [ slot Display statistics of ICMP flows...
UDP Helper Configuration When configuring UDP Helper, go to these sections for information you are interested in: Introduction to UDP Helper Configuring UDP Helper Displaying and Maintaining UDP Helper UDP Helper Configuration Examples UDP Helper can be currently configured on VLAN interfaces only. Introduction to UDP Helper Sometimes, a host needs to forward broadcasts to obtain network configuration information or request the names of other devices on the network.
To do… Use the command… Remarks interface interface-type Enter interface view — interface-number Required Specify the destination server to which UDP packets No destination server is specified udp-helper server ip-address are to be forwarded by default. The UDP Helper enabled device cannot forward DHCP broadcast packets. That is to say, the UDP port number cannot be set to 67 or 68.
Page 335
Figure 1-1 Network diagram for UDP Helper configuration Configuration procedure The following configuration assumes that a route from Switch A to the network segment 10.2.0.0/16 is available. # Enable UDP Helper. <SwitchA> system-view [SwitchA] udp-helper enable # Enable the forwarding broadcast packets with the UDP destination port 55. [SwitchA] udp-helper port 55 # Specify the destination server 10.2.1.1 on VLAN-interface 1.
Page 336
Table of Contents 1 IPv6 Basics Configuration ························································································································1-1 IPv6 Overview ·········································································································································1-1 IPv6 Features ··································································································································1-1 Introduction to IPv6 Address ···········································································································1-3 Introduction to IPv6 Neighbor Discovery Protocol···········································································1-5 IPv6 PMTU Discovery ·····················································································································1-8 Introduction to IPv6 DNS ·················································································································1-9 Protocols and Standards ·················································································································1-9 IPv6 Basics Configuration Task List ·······································································································1-9 Configuring Basic IPv6 Functions ·········································································································1-10 Enabling IPv6 ································································································································1-10 Configuring an IPv6 Unicast Address····························································································1-10...
IPv6 Basics Configuration When configuring IPv6 basics, go to these sections for information you are interested in: IPv6 Overview IPv6 Basics Configuration Task List Configuring Basic IPv6 Functions Configuring IPv6 NDP Configuring PMTU Discovery Configuring IPv6 TCP Properties Configuring ICMPv6 Packet Sending Configuring IPv6 DNS Client Displaying and Maintaining IPv6 Basics Configuration IPv6 Configuration Example...
Page 338
the IPv4 address size, the basic IPv6 header size is 40 bytes and is only twice the IPv4 header size (excluding the Options field). Figure 1-1 Comparison between IPv4 packet header format and basic IPv6 packet header format Adequate address space The source and destination IPv6 addresses are both 128 bits (16 bytes) long.
Enhanced neighbor discovery mechanism The IPv6 neighbor discovery protocol is implemented through a group of Internet Control Message Protocol Version 6 (ICMPv6) messages that manage the information exchange between neighbor nodes on the same link. The group of ICMPv6 messages takes the place of Address Resolution Protocol (ARP) messages, Internet Control Message Protocol version 4 (ICMPv4) router discovery messages, and ICMPv4 redirection messages and provides a series of other functions.
Page 340
Anycast address: An identifier for a set of interfaces (typically belonging to different nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the target interface is nearest to the source, according to a routing protocol’s measure of distance).
Multicast address IPv6 multicast addresses listed in Table 1-2 are reserved for special purpose. Table 1-2 Reserved IPv6 multicast addresses Address Application FF01::1 Node-local scope all nodes multicast address FF02::1 Link-local scope all nodes multicast address FF01::2 Node-local scope all routers multicast address FF02::2 Link-local scope all routers multicast address FF05::2...
Page 342
Duplicate address detection Router/prefix discovery and address autoconfiguration Redirection Table 1-3 lists the types and functions of ICMPv6 messages used by the NDP. Table 1-3 Types and functions of ICMPv6 messages ICMPv6 message Number Function Used to acquire the link-layer address of a neighbor Neighbor solicitation (NS) Used to verify whether the neighbor is reachable message...
Page 343
After receiving the NS message, node B judges whether the destination address of the packet is its solicited-node multicast address. If yes, node B learns the link-layer address of node A, and then unicasts an NA message containing its link-layer address. Node A acquires the link-layer address of node B from the NA message.
The router returns an RA message containing information such as prefix information option. (The router also regularly sends an RA message.) The node automatically generates an IPv6 address and other information for its interface according to the address prefix and other configuration parameters in the RA message. In addition to an address prefix, the prefix information option also contains the preferred lifetime and valid lifetime of the address prefix.
The source host uses its MTU to send packets to the destination host. If the MTU supported by a forwarding interface is smaller than the packet size, the forwarding device will discard the packet and return an ICMPv6 error packet containing the interface MTU to the source host.
Task Remarks Configuring ICMPv6 Packet Sending Optional Configuring IPv6 DNS Client Optional Configuring Basic IPv6 Functions Enabling IPv6 Before performing IPv6-related configurations, you need to Enable IPv6. Otherwise, an interface cannot forward IPv6 packets even if it has an IPv6 address configured. Follow these steps to Enable IPv6: To do...
To do... Use the command... Remarks Automatically Optional generate a link-local ipv6 address auto By default, after an IPv6 address for the Configure link-local site-local address or interface an IPv6 aggregatable global unicast link-local address is configured for an Manually assign a address interface, a link-local address ipv6 address...
Follow these steps to configure a static neighbor entry: To do... Use the command... Remarks Enter system view — system-view ipv6 neighbor ipv6-address mac-address { vlan-id Configure a static port-type port-number | interface interface-type Required neighbor entry interface-number } You can adopt either of the two methods above to configure a static neighbor entry. After a static neighbor entry is configured by using the first method, the device needs to resolve the corresponding Layer 2 port information of the VLAN interface.
Page 349
Table 1-4 Parameters in an RA message and their descriptions Parameters Description When sending an IPv6 packet, a host uses the value to fill the Cur Hop Limit Cur hop limit field in IPv6 headers. The value is also filled into the Cur Hop Limit field in response messages of a device.
Page 350
To do… Use the command… Remarks Required Disable the RA message By default, RA messages are undo ipv6 nd ra halt suppression suppressed. Optional By default, the maximum interval for sending RA messages is 600 seconds, and the minimum interval is 200 seconds. Configure the maximum and ipv6 nd ra interval The device sends RA messages...
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages. Configuring the Maximum Number of Attempts to Send an NS Message for DAD An interface sends a neighbor solicitation (NS) message for duplicate address detection after acquiring an IPv6 address.
MTU. After the aging time expires, the dynamic PMTU is removed and the source host re-determines a dynamic path MTU through the PMTU mechanism. The aging time is invalid for a static PMTU. Follow these steps to configure the aging time for dynamic PMTUs: To do…...
successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until the capacity of the token bucket is restored. Follow these steps to configure the capacity and update interval of the token bucket: To do…...
Configuring IPv6 DNS Client Configuring Static IPv6 Domain Name Resolution Configuring static IPv6 domain name resolution is to establish the mapping between a host name and an IPv6 address. When using such applications as Telnet, you can directly input a host name and the system will resolve the host name into an IPv6 address.
Displaying and Maintaining IPv6 Basics Configuration To do… Use the command… Remarks Display DNS suffix information display dns domain [ dynamic ] Display IPv6 dynamic domain name display dns ipv6 dynamic-host cache information Display IPv6 DNS server information display dns ipv6 server [ dynamic ] display ipv6 fib [ slot-number ] Display the IPv6 FIB entries [ ipv6-address ]...
The display dns domain command is the same as the one of IPv4 DNS. For details about the commands, refer to DNS Commands in the IP Services Volume. IPv6 Configuration Example Network requirements Host, Switch A and Switch B are directly connected through Ethernet ports. Add the Ethernet ports into corresponding VLANs, configure IPv6 addresses for the VLAN interfaces and verify the connectivity between them.
Page 357
Configure Switch B # Enable IPv6. <SwitchB> system-view [SwitchB] ipv6 # Configure an aggregatable global unicast address for VLAN-interface 2. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address 3001::2/64 # Configure an IPv6 static route with destination IP address 2001::/64 and next hop address 3001::1. [SwitchB-Vlan-interface2] ipv6 route-static 2001:: 64 3001::1 Configure Host Enable IPv6 for Host to automatically get an IPv6 address through IPv6 NDP.
Page 358
ReasmReqds: ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: 25747 OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: [SwitchA-Vlan-interface1] display ipv6 interface vlan-interface 1 verbose Vlan-interface1 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1C0 Global unicast address(es): 2001::1, subnet is 2001::/64 Joined group address(es):...
Page 359
ReasmOKs: InFragDrops: InFragTimeouts: OutFragFails: InUnknownProtos: InDelivers: OutRequests: 1012 OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Display the IPv6 interface settings on Switch B. [SwitchB-Vlan-interface2] display ipv6 interface vlan-interface 2 verbose Vlan-interface2 current state :UP Line protocol current state :UP IPv6 is enabled, link-local address is FE80::20F:E2FF:FE00:1234 Global unicast address(es): 3001::2, subnet is 3001::/64...
Page 360
OutFragFails: InUnknownProtos: InDelivers: OutRequests: OutForwDatagrams: InNoRoutes: InTooBigErrors: OutFragOKs: OutFragCreates: InMcastPkts: InMcastNotMembers: OutMcastPkts: InAddrErrors: InDiscards: OutDiscards: # Ping Switch A and Switch B on Host, and ping Switch A and Host on Switch B to verify the connectivity between them. When you ping a link-local address, you should use the “–i” parameter to specify an interface for the link-local address.
Troubleshooting IPv6 Basics Configuration Symptom The peer IPv6 address cannot be pinged. Solution Use the display current-configuration command in any view or the display this command in system view to verify that IPv6 is enabled. Use the display ipv6 interface command in any view to verify that the IPv6 address of the interface is correct and the interface is up.
Dual Stack Configuration When configuring dual stack, go to these sections for information you are interested in: Dual Stack Overview Configuring Dual Stack Dual Stack Overview Dual stack is the most direct approach to making IPv6 nodes compatible with IPv4 nodes. The best way for an IPv6 node to be compatible with an IPv4 node is to maintain a complete IPv4 stack.
Page 364
To do… Use the command… Remarks Required ip address ip-address By default, no IP Configure an IPv4 address for the interface { mask | mask-length } address is [ sub ] configured. Use either ipv6 address Manually specify { ipv6-address prefix-length command.
Page 365
Table of Contents 1 Tunneling Configuration···························································································································1-1 Introduction to Tunneling ························································································································1-1 IPv6 over IPv4 Tunnel ·····················································································································1-2 Protocols and Standards ·················································································································1-4 Tunneling Configuration Task List ··········································································································1-5 Configuring IPv6 Manual Tunnel·············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuration Example ····················································································································1-6 Configuring 6to4 Tunnel························································································································1-10 Configuration Prerequisites ···········································································································1-10 Configuration Procedure················································································································1-10 6to4 Tunnel Configuration Example ······························································································1-11 Configuring ISATAP Tunnel··················································································································1-14...
Tunneling Configuration When configuring tunneling, go to these sections for information you are interested in: Introduction to Tunneling Tunneling Configuration Task List Configuring IPv6 Manual Tunnel Configuring 6to4 Tunnel Configuring ISATAP Tunnel Displaying and Maintaining Tunneling Configuration Troubleshooting Tunneling Configuration The tunnel interface number is in the A/B/C format, where A, B, and C represent the IRF member device ID, the sub-slot number, and the tunnel interface number respectively.
For related configuration about the dual protocol stack, refer to Dual Stack Configuration in the IP Services Volume. The 3Com Switches 4800G do not support NAT-PT. IPv6 over IPv4 Tunnel Implementation The IPv6 over IPv4 tunneling mechanism encapsulates an IPv4 header in IPv6 data packets so that...
Page 368
The encapsulated packet goes through the tunnel to reach the device at the destination end of the tunnel. The device at the destination end decapsulates the packet if the destination address of the encapsulated packet is the device itself. The destination device forwards the packet according to the destination address in the decapsulated IPv6 packet.
A manually configured tunnel is a point-to-point link. Each link is a separate tunnel. IPv6 manually configured tunnels are mainly used to provide stable connections for regular secure communication between border routers or between border routers and hosts for access to remote IPv6 networks. 6to4 tunnel An automatic 6to4 tunnel is a point-to-multipoint tunnel and is used to connect multiple isolated IPv6 networks over an IPv4 network to remote IPv6 networks.
Tunneling Configuration Task List Complete the following tasks to configure the tunneling feature: Task Remarks Configuring IPv6 Manual Tunnel Optional Configuring IPv6 Configuring 6to4 Tunnel Optional over IPv4 tunnel Configuring ISATAP Tunnel Optional Configuring IPv6 Manual Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for the interface-number } tunnel. Required Configure a destination By default, no destination destination ip-address address for the tunnel address is configured for the...
Page 372
Figure 1-3 Network diagram for an IPv6 manual tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 373
# Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route to IPv6 Group 2 through tunnel 1/0/0 on Switch A. [SwitchA] ipv6 route-static 3003:: 64 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
Page 374
Global unicast address(es): 3001::1, subnet is 3001::/64 Joined group address(es): FF02::1:FFA8:6401 FF02::1:FF00:1 FF02::1:FF00:0 FF02::2 FF02::1 MTU is 1480 bytes ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses IPv6 Packet statistics: InReceives: [SwitchB] display ipv6 interface tunnel 1/0/0 verbose Tunnel1/0/0 current state :UP...
bytes=56 Sequence=5 hop limit=64 time = 1 ms --- 3003::1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms Configuring 6to4 Tunnel Configuration Prerequisites Configure IP addresses for interfaces (such as the VLAN interface and loopback interface) on the device to ensure normal communication.
To do… Use the command… Remarks Required source { ip-address | Configure a source address or By default, no source address interface-type interface for the tunnel or interface is configured for interface-number } the tunnel. Required Reference a service loopback service-loopback-group By default, no service loopback group...
Page 377
Figure 1-4 Network diagram for a 6to4 tunnel Configuration procedure Make sure that Switch A and Switch B have the corresponding VLAN interfaces created and are reachable to each other. Configuration on Switch A # Enable IPv6. <SwitchA> system-view [SwitchA] ipv6 # Configure an IPv4 address for VLAN-interface 100.
Page 378
[SwitchA-Tunnel1/0/0] tunnel-protocol ipv6-ipv4 6to4 # Reference service loopback group 1 in tunnel interface view. [SwitchA-Tunnel1/0/0] service-loopback-group 1 [SwitchA-Tunnel1/0/0] quit # Configure a static route whose destination address is 2002::/16 and next-hop is the tunnel interface. [SwitchA] ipv6 route-static 2002:: 16 tunnel 1/0/0 Configuration on Switch B # Enable IPv6.
from 2002:201:101:1::2 with 32 bytes of data: Reply from 2002:501:101:1::2: bytes=32 time=13ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time=1ms Reply from 2002:501:101:1::2: bytes=32 time<1ms Ping statistics for 2002:501:101:1::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 13ms, Average = 3ms Configuring ISATAP Tunnel...
To do… Use the command… Remarks Required By default, the tunnel is an IPv6 manual tunnel. The tunnel-protocol ipv6-ipv4 Set an ISATAP tunnel same tunnel mode should isatap be configured at both ends of the tunnel. Otherwise, packet delivery will fail. Required source { ip-address | Configure a source address or...
Page 381
Figure 1-5 Network diagram for an ISATAP tunnel Configuration procedure Make sure that the corresponding VLAN interfaces have been created on the switch. Make sure that VLAN-interface 101 on the ISATAP switch and the ISATAP host are reachable to each other. Configuration on the switch # Enable IPv6.
Page 382
# Disable the RA suppression so that hosts can acquire information such as the address prefix from the RA message released by the ISATAP switch. [Switch-Tunnel1/0/0] undo ipv6 nd ra halt [Switch-Tunnel1/0/0] quit # Configure a static route to the ISATAP host. [Switch] ipv6 route-static 2001:: 16 tunnel 1/0/0 Configuration on the ISATAP host The specific configuration on the ISATAP host is related to its operating system.
DAD transmits 0 default site prefix length 48 # By comparison, it is found that the host acquires the address prefix 2001::/64 and automatically generates the address 2001::5efe:2.1.1.2. Meanwhile, “uses Router Discovery” is displayed, indicating that the router discovery function is enabled on the host. At this time, ping the IPv6 address of the tunnel interface of the switch.
Page 384
Table of Contents 1 sFlow Configuration ··································································································································1-1 sFlow Overview·······································································································································1-1 Introduction to sFlow ·······················································································································1-1 Operation of sFlow ··························································································································1-1 Configuring sFlow ···································································································································1-2 Displaying and Maintaining sFlow···········································································································1-2 sFlow Configuration Example ·················································································································1-3 Troubleshooting sFlow Configuration ·····································································································1-4 The Remote sFlow Collector Cannot Receive sFlow Packets ························································1-4...
sFlow Configuration When configuring sFlow, go to these sections for information you are interested in: sFlow Overview Configuring sFlow Displaying and Maintaining sFlow sFlow Configuration Example Troubleshooting sFlow Configuration sFlow Overview Introduction to sFlow Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics.
Specify the sFlow sampling sflow sampling-mode Currently, the determine mode mode { determine | random } is not supported on 3Com Switch 4800G. Specify the number of packets Optional out of which the interface will sflow sampling-rate rate 200000 by default.
sFlow Configuration Example Network requirements Host A and Server are connected to Switch through GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 respectively. Host B works as an sFlow collector with IP address 3.3.3.2 and port number 6343, and is connected to Switch through GigabitEthernet 1/0/3. GigabitEthernet 1/0/3 belongs to VLAN 1, having an IP address of 3.3.3.1.
Collector IP:3.3.3.2 Port:6343 Interval(s): 30 sFlow Port Information: Interface Direction Rate Mode Status Eth1/1 In/Out 100000 Random Active Troubleshooting sFlow Configuration The Remote sFlow Collector Cannot Receive sFlow Packets Symptom The remote sFlow collector cannot receive sFlow packets. Analysis sFlow is not enabled globally because the sFlow agent or/and the sFlow collector is/are not specified.
Page 389
IP Routing Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Routing Volume is organized as follows: Features Description This document describes: IP Routing Overview Introduction to IP routing and routing table Routing protocol overview A static route is manually configured by the administrator. The proper configuration and usage of static routes can improve network performance and ensure bandwidth for important network applications.
Page 390
Features Description Intermediate System-to-Intermediate System (IS-IS) is a link state protocol, which uses the shortest path first (SPF) algorithm. This document describes: Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks IS-IS Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes...
Page 391
IP address. Policy Routing The Switch 4800G implements policy routing through QoS policies. For details about traffic classification, traffic behavior and QoS policy configuration commands, refer to QoS Commands in the QoS Volume.
Page 392
Table of Contents 1 IP Routing Overview··································································································································1-1 IP Routing and Routing Table·················································································································1-1 Routing ············································································································································1-1 Routing Table ··································································································································1-1 Routing Protocol Overview ·····················································································································1-3 Static Routing and Dynamic Routing·······························································································1-3 Classification of Dynamic Routing Protocols···················································································1-3 Routing Protocols and Routing Priority ···························································································1-4 Load Balancing and Route Backup ·································································································1-4 Route Recursion······························································································································1-5 Sharing of Routing Information········································································································1-5 Configuring a Router ID ··························································································································1-5...
IP Routing Overview Go to these sections for information you are interested in: IP Routing and Routing Table Routing Protocol Overview Configuring a Router ID Displaying and Maintaining a Routing Table The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. IP Routing and Routing Table Routing Routing in the Internet is achieved through routers.
Page 394
Outbound interface: Specifies the interface through which the IP packets are to be forwarded. IP address of the next hop: Specifies the address of the next router on the path. If only the outbound interface is configured, its address will be the IP address of the next hop. Priority for the route.
Routing Protocol Overview Static Routing and Dynamic Routing Static routing is easy to configure and requires less system resources. It works well in small, stable networks with simple topologies. Its major drawback is that you must perform routing configuration again whenever the network topology changes; it cannot adjust to network changes by itself. Dynamic routing is based on dynamic routing protocols, which can detect network topology changes and recalculate the routes accordingly.
Routing Protocols and Routing Priority Different routing protocols may find different routes to the same destination. However, not all of those routes are optimal. In fact, at a particular moment, only one protocol can uniquely determine the current optimal route to the destination. For the purpose of route selection, each routing protocol (including static routes) is assigned a priority.
The number of routes for load balancing varies by device. In current implementations, routing protocols supporting load balancing are static routing, RIP, OSPF, BGP, and IS-IS. Route backup Route backup can help improve network reliability. With route backup, you can configure multiple routes to the same destination, expecting the one with the highest priority to be the main route and all the rest backup routes.
Displaying and Maintaining a Routing Table To do… Use the command… Remarks Display brief information about display ip routing-table [ vpn-instance Available in any the active routes in the routing vpn-instance-name ] [ verbose | | { begin | view table exclude | include } regular-expression ] Display information about...
Page 399
Table of Contents 1 Static Routing Configuration····················································································································1-1 Introduction ·············································································································································1-1 Static Route ·····································································································································1-1 Default Route···································································································································1-1 Application Environment of Static Routing ······················································································1-2 Configuring a Static Route ······················································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Detecting Reachability of the Static Route’s Nexthop ············································································1-3 Detecting Nexthop Reachability Through BFD ···············································································1-3 Detecting Nexthop Reachability Through Track··············································································1-4 Displaying and Maintaining Static Routes·······························································································1-5 Static Route Configuration Example ·······································································································1-6...
Static Routing Configuration When configuring a static route, go to these sections for information you are interested in: Introduction Configuring a Static Route Detecting Reachability of the Static Route’s Nexthop Displaying and Maintaining Static Routes Static Route Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction Static Route A static route is a manually configured.
The network administrator can configure a default route with both destination and mask being 0.0.0.0. The router forwards any packet whose destination address fails to match any entry in the routing table to the next hop of the default static route. Some dynamic routing protocols, such as OSPF, RIP and IS-IS, can also generate a default route.
Configuration Procedure Follow these steps to configure a static route: To do… Use the command… Remarks Enter system view — system-view ip route-static dest-address { mask | mask-length } { next-hop-address | interface-type interface-number next-hop-address | vpn-instance Required d-vpn-instance-name next-hop-address } [ preference preference-value ] [ tag tag-value ] By default, [ description description-text ]...
protocols and Multiprotocol Label Switching (MPLS). For details about BFD, refer to BFD Configuration in the High Availability Volume. After a static route is configured, you can enable BFD to detect the reachability of the static route's nexthop. Network requirements To detect the reachability of the static route's nexthop through BFD, you need to enable BFD first.
