H3C S5500-EI Configuration Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Switch
  5. S5500-EI series
  6. Configuration manual

H3C S5500-EI Configuration Manual

Switch series layer 3 - ip routing
Hide thumbs Also See for S5500-EI:
1
2
3
4
5
6
7
Table Of Contents
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Command Manual
H3C S5500-EI & S5500-SI Switch Series
Layer 3 - IP Routing Configuration Guide
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Software version: Release 2210
Document version: 6W100-20110915

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the S5500-EI and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for H3C S5500-EI

Summary of Contents for H3C S5500-EI

  • Page 1 H3C S5500-EI & S5500-SI Switch Series Layer 3 - IP Routing Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 2210 Document version: 6W100-20110915...
  • Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
  • Page 3 The H3C S5500-EI & S5500-SI documentation set includes 10 configuration guides, which describe the software features for the H3C S5500-EI & S5500-SI Switch Series Release 2210, and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

  • Page 4: Command Conventions

    New features (only available 4-byte AS number suppression S5500-EI) IPv6 static routing Support for VPN instances RIPng S5500-EI only: Support for VPN instances • Collaboration with BFD OSPFv3 (only available on the S5500-EI) • Support for VPN instances • Collaboration with BFD...
  • Page 5 Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. About the S5500-EI & S5500-SI documentation set The H3C S5500-EI & S5500-SI documentation set includes: Documents Purposes Product description and specifications Marketing brochures Describe product specifications and benefits.

  • Page 6: Obtaining Documentation

    Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support &...

  • Page 7: Documentation Feedback

    Documentation feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

  • Page 8: Table Of Contents

    Contents IP routing basics ··························································································································································· 1 IP routing overview ···························································································································································1 Routing table ·····························································································································································1 Dynamic routing protocols ······································································································································2 Routing preference ···················································································································································3 Load sharing ·····························································································································································4 Route backup ····························································································································································4 Route recursion ·························································································································································4 Route redistribution···················································································································································4 Displaying and maintaining a routing table ··················································································································4 Static routing configuration ········································································································································· 7 Introduction ········································································································································································7 Static route ································································································································································7 Default route······························································································································································7...
  • Page 9 Tuning and optimizing RIP networks ···························································································································· 32 Configuring RIP timers··········································································································································· 32 Configuring split horizon and poison reverse···································································································· 32 Configuring the maximum number of load balanced routes ············································································ 33 Enabling zero field check on incoming RIPv1 messages ·················································································· 33 Enabling source IP address check on incoming RIP updates············································································ 34 Configuring RIPv2 message authentication ········································································································...
  • Page 10 Configuring OSPF inbound route filtering ·········································································································· 82 Configuring ABR Type-3 LSA filtering ················································································································· 83 Configuring an OSPF cost for an interface ········································································································ 83 Configuring the maximum number of OSPF routes ··························································································· 84 Configuring the maximum number of load-balanced routes ············································································ 84 Configuring OSPF preference ······························································································································...
  • Page 11 Basic concepts ·····················································································································································131 IS-IS area ······························································································································································133 IS-IS network type ················································································································································135 IS-IS PDU format···················································································································································136 Supported IS-IS features······································································································································142 Protocols and standards ·····································································································································144 IS-IS configuration task list···········································································································································144 Configuring IS-IS basic functions ································································································································145 Configuration prerequisites ································································································································145 Enabling IS-IS ·······················································································································································146 Configuring the IS level and circuit level ··········································································································146 Configuring the network type of an interface as P2P······················································································147 Configuring IS-IS routing information control············································································································147 Configuration prerequisites ································································································································147...
  • Page 12 IS-IS authentication configuration example·······································································································184 Configuring BFD for IS-IS····································································································································186 BGP configuration ··················································································································································· 190 BGP overview ·······························································································································································190 Formats of BGP messages ··································································································································190 BGP path attributes ·············································································································································193 BGP route selection ·············································································································································197 iBGP and IGP synchronization ··························································································································199 Settlements for problems in large scale BGP networks ···················································································199 BGP GR ································································································································································202 MP-BGP·································································································································································203 Protocols and standards ·····································································································································203...
  • Page 13 Configuring BGP community ······························································································································227 Configuring a BGP route reflector ·····················································································································228 Configuring a BGP confederation ·····················································································································228 Configuring BGP GR ···················································································································································229 Enabling trap ································································································································································230 Enabling logging of peer state changes····················································································································230 Configuring BFD for BGP ············································································································································231 Displaying and maintaining BGP ·······························································································································231 Displaying BGP····················································································································································231 Resetting BGP connections ·································································································································232 Clearing BGP information ··································································································································233 BGP configuration examples·······································································································································233...
  • Page 14 Configuring the maximum number of equal cost routes for load balancing ················································271 Applying IPsec policies for RIPng ·······························································································································272 Displaying and maintaining RIPng ·····························································································································273 RIPng configuration examples·····································································································································273 Configuring RIPng basic functions ·····················································································································273 Configuring RIPng route redistribution ··············································································································276 Configuring RIPng IPsec policies ·······················································································································278 OSPFv3 configuration·············································································································································...
  • Page 15 Configuring OSPFv3 IPsec policies ···················································································································311 Troubleshooting OSPFv3 configuration ·····················································································································314 No OSPFv3 neighbor relationship established ································································································314 Incorrect routing information ······························································································································315 IPv6 IS-IS configuration ··········································································································································· 316 Introduction to IPv6 IS-IS ··············································································································································316 Configuring IPv6 IS-IS basic functions························································································································316 Configuration prerequisites ································································································································316 Configuration procedure ····································································································································316 Configuring IPv6 IS-IS routing information control ···································································································317 Configuration prerequisites ································································································································317 Configuration procedure ····································································································································317...
  • Page 16 Configuring a large-scale IPv6 BGP network············································································································344 Configuration prerequisites ································································································································344 Configuring IPv6 BGP peer group·····················································································································344 Configuring IPv6 BGP community ·····················································································································346 Configuring an IPv6 BGP route reflector···········································································································346 Configuring BFD for IPv6 BGP····································································································································347 Displaying and maintaining IPv6 BGP·······················································································································348 Displaying BGP····················································································································································348 Resetting IPv6 BGP connections·························································································································349 Clearing IPv6 BGP information··························································································································349 IPv6 BGP configuration examples ······························································································································349 IPv6 BGP basic configuration example·············································································································349...
  • Page 17 Configuring PBR (using a QoS policy)·······················································································································384 Configuring a QoS policy ··································································································································384 Applying the QoS policy ····································································································································384 Displaying and maintaining PBR configuration ········································································································385 PBR configuration (using a PBR policy) ·············································································································385 PBR configuration (using a QoS policy)············································································································386 PBR configuration examples········································································································································387 Configuring local PBR based on packet type···································································································387 Configuring interface PBR based on packet type ····························································································388 IPv4 PBR configuration example (using a QoS policy) ···················································································390 IPv6 PBR configuration example (using a QoS policy) ···················································································391...

  • Page 18: Ip Routing Basics

    IP routing basics NOTE: router The term in this document refers to both routers and Layer 3 switches. • The types of interfaces that appear in any figures other than the network diagrams for configuration • examples are for illustration only. Some of them might be unavailable on your switch. interface •...

  • Page 19: Dynamic Routing Protocols

    Each entry in the FIB table specifies a physical interface that packets destined for a certain address should go out to reach the next hop—the next router—or the directly connected destination. NOTE: Layer 3—IP Services Configuration Guide For more information about the FIB table, see Routing table information Display the brief information of a routing table by using the display ip routing-table command.

  • Page 20: Routing Preference

    Table 1 Dynamic routing protocols Criterion Categories • Interior gateway protocols (IGPs)—Work within an autonomous system (AS). Examples include RIP, OSPF, and IS-IS. Optional scope • Exterior gateway protocols (EGPs)—Work between ASs. The most popular one is BGP. • Distance-vector protocols—RIP and BGP. BGP is also considered a path-vector protocol.

  • Page 21: Load Sharing

    Load sharing A routing protocol can be configured with multiple equal-cost routes to the same destination. These routes have the same preference and will all be used to accomplish load sharing if there is no route with a higher preference available. NOTE: At present, routing protocols supporting load sharing include static routing/IPv6 static routing, RIP/RIPng, OSPF/OSPFv3, BGP/IPv6 BGP, and IS-IS/IPv6 IS-IS.
  • Page 22 To do… Use the command… Remarks display ip routing-table [ vpn-instance vpn-instance-name ] ip-address [ mask | Display information about routes to mask-length ] [ longer-match ] [ verbose ] Available in any view the specified destination [ | { begin | exclude | include } regular-expression ] display ip routing-table [ vpn-instance Display information about routes...
  • Page 23 To do… Use the command… Remarks display ipv6 routing-table [ vpn-instance Display IPv6 routing information of vpn-instance-name ] protocol protocol Available in any view a routing protocol [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] display ipv6 routing-table [ vpn-instance Display IPv6 routing statistics vpn-instance-name ] statistics [ | { begin |...

  • Page 24: Static Routing Configuration

    Static routing configuration NOTE: The term router in this document refers to both routers and Layer 3 switches. • The S5500-SI Switch Series does not support VPN and BFD related parameters or FRR. • Introduction Static route Static routes are manually configured. If a network’s topology is simple, you only need to configure static routes for the network to work properly.

  • Page 25: Configuring A Static Route

    When specifying the output interface, observe the following rules: • If the output interface is a Null 0 interface, no next hop address is required. If you specify a broadcast interface (such as an Ethernet interface or VLAN interface) as the output •...

  • Page 26: Configuring Bfd For Static Routes

    NOTE: When you configure a static route, the static route does not take effect if you specify the next hop address • first and then configure it as the IP address of a local interface, such as Ethernet interface and VLAN interface.

  • Page 27: Bfd Echo Packet Mode

    Follow these steps to configure a static route with BFD control packet mode enabled (indirect session): To do… Use the command… Remarks Enter system view system-view — ip route-static dest-address { mask | mask-length } next-hop-address bfd control-packet bfd-source ip-address [ preference preference-value ] [ tag tag-value ] [ description Required Configure a static route...

  • Page 28: Displaying And Maintaining Static Routes

    Figure 1 Network diagram As shown in Figure 1, upon a link failure, FRR designates a backup next hop by using a routing policy for routes matching the specified criteria. Packets are directed to the backup next hop to avoid traffic interruption.