Configuration procedure Follow these steps to detect the reachability of a static route's nexthop through Track: To do… Use the command… Remarks Enter system view — system-view ip route-static dest-address { mask | mask-length } { next-hop-address | vpn-instance d-vpn-instance-name next-hop-address } track track-entry-number [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
Static Route Configuration Example Basic Static Route Configuration Example Network requirements The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes are required for interconnection between any two hosts. Figure 1-1 Network diagram for static route configuration Configuration procedure Configuring IP addresses for interfaces (omitted) Configuring static routes...
Page 406
Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.
Page 407
<1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.
Page 408
Table of Contents 1 RIP Configuration ······································································································································1-1 RIP Overview ··········································································································································1-1 Operation of RIP······························································································································1-1 Operation of RIP······························································································································1-2 RIP Version ·····································································································································1-2 RIP Message Format·······················································································································1-3 Supported RIP Features··················································································································1-5 Protocols and Standards ·················································································································1-5 Configuring RIP Basic Functions ············································································································1-5 Configuration Prerequisites ·············································································································1-5 Configuration Procedure··················································································································1-5 Configuring RIP Route Control ···············································································································1-7 Configuring an Additional Routing Metric ························································································1-7 Configuring RIPv2 Route Summarization························································································1-8 Disabling Host Route Reception ·····································································································1-9...
RIP Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. When configuring RIP, go to these sections for information you are interested in: RIP Overview Configuring RIP Basic Functions Configuring RIP Route Control Configuring RIP Network Optimization Displaying and Maintaining RIP...
Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. Route tag: Identifies a route, used in a routing policy to flexibly control routes. For information about routing policy, refer to Routing Policy Configuration in the IP Routing Volume.
RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, C. That is why RIPv1 does not support discontiguous subnets. RIPv2 is a classless routing protocol.
Page 412
RIPv2 message format The format of RIPv2 message is similar to RIPv1. Figure 1-2 shows it. Figure 1-2 RIPv2 Message Format The differences from RIPv1 are stated as following. Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address.
RFC 1723 only defines plain text authentication. For information about MD5 authentication, refer to RFC 2453 “RIP Version 2”. With RIPv1, you can configure the authentication mode in interface view. However, the configuration will not take effect because RIPv1 does not support authentication. Supported RIP Features The current implementation supports the following RIP features.
Page 414
If you make some RIP configurations in interface view before enabling RIP, those configurations will take effect after RIP is enabled. RIP runs only on the interfaces residing on the specified networks. Therefore, you need to specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional By default, if an interface has a RIP version specified, the version takes precedence over the global one. If no RIP Specify a global RIP version { 1 | 2 } version is specified for an...
To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Optional Define an inbound rip metricin [ route-policy additional routing metric route-policy-name ] value 0 by default Optional Define an outbound rip metricout [ route-policy additional routing metric route-policy-name ] value 1 by default...
You need to disable RIPv2 route automatic summarization before advertising a summary route on an interface. Disabling Host Route Reception Sometimes a router may receive from the same network many host routes, which are not helpful for routing and consume a large amount of network resources. In this case, you can disable RIP from receiving host routes to save network resources.
To do… Use the command… Remarks interface interface-type Enter interface view –– interface-number Optional rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] | advertise a default route if the to advertise a default route no-originate } RIP process is configured with...
Configuring a Priority for RIP Multiple IGP protocols may run in a router. If you want RIP routes to have a higher priority than those learned by other routing protocols, you can assign RIP a smaller priority value to influence optimal route selection.
Configuring RIP Timers You can change the RIP network convergence speed by adjusting RIP timers. Follow these steps to configure RIP timers: To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view ––...
Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable. Follow these steps to enable poison reverse: To do… Use the command… Remarks Enter system view —...
For a message received, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. Follow these steps to enable source IP address check on incoming RIP updates: To do…...
Follow these steps to specify a RIP neighbor: To do… Use the command… Remarks Enter system view –– system-view rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Specify a RIP neighbor Required peer ip-address Required Disable source address check undo validate-source-address on incoming RIP updates Not disabled by default...
To do… Use the command… Remarks Optional Configure the maximum number of RIP packets that By default, an interface sends output-delay time count count can be sent at the specified up to three RIP packets every interval 20 milliseconds. Displaying and Maintaining RIP To do…...
Page 425
[SwitchA-Vlan-interface101] ip address 172.17.1.1 24 [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] ip address 172.16.1.1 24 # Configure Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.168.1.2 24 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 101 [SwitchB-Vlan-interface101] ip address 10.2.1.1 24 [SwitchB-Vlan-interface101] quit Configure basic RIP functions # Configure Switch A.
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect -------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100 Destination/Mask Nexthop Cost Flags 10.0.0.0/8 192.168.1.2 10.2.1.0/24 192.168.1.2 10.1.1.0/24 192.168.1.2 From the routing table, you can see RIPv2 uses classless subnet mask. Since the routing information advertised by RIPv1 has a long aging time, it will still exist until it ages out after RIPv2 is configured.
Page 427
[SwitchA-rip-100] undo summary [SwitchA-rip-100] quit # Enable RIP 100 and RIP 200 and specify RIP version 2 on Switch B. <SwitchB> system-view [SwitchB] rip 100 [SwitchB-rip-100] network 11.0.0.0 [SwitchB-rip-100] version 2 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit...
12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure an filtering policy to filter redistributed routes # Configure ACL 2000 to filter routes redistributed from RIP 100 on Switch B, making the route 10.2.1.0/24 not advertised to Switch C.
Page 429
Figure 1-6 Network diagram for RIP interface additional metric configuration Configuration procedure Configure IP addresses for the interfaces (omitted). Configure RIP basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] rip 1 [SwitchA-rip-1] network 1.0.0.0 [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] quit # Configure Switch B.
# Display the IP routing table of Switch A. [SwitchA] display rip 1 database 1.0.0.0/8, cost 0, ClassfulSumm 1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 1, nexthop 1.1.2.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.2.2 The display shows that there are two RIP routes to network 1.1.5.0/24.
Page 431
Figure 1-7 Network diagram for RIP summary route advertisement Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B.
Page 432
<SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 11.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Switch C. [SwitchC-rip-1] import-route direct [SwitchC-rip-1] import-route ospf 1 # Display the routing table information of Switch D.
Troubleshooting RIP No RIP Updates Received Symptom: No RIP updates are received when the links work well. Analysis: After enabling RIP, you must use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages. If the peer is configured to send multicast messages, the same should be configured on the local end.
Page 434
Table of Contents 1 OSPF Configuration ··································································································································1-1 Introduction to OSPF·······························································································································1-1 Basic Concepts································································································································1-2 OSPF Area Partition ························································································································1-3 Classification of Routers··················································································································1-6 Classification of OSPF Networks ····································································································1-8 DR and BDR····································································································································1-8 OSPF Packet Formats·····················································································································1-9 Supported OSPF Features············································································································1-18 Protocols and Standards ···············································································································1-19 OSPF Configuration Task List ··············································································································1-19 Enabling OSPF ·····································································································································1-21 Prerequisites··································································································································1-21 Configuration Procedure················································································································1-21...
Page 435
Disabling Interfaces from Sending OSPF Packets········································································1-36 Configuring Stub Routers ··············································································································1-36 Configuring OSPF Authentication ·································································································1-37 Adding the Interface MTU into DD Packets···················································································1-38 Configuring the Maximum Number of External LSAs in LSDB ·····················································1-38 Making External Route Selection Rules Defined in RFC1583 Compatible···································1-38 Logging Neighbor State Changes ·································································································1-39 Configuring OSPF Network Management ·····················································································1-39 Enabling Message Logging ···········································································································1-40...
OSPF Configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). At present, OSPF version 2 (RFC2328) is used. When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPF OSPF Configuration Task List Enabling OSPF...
Area partition: Allows an AS to be split into different areas for ease of management and routing information transmitted between areas is summarized to reduce network bandwidth consumption. Equal-cost multi-route: Supports multiple equal-cost routes to a destination. Routing hierarchy: Supports a four-level routing hierarchy that prioritizes routes into intra-area, inter-area, external Type-1, and external Type-2 routes.
Router LSA: Type-1 LSA, originated by all routers, flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. Network LSA: Type-2 LSA, originated for broadcast and NBMA networks by the designated router, flooded throughout a single area only.
Page 439
Figure 1-1 OSPF area partition After area partition, area border routers perform route summarization to reduce the number of LSAs advertised to other areas and minimize the effect of topology changes. Backbone area and virtual links Each AS has a backbone area, which is responsible for distributing routing information between none-backbone areas.
Page 440
Figure 1-3 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. Therefore, you can configure interface parameters such as hello packet interval on the virtual link as they are configured on physical interfaces. The two ABRs on the virtual link exchange OSPF packets with each other directly, and the OSPF routers in between simply convey these OSPF packets as normal IP packets.
On the left of the figure, RIP routes are translated into Type-5 LSAs by the ASBR of Area 2 and distributed into the OSPF AS. However, Area 1 is an NSSA area, so these Type-5 LSAs cannot travel to Area 1. Like stub areas, virtual links cannot transit NSSA areas.
Page 442
Backbone Router At least one interface of a backbone router must be attached to the backbone area. Therefore, all ABRs and internal routers in area 0 are backbone routers. Autonomous System Border Router (ASBR) The router exchanging routing information with another AS is an ASBR, which may not reside on the boundary of the AS.
the same destination have the same cost, then take the cost from the router to the ASBR into consideration. Classification of OSPF Networks OSPF network types OSPF classifies networks into four types upon the link layer protocol: Broadcast: When the link layer protocol is Ethernet or FDDI, OSPF considers the network type broadcast by default.
If the DR fails to work, routers on the network have to elect another DR and synchronize information with the new DR. It is time-consuming and prone to routing calculation errors. The Backup Designated Router (BDR) is introduced to reduce the synchronization period. The BDR is elected along with the DR and establishes adjacencies for routing information exchange with all other routers.
Page 445
Figure 1-8 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header, as shown below. Figure 1-9 OSPF packet header Version: OSPF version number, which is 2 for OSPFv2. Type: OSPF packet type from 1 to 5, corresponding with hello, DD, LSR, LSU and LSAck respectively.
Page 446
Figure 1-10 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields: Network mask: Network mask associated with the router’s sending interface. If two routers have different network masks, they cannot become neighbors.
Page 447
Figure 1-11 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I DD sequence number LSA header LSA header Major fields: Interface MTU: Size in bytes of the largest IP datagram that can be sent out the associated interface, without fragmentation.
Page 448
Figure 1-12 LSR packet format Major fields: LS type: Type number of the LSA to be requested. Type 1 for example indicates the Router LSA. Link State ID: Determined by LSA type. Advertising Router: ID of the router that sent the LSA. LSU packet LSU (Link State Update) packets are used to send the requested LSAs to peers, and each packet carries a collection of LSAs.
Page 449
Figure 1-14 LSAck packet format LSA header format All LSAs have the same header, as shown in the following figure. Figure 1-15 LSA header format Major fields: LS age: Time in seconds elapsed since the LSA was originated. A LSA ages in the LSDB (added by 1 per second), but does not in transmission.
Page 450
Figure 1-16 Router LSA format LS age Options Linke state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields: Link State ID: ID of the router that originated the LSA. V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint.
Page 451
Figure 1-17 Network LSA format Major fields: Link State ID: The interface address of the DR Network mask: The mask of the network (a broadcast or NBMA network) Attached router: The IDs of the routers, which are adjacent to the DR, including the DR itself Summary LSA Network summary LSAs (Type-3 LSAs) and ASBR summary LSAs (Type-4 LSAs) are originated by ABRs.
Page 452
A Type-3 LSA can be used to advertise a default route, having the Link State ID and Network Mask set to 0.0.0.0. AS external LSA An AS external LSA originates from an ASBR, describing routing information to a destination outside the AS.
Figure 1-20 NSSA external LSA format Supported OSPF Features Multi-process With multi-process support, multiple OSPF processes can run on a router simultaneously and independently. Routing information interactions between different processes seem like interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.
forwarding table based on the new routing information received from neighbors and removes the stale routes. OSPF supports multi-instance, which can run in VPN networks. In BGP MPLS VPN networks, multiple sites in the same VPN can use OSPF as the internal routing protocol, but they are treated as different ASs.
Page 455
Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required Configuring a Stub Area Configuring OSPF Optional Configuring an NSSA Area Areas Configuring a Virtual Link Configuring the OSPF Network Type for an Interface as Optional Broadcast Configuring OSPF Configuring the OSPF Network Type for an Interface as NBMA Optional Network Types...
Task Remarks Configuration Prerequisites Optional Configuring a Loopback Interface Optional Configuring OSPF Sham Link Advertising Routes of a Loopback Interface Optional Creating a Sham Link Optional Configuring the OSPF GR Restarter Optional Configuring OSPF Configuring the OSPF GR Helper Optional Graceful Restart Triggering OSPF Graceful Restart Optional...
To do… Use the command… Remarks Required Configure an OSPF area and area area-id enter OSPF area view Not configured by default. Optional Configure a description for description description the area Not configured by default. Specify a network to enable Required network ip-address OSPF on the interface...
To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ] * Enter area view — area area-id Required Configure the area as a stub stub [ no-summary ] area Not configured by default.
It is required to use the nssa command on all the routers attached to an NSSA area. Using the default-cost command only takes effect on the ABR/ASBR of an NSSA area. Configuring a Virtual Link Non-backbone areas exchange routing information via the backbone area. Therefore, connectivity between the backbone and non-backbone areas and within the backbone itself must be maintained.
Prerequisites Before configuring OSPF network types, you have configured: IP addresses for interfaces, making neighboring nodes accessible with each other at network layer. OSPF basic functions. Configuring the OSPF Network Type for an Interface as Broadcast Follow these steps to configure the OSPF network type for an interface as broadcast: To do…...
The DR priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences: The former is for actual DR election. The latter is to indicate whether a neighbor has the election right or not. If you configure the DR priority for a neighbor as 0, the local router will consider the neighbor has no election right, and thus no hello packet is sent to this neighbor, reducing the number of hello packets for DR/BDR election on networks.
OSPF basic functions Corresponding filters if routing information filtering is needed. Configuring OSPF Route Summarization Route summarization: An ABR or ASBR summarizes routes with the same prefix into a single route and distribute it to other areas. Through route summarization, routing information across areas and the size of routing tables on routers will be reduced, improving calculation speed of routers.
To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — instance-name ]* Required asbr-summary ip-address { mask Configure ASBR route The command is available on an | mask-length } [ tag tag | summarization ASBR only.
To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Enter area view — area area-id Required Configure ABR Type-3 LSA filter { acl-number | ip-prefix Not configured by filtering ip-prefix-name } { import | export }...
To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, the maximum number Configure the maximum-routes { external | inter | of AS external routes, inter-area maximum number of intra } number...
Configuring OSPF Route Redistribution Configure route redistribution into OSPF If the router runs OSPF and other routing protocols, you can configure OSPF to redistribute RIP, IS-IS, BGP, static, or direct routes and advertise these routes in Type-5 LSAs or Type-7 LSAs. By filtering redistributed routes, OSPF translates only routes not filtered out into Type-5 LSAs or Type-7 LSAs for advertisement.
The default-route-advertise summary cost command is applicable only to VPN, and the default route is redistributed in a Type-3 LSA. The PE router will advertise the default route to the CE router. Configure the default parameters for redistributed routes You can configure default parameters such as the cost, upper limit, tag and type for redistributed routes. Tags are used to indicate information related to protocols.
Configure OSPF authentication to meet high security requirements of some mission-critical networks. Configure OSPF network management functions, such as binding OSPF MIB with a process, sending trap information and collecting log information. Prerequisites Before configuring OSPF network optimization, you have configured: IP addresses for interfaces;...
The hello and dead intervals restore to default values after you change the network type for an interface. The dead interval should be at least four times the hello interval on an interface. The poll interval is at least four times the hello interval. The retransmission interval should not be so small for avoidance of unnecessary LSA retransmissions.
With this task configured, when network changes are not frequent, SPF calculation applies at the minimum-interval. If network changes become frequent, SPF calculation interval is incremented by incremental-interval × 2 (n is the number of calculation times) each time a calculation occurs, up to the maximum-interval.
With this command configured, when network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, LSA generation interval is incremented by incremental-interval•2n-2 (n is the number of generation times) each time a generation occurs, up to the maximum-interval.
Follow these steps to configure a router as a stub router: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | vpn-instance Enter OSPF view — instance-name ] * Required Configure the router as a stub-router stub router Not configured by default.
Adding the Interface MTU into DD Packets Generally, when an interface sends a DD packet, it adds 0 into the Interface MTU field of the DD packet rather than the interface MTU. Follow these steps to add the interface MTU into DD packets: To do…...
To avoid routing loops, it is recommended to configure all the routers to be either compatible or incompatible with the external route selection rules defined in RFC 1583. Logging Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do…...
Enabling Message Logging Follow these steps to enable message logging: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Required Enable message enable log [ config | error | state ] logging Not enabled by default.
Follow these steps to configure the LSU transmit rate: To do… Use the command… Remarks Enter system view — system-view ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance instance-name ] * Optional By default, an OSPF Configure the LSU transmit-pacing interval interval count interface sends up to three...
To do… Use the command… Remarks ipv4-family vpn-instance Enter BGP VPN instance view Required vpn-instance-name Inject direct routes, that is, Required import-route direct loopback host routes For BGP VPN information, refer to MCE Configuration in the IP Routing Volume. Creating a Sham Link Follow these steps to create a sham link: To do…...
Configuring OSPF Graceful Restart One device can act as both a GR Restarter and GR Helper at the same time. OSPF GR can be implemented through: IETF standard GR capable routers. The GR restarter communicates with GR helpers by exchanging Type-9 Opaque LSAs called Grace LSAs. Non IETF standard GR capable routers.
To do… Use the command… Remarks enable Required Enable the out-of-band out-of-band-resynchronizati re-synchronization capability Disabled by default Enable non IETF standard Required graceful-restart Graceful Restart capability for [ nonstandard ] Disabled by default OSPF Optional Configure Graceful Restart graceful-restart interval timer interval for OSPF 120 seconds by default Configuring the OSPF GR Helper...
Triggering OSPF Graceful Restart Performing the following configuration on an OSPF router will trigger an OSPF Graceful Restart process. Follow these steps to trigger OSPF Graceful Restart: To do… Use the command… Remarks Required reset ospf [ process-id ] Trigger OSPF Graceful Restart Available in user view process graceful-restart Displaying and Maintaining OSPF...
To do… Use the command… Remarks reset ospf [ process-id ] process Reset an OSPF process [ graceful-restart ] Re-enable OSPF route reset ospf [ process-id ] redistribution redistribution OSPF Configuration Examples These examples only cover commands for OSPF configuration. Configuring OSPF Basic Functions Network requirements As shown in the following figure, all switches run OSPF.
Page 483
Neighbor state change count: 5 Neighbors Area 0.0.0.1 interface 10.2.1.1(Vlan-interface200)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Switch A.
Network 10.2.1.1 10.2.1.1 80000010 Sum-Net 10.5.1.0 10.2.1.1 80000003 Sum-Net 10.3.1.0 10.2.1.1 1069 8000000F Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Switch D. [SwitchD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination...
Page 485
Figure 1-22 Network diagram for OSPF redistributing routes from outside of an AS Configuration procedure Configure IP addresses for interfaces (omitted). Configure OSPF basic functions (Refer to Configuring OSPF Basic Functions). Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.2.0/24. <SwitchC>...
10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to Advertise a Summary Route Network requirements As shown in the following figure: Switch A and Switch B are in AS 200, which runs OSPF.
Page 487
[SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.
[SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 O_ASE 11.2.1.1 Vlan100 10.2.1.0/24 O_ASE 11.2.1.1 Vlan100 10.3.1.0/24 O_ASE 11.2.1.1...
Page 489
Figure 1-24 Network diagram for OSPF Stub area configuration Switch A Switch B Area 0 Vlan-int100 10.1.1.1/24 Vlan-int100 10.1.1.2/24 Vlan-int200 Vlan-int200 10.2.1.1/24 10.3.1.1/24 Vlan-int200 Vlan-int200 Area 1 Area 2 10.3.1.2/24 10.2.1.2/24 Stub ASBR Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces (omitted).
Page 490
Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 In the above output, since Switch C resides in a normal OSPF area, its routing table contains an external route.
When Switch C resides in the Stub area, a default route takes the place of the external route. # Filter Type-3 LSAs out the stub area [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] stub no-summary [SwitchA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Switch C. [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables...
Page 492
Figure 1-25 Network diagram for OSPF NSSA area configuration Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions (refer to Configuring OSPF Basic Functions). Configure Area 1 as an NSSA area. # Configure Switch A. [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit...
0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure Switch C to redistribute static routes. [SwitchC] ip route-static 3.1.3.1 24 11.1.1.1 [SwitchC] ospf [SwitchC-ospf-1] import-route static [SwitchC-ospf-1] quit...
Page 494
Figure 1-26 Network diagram for OSPF DR election configuration Configuration procedure Configure IP addresses for interfaces (omitted) Configure OSPF basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.
Page 495
[SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4...
Page 496
# Display neighbor information on Switch D. [SwitchD] display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...
Page 497
Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode: Nbr is Slave Priority: 100 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way...
192.168.1.2 Broadcast DROther 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR/BDR. Configuring OSPF Virtual Links Network requirements In the following figure, Area 2 has no direct connection to Area 0, and Area 1 acts as the Transit Area to connect Area 2 to Area 0 via a configured virtual link between Switch B and Switch C.
Page 499
<SwitchC> system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] area 2 [SwitchC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchC–ospf-1-area-0.0.0.2] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit # Display the OSPF routing table of Switch B.
[SwitchB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.3.1.0/24 Inter 10.2.1.2 3.3.3.3 0.0.0.0 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0...
Page 501
[SwitchA-ospf-100-area-0.0.0.0] return Configure Switch B <SwitchB> system-view [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule 10 permit source 192.1.1.1 0.0.0.0 [SwitchB-acl-basic-2000] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ip address 192.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] quit [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] graceful-restart help 2000 [SwitchB-ospf-100] area 0 [SwitchB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 Configure Switch C...