  • Page 29: Static Route Configuration Examples

    Static route configuration examples Basic static route configuration example Network requirements The IP addresses and masks of the switches and hosts are shown in Figure 2. Static routes are required for interconnection between any two hosts. Figure 2 Network diagram Configuration procedure Configure IP addresses for interfaces.
  • Page 30 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Vlan500 1.1.2.0/24 Direct 0 1.1.2.3 Vlan300 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 Vlan500 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Switch B.

  • Page 31: Static Route Frr Configuration Example

    <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete. Static route FRR configuration example Network requirements Switch S, Switch A, and Switch D are interconnected through static routes, as illustrated in Figure Configure static route FRR so that when the link between Switch S and Switch D fails, traffic can be switched to Link B immediately.
  • Page 32 [SwitchS-route-policy] apply fast-reroute backup-interface vlan-interface backup-nexthop 12.12.12.2 [SwitchS-route-policy] quit [SwitchS] ip route-static fast-reroute route-policy frr # Configure Switch D. [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [SwitchD] route-policy frr permit node 10 [SwitchD-route-policy] if-match ip-prefix abc [SwitchD-route-policy] apply fast-reroute...

  • Page 33: Bfd For Static Routes Configuration Example (Direct Session)

    BFD for static routes configuration example (direct session) Network requirements As shown in Figure 4, configure static routes to subnet 120.1.1.0/24 on Switch A, static routes to subnet 121.1.1.0/24 on Switch B, and static routes to subnets 120.1.1.0/24 and 121.1.1.0/24 on Switch C. Enable BFD so that when the link between Switch A and Switch B through the Layer 2 switch fails, BFD can detect the failure immediately and Switch A and Switch B can communicate through Switch C.
  • Page 34 [SwitchB] ip route-static 121.1.1.0 24 vlan-interface 10 12.1.1.1 bfd control-packet [SwitchB] ip route-static 121.1.1.0 24 vlan-interface 13 13.1.1.2 preference 65 [SwitchB] quit # Configure static routes on Switch C. <SwitchC> system-view [SwitchC] ip route-static 120.1.1.0 24 vlan-interface 13 13.1.1.1 [SwitchC] ip route-static 121.1.1.0 24 vlan-interface 11 10.1.1.102 Verify the configuration.

  • Page 35: Bfd For Static Routes Configuration Example (Indirect Session)

    Public Routing Table : Static Summary Count : 2 Static Routing table Status : < Active> Summary Count : 1 Destination/Mask Proto Cost NextHop Interface 120.1.1.0/24 Static 65 10.1.1.100 Vlan11 Static Routing table Status : < Inactive> Summary Count : 1 Destination/Mask Proto Cost...
  • Page 36 [SwitchA] interface loopback 1 [SwitchA-LoopBack1] bfd min-transmit-interval 500 [SwitchA-LoopBack1] bfd min-receive-interval 500 [SwitchA-LoopBack1] bfd detect-multiplier 9 [SwitchA-LoopBack1] quit [SwitchA] ip route-static 120.1.1.0 24 2.2.2.9 bfd control-packet bfd-source 1.1.1.9 [SwitchA] ip route-static 120.1.1.0 24 vlan-interface 11 10.1.1.100 preference 65 [SwitchA] quit # Configure static routes on Switch B and enable BFD control packet mode for the static route through Switch D.
  • Page 37 Destination/Mask Proto Cost NextHop Interface 120.1.1.0/24 Static 60 2.2.2.9 Vlan10 Static Routing table Status : <Inactive> Summary Count : 1 Destination/Mask Proto Cost NextHop Interface 120.1.1.0/24 Static 65 10.1.1.100 Vlan11 # Enable BFD debugging on Switch A. When the link between Switch A and Switch D fails, Switch A can detect the failure.

  • Page 38: Rip Configuration

    RIP configuration NOTE: router The term in this document refers to both routers and Layer 3 switches. • The S5500-SI Switch Series does not support VPN and BFD related parameters or FRR. • RIP overview RIP is a simple Interior Gateway Protocol (IGP), mainly used in small-sized networks, such as academic networks and simple LANs.

  • Page 39: Operation Of Rip

    Suppress timer—Defines how long a RIP route stays in suppressed state. When the metric of a route • is 16, the route enters the suppressed state. In suppressed state, only routes coming from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable routes.

  • Page 40: Rip Message Format

    Supports plain text authentication and MD5 authentication to enhance security. • NOTE: RIPv2 has two types of message transmission: broadcast and multicast. Multicast is the default type using 224.0.0.9 as the multicast address. The interface working in the RIPv2 broadcast mode can also receive RIPv1 messages.

  • Page 41: Supported Rip Features

    Differences from RIPv1: • Version–Version of RIP. For RIPv2 the value is 0x02. Route tag • IP address—Destination IP address. It can be a natural network address, subnet address, or host • address. • Subnet mask—Mask of the destination address. Unlike RIPv1, RIPv2 can carry subnet information. Next hop—If set to 0.0.0.0, it indicates that the originator of the route is the best next hop.

  • Page 42: Protocols And Standards

    Protocols and standards RFC 1058, Routing Information Protocol • RFC 1723, RIP Version 2 - Carrying Additional Information • RFC 1721, RIP Version 2 Protocol Analysis • • RFC 1722, RIP Version 2 Protocol Applicability Statement RFC 1724, RIP Version 2 MIB Extension •...

  • Page 43: Configuring Rip Basic Functions

    Configuring RIP basic functions Configuration prerequisites Before configuring RIP basic functions, complete the following tasks: Configure the link layer protocol • • Configure an IP address on each interface, and ensure all adjacent routers are reachable to each other Configuration procedure Enabling RIP and a RIP interface Follow these steps to enable RIP: To do…...
  • Page 44 To do… Use the command… Remarks Optional Enable the interface to receive RIP rip input messages Enabled by default Optional Enable the interface to send RIP rip output messages Enabled by default Configuring a RIP version You can configure a RIP version in RIP view or interface view under the following conditions. If neither global nor interface RIP version is configured, the interface sends RIPv1 broadcasts and •...

  • Page 45: Configuring Rip Route Control

    To do… Use the command… Remarks Optional By default, if an interface has no RIP version specified, the global version takes effect. If no global RIP Specify a RIP version for the rip version { 1 | 2 [ broadcast | version is specified, the interface interface multicast ] }...

  • Page 46: Disabling Host Route Reception

    Enabling RIPv2 route automatic summarization You can disable RIPv2 route automatic summarization if you want to advertise all subnet routes. Follow these steps to enable RIPv2 route automatic summarization: To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view ––...

  • Page 47: Advertising A Default Route

    To do… Use the command… Remarks Required Disable RIP from receiving host undo host-route routes Enabled by default NOTE: RIPv2 can be disabled from receiving host routes, but RIPv1 cannot. Advertising a default route Under the following conditions, you can configure RIP to advertise a default route with a specified metric to RIP neighbors: In RIP view, you can configure all the interfaces of the RIP process to advertise a default route;...

  • Page 48: Configuring A Priority For Rip

    To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] filter-policy { acl-number | gateway ip-prefix-name | ip-prefix Required Configure the filtering of incoming ip-prefix-name [ gateway routes Not configured by default ip-prefix-name ] } import...

  • Page 49: Tuning And Optimizing Rip Networks

    To do… Use the command… Remarks Optional Configure a default metric for default cost value The default metric of a redistributed redistributed routes route is 0. import-route protocol [ process-id Required Redistribute routes from another | all-processes | allow-ibgp ] [ cost No redistribution is configured by protocol cost | route-policy...

  • Page 50: Configuring The Maximum Number Of Load Balanced Routes

    Enabling split horizon The split horizon function disables an interface from sending routes received from the interface to prevent routing loops between adjacent routers. Follow these steps to enable split horizon: To do… Use the command… Remarks Enter system view system-view —...

  • Page 51: Enabling Source Ip Address Check On Incoming Rip Updates

    To do… Use the command… Remarks Enter system view system-view –– rip [ process-id ] [ vpn-instance Enter RIP view –– vpn-instance-name ] Optional Enable zero field check on checkzero received RIPv1 messages Enabled by default Enabling source IP address check on incoming RIP updates You can enable source IP address check on incoming RIP updates.

  • Page 52: Specifying A Rip Neighbor

    NOTE: This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can specify an authentication mode for RIPv1 in interface view, the configuration does not take effect. Specifying a RIP neighbor Usually, RIP sends messages to broadcast or multicast addresses. On non-broadcast or multicast links, you must manually specify RIP neighbors.

  • Page 53: Configuring Rip Frr

    To do… Use the command… Remarks Enable a RIP process and enter RIP rip [ process-id ] [ vpn-instance –– view vpn-instance-name ] Optional Configure the maximum number of By default, an interface sends up to RIP packets that can be sent at the output-delay time count count three RIP packets every 20 specified interval...

  • Page 54: Configuring Bfd For Rip

    To do… Use the command… Remarks rip [ process-id ] [ vpn-instance Enter RIP view — vpn-instance-name ] Enable RIP FRR and reference a Required fast-reroute route-policy routing policy to designate a route-policy-name Disabled by default. backup next hop Configuring BFD for RIP NOTE: High Availability Configuration Guide For more information about BFD, see...

  • Page 55: Displaying And Maintaining Rip

    To do… Use the command… Remarks Required Specify a RIP neighbor peer ip-address By default, RIP does not unicast updates to any peer. interface interface-type Enter interface view — interface-number Required Enable BFD on the RIP interface rip bfd enable Disabled by default NOTE: Unidirectional detection in BFD echo packet mode only works for RIP neighbors that are directly...
  • Page 56 Figure 10 Network diagram Configuration procedure Configure an IP address for each interface. (Details not shown) Configure basic RIP functions. # Configure Switch A. [SwitchA] rip [SwitchA-rip-1] network 192.168.1.0 [SwitchA-rip-1] network 172.16.0.0 [SwitchA-rip-1] network 172.17.0.0 # Configure Switch B. [SwitchB] rip [SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 # Display the RIP routing table of Switch A.

  • Page 57: Configuring Rip Route Redistribution

    10.0.0.0/8 192.168.1.2 10.2.1.0/24 192.168.1.2 10.1.1.0/24 192.168.1.2 The output shows that RIPv2 uses classless subnet mask. NOTE: RIPv1 routing information has a long aging time, so it will exist until it ages out after RIPv2 is configured. Configuring RIP route redistribution Network requirements In the following figure, two RIP processes are running on Switch B, which communicates with Switch A through RIP 100 and with Switch C through RIP 200.
  • Page 58 [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit # Enable RIP 200 and specify RIP version 2 on Switch C. <SwitchC> system-view [SwitchC] rip 200 [SwitchC-rip-200] network 12.0.0.0 [SwitchC-rip-200] network 16.0.0.0 [SwitchC-rip-200] version 2 [SwitchC-rip-200] undo summary # Display the routing table of Switch C.

  • Page 59: Configuring An Additional Metric For A Rip Interface

    [SwitchB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [SwitchB-acl-basic-2000] rule permit [SwitchB-acl-basic-2000] quit [SwitchB] rip 200 [SwitchB-rip-200] filter-policy 2000 export rip 100 # Display the routing table of Switch C. [SwitchC] display ip routing-table Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Cost...
  • Page 60 [SwitchA-rip-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] rip 1 [SwitchB-rip-1] network 1.0.0.0 [SwitchB-rip-1] version 2 [SwitchB-rip-1] undo summary # Configure Switch C. <SwitchC> system-view [SwitchB] rip 1 [SwitchC-rip-1] network 1.0.0.0 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary # Configure Switch D. <SwitchD>...

  • Page 61: Configuring Rip To Advertise A Summary Route

    1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 The output shows that only one RIP route reaches network 1.1.5.0/24, with the next hop as Switch B (1.1.1.2) and a cost of 2. Configuring RIP to advertise a summary route Network requirements In the following figure, Switch A and Switch B run OSPF, Switch D runs RIP, and Switch C runs OSPF and RIP.
  • Page 62 <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit Configure RIP basic functions. # Configure Switch C. <SwitchC> system-view [SwitchC] rip 1 [SwitchC-rip-1] network 11.3.1.0 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary # Configure Switch D. <SwitchD>...

  • Page 63: Rip Frr Configuration Example

    Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/8 11.3.1.1 Vlan300 11.3.1.0/24 Direct 0 11.3.1.2 Vlan300 11.3.1.2/32 Direct 0 127.0.0.1 InLoop0 11.4.1.0/24 Direct 0 11.4.1.2 Vlan400 11.4.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0...
  • Page 64 [SwitchS-rip-1] quit # Configure Switch D. <SwitchD> system-view [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [SwitchD] route-policy frr permit node 10 [SwitchD-route-policy] if-match ip-prefix abc [SwitchD-route-policy] apply fast-reroute backup-interface vlan-interface backup-nexthop 24.24.24.2 [SwitchD-route-policy] quit [SwitchD] rip 1 [SwitchD-rip-1] fast-reroute route-policy frr [SwitchD-rip-1] quit...

  • Page 65: Configuring Bfd For Rip (Single-Hop Detection In Bfd Echo Packet Mode)

    Configuring BFD for RIP (single-hop detection in BFD echo packet mode) Network requirements In the following figure, Switch A and Switch C are interconnected through a Layer 2 switch. VLAN-interface 100 of the two switches runs RIP process 1, BFD is enabled on VLAN-interface 100 of Switch A.
  • Page 66 # Configure Switch B. [SwitchB] rip 1 [SwitchB-rip-1] network 192.168.2.0 [SwitchB-rip-1] network 192.168.3.0 [SwitchB-rip-1] quit # Configure Switch C. [SwitchC] rip 1 [SwitchC-rip-1] network 192.168.1.0 [SwitchC-rip-1] network 192.168.3.0 [SwitchC-rip-1] import-route static [SwitchC-rip-1] quit Configure BFD parameters. # Configure Switch A. [SwitchA] bfd session init-mode active [SwitchA] bfd echo-source-ip 11.11.11.11 [SwitchA] interface vlan-interface 100...
  • Page 67 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.2.2 Interface: vlan-interface 200 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Inactive Adv Age: 00h12m50s Tag: 0 # Enable RIP event debugging on Switch A.

  • Page 68: Configuring Bfd For Rip (Bidirectional Detection In Bfd Control Packet Mode)

    Configuring BFD for RIP (bidirectional detection in BFD control packet mode) Network requirements In the following figure, Switch A is connected to Switch C through Switch B. VLAN-interface 100 on Switch A, VLAN-interface 200 on Switch C, and VLAN-interface 200 and VLAN-interface 100 on Switch B run RIP process 1.

  • Page 69: Configure Static Routes

    [SwitchA-rip-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] rip bfd enable [SwitchA-Vlan-interface100] quit [SwitchA] rip 2 [SwitchA-rip-2] network 192.168.3.0 [SwitchA-rip-2] quit # Configure Switch C. [SwitchC] rip 1 [SwitchC-rip-1] network 192.168.2.0 [SwitchC-rip-1] network 192.168.4.0 [SwitchC-rip-1] peer 192.168.1.1 [SwitchC-rip-1] undo validate-source-address [SwitchC-rip-1] import-route static [SwitchC-rip-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] rip bfd enable...
  • Page 70 CAUTION: If you specify null 0 interface as the output interface for a static route, do not specify the IP address of a directly connected network as the destination IP address. Verify the configuration. # Display the BFD session information of Switch A. <SwitchA>...

  • Page 71: Troubleshooting Rip

    # Display the BFD information of Switch A. Switch A has deleted the neighbor relationship with Switch C and no output information is displayed. <SwitchA> display bfd session # Display the RIP routes of RIP process 1 on Switch A. The RIP route learned from Switch C is no longer existent.
  • Page 72 When all links function, route oscillation occurs on the RIP network. After displaying the routing table, you may find some routes intermittently appear and disappear in the routing table. Analysis: In the RIP network, make sure that all the same timers within the entire network are identical and have logical relationships between them.

  • Page 73: Ospf Configuration

    OSPF configuration Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the Internet Engineering Task Force (IETF). Now, OSPF version 2 (RFC 2328) is used. NOTE: Unless otherwise noted, OSPF refers to OSPFv2 throughout this document. •...
  • Page 74 Each router uses the SPF algorithm to compute a shortest path tree showing the routes to the nodes • in the AS. The router itself is the root of the tree. Router ID An OSPF process running on a router must have its own router ID. This ID is a 32-bit unsigned integer that uniquely identifies the router in the AS.

  • Page 75: Area Based Ospf Network Partition

    Adjacency: Two OSPF neighbors establish an adjacency relationship to synchronize their LSDBs. Therefore, any two neighbors without exchanging route information do not establish an adjacency. Area based OSPF network partition Network partition In a large OSPF routing domain, the LSDB becomes very huge and SPF computation consumes many storage and CPU resources.
  • Page 76 A virtual link is established between two ABRs through a non-backbone area and is configured on both ABRs to take effect. The non-backbone area is called a transit area. In the following figure, Area 2 has no direct physical link to the backbone area 0. You can configure a virtual link between the two ABRs to connect Area 2 to the backbone area.
  • Page 77 A totally stub area cannot have an ASBR because AS external routes cannot be distributed into the • stub area. • Virtual links cannot transit totally stub areas. NSSA area Similar to a stub area, an NSSA area does not import AS external LSAs (Type-5 LSAs), but can import Type-7 LSAs generated by the NSSA ASBR.

  • Page 78: Router Types

    Router types Classification of routers The following are OSPF router types and their positions in the AS: Internal router All interfaces on an internal router belong to one OSPF area. Area Border Router (ABR) An ABR belongs to more than two areas, one of which must be the backbone area. It connects the backbone area to a non-backbone area.

  • Page 79: Classification Of Ospf Networks

    The intra-area and inter-area routes describe the network topology of the AS. The external routes describe routes to external ASs. OSPF classifies external routes as Type- 1 or Type-2. A Type- 1 external route has high credibility. The cost from a router to the destination of the Type- 1 external route = the cost from the router to the corresponding ASBR + the cost from the ASBR to the destination of the external route.

  • Page 80: Dr And Bdr

    DR and BDR Introduction On a broadcast or NBMA network, any two routers need to establish an adjacency to exchange routing information with each other. If n routers are present on the network, n(n- 1 )/2 adjacencies are required. In addition, any topology change on the network results in traffic for route synchronization, which consumes many system and bandwidth resources.

  • Page 81: Ospf Packet Formats

    OSPF packet formats OSPF packets are directly encapsulated into IP packets. OSPF uses the IP protocol number 89. The format of an OSPF LSU packet is shown in Figure Figure 24 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header. Figure 25 OSPF packet header Major fields of the OSPF packet header are as follows: Version: OSPF version number, which is 2 for OSPFv2.
  • Page 82 Figure 26 Hello packet format Major fields of the hello packet are as follows: Network mask: Network mask associated with the router’s sending interface. If two routers have • different network masks, they cannot become neighbors. HelloInterval: Interval for sending hello packets. If two routers have different intervals, they cannot •...
  • Page 83 Figure 27 DD packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Interface MTU Options 0 0 0 0 0 I DD sequence number LSA header LSA header Major fields of the DD packets are as follows: •...
  • Page 84 Figure 28 LSR packet format Major fields of the LSR packets are as follows: • LS type: Type of the LSA to be requested. Type 1 for example indicates the Router LSA. Link state ID: Determined by LSA type. • •...
  • Page 85 Figure 30 LSAck packet format LSA header format All LSAs have the same header. Figure 31 LSA header format Major fields of the LSA header are as follows: LS age: Time, in seconds, elapsed since the LSA was originated. An LSA ages in the LSDB (added •...
  • Page 86 Figure 32 Router LSA format Major fields of the Router LSA are as follows: Link state ID: ID of the router that originated the LSA. • V (Virtual Link): Set to 1 if the router that originated the LSA is a virtual link endpoint. •...
  • Page 87 Figure 33 Network LSA format Major fields of the Network LSA are as follows: Link state ID: The interface address of the DR. • • Network mask: The mask of the network (a broadcast or NBMA network). Attached router: The IDs of the routers, which are adjacent to the DR, including the DR itself. •...
  • Page 88 An AS external LSA is originated by an ASBR, and describes routing information to a destination outside the AS. Figure 35 AS external LSA format Major fields of the AS external LSA are as follows: • Link state ID: The IP address of another AS to be advertised. When describing a default route, the Link state ID is always set to default destination (0.0.0.0) and the network mask is set to 0.0.0.0 Network mask: The IP address mask for the advertised destination •...