10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 10.5.1.0/24 OSPF 10.1.1.2 Vlan100 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The route destined for network 3.1.3.0/24 is filtered out. On Switch A, filter out the route 10.5.1.1/24.
Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment and mask (a P2P or virtual link may have different network segments and masks). Processing steps Display OSPF neighbor information using the display ospf peer command.
Page 506
Table of Contents 1 IS-IS Configuration ····································································································································1-1 IS-IS Overview ········································································································································1-1 Basic Concepts································································································································1-1 IS-IS Area ········································································································································1-3 IS-IS Network Type ·························································································································1-5 IS-IS PDU Format····························································································································1-6 Supported IS-IS Features··············································································································1-12 Protocols and Standards ···············································································································1-14 IS-IS Configuration Task List ················································································································1-15 Configuring IS-IS Basic Functions ········································································································1-16 Configuration Prerequisites ···········································································································1-16 Enabling IS-IS································································································································1-16 Configuring the IS Level and Circuit Level ····················································································1-16 Configuring the Network Type of an Interface as P2P ··································································1-17...
Page 507
Enabling the Logging of Neighbor State Changes················································································1-33 Enabling IS-IS SNMP Trap ···················································································································1-33 Binding an IS-IS Process with MIBs ·····································································································1-33 Displaying and Maintaining IS-IS ··········································································································1-34 IS-IS Configuration Example·················································································································1-35 IS-IS Basic Configuration ··············································································································1-35 DIS Election Configuration ············································································································1-39 Configuring IS-IS Route Redistribution ·························································································1-44 IS-IS-based Graceful Restart Configuration Example···································································1-47 IS-IS Authentication Configuration Example ·················································································1-49...
IS-IS Configuration When configuring IS-IS, go to these sections for information you are interested in: IS-IS Overview IS-IS Configuration Task List Configuring IS-IS Basic Functions Configuring IS-IS Routing Information Control Tuning and Optimizing IS-IS Networks Configuring IS-IS Authentication Configuring System ID to Host Name Mappings Configuring IS-IS GR Enabling the Logging of Neighbor State Changes Enabling IS-IS SNMP Trap...
Page 509
Routing domain (RD). A group of ISs exchanges routing information with each other using the same routing protocol in a routing domain. Area. An area is a unit in a routing domain. The IS-IS protocol allows a routing domain to be divided into multiple areas.
Divide the extended IP address into 3 sections with 4 digits in each section to get the system ID 1680.1000.1001. There are other methods to define a system ID. The principle is to make sure it can uniquely identify a host or router.
Page 511
The Level-1 routers in different areas can not establish neighbor relationships. The neighbor relationship establishment of Level-2 routers has nothing to do with area. Figure 1-2 shows an IS-IS network topology. Area 1 comprises a set of Level-2 routers and is the backbone.
The IS-IS backbone does not need to be a specific Area. Both the IS-IS Level-1 and Level-2 routers use the SPF algorithm to generate the shortest path tree (SPT). Routing method A Level-1 router makes routing decisions based on the system ID. If the destination is not in the area, the packet is forwarded to the nearest Level-1-2 router.
The Level-1 and Level-2 DISs are elected respectively. You can assign different priorities for different level DIS elections. The higher a router’s priority is, the more likelihood the router becomes the DIS. If there are multiple routers with the same highest DIS priority, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected.
Page 514
Figure 1-5 PDU format Common header format Figure 1-6 shows the PDU common header format. Figure 1-6 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Intradomain Routing Protocol Discriminator: Set to 0x83.
Page 515
Hello Hello packets are used by routers to establish and maintain neighbor relationships. A hello packet is also called an IS-to-IS hello PDU (IIH). For broadcast networks, the Level-1 routers use the Level-1 LAN IIHs; and the Level-2 routers use the Level-2 LAN IIHs. The P2P IIHs are used on point-to-point networks.
Page 516
Figure 1-8 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDUs (LSP) carry link state information. LSP involves two types: Level-1 LSP and Level-2 LSP.
Page 517
PDU Length: Total length of the PDU in bytes. Remaining Lifetime: LSP remaining lifetime in seconds. LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). Sequence Number: LSP sequence number. Checksum: LSP checksum.
Page 518
Figure 1-11 L1/L2 CSNP format PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request new LSPs from neighbors. Figure 1-12 shows the PSNP packet format.
Figure 1-13 CLV format Table 1-2 shows that different PDUs contain different CLVs. Table 1-2 CLV name and the corresponding PDU type CLV Code Name PDU Type Area Addresses IIH, LSP IS Neighbors (LSP) Partition Designated Level2 IS L2 LSP IS Neighbors (MAC Address) LAN IIH IS Neighbors (SNPA Address)
Page 520
IS-IS Graceful Restart For detailed GR information, refer to GR Overview in the High Availability Volume. After an IS-IS GR Restarter restarts IS-IS, it needs to complete the following two tasks to synchronize the LSDB with its neighbors. To obtain effective IS-IS neighbor information without changing adjacencies. To obtain the LSDB contents.
A virtual system is identified by an additional system ID and generates extended LSP fragments. Original LSP It is the LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system. Extended LSP Extended LSPs are generated by virtual systems.
Task Remarks Configuring IS-IS GR Optional Enabling the Logging of Neighbor State Changes Optional Enabling IS-IS SNMP Trap Optional Binding an IS-IS Process with MIBs Optional Configuring IS-IS Basic Functions Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure the link layer protocol. Configure an IP address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer.
To do… Use the command… Remarks Enter system view –– system-view isis [ process-id ] Enter IS-IS view [ vpn-instance –– vpn-instance-name ] Optional is-level { level-1 | level-1-2 | Specify the IS level level-2 } The default is Level-1-2. Return to system view ––...
Configuring IS-IS Link Cost The IS-IS cost of an interface is determined in the following order: ISIS cost specified in interface view. ISIS cost specified in system view. The cost is applied to the interfaces associated to the IS-IS process. Automatically calculated cost: When the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost= (bandwidth reference value/interface bandwidth) ×10.
Configuring IS-IS Route Summarization This task is to configure a summary route, so routes falling into the network range of the summary route are summarized into one route for advertisement. Doing so can reduce the size of routing tables, as well as the scale of LSP and LSDB.
Page 528
Configuring IS-IS Route Redistribution Redistribution of large numbers of routes on a device may affect the performance of other devices in the network. In that case, you can configure a limit on the number of redistributed routes to limit the number of routes to be advertised.
To do… Use the command… Remarks Required filter-policy { acl-number | ip-prefix Filter routes calculated No filtering is configured ip-prefix-name | route-policy from received LSPs route-policy-name } import by default. Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them into the IS-IS routing table and advertise them in LSPs.
Tuning and Optimizing IS-IS Networks Configuration Prerequisites Before the configuration, accomplish the following tasks: Configure IP addresses for interfaces, and make adjacent nodes reachable to each other at the network layer. Enable IS-IS. Specifying Intervals for Sending IS-IS Hello and CSNP Packets Follow these steps to configure intervals for sending IS-IS hello and CSNP packets: To do…...
On a broadcast link, Level-1 and Level-2 hello packets are advertised separately and therefore you need to set a hello multiplier for each level. On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets, and you need not specify Level-1 or Level-2. Configuring a DIS Priority for an Interface On an IS-IS broadcast network, a router should be elected as the DIS at a routing level.
To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required Enable the interface to send small hello packets without Standard hello packets are sent isis small-hello CLVs by default. Configuring LSP Parameters Configuring LSP timers Specify the maximum age of LSPs Each LSP has an age that decreases in the LSDB.
Page 533
Specify LSP sending intervals If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs. On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP.
Page 534
Enabling LSP flash flooding Since changed LSPs may trigger SPF recalculation, you can enable LSP flash flooding to advertise the changed LSPs before the router recalculates routes. Doing so can speed up network convergence. Follow these steps to enable LSP flash flooding: To do…...
Figure 1-14 Network diagram of a fully meshed network To avoid this, you can configure some interfaces as a mesh group or/and configure the blocked interfaces. After receiving an LSP, a member interface in a mesh group floods it out the interfaces that does not belong to the mesh group.
Follow these steps to configure neighbor relationship authentication: To do… Use the command… Remarks Enter system view –– system-view interface interface-type Enter interface view –– interface-number Required isis authentication-mode { simple | Specify the authentication md5 } password [ level-1 | level-2 ] Not authentication is mode and password [ ip | osi ]...
To do… Use the command… Remarks Required Specify the routing domain domain-authentication-mode No routing domain authentication mode and { simple | md5 } password [ ip | authentication is configured by password osi ] default. Configuring System ID to Host Name Mappings In IS-IS, a system ID identifies a router or host uniquely.
Follow these steps to configure dynamic system ID to host name mapping: To do… Use the command... Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Specify a host name for is-name sys-name the router No specified by default.
Enabling the Logging of Neighbor State Changes Follow these steps to enable the logging of neighbor state changes: To do… Use the command… Remarks Enter system view –– system-view isis [ process-id ] [ vpn-instance Enter IS-IS view –– vpn-instance-name ] Required Enable the logging of neighbor log-peer-change...
Displaying and Maintaining IS-IS To do… Use the command… Remarks Display brief IS-IS configuration display isis brief [ process-id | vpn-instance Available in any information vpn-instance-name ] view Display the status of IS-IS display isis debug-switches { process-id | Available in any debug switches vpn-instance vpn-instance-name } view...
IS-IS Configuration Example IS-IS Basic Configuration Network requirements As shown in Figure 1-15, Switch A, B, C and Switch D reside in an IS-IS AS. Switch A and B are Level-1 switches, Switch D is a Level-2 switch and Switch C is a Level-1-2 switch. Switch A, B and C are in Area 10, while Switch D is in Area 20.
Page 545
Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL ------------------------------------------------------------------------------- 0000.0000.0003.00-00 0x00000013 0xc73d 1003 0/0/0 0000.0000.0004.00-00* 0x0000003c 0xd647 1194 0/0/0 0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches should have a default route with the next hop being the Level-1-2 switch.
ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan200 Direct D/L/- 172.16.0.0/16 NULL Vlan300 192.168.0.2 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchD] display isis route Route information for ISIS(1) -----------------------------...
Page 547
Figure 1-16 Network diagram for DIS selection Configuration procedure Configure an IP address for each interface (omitted) Enable IS-IS # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 548
[SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0003.01 State: Up HoldTime: 21s...
Page 549
Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/Yes By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01 respectively. Configure the DIS priority of Switch A.
Page 550
Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01...
Page 551
IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS Route Redistribution Network requirements As shown in the following figure, Switch A, Switch B, Switch C and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.
[SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Configure route redistribution from RIP to IS-IS on Switch D. [SwitchD-rip-1] quit [SwitchD] isis 1 [SwitchD–isis] import-route rip level-2 # Display IS-IS routing information on Switch C. [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 555
Figure 1-18 Network diagram for IS-IS-based GR configuration GR restarter Switch A Vlan-int100 10.0.0.1/24 Vlan-int100 Vlan-int100 10.0.0.2/24 10.0.0.3/24 Switch B Switch C GR helper GR helper Configuration procedure Configure IP addresses of the interfaces on each switch and configure IS-IS. Follow Figure 1-18 to configure the IP address and subnet mask of each interface.
BGP Configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. When configuring BGP, go to these sections for information you are interested in: BGP Overview BGP Configuration Task List Configuring BGP Basic Functions Controlling Route Generation Controlling Route Distribution and Reception Configuring BGP Route Attributes Tuning and Optimizing BGP Networks...
A router advertising BGP messages is called a BGP speaker. It establishes peer relationships with other BGP speakers to exchange routing information. When a BGP speaker receives a new route or a route better than the current one from another AS, it will advertise the route to all the other BGP peers in the local AS.
Page 563
Figure 1-2 BGP open message format Version: This 1-byte unsigned integer indicates the protocol version number. The current BGP version is 4. My autonomous system: This 2-byte unsigned integer indicates the Autonomous System number of the sender. Hold time: When establishing a peer relationship, two parties negotiate an identical hold time. If no Keepalive or Update is received from a peer within the hold time, the BGP connection is considered down.
NLRI (Network Layer Reachability Information): Each feasible route is represented as <length, prefix>. Notification A Notification message is sent when an error is detected. The BGP connection is closed immediately after sending it. The Notification message format is shown below: Figure 1-4 BGP Notification message format Error code: Type of Notification.
Page 565
Optional non-transitive: If a BGP router does not support this attribute, it will not advertise routes with this attribute. The usage of each BGP path attribute is described in the following table. Table 1-1 Usage of BGP path attributes Name Category ORIGIN Well-known mandatory...
Page 566
Figure 1-6 AS_PATH attribute 8.0.0.0 AS 10 D = 8.0.0.0 D = 8.0.0.0 (10) (10) AS 40 AS 20 D = 8.0.0.0 D = 8.0.0.0 (40,10) (20,10) D = 8.0.0.0 (30,20,10) AS 30 AS 50 In general, a BGP router does not receive routes containing the local AS number to avoid routing loops. The current implementation supports using the peer allow-as-loop command to receive routes containing the local AS number to meet special requirements.
Page 567
Figure 1-7 NEXT_HOP attribute MED (MULTI_EXIT_DISC) The MED attribute is exchanged between two neighboring ASs, each of which does not advertise the attribute to any other AS. Similar with metrics used by IGP, MED is used to determine the best route for traffic going into an AS. When a BGP router obtains multiple routes to the same destination but with different next hops, it considers the route with the smallest MED value the best route if other conditions are the same.
The LOCAL_PREF attribute is exchanged between iBGP peers only, and thus is not advertised to any other AS. It indicates the priority of a BGP router. LOCAL_PREF is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several iBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest LOCAL_PREF value as the best route.
Page 569
Select the route with the smallest next hop cost Select the route with the shortest CLUSTER_LIST Select the route with the smallest ORIGINATOR_ID Select the route advertised by the router with the smallest Router ID Select the route with the lowest IP address CLUSTER_IDs of route reflectors form a CLUSTER_LIST.
Figure 1-10 Network diagram for BGP load balancing In the above figure, Router D and Router E are iBGP peers of Router C. Router A and Router B both advertise a route destined for the same destination to Router C. If load balancing is configured and the two routes have the same AS_PATH attribute, ORIGIN attribute, LOCAL_PREF and MED, Router C installs both the two routes to its route table for load balancing.
Figure 1-11 iBGP and IGP synchronization If synchronization is enabled in this example, only when the route 8.0.0.0/24 received from Router B is available in its IGP routing table, can Router D add the route into its BGP routing table and advertise the route to the eBGP peer.
Page 572
Figure 1-12 BGP route dampening Peer group You can organize BGP peers with the same attributes into a group to simplify configurations on them. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed accordingly.
Page 573
A router that is neither a route reflector nor a client is a non-client, which has to establish BGP sessions to the route reflector and other non-clients, as shown below. Figure 1-13 Network diagram for route reflector The route reflector and clients form a cluster. In some cases, you can configure more than one route reflector in a cluster to improve network reliability and prevent single point failure, as shown in the following figure.
For GR (Graceful Restart) information, refer to GR Overview in the High Availability Volume. The 4800G series switches are centralized devices that support IRF. They can act as a GR Helper before forming an IRF; they can form a distributed chassis switch in a logical sense and act as a GR Restarter after forming an IRF.
Page 575
session. If neither party has the GR capability, the session established between them will not be GR capable. When an active/standby switchover occurs on a distributed device that acts as the GR Restarter, sessions on it will go down. Then, GR capable peers will mark all routes associated with the GR Restarter as stale.
For information about the VPN extension application, refer to MCE Configuration in the IP Routing Volume. For information about the IPv6 extension application, refer to IPv6 BGP Configuration in the IP Routing Volume. This chapter gives no detailed commands related to any specific extension application in MP-BGP address family view.
Task Remarks Configuring BGP Route Dampening Configuring a Shortcut Route Specifying a Preferred Value for Routes Optional Received Configuring Preferences for BGP Routes Optional Configuring BGP Route Configure the Default Local Preference Optional Attributes Configuring the MED Attribute Optional Configuring the Next Hop Attribute Optional Configuring the AS-PATH Attribute Optional...
Creating a BGP Connection A router ID is the unique identifier of a BGP router in an AS. To ensure the uniqueness of a router ID and enhance network reliability, you can specify in BGP view the IP address of a local loopback interface as the router ID. If no router ID is specified in BGP view, the global router ID is used.
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Required Specify the source peer { group-name | By default, BGP uses the outbound interface for ip-address } interface of the best route to the BGP establishing TCP connect-interface peer/peer group as the source interface for...
There are to ways to generate BGP routes: Configure BGP to advertise local networks Configure BGP to redistribute routes from other routing protocols, including the default route Prerequisites BGP connections have been created. Injecting a Local Network In BGP view, you can inject a local network to allow BGP to advertise it to BGP peers. The origin attribute of routes advertised in this way is IGP.
To do… Use the command… Remarks import-route protocol [ process-id | all-processes ] Required Enable route redistribution from [ med med-value | a routing protocol into BGP Not redistributed by default route-policy route-policy-name ] * Optional Enable default route default-route imported redistribution into BGP Not enabled by default Controlling Route Distribution and Reception...
Advertising a Default Route to a Peer or Peer Group After this task is configured, the BGP router sends a default route with the next hop being itself to the specified peer/peer group, regardless of whether the default route is available in the routing table. Follow these steps to advertise a default route to a peer or peer group: To do…...
Page 583
To do… Use the command… Remarks filter-policy { acl-number | Required to choose any; ip-prefix ip-prefix-name } Configure the filtering of Not configured by default. export [ direct | isis process-id redistributed routes You can configure a filtering | ospf process-id | rip policy as needed;...
Enabling BGP and IGP Route Synchronization By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. With BGP and IGP synchronization enabled, the BGP router cannot advertise the iBGP route to eBGP peers unless the route is also available in the IGP routing table. Follow these steps to enable BGP and IGP synchronization: To do…...
To do… Use the command… Remarks Required dampening [ half-life-reachable Configure BGP route Not configured by half-life-unreachable reuse suppress dampening ceiling | route-policy route-policy-name ] * default. Configuring a Shortcut Route An eBGP route received has a priority of 255, lower than a local route. This task allows you configure an eBGP route as a shortcut route that has the same priority as a local route and thus has greater likehood to become the optimal route.
Follow these steps to configure preferences for BGP routes: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number preference Optional Configure preferences { external-preference The default preferences of external, for external, internal, internal-preference internal, and local BGP routes are 255, local BGP routes...
Page 587
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Required Enable the comparison of MED of compare-different-as-med routes from different ASs Not enabled by default Enable the comparison of MED of routes from each AS Route learning sequence may affect optimal route selection.
Page 588
Note that, in this case, BGP load balancing cannot be implemented because load balanced routes must have the same AS-path attribute. Follow these steps to enable the comparison of MED of routes from each AS: To do… Use the command… Remarks Enter system view —...
Page 589
Figure 1-17 Next hop attribute configuration If a BGP router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an eBGP peer by default. As shown below, Router A and Router B establish an eBGP neighbor relationship, and Router B and Router C establish an iBGP neighbor relationship.
Page 590
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Optional Permit local AS number to appear in peer { group-name | routes from a peer/peer group and ip-address } allow-as-loop By default, the local AS specify the appearance times [ number ] number is not allowed.
Figure 1-19 AS number substitution configuration AS 100 PE 1 PE 2 MPLS backbone EBGP_Update:10.1.1.1/32 EBGP_Update:10.1.1.1/32 VPNv4_Update:10.1.0.0/16 AS_PATH:100,100 AS_PATH:800 RD:10.1.1.1/32 AS_PATH:800 CE 1 CE 2 AS 800 AS 800 As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, when PE 2 receives a BGP update sent from CE 1, it replaces AS number 800 as its own AS number 100.
Configuring BGP Keepalive Interval and Holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the connection. If two parties have the same timer assigned with different values, the smaller one is used by the two parties.
The current BGP implementation supports the route-refresh capability, with which, a router can dynamically refresh its BGP routing table when the route selection policy is modified, without tearing down BGP connections. If a BGP peer does not support route-refresh, you need to save updates from the peer on the local router.
With quick eBGP connection reestablishment enabled, the router, when the link to a directly connected eBGP peer is down, will reestablish a session to the eBGP peer immediately. Follow these steps to enable quick eBGP session reestablishment: To do… Use the command… Remarks Enter system view —...
Forbiding Session Establishment with a Peer or Peer Group Follow these steps to forbid session establishment with a peer or peer group: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Optional Forbid session establishment with a peer { group-name | peer or peer group...
Page 596
Configure an eBGP peer group If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group; if not, it is a mixed eBGP peer group. There are three approaches for configuring an eBGP peer group: Create the eBGP peer group, specify its AS number, and add peers into it.
Peers added in the group can have different AS numbers. Follow these steps to configure an eBGP peer group using the third approach: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Create an eBGP peer group Required group group-name external...
To do… Use the command… Remarks peer/peer group by default. Advertise the extended community peer { group-name | ip-address } attribute to a peer/peer advertise-ext-community group Required peer { group-name | ip-address } Apply a routing policy to routes advertised Not configured route-policy route-policy-name to a peer/peer group...
A confederation contains sub ASs. In each sub AS, iBGP peers are fully meshed. Between sub ASs, eBGP connections are established. If routers not compliant with RFC 3065 exist in the confederation, you can use the confederation nonstandard command to make the local router compatible with these routers. Configure a BGP confederation After you split an AS into multiple sub ASs, you can configure a router in a sub AS in the following way: Enable BGP and specify the AS number of the router.
Follow these steps to configure BGP GR: To do… Use the command… Remarks Enter system view — system-view Enable BGP, and enter its view — bgp as-number Required Enable GR Capability for BGP graceful-restart Disabled by default Configure the maximum time Optional graceful-restart timer allowed for the peer to...
Page 601
To do… Use the command… Remarks peer state Optional for a peer or peer { group-name | ip-address } changes peer group Enabled by default log-change 1-41...
Displaying and Maintaining BGP Displaying BGP To do… Use the command… Remarks Display peer group information display bgp group [ group-name ] Display advertised BGP routing display bgp network information Display AS path information display bgp paths [ as-regular-expression ] Display BGP peer/peer group display bgp peer [ ip-address { log-info | information...
Resetting BGP Connections To do… Use the command… Remarks Reset all BGP connections reset bgp all Reset the BGP connections to an AS reset bgp as-number Reset the BGP connection to a peer reset bgp ip-address [ flap-info ] Reset all eBGP connections Available in user reset bgp external view...