  • Page 89: Supported Features

    Figure 36 NSSA external LSA format Supported features Multi-process This feature allows multiple OSPF processes to run on a router both simultaneously and independently. Routing information interactions between different processes simulate interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.

  • Page 90: Protocols And Standards

    NOTE: High Availability Configuration Guide For more information about BFD, see Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. Protocols and standards RFC 1765, OSPF Database Overflow •...

  • Page 91: Enabling Ospf

    Task Remarks Configuring the maximum number of OSPF routes Optional Configuring the maximum number of load-balanced routes Optional Configuring OSPF preference Optional Configuring OSPF route redistribution Optional Configuring OSPF packet timers Optional Specifying LSA transmission delay Optional Specifying SPF calculation interval Optional Specifying the LSA arrival interval Optional...

  • Page 92: Configuration Procedure

    You can specify a router ID when creating the OSPF process. Any two routers in an AS must have different router IDs. In practice, the ID of a router is the IP address of one of its interfaces. If you specify no router ID when creating the OSPF process, the global router ID is used. H3C •...

  • Page 93: Configuring Ospf Areas

    H3C recommends configuring a description for each OSPF process to help identify purposes of • processes and for ease of management and memorization. H3C recommends configuring a description for each area to help identify purposes of areas and for • ease of management and memorization.

  • Page 94: Configuring An Nssa Area

    NOTE: You must use the stub command on routers attached to a stub area. • Using the default-cost command only takes effect on the ABR of a stub area. • The backbone area cannot be a totally stub area. • A (totally) stub area cannot have an ASBR because AS external routes cannot be distributed into the stub •...

  • Page 95: Configuring Ospf Network Types

    To do… Use the command… Remarks ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — vpn-instance-name ] * Enter area view area area-id — Required vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay You must configure this command on seconds | dead seconds | simple both ends of a virtual link.

  • Page 96: Configuring The Ospf Network Type For An Interface As Broadcast

    Configuring the OSPF network type for an interface as broadcast Follow these steps to configure the OSPF network type for an interface as broadcast: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view —...

  • Page 97: Configuring The Ospf Network Type For An Interface As P2Mp

    NOTE: The router priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences. The former is for actual DR election. • The latter is to indicate whether a neighbor has the election right or not. If you configure the router •...

  • Page 98: Configuring Ospf Route Control

    To do… Use the command… Remarks Required Configure the OSPF network type By default, the network type of an ospf network-type p2p for the interface as P2P interface depends on the link layer protocol. Configuring OSPF route control This section describes how to control the advertisement and reception of OSPF routing information, as well as route redistribution from other protocols.

  • Page 99: Configuring Ospf Inbound Route Filtering

    Configuring route summarization when redistributing routes into OSPF on an ASBR Without route summarization, an ASBR advertises each redistributed route in a separate ASE LSA. After a summary route is configured, the ASBR advertises only the summary route in an ASE LSA instead of more specific routes, which reduces the number of LSAs in the LSDB.

  • Page 100: Configuring Abr Type-3 Lsa Filtering

    Configuring ABR Type-3 LSA filtering You can configure an ABR to filter Type-3 LSAs advertised to an area. Follow these steps to configure Type-3 LSA filtering on an ABR: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view —...

  • Page 101: Configuring The Maximum Number Of Ospf Routes

    Configuring the maximum number of OSPF routes Follow these steps to configure the maximum number of routes: To do… Use the command… Remarks Enter system view system-view — ospf [ process-id | router-id router-id | Enter OSPF view — vpn-instance vpn-instance-name ] * Optional Configure the maximum number of maximum-routes { external | inter | intra }...

  • Page 102: Configuring Ospf Route Redistribution

    Configuring OSPF route redistribution Configure route redistribution into OSPF On a router running OSPF and other routing protocols, you can configure OSPF to redistribute routes from other protocols such as RIP, IS-IS, BGP, static, and direct routes, and advertise them in Type-5 LSAs or Type-7 LSAs.

  • Page 103: Advertising A Host Route

    Configure the default parameters for redistributed routes You can configure default parameters, such as the cost, upper limit, tag and type for redistributed routes. Tags indicate information related to protocols. For example, when redistributing BGP routes, OSPF uses tags to identify AS IDs. Follow these steps to configure the default parameters for redistributed routes: To do…...

  • Page 104: Configuration Prerequisites

    Configuration prerequisites Before configuring OSPF network optimization, complete the following tasks: Configure IP addresses for interfaces • Configure OSPF basic functions • Configuring OSPF packet timers You can configure the following timers on OSPF interfaces as needed. Hello timer—Interval for sending hello packets. It must be identical on OSPF neighbors. The longer •...

  • Page 105: Specifying Lsa Transmission Delay

    Specifying LSA transmission delay Each LSA in the LSDB has an age that is incremented by 1 every second, but the age does not change during transmission. It is necessary to add a transmission delay into the age time especially for low-speed links.

  • Page 106: Specifying The Lsa Generation Interval

    To do… Use the command… Remarks Optional Configure the LSA arrival interval lsa-arrival-interval interval 1000 milliseconds by default NOTE: The interval set with the lsa-arrival-interval command must be smaller than or equal to the interval set with the lsa-generation-interval command. Specifying the LSA generation interval You can adjust the LSA generation interval to protect network resources and routers from being over consumed by frequent network changes.

  • Page 107: Configuring Stub Routers

    NOTE: Different OSPF processes can disable the same interface from receiving and sending OSPF packets. The • silent-interface command disables only the interfaces associated with the current process rather than interfaces associated with other processes. After an OSPF interface is set to silent, other interfaces on the router can advertise direct routes of the •...

  • Page 108: Adding The Interface Mtu Into Dd Packets

    To do… Use the command… Remarks Required Configure the authentication mode authentication-mode { md5 | simple } Not configured by default. Return to OSPF view quit — Return to system view quit — Enter interface view interface interface-type interface-number — Configure the authentication mode ospf authentication-mode simple [ cipher | (simple authentication) for the...

  • Page 109: Logging Neighbor State Changes

    RFC 1583 Enabled by default NOTE: To avoid routing loops, H3C recommends configuring all the routers to be either compatible or incompatible with RFC 1583. Logging neighbor state changes Follow these steps to enable the logging of neighbor state changes: To do…...

  • Page 110: Enabling Message Logging

    To do… Use the command… Remarks snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | Optional Enable OSPF trap lsdbapproachoverflow | lsdboverflow | generation maxagelsa | nbrstatechange | originatelsa Enabled by default | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] *...

  • Page 111: Configuring The Lsu Transmit Rate

    To do… Use the command… Remarks Configure OSPF to give Required priority to receiving and ospf packet-process prioritized-treatment Not configured by default. processing hello packets Configuring the LSU transmit rate Sending large numbers of LSU packets affects router performance and consumes too much network bandwidth.
  • Page 112 Figure 37 Network diagram for OSPF FRR Figure 37, after you enable FRR on Router B, OSPF automatically calculates or designates a backup next hop when a link failure is detected. Packets are directed to the backup next hop. At the same time, OSPF calculates the shortest path based on the new network topology, and forwards packets over the path after routing convergence.

  • Page 113: Configuring Ospf Graceful Restart

    To do… Use the command… Remarks ospf [ process-id | router-id Enter OSPF view router-id | vpn-instance — vpn-instance-name ] * Enable OSPF FRR to designate a Required fast-reroute route-policy backup next hop by using a routing route-policy-name Not configured by default. policy Configuring OSPF Graceful Restart OSPF GR involves the following:...

  • Page 114: Configuring The Ospf Gr Helper

    To do… Use the command… Remarks Required Enable the out-of-band enable re-synchronization capability out-of-band-resynchronization Disabled by default Required Enable non-IETF standard Graceful graceful-restart [ nonstandard ] Restart capability for OSPF Disabled by default Optional Configure Graceful Restart interval graceful-restart interval timer for OSPF 120 seconds by default Configuring the OSPF GR Helper...

  • Page 115: Triggering Ospf Graceful Restart

    Triggering OSPF Graceful Restart Performing a Master/Slave switchover, or performing the following configuration on an OSPF router, will trigger OSPF Graceful Restart. Follow these steps to trigger OSPF Graceful Restart: To do… Use the command… Remarks Required reset ospf [ process-id ] process Trigger OSPF Graceful Restart graceful-restart Available in user view...

  • Page 116: Displaying And Maintaining Ospf

    To do… Use the command… Description Required Enable BFD echo packet single-hop detection ospf bfd enable echo Not enabled by on the interface default Displaying and maintaining OSPF To do… Use the command… Remarks display ospf [ process-id ] brief [ | { begin | Available in any Display OSPF brief information exclude | include } regular-expression ]...

  • Page 117: Ospf Configuration Examples

    To do… Use the command… Remarks display ospf [ process-id ] error [ | { begin | Display OSPF error information exclude | include } regular-expression ] display ospf [ process-id ] asbr-summary Display OSPF ASBR [ ip-address { mask | mask-length } ] [ | { begin | summarization information exclude | include } regular-expression ] display router id [ | { begin | exclude | include }...
  • Page 118 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 2 [SwitchB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.2] quit [SwitchB-ospf-1] quit...
  • Page 119 Authentication Sequence: [ 0 ] Neighbor state change count: 5 Neighbors Area 0.0.0.1 interface 10.2.1.1(Vlan-interface200)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5...

  • Page 120: Configuring Ospf Route Redistribution

    Network 10.2.1.1 10.2.1.1 80000010 Sum-Net 10.5.1.0 10.2.1.1 80000003 Sum-Net 10.3.1.0 10.2.1.1 1069 8000000F Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Switch D. [SwitchD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination...
  • Page 121 Figure 39 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure OSPF basic functions. (See “Configuring OSPF basic functions”) Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.2.0/24. <SwitchC>...

  • Page 122: Configuring Ospf To Advertise A Summary Route

    Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to advertise a summary route Network requirements As shown in Figure Switch A and Switch B are in AS 200, which runs OSPF. •...
  • Page 123 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D.

  • Page 124: Configuring An Ospf Stub Area

    # Configure OSPF to redistribute routes from BGP on Switch B. [SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Configure OSPF to redistribute routes from BGP on Switch C. [SwitchC] ospf [SwitchC-ospf-1] import-route bgp # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 8...
  • Page 125 Figure 41 Network diagram Switch A Area 0 Switch B Vlan-int100 10.1.1.1/24 Vlan-int100 10.1.1.2/24 Vlan-int200 Vlan-int200 10.2.1.1/24 10.3.1.1/24 Vlan-int200 Vlan-int200 Area 1 Area 2 10.3.1.2/24 10.2.1.2/24 Stub ASBR Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure OSPF basic functions.
  • Page 126 Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 NOTE: In the above output, because Switch C resides in a normal OSPF area, its routing table contains an external route.

  • Page 127: Configuring An Ospf Nssa Area

    [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] stub no-summary [SwitchA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Switch C. [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1...
  • Page 128 Configure Area 1 as an NSSA area. # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 1 [SwitchA-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [SwitchA-ospf-1-area-0.0.0.1] quit [SwitchA-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] nssa [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit NOTE: If Switch C in the NSSA area wants to obtain routes to other areas within the AS, you must configure the...

  • Page 129: Configuring Ospf Dr Election

    Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 Stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop...
  • Page 130 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] router id 2.2.2.2 [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] router id 3.3.3.3 [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255...
  • Page 131 Authentication Sequence: [ 0 ] Router ID: 4.4.4.4 Address: 192.168.1.4 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 31 Neighbor is up for 00:01:28 Authentication Sequence: [ 0 ] Switch D becomes the DR, and Switch C is the BDR.
  • Page 132 Dead timer due in 33 Neighbor is up for 00:11:15 Authentication Sequence: [ 0 ] The DR and BDR have not changed. NOTE: In the above output, you can find the priority configuration does not take effect immediately. Restart OSPF process. # Restart the OSPF process of Switch D.

  • Page 133: Configuring Ospf Virtual Links

    [SwitchA] display ospf interface OSPF Process 1 with Router ID 1.1.1.1 Interfaces Area: 0.0.0.0 IP Address Type State Cost 192.168.1.1 Broadcast DR 192.168.1.1 192.168.1.3 [SwitchB] display ospf interface OSPF Process 1 with Router ID 2.2.2.2 Interfaces Area: 0.0.0.0 IP Address Type State Cost...
  • Page 134 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] area 1 [SwitchB–ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchB–ospf-1-area-0.0.0.1] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit...

  • Page 135: Configuring Ospf Graceful Restart

    [SwitchB-ospf-1-area-0.0.0.1] quit [SwitchB-ospf-1] quit # Configure Switch C. [SwitchC] ospf 1 [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2 [SwitchC-ospf-1-area-0.0.0.1] quit # Display the OSPF routing table of Switch B. [SwitchB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost...
  • Page 136 <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf 100 [SwitchA-ospf-100] area 0 [SwitchA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchA-ospf-100-area-0.0.0.0] quit # Configure Switch B <SwitchB> system-view [SwitchB] router id 2.2.2.2 [SwitchB] ospf 100 [SwitchB-ospf-100] area 0 [SwitchB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchB-ospf-100-area-0.0.0.0] quit # Configure Switch C <SwitchC>...

  • Page 137: Configuring Route Filtering

    192.1.1.1(Vlan100) from Full to Down OSPF 100: Intf 192.1.1.1 Rcv InterfaceDown State BackupDR -> Down. OSPF 100 nonstandard GR Started for OSPF Router OSPF 100 notify RM that OSPF process will enter GR. OSPF 100 created GR wait timer, timeout interval is 40(s). OSPF 100 created GR Interval timer,timeout interval is 120(s).
  • Page 138 Figure 46 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure OSPF basic functions. (See “Configuring OSPF basic functions”) Configure OSPF to redistribute routes. # On Switch C, configure a static route destined for network 3.1.1.0/24. <SwitchC>...
  • Page 139 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 On Switch C, filter out route 3.1.3.0/24. # Configure the IPv4 prefix list. [SwitchC] ip ip-prefix prefix1 index 1 deny 3.1.3.0 24 [SwitchC] ip ip-prefix prefix1 index 2 permit 3.1.1.0 24 [SwitchC] ip ip-prefix prefix1 index 3 permit 3.1.2.0 24 # Reference the prefix list to filter out route 3.1.3.0/24.

  • Page 140: Configuring Ospf Frr

    3.1.1.0/24 O_ASE 10.2.1.2 Vlan200 3.1.2.0/24 O_ASE 10.2.1.2 Vlan200 10.1.1.0/24 Direct 0 10.1.1.1 Vlan100 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0...
  • Page 141 # Configure Switch D. <SwitchD> system-view [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] ospf 1 [SwitchD-ospf-1] fast-reroute auto [SwitchD-ospf-1] quit Method II: Enable OSPF FRR to designate a backup next hop by using a routing policy. # Configure Switch S. <SwitchS> system-view [SwitchS] bfd echo-source-ip 1.1.1.1 [SwitchS] ip ip-prefix abc index 10 permit 4.4.4.4 32 [SwitchS] route-policy frr permit node 10...

  • Page 142: Configuring Bfd For Ospf

    Tag: 0 # Display route 1.1.1.1/32 on Switch D. You can find the backup next hop information. [SwitchD] display ip routing-table 1.1.1.1 verbose Routing Table : Public Summary Count : 1 Destination: 1.1.1.1/32 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 1 IpPrecedence: QosLcId:...
  • Page 143 Configure OSPF basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit [SwitchA] interface vlan 11 [SwitchA-Vlan-interface11] ospf cost 2 [SwitchA-Vlan-interface11] quit # Configure Switch B.
  • Page 144 [SwitchB-Vlan-interface10] ospf bfd enable [SwitchB-Vlan-interface10] bfd min-transmit-interval 500 [SwitchB-Vlan-interface10] bfd min-receive-interval 500 [SwitchB-Vlan-interface10] bfd detect-multiplier 6 Verify the configuration. The following operations are performed on Switch A. The operations on Switch B and Switch C are similar, and are not shown. # Display the BFD information of Switch A.
  • Page 145 %Nov 12 18:34:48:823 2005 SwitchA BFD/5/LOG: Sess[10.1.0.102/10.1.0.100, vlan10], Sta : UP->DOWN, Diag: 1 %Nov 12 18:34:48:824 2005 SwitchA RM/4/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbour 10.1.0.102 (vlan10) from Full to Down *0.50673825 SwitchA BFD/8/SCM:Sess[10.1.0.102/10.1.0.100, vlan10],Oper: Reset *0.50673825 SwitchA BFD/8/EVENT:Send sess-down Msg, [Src:10.1.0.102, Dst:10.1.0.100, vlan10] Protocol: OSPF *0.50673826 SwitchA RM/7/RMDEBUG:OSPF-BFD: Message Type rcv BFD down, Connect Type direct-connect, Src IP Address 10.1.0.102, Src IFIndex 5, Dst IP Address 10.1.0.100...

  • Page 146: Troubleshooting Ospf Configuration

    Protocol: OSPF Process ID: 0 Preference: 0 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.0.100 Interface: Vlan-interface10 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Invalid Adv Age: 00h58m05s Tag: 0 Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom...
  • Page 147 Solution Use the display ospf peer command to display neighbors. Use the display ospf interface command to display OSPF interface information. Use the display ospf lsdb command to display the LSDB to check its integrity. Display information about area configuration using the display current-configuration configuration ospf command.

  • Page 148: Is-Is Configuration

    IS-IS configuration NOTE: router The term in this document refers to both routers and Layer 3 switches. • The S5500-SI Switch Series does not support IS-IS. • IS-IS overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP).
  • Page 149 IS-IS address format NSAP As shown in Figure 49, an NSAP address consists of the Initial Domain Part (IDP) and the Domain Specific Part (DSP). The IDP is equal to the network ID of an IP address, and the DSP is equal to the subnet and host ID.

  • Page 150: Is-Is Area

    A network entity title (NET) indicates the network layer information of an IS, and does not include transport layer information. It is a special NSAP address with the SEL being 0. The length of the NET is equal to the NSAP, and is in the range of 8 bytes to 20 bytes. A NET comprises the following parts: Area ID—Its length is in the range of 1 to 13 bytes.
  • Page 151 Figure 50 IS-IS topology 1 Figure 51 is another IS-IS topology. The Level- 1 -2 routers connect to the Level- 1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology.

  • Page 152: Is-Is Network Type

    The routing information of a Level- 1 area is sent to the Level-2 area through the Level- 1 -2 router; therefore, the Level-2 router knows the routing information of the entire IS-IS routing domain. But the Level- 1 -2 router does not share the information of other Level- 1 areas and the Level-2 area with the Level- 1 area by default.

  • Page 153: Is-Is Pdu Format

    NOTE: On IS-IS broadcast networks, all routers are adjacent with each other. However, the DIS is responsible for the synchronization of their LSDBs. IS-IS PDU format PDU header format IS-IS packets are encapsulated into link layer frames. The Protocol Data Unit (PDU) consists of two parts, the headers and the variable length fields.
  • Page 154 Type PDU Type Acronym Point-to-Point IS-IS hello PDU P2P IIH Level-1 Link State PDU L1 LSP Level-2 Link State PDU L2 LSP Level-1 Complete Sequence Numbers PDU L1 CSNP Level-2 Complete Sequence Numbers PDU L2 CSNP Level-1 Partial Sequence Numbers PDU L1 PSNP Level-2 Partial Sequence Numbers PDU L2 PSNP...
  • Page 155 Priority: DIS priority. • • LAN ID: Includes the system ID and a one-byte pseudonode ID. Figure 56 shows the hello packet format on the point-to-point networks. Figure 56 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDU (LSP) carries link state information.
  • Page 156 Figure 57 L1/L2 LSP format Major fields of the L1/L2 LSP are as follows: PDU length: Total length of the PDU in bytes • Remaining lifetime: LSP remaining lifetime in seconds • LSP ID: Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one •...
  • Page 157 Figure 58 LSDB overload • IS type: Type of the router generating the LSP. SNP format A sequence number PDU (SNP) acknowledges the latest received LSPs. It is similar to an Acknowledge packet, but more efficient. SNP involves Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level- 1 CSNP, Level-2 CSNP, Level- 1 PSNP and Level-2 PSNP.
  • Page 158 Figure 60 L1/L2 PSNP format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 61 CLV format Table 3 shows that different PDUs contain different CLVs.