Page 605
200.1.1.2 4 65008 1 00:44:03 Established You can find Switch B has established BGP connections to other switches. # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 1.1.1.1 Status codes: * - valid, >...
Page 606
# Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] import-route direct # Display BGP routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 7 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=16 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=31 ms --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 16/31/47 ms BGP and IGP Synchronization Configuration Network requirements As shown below, OSPF is used as the IGP protocol in AS65009, where Switch C is a non-BGP switch.
Page 608
[SwitchB-bgp] import-route ospf 1 [SwitchB-bgp] quit # Display routing table information on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
[SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 612
<SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 30 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.3.1 as-number 20 [SwitchC-bgp] quit # Display the BGP routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20...
BGP Local router ID is 200.1.2.2 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, external-confed, best, Not advertised to any peers yet # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, >...
Page 619
Figure 1-26 Network diagram for BGP path selection configuration Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24 Vlan-int300 194.1.1.1/24 Vlan-int200 193.1.1.1/24 Switch C Vlan-int400 195.1.1.2/24 Switch B Vlan-int100 192.1.1.2/24 Vlan-int200 193.1.1.2/24 Vlan-int300 194.1.1.2/24...
Page 621
[SwitchA-bgp] quit # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Troubleshooting BGP No BGP Peer Relationship Established Symptom Display BGP peer information using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers need to establish a TCP session using port 179 and exchange open messages successfully.
Page 623
Table of Contents 1 IPv6 Static Routing Configuration ···········································································································1-1 Introduction to IPv6 Static Routing··········································································································1-1 Features of IPv6 Static Routes········································································································1-1 Default IPv6 Route ··························································································································1-1 Configuring an IPv6 Static Route············································································································1-1 Configuration prerequisites ·············································································································1-2 Configuring an IPv6 Static Route ····································································································1-2 Displaying and Maintaining IPv6 Static Routes ······················································································1-2 IPv6 Static Routing Configuration Example ····························································································1-2...
IPv6 Static Routing Configuration When configuring IPv6 Static Routing, go to these sections for information you are interested in: Introduction to IPv6 Static Routing Configuring an IPv6 Static Route Displaying and Maintaining IPv6 Static Routes IPv6 Static Routing Configuration Example The term “router”...
Configuration prerequisites Configuring parameters for the related interfaces Configuring link layer attributes for the related interfaces Enabling IPv6 packet forwarding Ensuring that the neighboring nodes are IPv6 reachable Configuring an IPv6 Static Route Follow these steps to configure an IPv6 static route: To do…...
Page 626
Figure 1-1 Network diagram for static routes Configuration procedure Configure the IPv6 addresses of all VLAN interfaces (Omitted) Configure IPv6 static routes. # Configure the default IPv6 static route on SwitchA. <SwitchA> system-view [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on SwitchB. <SwitchB>...
Page 627
Destination : 1:: /64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan-interface100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command.
Page 628
Table of Contents 1 RIPng Configuration··································································································································1-1 Introduction to RIPng ······························································································································1-1 RIPng Working Mechanism ·············································································································1-1 RIPng Packet Format ······················································································································1-2 RIPng Packet Processing Procedure ······························································································1-3 Protocols and Standards ·················································································································1-3 Configuring RIPng Basic Functions ········································································································1-3 Configuration Prerequisites ·············································································································1-3 Configuration Procedure··················································································································1-4 Configuring RIPng Route Control ···········································································································1-4 Configuring an Additional Routing Metric ························································································1-4 Configuring RIPng Route Summarization ·······················································································1-5 Advertising a Default Route·············································································································1-5...
RIPng Configuration When configuring RIPng, go to these sections for information you are interested in: Introduction to RIPng Configuring RIPng Basic Functions Configuring RIPng Route Control Tuning and Optimizing the RIPng Network Displaying and Maintaining RIPng RIPng Configuration Example The term “router” in this document refers to a router in a generic sense or a Layer 3 switch. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4.
Each RIPng router maintains a routing database, including route entries of all reachable destinations. A route entry contains the following information: Destination address: IPv6 address of a host or a network. Next hop address: IPv6 address of a neighbor along the path to the destination. Egress interface: Outbound interface that forwards IPv6 packets.
Figure 1-3 IPv6 prefix RTE format IPv6 prefix (16 octets) Route tag Prefix length Metric IPv6 prefix: Destination IPv6 address prefix. Route tag: Route tag. Prefix len: Length of the IPv6 address prefix. Metric: Cost of a route. RIPng Packet Processing Procedure Request packet When a RIPng router first starts or needs to update some entries in its routing table, generally a multicast request packet is sent to ask for needed routes from neighbors.
Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration Procedure Follow these steps to configure the basic RIPng functions: To do… Use the command… Remarks Enter system view –– system-view Required Create a RIPng process and ripng [ process-id ] enter RIPng view...
The inbound additional metric is added to the metric of a received route before the route is added into the routing table, so the route’s metric is changed. Follow these steps to configure an inbound/outbound additional routing metric: To do… Use the command…...
Configuring a RIPng Route Filtering Policy You can reference a configured IPv6 ACL or prefix list to filter received/advertised routing information as needed. For filtering outbound routes, you can also specify a routing protocol from which to filter routing information redistributed. Follow these steps to configure a RIPng route filtering policy: To do…...
Tuning and Optimizing the RIPng Network This section describes how to tune and optimize the performance of the RIPng network as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface Configure the basic RIPng functions This section covers the following topics: Configuring RIPng Timers...
Configuring Split Horizon and Poison Reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect. Configure split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors.
Follow these steps to configure RIPng zero field check: To do… Use the command… Remarks Enter system view –– system-view Enter RIPng view ripng [ process-id ] –– Optional Enable the zero field check checkzero Enabled by default Configuring the Maximum Number of Equal Cost Routes for Load Balancing Follow these steps to configure the maximum number of equal cost RIPng routes for load balancing: To do…...
Page 639
[SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 6 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 3::/64,...
Page 640
via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [SwitchA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect...
Page 641
Table of Contents 1 OSPFv3 Configuration ······························································································································1-1 Introduction to OSPFv3···························································································································1-1 OSPFv3 Overview ···························································································································1-1 OSPFv3 Packets ·····························································································································1-1 OSPFv3 LSA Types ························································································································1-2 Timers of OSPFv3 ···························································································································1-2 OSPFv3 Features Supported ··········································································································1-3 Protocols and Standards ·················································································································1-3 IPv6 OSPFv3 Configuration Task List ····································································································1-4 Enabling OSPFv3····································································································································1-4 Prerequisites····································································································································1-4 Enabling OSPFv3 ····························································································································1-4 Configuring OSPFv3 Area Parameters···································································································1-5...
Page 642
Troubleshooting OSPFv3 Configuration························································································1-24 No OSPFv3 Neighbor Relationship Established ···········································································1-24 Incorrect Routing Information ········································································································1-24...
OSPFv3 Configuration When configuring OSPF, go to these sections for information you are interested in: Introduction to OSPFv3 IPv6 OSPFv3 Configuration Task List Enabling OSPFv3 Configuring OSPFv3 Area Parameters Configuring OSPFv3 Network Types Configuring OSPFv3 Routing Information Control Tuning and Optimizing OSPFv3 Networks Displaying and Maintaining OSPFv3 OSPFv3 Configuration Examples Introduction to OSPFv3...
Figure 1-1 OSPFv3 packet header Major fields: Version #: Version of OSPF, which is 3 for OSPFv3. Type: Type of OSPF packet; Types 1 to 5 are hello, DD, LSR, LSU, and LSAck respectively. Packet Length: Packet length in bytes, including header. Instance ID: Instance ID for a link.
SPF timer GR timer OSPFv3 packet timer Hello packets are sent periodically between neighboring routers for finding and maintaining neighbor relationships, or for DR/BDR election. The hello interval must be identical on neighboring interfaces. The smaller the hello interval, the faster the network convergence speed and the bigger the network load.
IPv6 OSPFv3 Configuration Task List Complete the following tasks to configure OSPFv3: Task Remarks Enabling OSPFv3 Required Configuring an OSPFv3 Stub Area Optional Configuring OSPFv3 Area Parameters Configuring an OSPFv3 Virtual Link Optional Configuring the OSPFv3 Network Type for an Optional Configuring OSPFv3 Interface...
To do… Use the command… Remarks Enter system view system-view — Required Enable an OSPFv3 process ospfv3 [ process-id ] By default, no OSPFv3 process and enter its view is enabled. Specify a router ID Required router-id router-id interface interface-type Enter interface view —...
You cannot remove an OSPFv3 area directly. Only when you remove all configurations in area view and all interfaces attached to the area become down, can the area be removed. All the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only available on the ABR of the stub area.
Prerequisites Before configuring OSPFv3 network types, you have configured: IPv6 functions OSPFv3 basic functions Configuring the OSPFv3 Network Type for an Interface Follow these steps to configure the OSPFv3 network type for an interface: To do… Use the command… Remarks Enter system view —...
Follow these steps to configure route summarization: To do… Use the command… Remarks Enter system view — system-view Enter OSPFv3 view ospfv3 [ process-id ] — Enter OSPFv3 area view — area area-id Required abr-summary ipv6-address Configure a summary route prefix-length [ not-advertise ] Not configured by default The abr-summary command takes effect on ABRs only.
Follow these steps to configure an OSPFv3 cost for an interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional By default, OSPFv3 computes an interface’s Configure an cost according to its bandwidth. ospfv3 cost value OSPFv3 cost for the [ instance instance-id ]...
To do… Use the command… Remarks Optional preference [ ase ] Configure a priority for [ route-policy By default, the priority of OSPFv3 OSPFv3 route-policy-name ] internal routes is 10, and priority of OSPFv3 external routes is 150. preference Configuring OSPFv3 Route Redistribution Follow these steps to configure OSPFv3 route redistribution: To do…...
Packet timer: Specified to adjust topology convergence speed and network load LSA delay timer: Specified especially for low-speed links SPF timer: Specified to protect networks from being over-loaded due to frequent network changes. For a broadcast network, you can configure DR priorities for interfaces to affect DR/BDR election. By disabling an interface from sending OSPFv3 packets, you can make other routers on the network obtain no information from the interface.
The dead interval set on neighboring interfaces cannot be too short. Otherwise, a neighbor is easily considered down. The LSA retransmission interval cannot be too short; otherwise, unnecessary retransmissions occur. Configuring a DR Priority for an Interface Follow these steps to configure a DR priority for an interface: To do…...
The 4800G series switches are centralized devices that support IRF. They can act as a GR Helper before forming an IRF; they can form a distributed chassis switch in a logical sense and act as a GR Restarter after forming an IRF.
Keep the GR Restarter forwarding entries stable during reboot. Establish all adjacencieis and obtain complete topology information after reboot. After reboot, the GR Restarter sends a Grace-LSA to tell its neighbors that it performs a GR. Upon receiving the Grace-LSA, the neighbors with the GR Helper capability enter the helper mode (and are thus called GR Helpers).
OSPFv3 Configuration Examples Configuring OSPFv3 Areas Network requirements In the following figure, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas. It is required to configure Area 2 as a stub area to reduce LSAs in the area without affecting route reachability.
Page 660
4.4.4.4 Full/DR 00:00:38 Vlan400 # Display OSPFv3 routing table information on Switch D. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Seleted route OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: 2001::/64...
*Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area # Configure Area 2 as a totally stub area on Switch C.
Page 662
Figure 1-3 Network diagram for OSPFv3 DR election configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted) Configure OSPFv3 basic functions # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 663
<SwitchD> system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. You can find the switches have the same default DR priority 1.
2.2.2.2 2-Way/DROther 00:00:38 Vlan200 3.3.3.3 Full/Backup 00:00:32 Vlan100 4.4.4.4 Full/DR 00:00:36 Vlan200 # Display neighbor information on Switch D. You can find Switch D is still the DR. [SwitchD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface...
Page 665
Figure 1-4 Network diagram for OSPFv3 GR configuration Configuration procedure Configure IPv6 addresses for interfaces (omitted). Configure OSPFv3 basic functions # On Switch A, enable OSPFv3 process 1, enable GR and set the router ID to 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] graceful-restart enable...
# After all switches function properly, perform a master/backup switchover on Switch A to trigger a OSPFv3 GR operation. Troubleshooting OSPFv3 Configuration No OSPFv3 Neighbor Relationship Established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower protocol work well, check OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask and network type.
Page 667
Table of Contents 1 IPv6 IS-IS Configuration····························································································································1-1 Introduction to IPv6 IS-IS ························································································································1-1 Configuring IPv6 IS-IS Basic Functions ··································································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-2 Configuring IPv6 IS-IS Routing Information Control ···············································································1-2 Configuration Prerequisites ·············································································································1-2 Configuration Procedure··················································································································1-3 Displaying and Maintaining IPv6 IS-IS····································································································1-4 IPv6 IS-IS Configuration Example ··········································································································1-5...
IPv6 IS-IS Configuration IPv6 IS-IS supports all the features of IPv4 IS-IS except that it advertises IPv6 routing information instead. This document describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, refer to IS-IS Configuration in the IP Routing Volume. When configuring IPv6 IS-IS, go to these sections for information you are interested in: Introduction to IPv6 IS-IS Configuring IPv6 IS-IS Basic Functions...
Configuring IPv6 IS-IS Basic Functions You can implement IPv6 inter-networking through configuring IPv6 IS-IS in IPv6 network environment. Configuration Prerequisites Before the configuration, accomplish the following tasks first: Enable IPv6 globally Configure IP addresses for interfaces, and make sure all neighboring nodes are reachable. Enable IS-IS Configuration Procedure Follow these steps to configure the basic functions of IPv6 IS-IS:...
Configuration Procedure Follow these steps to configure IPv6 IS-IS routing information control: To do… Use command to… Remarks Enter system view –– system-view Enter IS-IS view isis [ process-id ] –– Optional Define the priority for IPv6 ipv6 preference { route-policy IS-IS routes route-policy-name | preference } * 15 by default...
The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement.
To do… Use the command… Remarks Clear the IS-IS data information reset isis peer system-id [ process-id | Available in user view of a neighbor vpn vpn-instance-name ] IPv6 IS-IS Configuration Example Network requirements As shown in Figure 1-1, Switch A, Switch B, Switch C and Switch D reside in the same autonomous system, and all are enabled with IPv6.
Page 674
Table of Contents 1 IPv6 BGP Configuration····························································································································1-1 IPv6 BGP Overview ································································································································1-1 Configuration Task List ···························································································································1-2 Configuring IPv6 BGP Basic Functions ··································································································1-3 Prerequisites····································································································································1-3 Specifying an IPv6 BGP Peer ·········································································································1-3 Injecting a Local IPv6 Route············································································································1-3 Configuring a Preferred Value for Routes from a Peer/Peer Group ···············································1-3 Specifying the Source Interface for Establishing TCP Connections ···············································1-4 Allowing the establishment of a Non-Direct eBGP connection ·······················································1-5 Configuring a Description for an IPv6 Peer/Peer Group ·································································1-5...
Page 675
IPv6 BGP Route Reflector Configuration ······················································································1-22 Troubleshooting IPv6 BGP Configuration ·····························································································1-24 No IPv6 BGP Peer Relationship Established ················································································1-24...
IPv6 BGP Configuration This chapter describes only configuration for IPv6 BGP. For BGP related information, refer to BGP Configuration in the IP Routing Volume. When configuring IPv6 BGP, go to these sections for information you are interested in: IPv6 BGP Overview Configuration Task List Configuring IPv6 BGP Basic Functions Controlling Route Distribution and Reception...
Configuration Task List Complete the following tasks to configure IPv6 BGP: Task Remarks Specifying an IPv6 BGP Peer Required Injecting a Local IPv6 Route Optional Configuring a Preferred Value for Routes from Optional a Peer/Peer Group Specifying the Source Interface for Optional Establishing TCP Connections Configuring IPv6 BGP...
Configuring IPv6 BGP Basic Functions Prerequisites Before configuring this task, you need to: Specify IP addresses for interfaces. Enable IPv6. You need create a peer group before configuring basic functions for it. For related information, refer to Configuring IPv6 BGP Peer Group.
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family Optional Configure a preferred value for peer { ipv6-group-name | routes received from an IPv6 ipv6-address } preferred-value By default, the preferred value peer/peer group is 0.
To improve stability and reliability, you can specify a loopback interface as the source interface for establishing TCP connections to a BGP peer. By doing so, a connection failure upon redundancy availability will not affect TCP connection establishment. To establish multiple BGP connections to a BGP router, you need to specify on the local router the respective source interfaces for establishing TCP connections to the peers on the peering BGP router;...
The peer group to be configured with a description must have been created. Disabling Session Establishment to an IPv6 Peer/Peer Group Follow these steps to disable session establishment to a peer/peer group: To do… Use the command… Remarks Enter system view —...
Enable IPv6 Configure the IPv6 BGP basic functions Configuring IPv6 BGP Route Redistribution Follow these steps to configure IPv6 BGP route redistribution: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view —...
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family Required peer { ipv6-group-name | ipv6-address } Advertise a default route to an default-route-advertise [ route-policy Not advertised by IPv6 peer/peer group route-policy-name ]...
IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command. Configuring Inbound Route Filtering Follow these steps to configure inbound route filtering: To do…...
By default, when a BGP router receives an iBGP route, it only checks the reachability of the route’s next hop before advertisement. If the synchronization feature is configured, only the iBGP route is advertised by IGP can the route be advertised to eBGP peers. Follow these steps to configure IPv6 BGP and IGP route synchronization: To do…...
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family preference Optional { external-preference Configure preference values for The default preference values of internal-preference IPv6 BGP external, internal, local-preference | external, internal and local routes are local routes...
To do… Use the command… Remarks Enable the comparison of MED Optional for routes from confederation bestroute med-confederation Disabled by default peers Configuring the AS_PATH Attribute Follow these steps to configure the AS_PATH attribute: To do… Use the command… Remarks Enter system view —...
route-refresh feature that enables dynamic IPv6 BGP routing table refresh without needing to disconnect IPv6 BGP links. With this feature enabled on all IPv6 BGP routers in a network, when a routing policy modified on a router, the router advertises a route-refresh message to its peers, which then send their routing information back to the router.
Configuring IPv6 BGP Soft Reset Enable route refresh Follow these steps to enable route refresh: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address — ipv6-family family view Optional peer { ipv6-group-name | ipv6-address } Enable route refresh Enabled by default.
To do… Use the command… Remarks Required Configure the maximum By default, no load balancing is balance number number of load balanced routes enabled. Configuring a Large Scale IPv6 BGP Network In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too many peers.
Page 691
Creating a pure eBGP peer group Follow these steps to configure a pure eBGP group: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view — ipv6-family group ipv6-group-name Create an eBGP peer group Required external...
Configuring IPv6 BGP Community Advertise community attribute to an IPv6 peer/peer group Follow these steps to advertise community attribute to an IPv6 peer/peer group: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv6 address family view —...
Page 693
To do… Use the command… Remarks Configure the router as a route Required peer { ipv6-group-name | reflector and specify an IPv6 ipv6-address } reflect-client Not configured by default. peer/peer group as a client Optional Enable route reflection reflect between-clients between clients Enabled by default.
Displaying and Maintaining IPv6 BGP Displaying BGP To do… Use the command… Remarks Display IPv6 BGP peer group display bgp ipv6 group [ ipv6-group-name ] information Display IPv6 BGP advertised display bgp ipv6 network routing information Display IPv6 BGP AS path display bgp ipv6 paths information [ as-regular-expression ]...
[SwitchD-bgp] ipv6-family [SwitchD-bgp-af-ipv6] peer 102::1 as-number 200 Configure route reflector # Configure Switch C as a route reflector, Switch B and Switch D as its clients. [SwitchC-bgp-af-ipv6] peer 101::2 reflect-client [SwitchC-bgp-af-ipv6] peer 102::2 reflect-client Use the display bgp ipv6 routing-table command on Switch B and Switch D respectively, you can find both of them have learned the network 1::/64.
Page 700
Table of Contents 1 Route Policy Configuration ······················································································································1-1 Introduction to Route Policy ····················································································································1-1 Route Policy ····································································································································1-1 Filters ···············································································································································1-1 Route Policy Application··················································································································1-2 Route Policy Configuration Task List ······································································································1-2 Defining Filters ········································································································································1-3 Prerequisites····································································································································1-3 Defining an IP-prefix List ·················································································································1-3 Defining an AS Path List··················································································································1-4 Defining a Community List ··············································································································1-4 Defining an Extended Community List ····························································································1-5 Configuring a Route Policy ·····················································································································1-5...
Route Policy Configuration A route policy is used on a router for route filtering and attributes modification when routes are received, advertised, or redistributed. When configuring route policy, go to these sections for information you are interested in: Introduction to Route Policy Route Policy Configuration Task List Defining Filters Configuring a Route Policy...
An IP prefix list is configured to match the destination address of routing information. Moreover, you can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, refer to RIP Commands and OSPF Commands in the IP Routing Volume. An IP prefix list, identified by name, can comprise multiple items.
Task Creating a Route Policy Configuring a Route Policy Defining if-match Clauses Defining apply Clauses Defining Filters Prerequisites Before configuring this task, you need to decide on: IP-prefix list name Matching address range Extcommunity list sequence number Defining an IP-prefix List Define an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items.
Define an IPv6 prefix list Identified by name, each IPv6 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number. An item with a smaller index number is matched first. If one item is matched, the IPv6 prefix list is passed, and the routing information will not go to the next item.
Follow these steps to define a community list: To do… Use the command… Remarks Enter system view — system-view ip community-list basic-comm-list-num Define a basic { deny | permit } [ community-number-list ] Required to community list [ internet | no-advertise | no-export | Define a define either;...
Creating a Route Policy Follow these steps to create a route policy: To do… Use the command… Remarks Enter system view — system-view Create a route policy, specify a route-policy route-policy-name { permit | node for it and enter route Required deny } node node-number policy node view...
To do… Use the command… Remarks if-match ipv6 { address | Optional Match IPv6 routing information whose next-hop | route-source } { acl next hop or source is specified in the ACL Not configured by acl-number | prefix-list or IP prefix list default.
Page 708
To do… Use the command… Remarks Enter system view — system-view route-policy route-policy-name Required Enter route policy node view { permit | deny } node Not created by default. node-number Optional Set the AS-PATH attribute for apply as-path BGP routing information as-number&<1-10>...
To do… Use the command… Remarks Optional Set a preferred value for BGP apply preferred-value routing information Not set by default. preferred-value Optional Set a tag value for RIP, OSPF or apply tag value IS-IS routing information Not set by default. The difference between IPv4 and IPv6 apply clauses is the command for setting the next hop for routing information.
*> 9.9.9.0/24 1.1.3.1 300 200i The display above shows that Switch D has learned routes 4.4.4.0/24, 5.5.5.0/24, and 6.6.6.0/24 from AS 100 and 7.7.7.0/24, 8.8.8.0/24, and 9.9.9.0/24 from AS 200. Configure Switch D to reject routes from AS 200. # Configure AS_PATH list 1 on Switch D. [SwitchD] ip as-path 1 permit .*200.* # Configure a route policy named rt1 on Switch D.
IPv6 Routing Information Filtering Failure Symptom Filtering routing information failed, while the routing protocol runs normally. Analysis At least one item of the IPv6 prefix list should be configured as permit mode, and at least one node of the Route policy should be configured as permit mode. Solution Use the display ip ipv6-prefix command to display IP prefix list information.
Page 718
Table of Contents 1 MCE Overview············································································································································1-1 MCE Overview ········································································································································1-1 Introduction to BGP/MPLS VPN······································································································1-1 BGP/MPLS VPN Concepts ·············································································································1-2 Introduction to MCE·························································································································1-4 How MCE Works ·····························································································································1-5 Routing Information Exchange for MCE ·································································································1-5 Route Exchange between a CE and the Private Network·······························································1-5 Route Exchange between CE and PE ····························································································1-7 2 MCE Configuration ····································································································································2-1 Configuring a VPN Instance····················································································································2-1 VPN Instance Configuration Task List·····························································································2-1...
MCE Overview The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running routing protocols. MCE Overview Multi-CE (MCE) enables a switch to function as the CEs of multiple VPN instances in a BGP/MPLS VPN network, thus reducing the investment on network equipment.
When VPN traffic travels over the MPLS backbone, the ingress PE functions as the ingress LSR, the egress PE functions as the egress LSR, while P routers function as the transit LSRs. You can use Switch 4800G series as the CEs in a BGP/MPLS VPN implementation. BGP/MPLS VPN Concepts...
Page 721
Address space overlapping Each VPN independently manages the addresses that it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses in network segment 10.110.10.0/24, address space overlapping occurs.
You are recommended to configure a distinct RD for each VPN instance on a PE, guaranteeing that routes to the same CE use the same RD. The VPN-IPv4 address with an RD of 0 is in fact a globally unique IPv4 address. By prefixing a distinct RD to a specific IPv4 address prefix, you make it a globally unique VPN IPv4 address prefix.
An Switch 4800G with MCE enabled can solve this problem. By binding the VLAN interfaces to the VPNs in a network on an Switch 4800G of this kind, you can create and maintain a routing table for each of the VPNs. In this way, packets of different VPNs in the private network can be isolated. Moreover,...
Page 724
MCE. MCE allows static-route-to-VPN-instance binding, which isolates the static routes of different VPNs. An Switch 4800G can bind RIP processes to VPN instances. With the same binding configured on CE and site, private network routes of different VPNs can be exchanged between CEs and sites through different RIP processes, thus isolating and securing VPN routes.
Normally, when an OSPF route is imported to the BGP routing table as a BGP route on a PE, some attributes of the OSPF route get lost. When the BGP route is imported to the OSPF routing table on the remote CE, not all the attributes of the original OSPF routes can be restored.
Page 726
OSPF IS-IS EBGP For information on how to configure the routing protocols and how to import routes, refer to the IPv4 Routing module of this manual.
MCE Configuration For detailed information on the routing protocol configuration mentioned in this chapter, see the IP Routing Volume of this manual. Configuring a VPN Instance VPN Instance Configuration Task List Complete the following tasks to configure a VPN instance: Task Remarks Creating a VPN Instance...
To do… Use the command… Remarks Optional Set the description information for the VPN By default, a VPN instance has no description text instance description configured. The RD configured for a VPN instance on the MCE device must be same as that configured for the VPN instance on the PE device.
To do… Use the command… Remarks Enter system view — system-view ip vpn-instance Enter VPN instance view — vpn-instance-name Required Associate the current VPN vpn-target vpn-target&<1-8> By default, a VPN instance has instance with one or multiple [ both | export-extcommunity no VPN target associated with VPN targets | import-extcommunity ]...
To do… Use the command… Remarks Enter system view — system-view Required ip route-static vpn-instance This operation is s-vpn-instance-name&<1-5> dest-address { mask | mask-length } { gateway-address performed on the MCE Define a static route for [ public ] | interface-type interface-number device.
To do… Use the command… Remarks Enter system view — system-view Required Enable OSPF for a ospf [ process-id | This operation is performed on the MCE VPN instance (this router-id router-id | device. As for the corresponding operation also leads vpn-instance configuration on the site, you can just you to OSPF view)
To do… Use the command… Remarks Enter system view — system-view Required Enable IS-IS for a isis [ process-id ] This operation is performed on the MCE device. VPN instance and vpn-instance As for the corresponding configuration on the enter IS-IS view vpn-instance-name site, you can just enable IS-IS as usual.
Page 733
MCE device. Configuration on the site The site configuration procedures vary with device model. The following takes an Switch 4800G as an example. As for switches from other vendors, refer to the corresponding user manuals.
In a VPN instance with BGP enabled, the BGP route exchange is processed in the same way as those in a normal BGP-enabled network. Configuring Route Exchange between a MCE and a PE Configuring Route Exchange between a MCE and a PE Complete the following tasks to configure route exchange between a MCE and a PE: Task Remarks...
A static route configured for a VPN instance does not take effect if you configure the next hop address of the route as the IP address of a local interface (such as Ethernet interface, VLAN interface). If the default static route preference is not configured, the preference of a newly defined static route adopts the system default preference value, which is 60.
To do… Use the command… Remarks Required import-route protocol [ process-id | Enable OSPF to import allow-ibgp ] [ cost cost | type type | By default, OSPF does not routes of other protocols tag tag | route-policy import the routes of other route-policy-name ] * protocols.
Configure to Use EBGP between a MCE and a PE To use EBGP to exchange routing information between a MCE and a PE, you need to configure the peer end as a peer in the BGP-VPNs on both ends, import VPN routes in the site to the MCE, and then advertise these routes to the PE.
Page 738
To do… Use the command… Remarks display bgp vpnv4 vpn-instance Display information about vpn-instance-name peer [ group-name Available in any view BGP VPNv4 peers log-info | ip-address { log-info | verbose } | verbose ] display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community...
MCE Configuration Example MCE Configuration Example (A) Network requirements An MCE device connects to VPN1 (with the address range being 192.168.0.0/16) through VLAN-interface 10 (with the IP address being 10.214.10.3) and connects to VPN2 (with the address range being 192.168.10.0/24) through VLAN-interface 20 (with the IP address being 10.214.20.3).
Page 740
MCE is directly connected to VPN1, which has no routing protocol enabled. You can configure to use static routes between MCE and a site. Configuration on VR1: Assume VR1 is an Switch 4800G, configure IP address 10.214.10.2/24 for the interface connecting to MCE and IP address 192.168.0.1/24 for the interface connecting to VPN1. The operation of adding a port to a VLAN and configuring IP address for a VLAN-interface is omitted here.
Page 741
# Define a static route on MCE, specify the next hop address 10.214.10.2 for packets destined for the network segment 192.168.0.0, and bind this route to VPN1. [MCE-Vlan-interface10] quit [MCE] ip route-static vpn-instance vpn1 192.168.0.0 16 10.214.10.2 # Display the information about the routes of VPN1 maintained on MCE. [MCE] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5...
Page 742
192.168.10.0/24 10.214.20.2 Vlan20 As shown in the displayed information above, MCE has obtained the routes of VPN2 through RIP, and maintains these routes in a routing table different from the routing table for routing information of VPN1 to the network segment 192.168.0.0, thus isolating the routes of VPN1 from the routes of VPN2. Configure the routing protocol running between the MCE and a PE # MCE uses GigabitEthernet 1/0/3 to connect to GigabitEthernet 1/0/18 of PE.
Network requirements An Switch 4800G functions as MCE. It is required that VPN routes of site 1 and site 2 be advertised to the PE for the purpose that VPNs at both ends of the MPLS backbone network can communicate with each other properly.
Page 745
# Create VLAN 3, add GigabitEthernet 1/0/20 to VLAN 3, create VLAN-interface 3, bind VLAN-interface 3 to VPN2, and configure IP address 10.214.20.3/24 for VLAN-interface 3. [MCE-Vlan-interface10] quit [MCE] vlan 3 [MCE-vlan3] port GigabitEthernet 1/0/20 [MCE-vlan3] quit [MCE] interface Vlan-interface 3 [MCE-Vlan-interface3] ip binding vpn-instance vpn2 [MCE-Vlan-interface3] ip address 10.214.20.3 24 [MCE-Vlan-interface3] quit...
Page 746
10.100.10.1/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 OSPF 10.100.10.2 Vlan2 As shown in the displayed information above, MCE has obtained the routing information of VPN1 through OSPF process 10. # Create OSPF process 20 for MCE whose router ID is 10.10.20.1, bind the process to VPN2. Redistribute BGP routes from VPN2, enable OSPF multi-instance, and advertise the network segment 10.100.20.0.
Page 747
127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 10.100.30.0/24 Direct 0 10.100.10.3 Vlan2 10.100.30.3/32 Direct 0 127.0.0.1 InLoop0 172.16.10.0/24 10.100.10.2 Vlan2 # For VPN2, perform the configurations similar to the above on MCE and PE to import the OSPF routing information of VPN2 to the EBGP routing table.
IP address. The Switch 4800G series implement policy routing through QoS policies. You can configure traffic classification and traffic redirecting action so that packets matching specific criteria will be forwarded along the specified path, thus to implement flexible routing.
To do… Use the command… Remarks Enter system view — system-view Enter interface Use either command interface interface-type view Enter interface-number Settings in interface view take interface effect on the current interface; view or port settings in port group view take Enter port group port-group manual group view...
Figure 1-1 Network diagram for IPv4 policy routing configuration Configuration procedure # Configure ACL 2000. <SwitchA> system-view [SwitchA] acl number 2000 [SwitchA-acl-basic-2000] rule 0 permit source any [SwitchA-acl-basic-2000] quit # Define a match criterion for class a to match ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl 2000 [SwitchA-classifier-a] quit...
Page 753
Figure 1-2 Network diagram for IPv6 policy routing configuration Configuration procedure # Configure IPv6 ACL 2000. <SwitchA> system-view [SwitchA] acl ipv6 number 2000 [SwitchA-acl6-basic-2000] rule 0 permit source any [SwitchA-acl6-basic-2000] quit # Define a match criterion for class a to match IPv6 ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl ipv6 2000 [SwitchA-classifier-a] quit...
Page 754
IP Multicast Volume Organization Manual Version 6W101-20091012 Product Version Release 2202 Organization The IP Multicast Volume is organized as follows: Features Description This document describes the main concepts in multicast: Introduction to Multicast Multicast Overview Multicast Models Multicast Architecture Multicast Packets Forwarding Mechanism Multicast routing and forwarding refer to some policies that filter RPF routing information for IP multicast support.
Page 755
Features Description As a multicast extension of MP-BGP, MBGP enables BGP to provide routing information for multicast applications. This document describes: MBGP Configuring MBGP Basic Functions Configuring MBGP Route Attributes Configuring a Large Scale MBGP Network Running at the data link layer, IGMP Snooping is a multicast control mechanism on the Layer 2 Ethernet switch and it is used for multicast group management and control.
Page 756
Table of Contents 1 Multicast Overview ····································································································································1-1 Introduction to Multicast ··························································································································1-1 Comparison of Information Transmission Techniques····································································1-1 Features of Multicast ·······················································································································1-4 Common Notations in Multicast·······································································································1-5 Advantages and Applications of Multicast·······················································································1-5 Multicast Models ·····································································································································1-6 Multicast Architecture······························································································································1-6 Multicast Addresses ························································································································1-7 Multicast Protocols ························································································································1-11 Multicast Packet Forwarding Mechanism ·····························································································1-13...
Multicast Overview This manual chiefly focuses on the IP multicast technology and device operations. Unless otherwise stated, the term “multicast” in this document refers to IP multicast. Introduction to Multicast As a technique coexisting with unicast and broadcast, the multicast technique effectively addresses the issue of point-to-multipoint data transmission.
Page 758
Figure 1-1 Unicast transmission Host A Receiver Host B Source Host C Receiver Host D IP network Receiver Packets for Host B Host E Packets for Host D Packets for Host E Assume that Host B, Host D and Host E need the information. A separate transmission channel needs to be established from the information source to each of these hosts.
Page 759
Figure 1-2 Broadcast transmission Assume that only Host B, Host D, and Host E need the information. If the information is broadcast to the subnet, Host A and Host C also receive it. In addition to information security issues, this also causes traffic flooding on the same subnet.
Figure 1-3 Multicast transmission The multicast source (Source in the figure) sends only one copy of the information to a multicast group. Host B, Host D and Host E, which are receivers of the information, need to join the multicast group. The routers on the network duplicate and forward the information based on the distribution of the group members.
For a better understanding of the multicast concept, you can assimilate multicast transmission to the transmission of TV programs, as shown in Table 1-1. Table 1-1 An analogy between TV transmission and multicast transmission TV transmission Multicast transmission A TV station transmits a TV program through A multicast source sends multicast data to a a channel.
Data warehouse and financial applications (stock quotes). Any other point-to-multipoint data distribution application. Multicast Models Based on how the receivers treat the multicast sources, there are three multicast models: any-source multicast (ASM), source-filtered multicast (SFM), and source-specific multicast (SSM). ASM model In the ASM model, any sender can send information to a multicast group as a multicast source, and numbers of receivers can join a multicast group identified by a group address and obtain multicast information addressed to that multicast group.
Multicast applications: A software system that supports multicast applications, such as video conferencing, must be installed on multicast sources and receiver hosts, and the TCP/IP stack must support reception and transmission of multicast data. Multicast Addresses To allow communication between multicast sources and multicast group members, network-layer multicast addresses, namely, multicast IP addresses must be provided.
Page 764
Address Description 224.0.0.5 Open Shortest Path First (OSPF) routers 224.0.0.6 OSPF designated routers/backup designated routers 224.0.0.7 Shared Tree (ST) routers 224.0.0.8 ST hosts 224.0.0.9 Routing Information Protocol version 2 (RIPv2) routers 224.0.0.11 Mobile agents 224.0.0.12 Dynamic Host Configuration Protocol (DHCP) server/relay agent 224.0.0.13 All Protocol Independent Multicast (PIM) routers 224.0.0.14...
Page 765
Description When set to 0, it indicates that this address is an IPv6 multicast address not based on a unicast prefix When set to 1, it indicates that this address is an IPv6 multicast address based on a unicast prefix (the T bit must also be set to 1) When set to 0, it indicates that this address is an IPv6 multicast address permanently-assigned by IANA When set to 1, it indicates that this address is a transient, or dynamically...
Page 766
Figure 1-6 IPv4-to-MAC address mapping The high-order four bits of a multicast IPv4 address are 1110, indicating that this address is a multicast address, and only 23 bits of the remaining 28 bits are mapped to a MAC address, so five bits of the multicast IPv4 address are lost.
Multicast Protocols Generally, we refer to IP multicast working at the network layer as Layer 3 multicast and the corresponding multicast protocols as Layer 3 multicast protocols, which include IGMP/MLD, PIM/IPv6 PIM, MSDP, and MBGP/IPv6 MBGP; we refer to IP multicast working at the data link layer as Layer 2 multicast and the corresponding multicast protocols as Layer 2 multicast protocols, which include IGMP Snooping/MLD Snooping, and multicast VLAN/IPv6 multicast VLAN.
Page 768
A multicast routing protocol runs on Layer 3 multicast devices to establish and maintain multicast routes and forward multicast packets correctly and efficiently. Multicast routes constitute a loop-free data transmission path from a data source to multiple receivers, namely, a multicast distribution tree. In the ASM model, multicast routes come in intra-domain routes and inter-domain routes.
data to each VLAN of the Layer 2 device. With the multicast VLAN or IPv6 multicast VLAN feature enabled on the Layer 2 device, the Layer 3 multicast device needs to send only one copy of multicast to the multicast VLAN or IPv6 multicast VLAN on the Layer 2 device. This avoids waste of network bandwidth and extra burden on the Layer 3 device.
Page 770
Table of Contents 1 Multicast Routing and Forwarding Configuration··················································································1-1 Multicast Routing and Forwarding Overview ··························································································1-1 Introduction to Multicast Routing and Forwarding···········································································1-1 RPF Check Mechanism···················································································································1-1 Multicast Static Routes ····················································································································1-4 Multicast Traceroute ························································································································1-5 Configuration Task List ···························································································································1-6 Enabling IP Multicast Routing ·················································································································1-6 Configuring Multicast Routing and Forwarding·······················································································1-7 Configuration Prerequisites ·············································································································1-7 Configuring Multicast Static Routes ································································································1-7...
Multicast Routing and Forwarding Configuration When configuring multicast routing and forwarding, go to these sections for information you are interested in: Multicast Routing and Forwarding Overview Configuration Task List Displaying and Maintaining Multicast Routing and Forwarding Configuration Examples Troubleshooting Multicast Routing and Forwarding The term "router"...
Page 772
A unicast routing table contains the shortest path to each destination subnet, An MBGP routing table contains multicast routing information, and A multicast static routing table contains the RPF routing information defined by the user through static configuration. When performing an RPF check, a router searches its unicast routing table and multicast static routing table at the same time.
Page 773
routing entry and a multicast forwarding entry for a multicast packet, the router sets the RPF interface of the packet as the incoming interface of the (S, G) entry. Upon receiving an (S, G) multicast packet, the router first searches its multicast forwarding table: If the corresponding (S, G) entry does not exist in the multicast forwarding table, the packet is subject to an RPF check.
is Vlan-interface 20. This means the (S, G) entry is correct and packet arrived along a wrong path. The RPF check fails and the packet is discarded. Multicast Static Routes A multicast static route is an important basis for RPF check. Depending on the application environment, a multicast static route has the following two functions: Changing an RPF route Typically, the topology structure of a multicast network is the same as that of a unicast network, and...
Figure 1-3 Creating an RPF route As shown in Figure 1-3, the RIP domain and the OSPF domain are unicast isolated from each other. When no multicast static route is configured, the hosts (Receivers) in the OSPF domain cannot receive the multicast packets sent by the multicast source (Source) in the RIP domain.
Introduction to multicast traceroute packets A multicast traceroute packet is a special IGMP packet, which differs from common IGMP packets in that its IGMP Type field is set to 0x1F or 0x1E and that its destination IP address is a unicast address. There are three types of multicast traceroute packets: Query, with the IGMP Type field set to 0x1F, Request, with the IGMP Type field set to 0x1F, and...
Enabling IP multicast routing Follow these steps to enable IP multicast routing: To do... Use the command... Remarks Enter system view — system-view Required Enable IP multicast routing multicast routing-enable Disabled by default Configuring Multicast Routing and Forwarding Configuration Prerequisites Before configuring multicast routing and forwarding, complete the following tasks: Configure a unicast routing protocol so that all devices in the domain are interoperable at the network layer.
Setting the minimum time to live (TTL) value required for a multicast packet to be forwarded. Setting the minimum TTL is not supported on 3Com Switch 4800G. You can configure a forwarding boundary specific to a particular multicast group on all interfaces that support multicast forwarding.
To do... Use the command... Remarks Required multicast boundary Configure a multicast group-address { mask | No forwarding boundary by forwarding boundary mask-length } default Configuring the Multicast Forwarding Table Size The router maintains the corresponding forwarding entry for each multicast packet it receives. Excessive multicast routing entries, however, can exhaust the router’s memory and thus result in lower router performance.
Displaying and Maintaining Multicast Routing and Forwarding To do... Use the command... Remarks display multicast boundary [ group-address [ mask View the multicast boundary Available in | mask-length ] ] [ interface interface-type information any view interface-number ] display multicast forwarding-table [ source-address [ mask { mask | mask-length } ] | group-address [ mask { mask | mask-length } ] | View the multicast...
Page 781
Switch A, Switch B and Switch C run OSPF. Typically, Receiver can receive the multicast data from Source through the path Switch A – Switch B, which is the same as the unicast route. Perform the following configuration so that Receiver can receive the multicast data from Source through the path Switch A –...
Page 782
[SwitchB] interface vlan-interface 102 [SwitchB-Vlan-interface102] pim dm [SwitchB-Vlan-interface102] quit # Enable IP multicast routing on Switch A, and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] pim dm [SwitchA-Vlan-interface200] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim dm [SwitchA-Vlan-interface102] quit [SwitchA] interface vlan-interface 103...
Creating an RPF Route Network requirements PIM-DM runs in the network and all switches in the network support IP multicast. Switch B and Switch C run OSPF, and have no unicast routes to Switch A. Typically, Receiver can receive the multicast data from Source 1 in the OSPF domain. Perform the following configuration so that Receiver can receive multicast data from Source 2, which is outside the OSPF domain.
Page 784
# Enable IP multicast routing on Switch A and enable PIM-DM on each interface. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] pim dm [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 102 [SwitchC-Vlan-interface102] pim dm [SwitchC-Vlan-interface102] quit The configuration on Switch B is similar to that on Switch A. The specific configuration steps are omitted here.
Troubleshooting Multicast Routing and Forwarding Multicast Static Route Failure Symptom No dynamic routing protocol is enabled on the routers, and the physic status and link layer status of interfaces are both up, but the multicast static route fails. Analysis If the multicast static route is not configured or updated correctly to match the current network conditions, the route entry and the configuration information of multicast static routes do not exist in the multicast routing table.
Page 786
In the case of PIM-SM, use the display current-configuration command to check the BSR and RP information. 1-16...
Page 787
Table of Contents 1 IGMP Configuration ···································································································································1-1 IGMP Overview ·······································································································································1-1 IGMP Versions ································································································································1-1 Introduction to IGMPv1····················································································································1-1 Enhancements in IGMPv2···············································································································1-3 Enhancements in IGMPv3···············································································································1-4 IGMP SSM Mapping························································································································1-5 IGMP Proxying ································································································································1-6 Protocols and Standards ·················································································································1-7 IGMP Configuration Task List ·················································································································1-7 Configuring Basic Functions of IGMP ·····································································································1-8 Configuration Prerequisites ·············································································································1-8 Enabling IGMP ································································································································1-9 Configuring IGMP Versions·············································································································1-9...