  • Page 159: Supported Is-Is Features

    CLV Code Name PDU Type IP Interface Address IIH, LSP Supported IS-IS features Multiple instances and processes IS-IS supports multiple instances and processes. Multiple processes allow an IS-IS process to work in concert with a group of interfaces. A router can run multiple IS-IS processes, and each process corresponds to a unique group of interfaces.
  • Page 160 The LSP fragment extension feature allows an IS-IS router to generate more LSP fragments. Up to 50 additional virtual systems can be configured on the router, and each virtual system is capable of generating 256 LSP fragments to enable the IS-IS router to generate up to 13056 LSP fragments. Terms Originating system •...

  • Page 161: Protocols And Standards

    Dynamic host name mapping mechanism The dynamic host name mapping mechanism provides the mappings between the host names and the system IDs for the IS-IS routers. The dynamic host name information is announced in the dynamic host name CLV of an LSP. This mechanism also provides the mapping between a host name and the DIS of a broadcast network, which is announced in the dynamic host name TLV of a pseudonode LSP.

  • Page 162: Configuring Is-Is Basic Functions

    Task Remarks Configuring IS-IS link cost Optional Specifying a priority for IS-IS Required Configuring the maximum number of equal cost routes Optional Configuring IS-IS Configuring IS-IS route summarization Optional routing information Advertising a default route Optional control Configuring IS-IS route redistribution Optional Configuring IS-IS route filtering Optional...

  • Page 163: Enabling Is

    Disabled by default Configuring the IS level and circuit level If only one area is available, H3C recommends you to perform the following operations: Configure the IS level of all routers as Level- 1 or Level-2 rather than different levels because the •...

  • Page 164: Configuring The Network Type Of An Interface As P2P

    Configuring the network type of an interface as P2P Interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the DIS and flood CSNP packets to synchronize the LSDBs, but P2P interfaces on a network do not need to elect the DIS, and have a different LSDB synchronization mechanism.
  • Page 165 equals 40; if the interface bandwidth does not exceed 622 Mbps, the interface cost equals 30; if the interface bandwidth does not exceed 2500 Mbps, the interface cost equals 20; if the interface bandwidth exceeds 2500 Mbps, the interface cost equals 10. If none of the above costs are used, a default cost of 10 applies.

  • Page 166: Specifying A Priority For Is

    To do… Use the command… Remarks Configure a bandwidth Optional reference value for automatic bandwidth-reference value 100 Mbps by default IS-IS cost calculation Specifying a priority for IS-IS A router can run multiple routing protocols. When routes to the same destination are found by multiple routing protocols, the route learned by the protocol with the highest priority can be adopted.

  • Page 167: Advertising A Default Route

    Follow these steps to configure route summarization: To do… Use the command... Remarks Enter system view system-view — isis [ process-id ] [ vpn-instance Enter IS-IS view — vpn-instance-name ] Required summary ip-address { mask | mask-length } Configure IS-IS route [ avoid-feedback | generate_null0_route | tag No route summarization is summarization...

  • Page 168: Configuring Is-Is Route Filtering

    To do… Use the command… Remarks Required import-route protocol [ process-id | No route is redistributed by all-processes | allow-ibgp ] [ cost cost | Redistribute routes from default. cost-type { external | internal } | [ level-1 | another routing protocol If no level is specified, routes are level-1-2 | level-2 ] | route-policy redistributed into the Level-2...

  • Page 169: Configuring Is-Is Route Leaking

    To do… Use the command… Remarks isis [ process-id ] [ vpn-instance Enter IS-IS view — vpn-instance-name ] filter-policy { acl-number | ip-prefix Required Configure the filtering of routes ip-prefix-name | route-policy redistributed from another routing Not configured by route-policy-name } export [ protocol protocol or IS-IS process default [ process-id ] ]...

  • Page 170: Specifying The Is-Is Hello Multiplier

    To do… Use the command… Remarks Optional Specify the interval for sending isis timer hello seconds [ level-1 | hello packets level-2 ] 10 seconds by default Specify the interval for sending Optional isis timer csnp seconds [ level-1 | CSNP packets on the DIS of a level-2 ] 10 seconds by default...

  • Page 171: Disabling An Interface From Sending Or Receiving Is-Is Packets

    Disabling an interface from sending or receiving IS-IS packets After being disabled from sending or receiving hello packets, an interface cannot form a neighbor relationship, but can advertise directly connected networks in LSPs through other interfaces. This can save bandwidth and CPU resources, and ensures other routers know networks directly connected to the interface.
  • Page 172 Specify the LSP refresh interval and generation interval Each router needs to refresh LSPs generated by itself at a configurable interval and send them to other routers to prevent valid routes from being aged out. A smaller refresh interval speeds up network convergence but consumes more bandwidth.
  • Page 173 If the IS-IS routers have different interface MTUs, H3C recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in this area. If they are not, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.

  • Page 174: Configuring Spf Parameters

    Configuring SPF parameters When the LSDB changes on a router, a route calculation starts. Frequent route calculations consume a lot of system resources. You can set an appropriate interval for SPF calculations to improve efficiency. Follow these steps to configure the SPF parameters: To do…...

  • Page 175: Configuring System Id To Host Name Mappings

    To do… Use the command… Remarks set-overload [ on-startup [ [ start-from-nbr system-id Required Set the overload bit [ timeout1 [ nbr-timeout ] ] ] | timeout2 ] [ allow { external Not set by default | interlevel } * ] Configuring system ID to host name mappings In IS-IS, a system ID identifies a router or host uniquely.

  • Page 176: Enabling The Logging Of Neighbor State Changes

    To do… Use the command... Remarks interface interface-type Enter interface view — interface-number Optional Not configured by default. This command takes effect only on a Configure a DIS name isis dis-name symbolic-name router with dynamic system ID to host name mapping configured. This command is not supported on P2P interfaces.

  • Page 177: Configuring Area Authentication

    To do… Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Required Specify the authentication mode isis authentication-mode { md5 | simple } Not authentication is and password password [ level-1 | level-2 ] [ ip | osi ] configured by default.

  • Page 178: Configuring Is-Is

    Configuring IS-IS GR NOTE: The IS-IS GR and IS-IS NSR features are mutually exclusive. Restarting IS-IS on a router causes network disconnections and route reconvergence. With the Graceful Restart (GR) feature, the restarting router—known as the GR Restarter—can notify the event to its GR capable neighbors.

  • Page 179: Configuring Is-Is Frr

    NSR is introduced to solve the problem. It backs up IS-IS link state information from the master device to the slave device. After a master/slave switchover, NSR can complete link state recovery and route re-generation without requiring the cooperation of other devices. Follow these steps to configure IS-IS NSR: To do…...

  • Page 180: Enabling Is-Is Snmp Trap

    Enable IS-IS • Configure IS-IS FRR to automatically calculate a backup next hop Follow these steps to configure IS-IS FRR: To do… Use the command… Remarks Enter system view system-view — Required Configure the source address of bfd echo-source-ip ip-address echo packets Not configured by default.

  • Page 181: Configuring Bfd For Is

    To do… Use the command… Remarks Enter system view system-view — isis [ process-id ] [ vpn-instance Enter IS-IS view — vpn-instance-name ] Required Bind the IS-IS process with MIBs isis mib-binding process-id By default, MIBs are bound with IS-IS process 1. Configuring BFD for IS-IS Follow these steps to enable BFD on an IS-IS interface: To do…...

  • Page 182: Is-Is Configuration Examples

    To do… Use the command… Remarks display isis name-table [ process-id | vpn-instance Display the host-name-to-system-ID Available in any vpn-instance-name ] [ | { begin | exclude | mapping table view include } regular-expression ] display isis peer [ statistics | verbose ] [ process-id Available in any Display IS-IS neighbor information | vpn-instance vpn-instance-name ] [ | { begin |...
  • Page 183 Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure IS-IS. # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB>...
  • Page 184 [SwitchD-Vlan-interface300] quit Verify the configuration. # Display the IS-IS LSDB of each switch to check the LSP integrity. [SwitchA] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00* 0x00000004 0xdf5e 1096 0/0/0...
  • Page 185 0000.0000.0003.01-00* 0x00000002 0xabdb 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload Level-2 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0003.00-00* 0x00000012 0xc93c 0/0/0 0000.0000.0004.00-00 0x00000026 0x331 1173 0/0/0 0000.0000.0004.01-00 0x00000001 0xee95 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchD] display isis lsdb Database information for ISIS(1) --------------------------------...
  • Page 186 Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan200 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination...

  • Page 187: Dis Election Configuration

    DIS election configuration Network requirements As shown in Figure 64, Switch A, B, C, and D reside in IS-IS area 10 on a broadcast network (Ethernet). Switch A and Switch B are Level- 1 -2 switches, Switch C is a Level- 1 switch, and Switch D is a Level-2 switch. Change the DIS priority of Switch A to make it elected as the Level- 1 -2 DIS router.
  • Page 188 [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit # Display information about IS-IS neighbors of Switch A. [SwitchA] display isis peer Peer information for ISIS(1) ----------------------------...
  • Page 189 IPV4.State IPV6.State Type Down 1497 L1/L2 Yes/No # Display information about IS-IS interfaces of Switch D. [SwitchD] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/Yes NOTE: By using the default DIS priority, Switch C is the Level-1 DIS, and Switch D is the Level-2 DIS. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01, respectively.
  • Page 190 IPV4.State IPV6.State Type Down 1497 L1/L2 Yes/Yes NOTE: After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0002 Interface: Vlan-interface100...

  • Page 191: Configuring Is-Is Route Redistribution

    Configuring IS-IS route redistribution Network requirements As shown in Figure 65, Switch A, Switch B, Switch C, and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level- 1 routers, Switch D is a Level-2 router, and Switch C is a Level- 1 -2 router.
  • Page 192 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] network-entity 20.0000.0000.0004.00...
  • Page 193 10.1.1.0/24 NULL VLAN100 Direct D/L/- 10.1.2.0/24 NULL VLAN200 Direct D/L/- 192.168.0.0/24 NULL VLAN300 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100...

  • Page 194: Is-Is Graceful Restart Configuration Example

    [SwitchD] isis 1 [SwitchD–isis-1] import-route rip level-2 # Display IS-IS routing information on Switch C. [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100 Direct D/L/-...
  • Page 195 Figure 66 Network diagram for IS-IS GR configuration GR restarter Switch A Vlan-int100 10.0.0.1/24 Vlan-int100 Vlan-int100 10.0.0.2/24 10.0.0.3/24 Switch B Switch C GR helper GR helper Configuration procedure Configure IP addresses of the interfaces on each switch and configure IS-IS. Follow Figure 66 to configure the IP address and subnet mask of each interface.