IGMP Configuration When configuring IGMP, go to the following sections for the information you are interested in: IGMP Overview IGMP Configuration Task List IGMP Configuration Examples Troubleshooting IGMP The term "router" in this document refers to a router in a generic sense or a Layer 3 switch running an IP routing protocol.
Page 789
Of multiple multicast routers on the same subnet, all the routers can hear IGMP membership report messages (often referred to as reports) from hosts, but only one router is needed for sending IGMP query messages (often referred to as queries). So, a querier election mechanism is required to determine which router will act as the IGMP querier on the subnet.
At the same time, because Host A is interested in G2, it sends a report to the multicast group address of G2. Through the above-mentioned query/report process, the IGMP routers learn that members of G1 and G2 are attached to the local subnet, and the multicast routing protocol (PIM for example) running on the routers generates (*, G1) and (*, G2) multicast forwarding entries, which will be the basis for subsequent multicast forwarding, where * represents any multicast source.
If the querier receives a membership report for the group within the maximum response time, it will maintain the memberships of the group; otherwise, the querier will assume that no hosts on the subnet are still interested in multicast traffic to that group and will stop maintaining the memberships of the group.
IGMPv3 supports not only general queries (feature of IGMPv1) and group-specific queries (feature of IGMPv2), but also group-and-source-specific queries. A general query does not carry a group address, nor a source address; A group-specific query carries a group address, but no source address; A group-and-source-specific query carries a group address and one or more source addresses.
Figure 1-3 Network diagram for IGMP SSM mapping IGMPv1 report IGMPv2 report Querier IGMPv3 report Router A Receiver Receiver Receiver Host A (IGMPv1) Host B (IGMPv2) Host C (IGMPv3) As shown in Figure 1-3, on an SSM network, Host A, Host B and Host C are running IGMPv1, IGMPv2 and IGMPv3 respectively.
Figure 1-4 Network diagram for IGMP proxying Proxy & Querier Querier Router B Router A PIM domain Ethernet Receiver Receiver Host B Host A Host C Query from Router A Report from Host Report from Router B Host interface Query from Router B Router interface As shown in Figure...
Task Remarks Enabling IGMP Required Configuring IGMP Versions Optional Configuring Basic Functions Configuring Static Joining Optional of IGMP Configuring a Multicast Group Filter Optional Configuring the Maximum Number of Multicast Optional Groups on an Interface Configuring IGMP Message Options Optional Adjusting IGMP Configuring IGMP Query and Response Optional...
Enabling IGMP First, IGMP must be enabled on the interface on which the multicast group memberships are to be established and maintained. Enabling IGMP Follow these steps to enable IGMP: To do... Use the command... Remarks Enter system view — system-view Required Enable IP multicast routing...
To do... Use the command... Remarks Optional Configure an IGMP version on igmp version version-number the interface IGMPv2 by default Configuring Static Joining After an interface is configured as a static member of a multicast group or a multicast source and group, it will act as a virtual member of the multicast group to receive multicast data addressed to that multicast group for the purpose of testing multicast data forwarding.
Follow these steps to configure a multicast group filter: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required By default, no multicast group Configure a multicast group filter is configured on this igmp group-policy filter acl-number [ version-number ]...
Configuration Prerequisites Before adjusting IGMP performance, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Configure basic functions of IGMP Before adjusting IGMP performance, prepare the following data: Startup query interval Startup query count IGMP general query interval...
Configuring IGMP packet options on an interface Follow these steps to configure IGMP packet options on an interface: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Configure the interface to Optional discard any IGMP message By default, the device does not...
Page 801
To do... Use the command... Remarks Enter system view — system-view Enter IGMP view — igmp Optional Configure the startup query For the system default, see startup-query-interval interval interval “Note” below. Optional Configure the startup query For the system default, see startup-query-count value count “Note”...
To do... Use the command... Remarks Optional Configure the other querier igmp timer For the system default, see present interval other-querier-present interval “Note” below. If not statically configured, the startup query interval is 1/4 of the “IGMP query interval”. By default, the IGMP query interval is 60 seconds, so the startup query interval = 60 / 4 = 15 (seconds).
Configure basic functions of IGMP. Enabling SSM Mapping Follow these steps to enable the IGMP SSM mapping feature: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable the IGMP SSM igmp ssm-mapping enable mapping feature Disabled by default...
Configuring IGMP Proxying Configuration Prerequisites Before configuring the IGMP proxying feature, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Enable IP multicast routing. Enabling IGMP Proxying You can enable IGMP proxying on the interface in the direction toward the root of the multicast forwarding tree to make the device serve as an IGMP proxy.
Follow these steps to enable multicast forwarding on a downstream interface To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required Enable multicast forwarding on a igmp proxying forwarding non-querier downstream interface Disabled by default.
To do... Use the command... Remarks reset igmp ssm-mapping group { all | interface interface-type interface-number Available in Clear IGMP SSM mappings { all | group-address [ mask { mask | user view mask-length } ] [ source-address [ mask { mask | mask-length } ] ] } } The reset igmp group command cannot clear the IGMP multicast group information of static joins.
Page 807
Network diagram Figure 1-5 Network diagram for basic IGMP functions configuration Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask of each interface as per Figure 1-5. The detailed configuration steps are omitted here. Configure the OSPF protocol for interoperation on the PIM network.
Use the display igmp ssm-mapping group command to view the multicast group information created based on the configured IGMP SSM mappings. # View the IGMP multicast group information created based on the IGMP SSM mappings on Switch D. [SwitchD] display igmp ssm-mapping group Total 1 IGMP SSM-mapping Group(s).
Page 812
Network diagram Figure 1-7 Network diagram for IGMP Proxying configuration Configuration procedure Configure IP addresses Configure the IP address and subnet mask of each interface as per Figure 1-7. The detailed configuration steps are omitted here. Enable IP multicast routing, PIM-DM, IGMP, and IGMP Proxying. # Enable IP multicast routing on Switch A, PIM-DM on VLAN-interface 101, and IGMP on VLAN-interface 100.
[SwitchB] display igmp interface vlan-interface 100 verbose Vlan-interface100(192.168.1.2): IGMP proxy is enabled Current IGMP version is 2 Multicast routing on this interface: enabled Require-router-alert: disabled Version1-querier-present-timer-expiry: 00:00:20 Use the display igmp group command to view the IGMP multicast group information. For example, # View the IGMP multicast group information on Switch A.
Check the IGMP version on the interface. You can use the display igmp interface command to check whether the IGMP version on the interface is lower than that on the host. Check that no ACL rule has been configured to restrict the host from joining the multicast group G. Carry out the display current-configuration interface command to check whether the igmp group-policy command has been executed.
Page 815
Table of Contents 1 PIM Configuration······································································································································1-1 PIM Overview··········································································································································1-1 Introduction to PIM-DM····················································································································1-2 How PIM-DM Works ························································································································1-2 Introduction to PIM-SM····················································································································1-4 How PIM-SM Works ························································································································1-5 Introduction to Administrative Scoping in PIM-SM ········································································1-11 SSM Model Implementation in PIM ·······························································································1-13 Protocols and Standards ···············································································································1-14 Configuring PIM-DM······························································································································1-14 PIM-DM Configuration Task List ···································································································1-14 Configuration Prerequisites ···········································································································1-15 Enabling PIM-DM ··························································································································1-15...
Page 816
PIM-SSM Configuration Example··································································································1-51 Troubleshooting PIM Configuration ······································································································1-54 Failure of Building a Multicast Distribution Tree Correctly ····························································1-54 Multicast Data Abnormally Terminated on an Intermediate Router ··············································1-55 RPs Unable to Join SPT in PIM-SM······························································································1-55 RPT Establishment Failure or Source Registration Failure in PIM-SM·········································1-56...
PIM Configuration When configuring PIM, go to these sections for information you are interested in: PIM Overview Configuring PIM-DM Configuring PIM-SM Configuring PIM-SSM Configuring PIM Common Features Displaying and Maintaining PIM PIM Configuration Examples Troubleshooting PIM Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the PIM protocol.
Introduction to PIM-DM PIM-DM is a type of dense mode multicast protocol. It uses the “push mode” for multicast forwarding, and is suitable for small-sized networks with densely distributed multicast members. The basic implementation of PIM-DM is as follows: PIM-DM assumes that at least one multicast group member exists on each subnet of a network, and therefore multicast data is flooded to all nodes on the network.
Page 819
corresponding interface from the outgoing interface list in the (S, G) entry and stop forwarding subsequent packets addressed to that multicast group down to this node. An (S, G) entry contains the multicast source address S, multicast group address G, outgoing interface list, and incoming interface.
The node that needs to receive multicast data sends a graft message toward its upstream node, as a request to join the SPT again. Upon receiving this graft message, the upstream node puts the interface on which the graft was received into the forwarding state and responds with a graft-ack message to the graft sender.
PIM-SM is a type of sparse mode multicast protocol. It uses the “pull mode” for multicast forwarding, and is suitable for large- and medium-sized networks with sparsely and widely distributed multicast group members. The basic implementation of PIM-SM is as follows: PIM-SM assumes that no hosts need to receive multicast data.
Page 822
A DR must be elected in a multi-access network, no matter this network connects to multicast sources or to receivers. The DR at the receiver side sends join messages to the RP; the DR at the multicast source side sends register messages to the RP. A DR is elected on a multi-access subnet by means of comparison of the priorities and IP addresses carried in hello messages.
Page 823
optimize the topological structure of the RPT, multiple candidate RPs (C-RPs) can be configured in a PIM-SM domain, among which an RP is dynamically elected through the bootstrap mechanism. Each elected RP serves a different multicast group range. For this purpose, a bootstrap router (BSR) must be configured.
Page 824
Table 1-1 Values in the hashing algorithm Value Description Value Hash value IP address of the multicast group Hash mask length IP address of the C-RP & Logical operator of “and” Logical operator of “exclusive-or” Modulo operator, which gives the remainder of an integer division RPT establishment Figure 1-5 RPT establishment in a PIM-SM domain As shown in...
Page 825
Multicast source registration The purpose of multicast source registration is to inform the RP about the existence of the multicast source. Figure 1-6 Multicast source registration As shown in Figure 1-6, the multicast source registers with the RP as follows: When the multicast source S sends the first multicast packet to multicast group G, the DR directly connected with the multicast source, upon receiving the multicast packet, encapsulates the packet in a PIM register message, and sends the message to the corresponding RP by unicast.
Page 826
Switchover to SPT In a PIM-SM domain, a multicast group corresponds to one RP and RPT. Before the SPT switchover takes place, the DR at the multicast source side encapsulates all multicast data destined to the multicast group in register messages and sends these messages to the RP. Upon receiving these register messages, the RP abstracts the multicast data and sends the multicast data down the RPT to the DRs at the receiver side.
Introduction to Administrative Scoping in PIM-SM Division of PIM-SM domains Typically, a PIM-SM domain contains only one BSR, which is responsible for advertising RP-set information within the entire PIM-SM domain. The information for all multicast groups is forwarded within the network scope administered by the BSR. We call this non-scoped BSR mechanism. To implement refined management, a PIM-SM domain can be divided into one global scope zone and multiple administratively scoped zones (admin-scope zones).
Page 828
Figure 1-7 Relationship between admin-scope zones and the global scope zone in geographic space Admin-scope zones are geographically separated from one another. Namely, a router must not serve different admin-scope zones. In other words, different admin-scope zones contain different routers, whereas the global scope zone covers all routers in the PIM-SM domain.
SSM Model Implementation in PIM The source-specific multicast (SSM) model and the any-source multicast (ASM) model are two opposite models. Presently, the ASM model includes the PIM-DM and PIM-SM modes. The SSM model can be implemented by leveraging part of the PIM-SM technique. The SSM model provides a solution for source-specific multicast.
As shown in Figure 1-9, Host B and Host C are multicast information receivers. They send IGMPv3 report messages to the respective DRs to express their interest in the information of the specific multicast source S. Upon receiving a report message, the DR first checks whether the group address in this message falls in the SSM group range: If so, the DR sends a subscribe message for channel subscription hop by hop toward the multicast source S.
Page 831
Configuration Prerequisites Before configuring PIM-DM, complete the following task: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer. Before configuring PIM-DM, prepare the following data: The interval between state-refresh messages Minimum time to wait before receiving a new refresh message TTL value of state-refresh messages Graft retry period Enabling PIM-DM...
Follow these steps to enable the state-refresh capability: To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Enable state-refresh pim state-refresh-capable Enabled by default Configuring State-Refresh Parameters The router directly connected with the multicast source periodically sends state-refresh messages. You can configure the interval for sending such messages.
To do... Use the command... Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Configure graft retry period pim timer graft-retry interval 3 seconds by default For the configuration of other timers in PIM-DM, refer to Configuring PIM Common Timers.
Before configuring PIM-SM, prepare the following data: The IP address of a static RP and an ACL rule defining the range of multicast groups to be served by the static RP C-RP priority and an ACL rule defining the range of multicast groups to be served by each C-RP A legal C-RP address range and an ACL rule defining the range of multicast groups to be served C-RP-Adv interval C-RP timeout...
For details about the multicast routing-enable command, see Multicast Routing and Forwarding Commands in the IP Multicast Volume. Configuring an RP An RP can be manually configured or dynamically elected through the BSR mechanism. For a large PIM network, static RP configuration is a tedious job. Generally, static RP configuration is just a backup means for the dynamic RP election mechanism to enhance the robustness and operation manageability of a multicast network.
Page 836
To do... Use the command... Remarks Enter system view — system-view Enter PIM view — c-rp interface-type interface-number [ group-policy Required Configure an interface to be a acl-number | priority priority | No C-RPs are configured C-RP holdtime hold-interval | by default advertisement-interval adv-interval ] *...
Follow these steps to configure C-RP timers globally: To do... Use the command... Remarks Enter system view — system-view Enter PIM view — Optional Configure the C-RP-Adv c-rp advertisement-interval interval 60 seconds by default interval Optional Configure C-RP timeout time c-rp holdtime interval 150 seconds by default For the configuration of other timers in PIM-SM, refer to...
Page 838
value of 1, the whole network will not be affected as long as the neighbor router discards these bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the entire network, all these routers will discard bootstrap messages from out of the legal address range.
Page 839
To do… Use the command… Remarks Required Configure a PIM domain border By default, no PIM domain pim bsr-boundary border is configured. Configuring global C-BSR parameters In each PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the PIM-SM domain send advertisement messages to the BSR.
Follow these steps to configure C-BSR timers: To do… Use the command… Remarks Enter system view — system-view Enter PIM view — Optional Configure the BS period c-bsr interval interval For the default value, see the note below. Optional Configure the BS timeout c-bsr holdtime interval For the default value, see the note below.
Page 841
To do… Use the command… Remarks Required Enable administrative scoping c-bsr admin-scope Disabled by default Configuring an admin-scope zone boundary The boundary of each admin-scope zone is formed by ZBRs. Each admin-scope zone maintains a BSR, which serves a specific multicast group range. Multicast protocol packets (such as assert messages and bootstrap messages) that belong to this range cannot cross the admin-scope zone boundary.
To do… Use the command… Remarks Required c-bsr group group-address Configure a C-BSR for an { mask | mask-length } No C-BSRs are configured for admin-scope zone [ hash-length hash-length | an admin-scope zone by priority priority ] * default. The group-address { mask | mask-length } parameter of the c-bsr group command can specify the multicast groups the C-BSR serves, in the range of 239.0.0.0/8.
5 seconds by default Disabling SPT Switchover If a 3Com Switch 4800G acts as an RP or the receiver-side DR, it initiates an SPT switchover process (by default) upon receiving the first multicast packet along the RPT. You can disable the switchover from RPT to SPT.
For a 3Com Switch 4800G, once a multicast forwarding entry is created, subsequent multicast data will not be encapsulated in register messages before being forwarded even if a register outgoing interface is available. Therefore, to avoid forwarding failure, do not use spt-switch-threshold infinity command on a switch that may become an RP (namely, a static RP or a C-RP).
Enabling PIM-SM The SSM model is implemented based on some subsets of PIM-SM. Therefore, a router is PIM-SSM capable after you enable PIM-SM on it. When deploying a PIM-SM domain, you are recommended to enable PIM-SM on non-border interfaces of the routers. Follow these steps to enable PIM-SM globally To do...
Make sure that the same SSM group range is configured on all routers in the entire domain. Otherwise, multicast information cannot be delivered through the SSM model. When a member of a multicast group in the SSM group range sends an IGMPv1 or IGMPv2 report message, the device does not trigger a (*, G) join.
To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Required pim neighbor-policy Configure a hello message filter No hello message filter by default. acl-number With the hello message filter configured, if hello messages of an existing PIM neighbor fail to pass the filter, the PIM neighbor will be removed automatically when it times out.
Page 849
upstream router has changed, it assumes that the status of the upstream neighbor is lost or the upstream neighbor has changed. In this case, it triggers a join message for state update. If you disable join suppression (namely, enable neighbor tracking), the join suppression feature should be disabled on all PIM routers on a multi-access subnet;...
Configuring PIM Common Timers PIM routers discover PIM neighbors and maintain PIM neighboring relationships with other routers by periodically sending out hello messages. Upon receiving a hello message, a PIM router waits a random period, which is smaller than the maximum delay between hello messages, before sending out a hello message.
To do... Use the command... Remarks Optional Configure the maximum delay pim triggered-hello-delay between hello messages 5 seconds by default interval Optional Configure the join/prune pim timer join-prune interval interval 60 seconds by default Optional Configure the join/prune pim holdtime join-prune timeout time 210 seconds by default interval...
To do... Use the command... Remarks display pim control-message counters [ message-type { probe | register | View the number of PIM control register-stop } | [ interface interface-type Available in messages interface-number | message-type { assert | bsr | any view crp | graft | graft-ack | hello | join-prune | state-refresh } ] * ]...
Page 853
Network diagram Figure 1-10 Network diagram for PIM-DM configuration Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int103 192.168.1.1/24 Vlan-int103 192.168.1.2/24 Switch B Vlan-int200 10.110.2.1/24 Vlan-int101 192.168.2.2/24 Vlan-int101 192.168.2.1/24 Vlan-int102 192.168.3.2/24 Switch C Vlan-int200 10.110.2.2/24 Vlan-int102...
Page 854
The configuration on Switch B and Switch C is similar to that on Switch A. # Enable IP multicast routing on Switch D, and enable PIM-DM on each interface. <SwitchD> system-view [SwitchD] multicast routing-enable [SwitchD] interface vlan-interface 300 [SwitchD-Vlan-interface300] pim dm [SwitchD-Vlan-interface300] quit [SwitchD] interface vlan-interface 103 [SwitchD-Vlan-interface103] pim dm...
Page 855
(*, 225.1.1.1) Protocol: pim-dm, Flag: WC UpTime: 00:04:25 Upstream interface: NULL Upstream neighbor: NULL RPF prime neighbor: NULL Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: igmp, UpTime: 00:04:25, Expires: never (10.110.5.100, 225.1.1.1) Protocol: pim-dm, Flag: ACT UpTime: 00:06:14 Upstream interface: Vlan-interface103, Upstream neighbor: 192.168.1.2...
PIM-SM Non-Scoped Zone Configuration Example Network requirements Receivers receive VOD information through multicast. The receiver groups of different organizations form stub networks, and one or more receiver hosts exist in each stub network. The entire PIM-SM domain contains only one BSR. Host A and Host C are multicast receivers in two stub networks.
Page 857
Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-11. Detailed configuration steps are omitted here. Configure the OSPF protocol for interoperation among the switches in the PIM-SM domain. Ensure the network-layer interoperation in the PIM-SM domain and enable dynamic update of routing information among the switches through a unicast routing protocol.
Page 858
[SwitchE-pim] quit Verify the configuration Carry out the display pim interface command to view the PIM configuration and running status on each interface. For example: # View the PIM configuration information on Switch A. [SwitchA] display pim interface Interface NbrCnt HelloInt DR-Pri DR-Address Vlan100...
Page 859
Hash mask length: 32 State: Elected Scope: Not scoped Uptime: 00:01:18 Next BSR message scheduled at: 00:01:52 Candidate BSR Address: 192.168.9.2 Priority: 20 Hash mask length: 32 State: Elected Scope: Not scoped Candidate RP: 192.168.9.2(Vlan-interface102) Priority: 0 HoldTime: 150 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:48 To view the RP information discovered on a switch, use the display pim rp-info command.
Upstream neighbor: 192.168.4.2 RPF prime neighbor: 192.168.4.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface102 Protocol: pim-sm, UpTime: 00:13:16, Expires: 00:03:22 PIM-SM Admin-Scope Zone Configuration Example Network requirements Receivers receive VOD information through multicast. The entire PIM-SM domain is divided into admin-scope zone 1, admin-scope zone 2, and the global zone.
Page 862
Network diagram Figure 1-12 Network diagram for PIM-SM admin-scope zone configuration Admin-scope 1 Vlan-int500 Receiver Switch G Host A Source 1 Vlan-int109 Source 3 Vlan-int100 Vlan-int200 Vlan-int109 Vlan-int101 Vlan-int102 Vlan-int102 Switch F Vlan-int101 Vlan-int107 Switch B Switch A Switch C Switch I Switch H Vlan-int107...
Page 863
Enable IP multicast routing and administrative scoping, and enable PIM-SM and IGMP # Enable IP multicast routing and administrative scoping on Switch A, enable PIM-SM on each interface, and enable IGMP on the host-side interface VLAN-interface 100. <SwitchA> system-view [SwitchA] multicast routing-enable [SwitchA] pim [SwitchA-pim] c-bsr admin-scope [SwitchA-pim] quit...
Page 864
# On Switch C, configure VLAN-interface 103 and VLAN-interface 106 to be the boundary of admin-scope zone 2. <SwitchC> system-view [SwitchC] interface vlan-interface 103 [SwitchC-Vlan-interface103] multicast boundary 239.0.0.0 8 [SwitchC-Vlan-interface103] quit [SwitchC] interface vlan-interface 106 [SwitchC-Vlan-interface106] multicast boundary 239.0.0.0 8 [SwitchC-Vlan-interface106] quit # On Switch D, configure VLAN-interface 107 to be the boundary of admin-scope zone 2.
Page 865
# View the BSR information and the locally configured C-RP information on Switch B. [SwitchB] display pim bsr-info Elected BSR Address: 10.110.9.1 Priority: 0 Hash mask length: 30 State: Accept Preferred Scope: Global Uptime: 00:01:45 Expires: 00:01:25 Elected BSR Address: 10.110.1.2 Priority: 0 Hash mask length: 30 State: Elected...
Page 866
Scope: 239.0.0.0/8 Candidate RP: 10.110.4.2(Vlan-interface104) Priority: 0 HoldTime: 150 Advertisement Interval: 60 Next advertisement scheduled at: 00:00:10 # View the BSR information and the locally configured C-RP information on Switch F. [SwitchF] display pim bsr-info Elected BSR Address: 10.110.9.1 Priority: 0 Hash mask length: 30 State: Elected Scope: Global...
PIM-SM BSR RP information: Group/MaskLen: 224.0.0.0/4 RP: 10.110.9.1 Priority: 0 HoldTime: 150 Uptime: 00:03:42 Expires: 00:01:48 Group/MaskLen: 239.0.0.0/8 RP: 10.110.4.2 (local) Priority: 0 HoldTime: 150 Uptime: 00:06:54 Expires: 00:02:41 # View the RP information on Switch F. [SwitchF] display pim rp-info PIM-SM BSR RP information: Group/MaskLen: 224.0.0.0/4 RP: 10.110.9.1 (local)
Page 868
Network diagram Figure 1-13 Network diagram for PIM-SSM configuration Device Interface IP address Device Interface IP address Switch A Vlan-int100 10.110.1.1/24 Switch D Vlan-int300 10.110.5.1/24 Vlan-int101 192.168.1.1/24 Vlan-int101 192.168.1.2/24 Vlan-int102 192.168.9.1/24 Vlan-int105 192.168.4.2/24 Switch B Vlan-int200 10.110.2.1/24 Switch E Vlan-int104 192.168.3.2/24 Vlan-int103 192.168.2.1/24...
Page 869
[SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim sm [SwitchA-Vlan-interface101] quit [SwitchA] interface vlan-interface 102 [SwitchA-Vlan-interface102] pim sm [SwitchA-Vlan-interface102] quit The configuration on Switch B and Switch C is similar to that on Switch A. The configuration on Switch D and Switch E is also similar to that on Switch A except that it is not necessary to enable IGMP on the corresponding interfaces on these two switches.
1: Vlan-interface100 Protocol: igmp, UpTime: 00:13:25, Expires: 00:03:25 The information on Switch B and Switch C is similar to that on Switch A. # View the PIM routing table information on Switch D. [SwitchD] display pim routing-table Total 0 (*, G) entry; 1 (S, G) entry (10.110.5.100, 232.1.1.1) Protocol: pim-ssm, Flag: LOC UpTime: 00:12:05...
interface and on the corresponding interface of the RPF neighbor router, the establishment of a multicast distribution tree will surely fail, causing abnormal multicast forwarding. The same PIM mode must run on the entire network. Otherwise, the establishment of a multicast distribution tree will surely fail, causing abnormal multicast forwarding.
Analysis As the core of a PIM-SM domain, the RPs serve specific multicast groups. Multiple RPs can coexist in a network. Make sure that the RP information on all routers is exactly the same, and a specific group is mapped to the same RP. Otherwise, multicast forwarding will fail. If the static RP mechanism is used, the same static RP command must be executed on all the routers in the entire network.
Page 873
Table of Contents 1 MSDP Configuration··································································································································1-1 MSDP Overview······································································································································1-1 Introduction to MSDP ······················································································································1-1 How MSDP Works···························································································································1-2 Protocols and Standards ·················································································································1-7 MSDP Configuration Task List················································································································1-7 Configuring Basic Functions of MSDP····································································································1-8 Configuration Prerequisites ·············································································································1-8 Enabling MSDP ·······························································································································1-8 Creating an MSDP Peer Connection·······························································································1-8 Configuring a Static RPF Peer ········································································································1-9 Configuring an MSDP Peer Connection ·································································································1-9 Configuration Prerequisites ·············································································································1-9 Configuring MSDP Peer Description ·····························································································1-10...
MSDP Configuration When configuring MSDP, go to these sections for information you are interested in: MSDP Overview MSDP Configuration Task List Displaying and Maintaining MSDP MSDP Configuration Examples Troubleshooting MSDP The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the MSDP protocol.
MSDP is applicable only if the intra-domain multicast protocol is PIM-SM. MSDP is meaningful only for the any-source multicast (ASM) model. How MSDP Works MSDP peers With one or more pairs of MSDP peers configured in the network, an MSDP interconnection map is formed, where the RPs of different PIM-SM domains are interconnected in series.
Page 876
Router A and Router B are MSDP peers on common multicast routers. Such MSDP peers just forward received SA messages. In a PIM-SM network running the BSR mechanism, the RP is dynamically elected from C-RPs. To enhance network robustness, a PIM-SM network typically has more than one C-RP. As the RP election result is unpredictable, MSDP peering relationships should be built among all C-RPs so that the winner C-RP is always on the "MSDP interconnection map”, while loser C-RPs will assume the role of common PIM-SM routers on the “MSDP interconnection map”.
Page 877
On MSDP peers, each SA message is subject to a reverse path forwarding (RPF) check and multicast policy–based filtering, so that only SA messages that have arrived along the correct path and passed the filtering are received and forwarded. This avoids delivery loops of SA messages. In addition, you can configure MSDP peers into an MSDP mesh group so as to avoid flooding of SA messages between MSDP peers.
Page 878
Figure 1-3 Diagram for RPF check for SA messages Source RP 1 RP 5 RP 9 RP 8 AS 1 AS 5 Mesh group AS 3 RP 2 RP 3 AS 2 MSDP peers RP 4 RP 6 RP 7 Static RPF peers AS 4 SA message...
Page 879
SA messages from other paths than described above will not be accepted nor forwarded by MSDP peers. Implementing intra-domain Anycast RP by leveraging MSDP peers Anycast RP refers to such an application that enables load balancing and redundancy backup between two or more RPs within a PIM-SM domain by configuring the same IP address for, and establishing MSDP peering relationships between, these RPs.
Optimal RP path: A multicast source registers with the nearest RP so that an SPT with the optimal path is built; a receiver joins the nearest RP so that an RPT with the optimal path is built. Load balancing between RPs: Each RP just needs to maintain part of the source/group information within the PIM-SM domain and forward part of the multicast data, thus achieving load balancing between different RPs.
Configuring Basic Functions of MSDP All the configuration tasks should be carried out on RPs in PIM-SM domains, and each of these RPs acts as an MSDP peer. Configuration Prerequisites Before configuring the basic functions of MSDP, complete the following tasks: Configure any unicast routing protocol so that all devices in the domain are interoperable at the network layer.
To do... Use the command... Remarks Enter system view — system-view Enter MSDP view — msdp Required peer peer-address Create an MSDP peer No MSDP peer connection connect-interface connection created by default interface-type interface-number If an interface of the router is shared by an MSDP peer and a BGP/MBGP peer at the same time, we recommend that you use the IP address of the BGP/MBGP peer as the IP address of the for the MSDP peer.
Configuring MSDP Peer Description With the MSDP peer description information, the administrator can easily distinguish different MSDP peers and thus better manage MSDP peers. Follow these steps to configure description for an MSDP peer: To do... Use the command... Remarks Enter system view —...
Configuring MSDP Peer Connection Control MSDP peers are interconnected over TCP (port number 639). You can flexibly control sessions between MSDP peers by manually deactivating and reactivating the MSDP peering connections. When the connection between two MSDP peers is deactivated, SA messages will no longer be delivered between them, and the TCP connection is closed without any connection setup retry, but the configuration information will remain unchanged.
decapsulates the SA message and delivers the multicast data contained in the register message to the receivers along the RPT. The MSDP peers deliver SA messages to one another. Upon receiving an SA message, a router performs RPF check on the message. If the router finds that the remote RP address is the same as the local RP address, it will discard the SA message.
Configuring SA Message Filtering Rules By configuring an SA message creation rule, you can enable the router to filter the (S, G) entries to be advertised when creating an SA message, so that the propagation of messages of multicast sources is controlled.
To protect the router effectively against denial of service (DoS) attacks, you can set a limit on the number of (S, G) entries the router can cache. Follow these steps to configure the SA message cache: To do... Use the command... Remarks Enter system view —...
Page 888
It is required that an MSDP peering relationship be set up between Switch B and Switch C through EBGP, and between Switch C and Switch E through IBGP. Network diagram Figure 1-5 Network diagram for inter-AS multicast configuration leveraging BGP routes Device Interface IP address...
Page 889
[SwitchA] interface vlan-interface 103 [SwitchA-Vlan-interface103] pim sm [SwitchA-Vlan-interface103] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] pim sm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] igmp enable [SwitchA-Vlan-interface200] pim sm [SwitchA-Vlan-interface200] quit The configuration on Switch B, Switch C, Switch D, Switch E, and Switch F is similar to the configuration on Switch A.
Page 890
# Redistribute BGP routes into OSPF on Switch B. [SwitchB] ospf 1 [SwitchB-ospf-1] import-route bgp [SwitchB-ospf-1] quit The configuration on Switch C and Switch E is similar to the configuration on Switch B. Configure MSDP peers # Configure an MSDP peer on Switch B. [SwitchB] msdp [SwitchB-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [SwitchB-msdp] quit...
Page 891
[SwitchE] display bgp peer BGP local router ID : 3.3.3.3 Local AS number : 200 Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 192.168.3.1 4 200 1 00:10:58 Established To view the BGP routing table information on the switches, use the display bgp routing-table command.
Page 892
192.168.1.2 00:12:27 # View the brief information about MSDP peering relationships on Switch C. [SwitchC] display msdp brief MSDP Peer Brief Information Configured Listen Connect Shutdown Down Peer's Address State Up/Down time SA Count Reset Count 192.168.3.2 00:15:32 192.168.1.1 00:06:39 # View the brief information about MSDP peering relationships on Switch E.
Inter-AS Multicast Configuration Leveraging Static RPF Peers Network requirements There are two ASs in the network, AS 100 and AS 200 respectively. OSPF is running within each AS, and BGP is running between the two ASs. PIM-SM 1 belongs to AS 100, while PIM-SM 2 and PIM-SM 3 belong to AS 200. Each PIM-SM domain has zero or one multicast source and receiver.
Page 894
Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-6. Detailed configuration steps are omitted here. Configure OSPF for interconnection between the switches. Ensure the network-layer interoperation in each AS, and ensure the dynamic update of routing information among the switches through a unicast routing protocol.
Configured Listen Connect Shutdown Down Peer's Address State Up/Down time SA Count Reset Count 192.168.3.1 00:16:40 Anycast RP Configuration Network requirements The PIM-SM domain has multiple multicast sources and receivers. OSPF runs within the domain to provide unicast routes. It is required to configure the anycast RP application so that the receiver-side DRs and the source-side DRs can initiate a Join message to their respective RPs that are the topologically nearest to them.
Page 897
Configuration procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-7. Detailed configuration steps are omitted here. Configure OSPF for interconnection between the switches. Ensure the network-layer interoperation among the switches, and ensure the dynamic update of routing information between the switches through a unicast routing protocol.
Page 898
[SwitchB-msdp] peer 2.2.2.2 connect-interface loopback 0 [SwitchB-msdp] quit # Configure an MSDP peer on Loopback 0 of Switch D. [SwitchD] msdp [SwitchD-msdp] originating-rp loopback 0 [SwitchD-msdp] peer 1.1.1.1 connect-interface loopback 0 [SwitchD-msdp] quit Verify the configuration You can use the display msdp brief command to view the brief information of MSDP peering relationships between the switches.
Page 899
Protocol: igmp, UpTime: 00:15:04, Expires: never (10.110.5.100, 225.1.1.1) RP: 10.1.1.1 (local) Protocol: pim-sm, Flag: SPT 2MSDP ACT UpTime: 00:46:28 Upstream interface: Vlan-interface103 Upstream neighbor: 10.110.2.2 RPF prime neighbor: 10.110.2.2 Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface100 Protocol: pim-sm, UpTime: - , Expires: never # View the PIM routing information on Switch D.
Downstream interface(s) information: Total number of downstreams: 1 1: Vlan-interface200 Protocol: pim-sm, UpTime: never , Expires: never SA Message Filtering Configuration Network requirements Three PIM-SM domains exist in the network, and OSPF runs within and among the domains to provide unicast routing. Configure respective Loopback 0 of Switch A, Switch C and Switch D as a C-BSR and C-RP in the respective PIM-SM domain.
Page 901
Configuration Procedure Configure IP addresses and unicast routing Configure the IP address and subnet mask for each interface as per Figure 1-8. The detailed configuration steps are omitted here. Configure OSPF for interoperation among the switches. Ensure the network-layer interoperation within and between the PIM-SM domains and ensure dynamic update of routing information among the switches by leveraging unicast routing.
Page 902
[SwitchA-pim] quit The configuration on Switch C and Switch D is similar to the configuration on Switch A. The specific configuration steps are omitted here. Configure MSDP peers # Configure an MSDP peer on Switch A. [SwitchA] msdp [SwitchA-msdp] peer 192.168.1.2 connect-interface vlan-interface 101 [SwitchA-msdp] quit # Configure MSDP peers on Switch C.
No SA Entries in the Router’s SA Cache Symptom MSDP fails to send (S, G) entries through SA messages. Analysis The import-source command is used to control sending (S, G) entries through SA messages to MSDP peers. If this command is executed without the acl-number argument, all the (S, G) entries will be filtered off, namely no (S, G) entries of the local domain will be advertised.
Page 905
Table of Contents 1 MBGP Configuration ·································································································································1-1 MBGP Overview······································································································································1-1 Protocols and Standards·························································································································1-2 MBGP Configuration Task List················································································································1-2 Configuring MBGP Basic Functions········································································································1-2 Prerequisites····································································································································1-2 Configuration Procedure··················································································································1-3 Controlling Route Advertisement and Reception····················································································1-3 Prerequisites····································································································································1-3 Configuring MBGP Route Redistribution·························································································1-3 Configure Default Route Redistribution into MBGP ········································································1-4 Configuring MBGP Route Summarization·······················································································1-4 Advertising a Default Route to an IPv4 MBGP Peer or Peer Group ···············································1-5 Configuring Outbound MBGP Route Filtering ·················································································1-5...
MBGP Configuration The term “router” refers to a router or a Layer 3 switch in this document. When configuring MBGP, go to these sections for information you are interested in: MBGP Overview Protocols and Standards MBGP Configuration Task List Configuring MBGP Basic Functions Controlling Route Advertisement and Reception Configuring MBGP Route Attributes Tuning and Optimizing MBGP Networks...
Protocols and Standards RFC2858: Multiprotocol Extensions for BGP-4 RFC3392: Capabilities Advertisement with BGP-4 draft-ietf-idmr-bgp-mcast-attr-00: BGP Attributes for Multicast Tree Construction MBGP Configuration Task List Complete the following tasks to configure MBGP: Task Remarks Configuring MBGP Basic Functions Required Configuring MBGP Route Redistribution Optional Configure Default Route Redistribution into MBGP Optional...
Configuration Procedure Follow these steps to configure MBGP basic functions: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number peer { group-name | Required Specify a peer or peer group ip-address } as-number and its AS number Not specified by default.
The Origin attribute of routes redistributed into the MBGP routing table with the import-route command is Incomplete. The Origin attribute of routes injected into the MBGP routing table with the network command is IGP. The networks to be injected must exist in the local IP routing table, and using a route policy makes route control more flexible.
To do… Use the command… Remarks Required Enable automatic No route route summary automatic summarization summarization is configured by default. Configure Choose either MBGP route as needed; if aggregate ip-address { mask | summarization mask-length } [ as-set | attribute-policy both are Configure manual configured, the...
Follow these steps to configure BGP route distribution filtering policies: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv4 MBGP address — ipv4-family multicast family view filter-policy { acl-number | ip-prefix Configure the filtering of ip-prefix-name } export [ direct | isis redistributed routes...
To do… Use the command… Remarks Filter incoming routes using an filter-policy { acl-number | ACL or IP prefix list ip-prefix ip-prefix-name } import Reference a route policy to peer { group-name | ip-address } routes from an IPv4 MBGP route-policy policy-name import peer/peer group At least one of these...
Prerequisites Before configuring this task, you need to configure MBGP basic functions. Configuring MBGP Route Preferences You can reference a route policy to set preferences for routes matching it. Routes not matching it use the default preferences. Follow these steps to configure MBGP route preferences: To do…...
To do… Use the command… Remarks Optional Configure the default default med med-value MED value 0 by default. Enable the Optional comparison of the compare-different-as-med MED of routes from Not enabled by default different ASs Configure the MED Enable the Optional attribute comparison of the...
Follow these steps to configure the AS-PATH attribute: To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv4 MBGP address family view — ipv4-family multicast Optional Specify the maximum number of times the peer { group-name | By default, the local AS local AS number can...
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Optional Enable BGP route refresh for a peer { group-name | ip-address } peer/peer group Enabled by default capability-advertise route-refresh Perfom a manual soft reset If the peer does not support route-refresh, you can use the peer keep-all-routes command to save all the route updates from the peer, and then use the refresh bgp ipv4 multicast command to soft-reset MBGP connections to refresh the MBGP routing table and apply the new policy without tearing down...
Configuring a Large Scale MBGP Network Prerequisites Before configuring this task, you need to make peering nodes accessible to each other at the network layer. Configuring IPv4 MBGP Peer Groups In a large-scale network, configuration and maintenance become difficult due to large numbers of MBGP peers.
To do… Use the command… Remarks Enter system view — system-view Enter BGP view — bgp as-number Enter IPv4 MBGP address family view — ipv4-family multicast Advertise the peer { group-name | community attribute ip-address } Advertise the to an MBGP advertise-community community peer/peer group...
In general, it is not required that clients of a route reflector be fully meshed. The route reflector forwards routing information between clients. If clients are fully meshed, you can disable route reflection between clients to reduce routing costs. In general, a cluster has only one route reflector, and the router ID of the route reflector is used to identify the cluster.
To do… Use the command… Remarks Display MBGP dampening Available in display bgp multicast routing-table parameter information any view dampening parameter Display MBGP routing Available in display bgp multicast routing-table information originating from any view different-origin-as different ASs display bgp multicast routing-table flap-info Display IPv4 MBGP routing flap [ regular-expression as-regular-expression | Available in...
Page 921
It is required that the respective Loopback 0 of Switch A and Switch B be configured as the C-BSR and C-RP of the respective PIM-SM domains. Switch A and Switch B establishes an MSDP peer relationship through MBGP. Figure 1-1 Network diagram for MBGP configuration Device Interface IP address...
Page 922
[SwitchC-Vlan-interface102] pim sm [SwitchC-Vlan-interface102] quit [SwitchC] interface vlan-interface 104 [SwitchC-Vlan-interface104] pim sm [SwitchC-Vlan-interface104] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] pim sm [SwitchC-Vlan-interface200] igmp enable [SwitchC-Vlan-interface200] quit # Configure a PIM domain border on Switch A. [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim bsr-boundary [SwitchA-Vlan-interface101] quit # Configure a PIM domain border on Switch B.
IGMP Snooping Configuration When configuring IGMP Snooping, go to the following sections for information you are interested in: IGMP Snooping Overview IGMP Snooping Configuration Task List Displaying and Maintaining IGMP Snooping IGMP Snooping Configuration Examples Troubleshooting IGMP Snooping Configuration IGMP Snooping Overview Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups.
Reducing Layer 2 broadcast packets, thus saving network bandwidth. Enhancing the security of multicast traffic. Facilitating the implementation of per-host accounting. Basic Concepts in IGMP Snooping IGMP Snooping related ports As shown in Figure 1-2, Router A connects to the multicast source, IGMP Snooping runs on Switch A and Switch B, Host A and Host C are receiver hosts (namely, multicast group members).
Aging timers for dynamic ports in IGMP Snooping and related messages and actions Table 1-1 Aging timers for dynamic ports in IGMP Snooping and related messages and actions Message before Timer Description Action after expiry expiry For each dynamic IGMP general query of router port, the switch The switch removes Dynamic router port...
Page 928
When receiving a membership report A host sends an IGMP report to the IGMP querier in the following circumstances: Upon receiving an IGMP query, a multicast group member host responds with an IGMP report. When intended to join a multicast group, a host sends an IGMP report to the IGMP querier to announce that it is interested in the multicast information addressed to that group.
does not immediately remove the port from the outgoing port list of the forwarding table entry for that group; instead, it resets the aging timer for the port. Upon receiving the IGMP leave message from a host, the IGMP querier resolves the multicast group address in the message and sends an IGMP group-specific query to that multicast group through the port that received the leave message.
RFC 4541: Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches IGMP Snooping Configuration Task List Complete these tasks to configure IGMP Snooping: Task Remarks Enabling IGMP Snooping Required Configuring Basic Functions of IGMP Snooping Configuring the Version of IGMP Snooping Optional Configuring Aging Timers for Dynamic Ports...
Configuring Basic Functions of IGMP Snooping Configuration Prerequisites Before configuring the basic functions of IGMP Snooping, complete the following task: Configure the corresponding VLANs. Before configuring the basic functions of IGMP Snooping, prepare the following data: Version of IGMP Snooping. Enabling IGMP Snooping Follow these steps to enable IGMP Snooping: To do...
To do... Use the command... Remarks Optional Configure the version of IGMP igmp-snooping version Snooping Version 2 by default version-number If you switch IGMP Snooping from version 3 to version 2, the system will clear all IGMP Snooping forwarding entries from dynamic joins, and will: Keep forwarding entries for version 3 static (*, G) joins;...
To do... Use the command... Remarks Optional Configure dynamic member host-aging-time interval port aging time 260 seconds by default Configuring aging timers for dynamic ports in a VLAN Follow these steps to configure aging timers for dynamic ports in a VLAN: To do...
A static (S, G) joining can take effect only if a valid multicast source address is specified and IGMP Snooping version 3 is currently running. A static member port does not respond to queries from the IGMP querier; when static (*, G) or (S, G) joining is enabled or disabled on a port, the port does not send an unsolicited IGMP report or an IGMP leave message.
Each simulated host is equivalent to an independent host. For example, when receiving an IGMP query, the simulated host corresponding to each configuration responds respectively. Unlike a static member port, a port configured as a simulated member host will age out like a dynamic member port.