  • Page 196: Is-Is Nsr Configuration Example

    T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS NSR configuration example Network requirements Switch S, Switch A, and Switch B belong to the same IS-IS routing domain as illustrated in...
  • Page 197 if routes from Switch A to the loopback interface on Switch B and from Switch B to the loopback interface on Switch A exist. # When a master/slave switchover occurs on Switch S, display IS-IS neighbors and routes on Switch A. <SwitchA>...

  • Page 198: Is-Is Frr Configuration Example

    Interface: vlan200 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 25s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0001 Interface: vlan200 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 27s Type: L2(L1L2) PRI: 64 <SwitchB> display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost...
  • Page 199 Figure 68 Network diagram for IS-IS FRR configuration Switch A Link B Link A Loop 0 Loop 0 1.1.1.1/32 4.4.4.4/32 Vlan-int200 Vlan-int200 13.13.13.1/24 13.13.13.2/24 Switch S Switch D Configuration procedure Configure IP addresses for the interfaces on each switch and configure IS-IS. Follow Figure 68 to configure the IP address and subnet mask of each interface on the switches.
  • Page 200 # Configure Switch D. <SwitchD> system-view [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [SwitchD] route-policy frr permit node 10 [SwitchD-route-policy] if-match ip-prefix abc [SwitchD-route-policy] apply fast-reroute backup-interface vlan-interface backup-nexthop 24.24.24.2 [SwitchD-route-policy] quit [SwitchD] isis 1 [SwitchD-isis-1] fast-reroute route-policy frr [SwitchD-isis-1] quit Verify the configuration.

  • Page 201: Is-Is Authentication Configuration Example

    IS-IS authentication configuration example Network requirements As shown in Figure 69, Switch A, Switch B, Switch C and Switch D reside in the same IS-IS routing domain. Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20. Configure relationship authentication between neighbors.
  • Page 202 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD>...

  • Page 203: Configuring Bfd For Is

    [SwitchA] isis 1 [SwitchA-isis-1] area-authentication-mode md5 10Sec [SwitchA-isis-1] quit [SwitchB] isis 1 [SwitchB-isis-1] area-authentication-mode md5 10Sec [SwitchB-isis-1] quit [SwitchC] isis 1 [SwitchC-isis-1] area-authentication-mode md5 10Sec [SwitchC-isis-1] quit Configure routing domain authentication. Specify the MD5 authentication mode and password 1020Sec on Switch C and Switch D. [SwitchC] isis 1 [SwitchC-isis-1] domain-authentication-mode md5 1020Sec [SwitchC-isis-1] quit...
  • Page 204 # Configure Switch A. <SwitchA> system-view [SwitchA] isis [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] isis enable [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] isis enable [SwitchA-Vlan-interface11] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] isis enable...
  • Page 205 [SwitchB-Vlan-interface10] bfd detect-multiplier 8 [SwitchB-Vlan-interface10] return Verify the configuration. The following configurations are made on Switch A. Configurations for Switch B are similar. (Details not shown) # Display the BFD information of Switch A. <SwitchA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: LD/RD...
  • Page 206 #Aug 14:54:05:363 2008 SwitchA ISIS/4/ADJ_CHANGE:TrapID(1.3.6.1.2.1.138.0.17<isisAdjacencyChange>), ISIS Level-2 Adjencency IN Circuit-983041 State Change. #Aug 14:54:05:364 2008 SwitchA ISIS/4/ADJ_CHANGE:TrapID(1.3.6.1.2.1.138.0.17<isisAdjacencyChange>), ISIS Level-1 Adjencency IN Circuit-983041 State Change. %Aug 8 14:54:05:365 2008 SwitchA IFNET/4/LINK UPDOWN: Vlan-interface10 link status is DOWN %Aug 8 14:54:05:366 2008 SwitchA IFNET/4/UPDOWN: Line protocol on the interface Vlan-interface10 is DOWN %Aug 14:54:05:367...

  • Page 207: Bgp Configuration

    BGP configuration The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. NOTE: router The term refers to both routers and Layer 3 switches, and BGP refers to BGP-4 in this document. • The S5500-SI Switch Series does not support BGP. •...
  • Page 208 Keepalive • • Route-refresh They have the same header. Figure 71 BGP message header • Marker—The 16-byte field is used to delimit BGP messages. The Marker must be all ones. Length—The two-byte unsigned integer indicates the total length of the message. •...
  • Page 209 Optional parameters—Used for multiprotocol extensions and other functions. • Update The update messages are used to exchange routing information between peers. It can advertise feasible routes or remove multiple unfeasible routes. Figure 73 BGP update message format Each update message can advertise a group of feasible routes with identical attributes, and the routes are contained in the network layer reachability information (NLRI) field.

  • Page 210: Bgp Path Attributes

    Keepalive Keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Route-refresh A route-refresh message is sent to a peer to request the specified address family routing information. Figure 75 BGP route-refresh message format AFI—Address family identifier •...
  • Page 211 Name Category CLUSTER_LIST Optional non-transitive Usage of BGP path attributes ORIGIN ORIGIN is a well-known mandatory attribute that defines the origin of routing information (how a route became a BGP route). This attribute has the following types: • IGP—Has the highest priority. Routes added to the BGP routing table using the network command have the IGP attribute.
  • Page 212 Use the AS_PATH attribute for route selection and filtering. BGP gives priority to the route with the shortest AS_PATH length, if other factors are the same. As shown in Figure 76, the BGP router in AS50 gives priority to the route passing AS40 for sending data to the destination 8.0.0.0. In some applications, you can apply a routing policy to control BGP route selection by modifying the AS_PATH length.
  • Page 213 Figure 78 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 IBGP Next_hop = 2.1.1.1 9.0.0.0 MED = 0 EBGP Router D Router A IBGP EBGP D = 9.0.0.0 IBGP Next_hop = 3.1.1.1 MED = 100 3.1.1.1 AS 10 Router C AS 20 MED = 100...

  • Page 214: Bgp Route Selection

    based on the COMMUNITY attribute values. This simplifies routing policy usage and facilitates management and maintenance. Well-known community attributes are as follows: • Internet: By default, all routes belong to the Internet community. Routes with this attribute can be advertised to all BGP peers. No_Export: After received, routes with this attribute cannot be advertised out the local AS or out the •...
  • Page 215 IGP routing protocols such as RIP and OSPF compute metrics of routes, and then implement load • balancing over routes with the same metric and to the same destination. The route selection criterion is metric. • BGP has no route computation algorithm, so it cannot implement load balancing according to metrics of routes.

  • Page 216: Ibgp And Igp Synchronization

    A BGP speaker advertises routes learned through iBGP to eBGP peers. If BGP and IGP • synchronization is disabled, those routes are advertised to eBGP peers directly. If the feature is enabled, only after IGP advertises those routes, can BGP advertise the routes to eBGP peers. •...
  • Page 217 When a route flap occurs, the routing protocol sends an update to its neighbor, and then the neighbor must recalculate routes and modify the routing table. Frequent route flaps consume large bandwidth and CPU resources, which could affect network operation. In most cases, BGP is used in complex networks, where route changes are more frequent.
  • Page 218 Besides using well-known community attributes, you can define extended community attributes by using a community list to define a routing policy. Route reflector iBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of iBGP connections is n (n- 1 )/2, and large amounts of network and CPU resources are consumed.

  • Page 219: Bgp

    NOTE: After route reflection is disabled between clients, routes can still be reflected between a client and a non-client. Confederation Confederation is another method to manage growing iBGP connections in ASs. This method splits an AS into multiple sub-ASs. In each sub-AS, iBGP peers are fully meshed, and, as shown in Figure intra-confederation eBGP connections are established between sub-ASs.

  • Page 220: Mp-Bgp

    session. If neither party has the GR capability, the session established between them will not be GR capable. When a Master/Slave switchover occurs on the GR Restarter, sessions on it will go down. Then, GR-capable peers will mark all routes associated with the GR Restarter as stale. However, during the configured GR Time, they still use these routes for packet forwarding.

  • Page 221: Bgp Configuration Task List

    RFC 2439, BGP Route Flap Damping • • RFC 1997, BGP Communities Attribute RFC 2796, BGP Route Reflection • RFC 3065, Autonomous System Confederations for BGP • • RFC 4271, A Border Gateway Protocol 4 (BGP-4) RFC 5291, Outbound Route Filtering Capability for BGP-4 •...

  • Page 222: Configuring Bgp Basic Functions

    Task Remarks Configuring the BGP keepalive interval and Optional holdtime Configuring the interval for sending the same Optional update Configuring BGP soft-reset Optional Enabling the BGP ORF capability Optional Tuning and optimizing BGP networks Enabling 4-byte AS number suppression Optional Enabling quick eBGP session reestablishment Optional Enabling MD5 authentication for TCP connections...

  • Page 223: Specifying The Source Interface For Tcp Connections

    If a BGP router has multiple links to a peer, and the source interface fails, BGP must reestablish TCP connections, causing network oscillation. To enhance stability of BGP connections, H3C recommends using a loopback interface as the source interface.

  • Page 224: Allowing Establishment Of Ebgp Connection To An Indirectly Connected Peer Or Peer Group

    To do… Use the command… Remarks Enter BGP view bgp as-number — Required By default, BGP uses the outbound Specify the source interface for peer { group-name | ip-address } interface of the best route to the BGP establishing TCP connections to a connect-interface interface-type peer or peer group as the source peer or peer group...

  • Page 225: Injecting A Local Network

    Injecting a local network In BGP view, you can inject a local network to allow BGP to advertise to BGP peers. The origin attribute of routes advertised in this way is IGP. You can also reference a routing policy to flexibly control route advertisement.

  • Page 226: Controlling Route Distribution And Reception

    To do… Use the command… Remarks Required import-route protocol [ { process-id Not redistributed by default Enable route redistribution from a | all-processes } [ allow-direct | The allow-direct keyword is routing protocol into BGP med med-value | route-policy available only when the specified route-policy-name ] * ] routing protocol is OSPF.