Configuring IGMP Snooping Querier Configuration Prerequisites Before configuring IGMP Snooping querier, complete the following task: Enable IGMP Snooping in the VLAN. Before configuring IGMP Snooping querier, prepare the following data: IGMP general query interval, IGMP last-member query interval, Maximum response time to IGMP general queries, Source address of IGMP general queries, and Source address of IGMP group-specific queries.
Page 937
response time (the host obtains the value of the maximum response time from the Max Response Time field in the IGMP query it received). When the timer value comes down to 0, the host sends an IGMP report to the corresponding multicast group. An appropriate setting of the maximum response time for IGMP queries allows hosts to respond to queries quickly and avoids bursts of IGMP traffic on the network caused by reports simultaneously sent by a large number of hosts when the corresponding timers expire simultaneously.
Configuring Source IP Address of IGMP Queries Upon receiving an IGMP query whose source IP address is 0.0.0.0 on a port, the switch does not enlist that port as a dynamic router port. This may prevent multicast forwarding entries from being correctly created at the data link layer and cause multicast traffic forwarding failure in the end.
Configuring a multicast group filter globally Follow these steps to configure a multicast group filter globally: To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping view — igmp-snooping Required By default, no group filter is Configure a multicast group group-policy acl-number globally configured, that is,...
Disabled by default 3Com Switch 4800G, when enabled to filter IPv4 multicast data based on the source ports, are automatically enabled to filter IPv6 multicast data based on the source ports. Configuring the Function of Dropping Unknown Multicast Data Unknown multicast data refers to multicast data for which no entries exist in the IGMP Snooping forwarding table.
Follow these steps to configure IGMP report suppression: To do... Use the command... Remarks Enter system view — system-view Enter IGMP Snooping view — igmp-snooping Optional Enable IGMP report report-aggregation suppression Enabled by default Configuring Maximum Multicast Groups that Can Be Joined on a Port By configuring the maximum number of multicast groups that can be joined on a port, you can limit the number of multicast programs on-demand available to users, thus to regulate traffic on the port.
To address such situations, you can enable the multicast group replacement function on the switch or certain ports. When the number of multicast groups joined on the switch or a port has joined reaches the limit: If the multicast group replacement feature is enabled, the newly joined multicast group automatically replaces an existing multicast group with the lowest address.
To do... Use the command... Remarks Clear IGMP Snooping multicast Available in reset igmp-snooping group group information { group-address | all } [ vlan vlan-id ] user view Clear the statistics information of all Available in kinds of IGMP messages learned reset igmp-snooping statistics user view by IGMP Snooping...
Page 944
Network diagram Figure 1-3 Network diagram for group policy simulated joining configuration Configuration procedure Configure IP addresses Configure an IP address and subnet mask for each interface as per Figure 1-3. The detailed configuration steps are omitted. Configure Router A # Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMP on GigabitEthernet 1/0/1.
Page 945
# Configure a multicast group filter so that the hosts in VLAN 100 can join only the multicast group 224.1.1.1. [SwitchA] acl number 2001 [SwitchA-acl-basic-2001] rule permit source 224.1.1.1 0 [SwitchA-acl-basic-2001] quit [SwitchA] igmp-snooping [SwitchA-igmp-snooping] group-policy 2001 vlan 100 [SwitchA-igmp-snooping] quit # Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/4 as simulated hosts for multicast group 224.1.1.1.
Static Port Configuration Network requirements As shown in Figure 1-4, Router A connects to a multicast source (Source) through GigabitEthernet 1/0/2, and to Switch A through GigabitEthernet 1/0/1. IGMPv2 is to run on Router A, and IGMPv2 Snooping is to run on Switch A, Switch B and Switch C, with Router A acting as the IGMP querier.
Page 947
Configuration procedure Configure IP addresses Configure an IP address and subnet mask for each interface as per Figure 1-4. The detailed configuration steps are omitted. Configure Router A # Enable IP multicast routing, enable PIM-DM on each interface, and enable IGMP on GigabitEthernet 1/0/1.
Page 948
<SwitchC> system-view [SwitchC] igmp-snooping [SwitchC-igmp-snooping] quit # Create VLAN 100, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/5 to this VLAN, and enable IGMP Snooping in the VLAN. [SwitchC] vlan 100 [SwitchC-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/5 [SwitchC-vlan100] igmp-snooping enable [SwitchC-vlan100] quit # Configure GigabitEthernet 1/0/3 and GigabitEthernet 1/0/5 as static member ports for multicast group 224.1.1.1.
Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):100. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Router port(s):total 1 port. GE1/0/2 (D) ( 00:01:23 ) IP group(s):the following ip group(s) match to one mac group.
Page 950
Network diagram Figure 1-5 Network diagram for IGMP Snooping querier configuration Source 1 Source 2 192.168.1.10/24 192.168.1.20/24 Receiver Receiver GE1/0/2 GE1/0/2 GE1/0/1 GE1/0/3 GE1/0/3 GE1/0/1 Host A Host B GE1/0/4 Switch A Switch B Querier Receiver Receiver GE1/0/2 GE1/0/1 GE1/0/2 GE1/0/3 GE1/0/1 Host D...
[SwitchB] vlan 100 [SwitchB-vlan100] port gigabitethernet 1/0/1 to gigabitethernet 1/0/4 # Enable IGMP Snooping and the function of dropping unknown multicast traffic in VLAN 100. [SwitchB-vlan100] igmp-snooping enable [SwitchB-vlan100] igmp-snooping drop-unknown [SwitchB-vlan100] quit Configurations on Switch C and Switch D are similar to the configuration on Switch B. Verify the configuration After the IGMP Snooping querier starts to work, all the switches but the querier can receive IGMP general queries.
Configured Multicast Group Policy Fails to Take Effect Symptom Although a multicast group policy has been configured to allow hosts to join specific multicast groups, the hosts can still receive multicast data addressed to other multicast groups. Analysis The ACL rule is incorrectly configured. The multicast group policy is not correctly applied.
Multicast VLAN Configuration When configuring multicast VLAN, go to these sections for information you are interested in: Introduction to Multicast VLAN Multicast VLAN Configuration Task List Configuring Sub-VLAN-Based Multicast VLAN Configuring Port-Based Multicast VLAN Displaying and Maintaining Multicast VLAN Multicast VLAN Configuration Examples Introduction to Multicast VLAN As shown in Figure...
Page 955
Figure 1-2 Sub-VLAN-based multicast VLAN Multicast packets VLAN 10 (Multicast VLAN) VLAN 2 VLAN 2 Receiver VLAN 3 Host A VLAN 4 VLAN 3 Receiver Host B Router A Switch A Source IGMP querier VLAN 4 Receiver Host C After the configuration, IGMP Snooping manages router ports in the multicast VLAN and member ports in the sub-VLANs.
For information about IGMP Snooping, router ports, and member ports, refer to IGMP Snooping Configuration in the IP Multicast Volume. For information about VLAN tags, refer to VLAN Configuration in the Access Volume. Multicast VLAN Configuration Task List Complete the following tasks to configure multicast VLAN: Task Remarks Configuring Sub-VLAN-Based Multicast VLAN...
You cannot configure multicast VLAN on a device with IP multicast routing enabled. The VLAN to be configured as a multicast VLAN must exist. The VLANs to be configured as sub-VLANs of the multicast VLAN must exist and must not be sub-VLANs of another multicast VLAN.
Follow these steps to configure user port attributes: To do... Use the command... Remarks Enter system view — system-view interface interface-type interface-number Required Enter port view or port group port-group { manual view Use either command port-group-name | aggregation agg-id } Required Configure the user port link port link-type hybrid...
To do… Use this command… Remarks Enter system view — system-view Required Configure the specified VLAN as a multicast VLAN and enter Not a multicast VLAN by multicast-vlan vlan-id multicast VLAN view default. Return to system view — quit interface interface-type Required interface-number Enter port view or port group...
Page 960
Network diagram Figure 1-4 Network diagram for sub-VLAN-based multicast VLAN configuration Source IGMP querier Router A GE1/0/1 1.1.1.2/24 GE1/0/2 1.1.1.1/24 10.110.1.1/24 GE1/0/1 Switch A GE1/0/2 GE1/0/4 GE1/0/3 Receiver Receiver Receiver Host A Host B Host C VLAN 2 VLAN 3 VLAN 4 Configuration procedure Configure IP addresses...
Page 961
# Create VLAN 10, assign GigabitEthernet 1/0/1 to this VLAN and enable IGMP Snooping in the VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] igmp-snooping enable [SwitchA-vlan10] quit # Configure VLAN 10 as a multicast VLAN and configure VLAN 2 through VLAN 4 as its sub-VLANs. [SwitchA] multicast-vlan 10 [SwitchA-mvlan-10] subvlan 2 to 4 [SwitchA-mvlan-10] quit...
Router port(s):total 0 port. IP group(s):the following ip group(s) match to one mac group. IP group address:224.1.1.1 (0.0.0.0, 224.1.1.1): Host port(s):total 1 port. GE1/0/3 MAC group(s): MAC group address:0100-5e01-0101 Host port(s):total 1 port. GE1/0/3 Vlan(id):4. Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s).
Page 963
IGMPv2 is required on Router A. IGMPv2 Snooping is required on Switch A. Router A acts as the IGMP querier. Switch A’s GigabitEthernet 1/0/1 belongs to VLAN 10, GigabitEthernet 1/0/2 through GigabitEthernet 1/0/4 belong to VLAN 2 through VLAN 4 respectively, and Host A through Host C are attached to GigabitEthernet 1/0/2 through GigabitEthernet1/0/4 of Switch A respectively.
Page 964
# Enable IGMP Snooping globally. <SwitchA> system-view [SwitchA] igmp-snooping [SwitchA-igmp-snooping] quit # Create VLAN 10, assign GigabitEthernet 1/0/1 to VLAN 10, and enable IGMP Snooping in this VLAN. [SwitchA] vlan 10 [SwitchA-vlan10] port gigabitethernet 1/0/1 [SwitchA-vlan10] igmp-snooping enable [SwitchA-vlan10] quit # Create VLAN 2 and enable IGMP Snooping in the VLAN.
Page 965
# View the IGMP Snooping multicast group information on Switch A. [SwitchA] display igmp-snooping group Total 1 IP Group(s). Total 1 IP Source(s). Total 1 MAC Group(s). Port flags: D-Dynamic port, S-Static port, C-Copy port Subvlan flags: R-Real VLAN, C-Copy VLAN Vlan(id):10.
Page 966
Table of Contents 1 IPv6 Multicast Routing and Forwarding Configuration ·········································································1-1 IPv6 Multicast Routing and Forwarding Overview ··················································································1-1 Introduction to IPv6 Multicast Routing and Forwarding···································································1-1 RPF Check Mechanism···················································································································1-1 Configuration Task List ···························································································································1-4 Enabling IPv6 Multicast Routing ·············································································································1-4 Configuring IPv6 Multicast Routing and Forwarding···············································································1-4 Configuration Prerequisites ·············································································································1-4 Configuring an IPv6 Multicast Routing Policy··················································································1-4 Configuring an IPv6 Multicast Forwarding Range···········································································1-5...
IPv6 Multicast Routing and Forwarding Configuration When configuring IPv6 multicast routing and forwarding, go to the following sections for information you are interested in: IPv6 Multicast Routing and Forwarding Overview Configuration Task List Displaying and Maintaining IPv6 Multicast Routing and Forwarding Troubleshooting IPv6 Multicast Policy Configuration The term “router”...
Page 968
IPv6 multicast data delivery along the correct path. In addition, the RPF check mechanism also helps avoid data loops caused by various reasons. RPF Check process The basis for an RPF check is an IPv6 unicast route or an IPv6 MBGP route. An IPv6 unicast routing table contains the shortest path to each destination subnet;...
Page 969
Implementation of the RPF check in IPv6 multicast Implementing an RPF check on each received IPv6 multicast data packet would bring a big burden to the router. The use of an IPv6 multicast forwarding table is the solution to this issue. When creating an IPv6 multicast routing entry and an IPv6 multicast forwarding entry for an IPv6 multicast packet, the router sets the RPF interface of the packet as the incoming interface of the (S, G) entry.
When an IPv6 multicast packet arrives on Vlan-interface 10 of Router C, as the interface is not the incoming interface of the (S, G) entry, the router performs an RPF check on the packet: The router searches its IPv6 unicast routing table and finds that the outgoing interface to Source (the RPF interface) is Vlan-interface 20.
Setting the minimum hop limit value required for an IPv6 multicast packet to be forwarded. Setting the minimum hop limit value is not supported on 3Com Switch 4800G. You can configure the forwarding boundary for a specific IPv6 multicast group on all interfaces that support IPv6 multicast forwarding.
table based on the actual networking situation and the performance requirements. If the configured maximum number of IPv6 multicast forwarding table entries is smaller than the current value, the entries in excess will not be immediately deleted; instead they will be deleted by the IPv6 multicast routing protocol running on the router.
To do... Use the command... Remarks Display the RPF route information of Available in display multicast ipv6 rpf-info the specified IPv6 multicast source ipv6-source-address [ ipv6-group-address ] any view reset multicast ipv6 forwarding-table { { ipv6-source-address [ prefix-length ] | Clear forwarding entries from the Available in ipv6-group-address [ prefix-length ] |...
Page 974
command so that the source address of the IPv6 multicast packets and the IPv6 multicast group address can both match the IPv6 ACL rule. Check the configuration of the multicast filter. Use the display current-configuration command to view the configuration of the IPv6 multicast filter, and change the IPv6 ACL rule used in the source-policy command so that the source address of the IPv6 multicast packets and the IPv6 multicast group address can both match the IPv6 ACL rule.
Page 975
Table of Contents 1 MLD Configuration ····································································································································1-1 MLD Overview·········································································································································1-1 MLD Versions ··································································································································1-1 How MLDv1 Works··························································································································1-2 How MLDv2 Works··························································································································1-3 MLD Message Types·······················································································································1-4 MLD SSM Mapping ·························································································································1-7 MLD Proxying ··································································································································1-8 Protocols and Standards ·················································································································1-9 Configuration Task List ···························································································································1-9 Configuring Basic Functions of MLD·····································································································1-10 Configuration Prerequisites ···········································································································1-10 Enabling MLD ································································································································1-10 Configuring the MLD Version ········································································································1-10...
MLD Configuration The term “router” in this document refers to a router in a generic sense or a Layer 3 switch running the MLD protocol. When configuring MLD, go to the following sections for information you are interested in: MLD Overview Configuration Task List Displaying and Maintaining MLD Configuration MLD Configuration Examples...
For more information about the ASM and SSM models, see Multicast Overview in the IP Multicast Volume. How MLDv1 Works MLDv1 implements IPv6 multicast listener management based on the query/response mechanism. MLD querier election Of multiple IPv6 multicast routers on the same subnet, all the routers can hear MLD listener report messages (often referred to as reports) from hosts, but only one router is needed for sending MLD query messages (often referred to as queries).
Figure 1-1. The following describes how the hosts join the IPv6 multicast groups and the MLD querier (Router B in the figure) maintains the IPv6 multicast group memberships: The hosts send unsolicited MLD reports to the addresses of the IPv6 multicast groups that they want to join, without having to wait for the MLD queries from the MLD querier.
If it expects IPv6 multicast data from specific IPv6 multicast sources like S1, S2, …, it sends a report with the Filter-Mode denoted as “Include Sources (S1, S2, …). If it does not expect IPv6 multicast data from specific IPv6 multicast sources like S1, S2, …, it sends a report with the Filter-Mode denoted as “Exclude Sources (S1, S2, …).
Page 980
MLD query message An MLD querier learns the multicast listening state of neighbor interfaces by sending MLD query messages. Figure 1-3 shows the format of an MLD query message. The dark blue area in the figure shows the format of an MLDv1 message. Figure 1-3 Format of MLDv2 query message Type = 130 Code...
Page 981
Field Description QQIC Querier’s Query Interval Code This field is set to 0 in a general query message or a multicast-address-specific query message. Number of Sources This field represents the number of source addresses in a multicast-address-and-source-specific query message IPv6 multicast source address in a multicast-address-specific Source Address( i ) query message (i = 1, 2, .., n, where n represents the number of multicast source addresses.)
Field Description This field represents information of each IPv6 multicast address the host listens to on the interface from which the report message is sent, including record type, IPv6 Multicast Address Record(i) multicast address, and IPv6 multicast source address on the sender (i= 1, 2, ...
INCLUDE, (S1, S2...)) information based on the configured MLD SSM mappings and provides SSM service accordingly. The MLD SSM mapping feature does not process MLDv2 reports. For more information about the IPv6 SSM group range, refer to IPv6 PIM Configuration in the IP Multicast Volume.
multicast address, filter mode, and source list. Such an entry is a collection of members in the same multicast group on each downstream interface. A proxy device performs host functions on the upstream interface based on the database. It responds to the queries according to the information in the database or sends join/leave messages when the database changes.
Configuring Basic Functions of MLD Configuration Prerequisites Before configuring the basic functions of MLD, complete the following tasks: Configure any IPv6 unicast routing protocol so that all devices in the domain can be interoperable at the network layer. Configure IPv6 PIM-DM or IPv6 PIM-SM. In addition, prepare the following data: MLD version IPv6 multicast group address and IPv6 multicast source address for static group member...
Configuring an MLD version globally Follow these steps to configure an MLD version globally: To do… Use the command… Remarks Enter system view — system-view Enter MLD view — Optional Configure an MLD version version version-number globally MLDv1 by default Configuring an MLD version on an interface Follow these steps to configure an MLD version on an interface: To do…...
Before you can configure an interface of an IPv6 PIM-SM device as a static member of an IPv6 multicast group or an IPv6 multicast source and group, if the interface is IPv6 PIM-SM enabled, it must be an IPv6 PIM-SM DR; if this interface is MLD enabled but not IPv6 PIM-SM enabled, it must be an MLD querier.
This configuration takes effect for dynamically joined IPv6 multicast groups but not the statically configured multicast groups. Adjusting MLD Performance For the configuration tasks described in this section, Configurations performed in MLD view are globally effective, while configurations performed in interface view are effective on the current interface only.
By default, in consideration of compatibility, the device does not check the Router-Alert option, that is, it processes all received MLD messages. In this case, the device passes MLD messages to the upper layer protocol for processing, no matter whether the MLD messages carry the Router-Alert option or not.
Page 990
“robustness variable minus 1” packet losses on a network. Therefore, a greater value of the robustness variable makes the MLD querier “more robust”, but results in a longer IPv6 multicast group timeout time. Upon receiving an MLD query (general query or multicast-address-specific query) message, a host starts a timer for each IPv6 multicast group it has joined.
Page 991
Configuring MLD query and response parameters on an interface Follow these steps to configure MLD query and response parameters on an interface: To do… Use the command… Remarks Enter system view — system-view interface interface-type Enter interface view — interface-number Optional Configure the startup query mld startup-query-interval...
Make sure that the other querier present interval is greater than the MLD query interval; otherwise the MLD querier may frequently change. Make sure that the MLD query interval is greater than the maximum response delay for MLD general queries; otherwise, multicast group members may be wrongly removed. Configuring MLD Fast Leave Processing MLD fast leave processing is implemented by MLD Snooping.
If MLDv2 is enabled on a VLAN interface of a 3Com Switch 4800G, and if a port in that VLAN is configured as a simulated host, the simulated host will send MLDv2 reports even if you did not specify an IPv6 multicast source when configuring simulated joining with the mld-snooping host-join command.
Each device can have only one interface serving as the MLD proxy interface. You cannot enable MLD on interfaces with MLD proxying enabled. Moreover, only the mld require-router-alert, mld send-router-alert, and mld version commands can take effect on such interfaces. You cannot enable other IPv6 multicast routing protocols (such as IPv6 PIM-DM or IPv6-SM) on interfaces with MLD proxying enabled, or vice versa.
Page 995
To do… Use the command… Remarks View MLD configuration and running information on the display mld interface [ interface-type Available specified interface or all interface-number ] [ verbose ] in any view MLD-enabled interfaces View the information of the display mld proxying group [ group-address ] Available MLD proxying groups [ verbose ]...
MLD Configuration Examples Basic MLD Functions Configuration Example Network requirements Receivers receive VOD information in the multicast mode. Receivers of different organizations form stub networks N1 and N2, and Host A and Host C are multicast receivers in N1 and N2 respectively.
Page 997
# Enable IPv6 multicast routing on Switch A, enable IPv6 PIM-DM on each interface, and enable MLD on VLAN-interface 100. <SwitchA> system-view [SwitchA] multicast ipv6 routing-enable [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] mld enable [SwitchA-Vlan-interface100] pim ipv6 dm [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 101 [SwitchA-Vlan-interface101] pim ipv6 dm [SwitchA-Vlan-interface101] quit # Enable IPv6 multicast routing on Switch B, enable IPv6 PIM-DM on each interface, and enable MLD...
MLD SSM Mapping Configuration Example Network requirements The IPv6 PIM-SM domain applies both the ASM model and SSM model for IPv6 multicast delivery. Switch D’s VLAN-interface 104 serves as the C-BSR and C-RP. The SSM group range is FF3E::/64. MLDv2 runs on Switch D’s VLAN-interface 400. The receiver host runs MLDv1, and does not support MLDv2.
Page 999
# Enable IPv6 multicast routing on Switch D, enable IPv6 PIM-SM on each interface, and enable MLD (version 2) and MLD SSM mapping on VLAN-interface 400. <SwitchD> system-view [SwitchD] multicast ipv6 routing-enable [SwitchD] interface vlan-interface 400 [SwitchD-Vlan-interface400] mld enable [SwitchD-Vlan-interface400] mld version 2 [SwitchD-Vlan-interface400] mld ssm-mapping enable [SwitchD-Vlan-interface400] pim ipv6 sm [SwitchD-Vlan-interface400] quit...
Page 1000
# Configure MLD SSM mappings on Switch D. [SwitchD] mld [SwitchD-mld] ssm-mapping ff3e::101 128 1001::1 [SwitchD-mld] ssm-mapping ff3e::101 128 3001::1 [SwitchD-mld] quit Verify the configuration Use the display mld ssm-mapping command to view MLD SSM mappings on the switch. # View the MLD SSM mapping information for IPv6 multicast group FF3E::101 on Switch D. [SwitchD] display mld ssm-mapping ff3e::101 Group: FF3E::101 Source list:...