  • Page 227: Advertising A Default Route To A Peer Or Peer Group

    To do… Use the command… Remarks aggregate ip-address { mask | mask-length } Required [ as-set | attribute-policy route-policy-name | Configure manual route detail-suppressed | origin-policy Not configured by summarization route-policy-name | suppress-policy default. route-policy-name ]* Advertising a default route to a peer or peer group After this task is configured, the BGP router sends a default route with the next hop being itself to the specified peer or peer group.

  • Page 228: Enabling Bgp And Igp Route Synchronization

    To do… Use the command… Remarks Required filter-policy { acl-number | ip-prefix ip-prefix-name } export Configure at least one command. Configure the filtering of [ direct | isis process-id | ospf redistributed routes Not configured by default. process-id | rip process-id | | You can configure a filtering policy static ] as needed.

  • Page 229: Limiting Prefixes Received From A Peer Or Peer Group

    in addition to the reachability check of the next hop, the BGP router must find an active IGP route with the same destination network segment before it can advertise the iBGP route (use the display ip routing-table protocol command to check the IGP route state). Follow these steps to enable BGP and IGP synchronization: To do…...

  • Page 230: Configuring A Shortcut Route

    To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Required dampening [ half-life-reachable Configure BGP route dampening half-life-unreachable reuse suppress ceiling | Not configured by route-policy route-policy-name ] * default. Configuring a shortcut route An eBGP route received has a priority of 255, which is lower than a local route.

  • Page 231: Configuring Preferences For Bgp Routes

    Configuring preferences for BGP routes A router can run multiple routing protocols with each having a preference. If they find the same route, the route found by the routing protocol with the highest preference is selected. This task allows you to configure preferences for external, internal, and local BGP routes, and reference a routing policy to set preferences for matching routes as needed.
  • Page 232 To do… Use the command… Remarks Optional Configure the default MED value default med med-value 0 by default Enable the comparison of MED of routes from different ASs Follow these steps to enable the comparison of MED of routes from different ASs: To do…...

  • Page 233: Configuring The Next Hop Attribute

    problem. The following output is the BGP routing table on Router D after the comparison of MED of routes from each AS is enabled. Network 10.0.0.0 learned from Router C is the optimal route. Network NextHop LocPrf PrefVal Path/Ogn *>i 10.0.0.0 3.3.3.3 200e...

  • Page 234: Configuring The As-Path Attribute

    Figure 87 Next hop attribute configuration 1 If a BGP router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an eBGP peer by default. As shown in Figure 88, Router A and Router B establish an eBGP neighbor relationship, and Router B and Router C establish an iBGP neighbor relationship.
  • Page 235 To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Optional Permit local AS number to appear in routes peer { group-name | ip-address } from a peer or peer group and specify the By default, the local AS allow-as-loop [ number ] appearance times...
  • Page 236 Figure 89 AS number substitution configuration AS 100 PE 1 PE 2 MPLS backbone EBGP_Update:10.1.1.1/32 EBGP_Update:10.1.1.1/32 VPNv4_Update:10.1.0.0/16 AS_PATH:100,100 AS_PATH:800 RD:10.1.1.1/32 AS_PATH:800 CE 1 CE 2 AS 800 AS 800 As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, and PE 2 receives a BGP update sent from CE 1, PE 2 replaces AS number 800 as its own AS number 100.

  • Page 237: Tuning And Optimizing Bgp Networks

    To do… Use the command… Remarks Required Configure BGP to ignore the first AS number By default, BGP checks the ignore-first-as of eBGP route updates first AS number of eBGP route updates. Tuning and optimizing BGP networks Configuration prerequisites BGP connections must be created. Configuring the BGP keepalive interval and holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection.

  • Page 238: Configuring The Interval For Sending The Same Update

    NOTE: The maximum keepalive interval must be one third of the holdtime and no less than one second. The • holdtime is no less than three seconds unless it is set to 0. The intervals set with the peer timer command are preferred to those set with the timer command. •...

  • Page 239: Enabling The Bgp Orf Capability

    To do… Use the command… Remarks peer { group-name | ip-address } Optional Enable BGP route refresh for a peer or peer capability-advertise group Enabled by default route-refresh Configure manual soft-reset If a BGP peer does not support route-refresh, you must save updates from the peer on the local router by using the peer keep-all-routes command, and use the refresh bgp command to refresh the BGP routing table.

  • Page 240: Enabling 4-Byte As Number Suppression

    To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Required Enable BGP route refresh for a peer { group-name | ip-address } peer or peer group capability-advertise route-refresh Enabled by default. Optional By default, standard BGP ORF Enable the non-standard ORF peer { group-name | ip-address }...

  • Page 241: Enabling Quick Ebgp Session Reestablishment

    NOTE: If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression function; otherwise, the BGP peer relationship cannot be established. Enabling quick eBGP session reestablishment If the router receives no keepalive messages from a BGP peer within the holdtime, it disconnects from the peer.

  • Page 242: Forbiding Session Establishment With A Peer Or Peer Group

    To do… Use the command… Remarks Optional Configure the maximum number of BGP balance number Load balancing is not routes for load balancing enabled by default. Forbiding session establishment with a peer or peer group Follow these steps to forbid session establishment with a peer or peer group: To do…...
  • Page 243 To do… Use the command… Remarks Enter BGP view bgp as-number — Create an iBGP peer group group group-name [ internal ] Required Add a peer into the iBGP peer peer ip-address group Required group group-name Configure an eBGP peer group If peers in an eBGP group belong to the same external AS, the eBGP peer group is a pure eBGP peer group;...

  • Page 244: Configuring Bgp Community

    To do… Use the command… Remarks Required The AS number can be either specified or not specified in the peer ip-address group command. If specified, the AS Add the peer into the group group-name [ as-number number must be the same as that as-number ] specified for the peer with the peer ip-address as-number as-number...

  • Page 245: Configuring A Bgp Route Reflector

    To do… Use the command… Remarks or peer group default. Advertise the extended peer { group-name | ip-address } community attribute to a advertise-ext-community peer or peer group Required Apply a routing policy to routes advertised to a peer { group-name | ip-address } Not configured by peer or peer group route-policy route-policy-name export...

  • Page 246: Configuring Bgp Gr

    Configure a BGP confederation After you split an AS into multiple sub ASs, you can configure a router in a sub AS as follows: Enable BGP and specify the AS number of the router. Specify the confederation ID. From an outsider’s perspective, the sub ASs of the confederation is a single AS, which is identified by the confederation ID.

  • Page 247: Enabling Trap

    To do… Use the command… Remarks Enable BGP and enter its view bgp as-number — Required Enable GR Capability for BGP graceful-restart Disabled by default Configure the maximum time allowed Optional graceful-restart timer restart for the peer to reestablish a BGP timer 150 seconds by default session...

  • Page 248: Configuring Bfd For Bgp

    Configuring BFD for BGP BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds. BGP defines that the holdtime interval must be at least three times the keepalive interval. This slows down link failure detection; once a failure occurs on a high-speed link, a large quantity of packets will be dropped.

  • Page 249: Resetting Bgp Connections

    To do… Use the command… Remarks display bgp routing-table as-path-acl Display routing information as-path-acl-number [ | { begin | exclude | include } matching the AS path ACL regular-expression ] Display BGP CIDR routing display bgp routing-table cidr [ | { begin | exclude | information include } regular-expression ] display bgp routing-table community...

  • Page 250: Clearing Bgp Information

    To do… Use the command… Remarks Reset the BGP connections to a peer group reset bgp group group-name Reset all iBGP connections reset bgp internal Reset all IPv4 unicast BGP connections reset bgp ipv4 all Clearing BGP information To do… Use the command…...
  • Page 251 <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 3.3.3.3 as-number 65009 [SwitchB-bgp] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp] quit [SwitchB] ospf 1 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.1 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC>...
  • Page 252 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 [SwitchB-bgp] quit # Display BGP peer information on Switch B. [SwitchB] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 2 Peers in established state : 2 Peer MsgRcvd...
  • Page 253 Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...

  • Page 254: Bgp And Igp Synchronization Configuration

    Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn i 2.2.2.2/32 2.2.2.2 *>i 3.1.1.0/24 2.2.2.2 *>i 8.1.1.0/24 3.1.1.2 65008i * i 9.1.1.0/24 2.2.2.2 The output shows that the route 8.1.1.0 becomes valid with the next hop as Switch A. Verification.
  • Page 255 <SwitchB> system-view [SwitchB] ospf 1 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf 1 [SwitchC-ospf-1] import-route direct [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit Configure the eBGP connection.
  • Page 256 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *>...

  • Page 257: Bgp Load Balancing Configuration

    --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms BGP load balancing configuration Network requirements As shown in Figure 92, all the switches run BGP. Switch A resides in AS 65008, Switch B and Switch C in AS 65009.
  • Page 258 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 3.1.1.1 as-number 65009 [SwitchA-bgp] peer 3.1.2.1 as-number 65009 [SwitchA-bgp] network 8.1.1.1 24 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 [SwitchB-bgp] peer 3.3.3.3 as-number 65009 [SwitchB-bgp] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp] network 9.1.1.0 255.255.255.0 [SwitchB-bgp] quit...

  • Page 259: Bgp Community Configuration

    Since Switch A has two routes to reach AS 65009, configuring load balancing over the two BGP routes on Switch A can improve link utilization. # Configure Switch A. [SwitchA] bgp 65008 [SwitchA-bgp] balance 2 [SwitchA-bgp] quit Verify the configuration. # Display the BGP routing table on Switch A.
  • Page 260 Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure eBGP. # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 10 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 200.1.2.2 as-number 20 [SwitchA-bgp] network 9.1.1.0 255.255.255.0 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10...

  • Page 261: Bgp Route Reflector Configuration

    BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
  • Page 262 Figure 94 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure BGP connections. # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B.

  • Page 263: Bgp Confederation Configuration

    # Configure Switch C. [SwitchC] bgp 200 [SwitchC-bgp] peer 193.1.1.2 reflect-client [SwitchC-bgp] peer 194.1.1.2 reflect-client [SwitchC-bgp] quit Verify the configuration. # Display the BGP routing table on Switch B. [SwitchB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.2 Status codes: * - valid, ^ - VPNv4 best, >...
  • Page 264 Figure 95 Network diagram Switch C Switch B Switch F Vlan-int600 Vlan-int300 Vlan-int200 AS 65002 AS 65003 Vlan-int100 Switch D AS 100 Vlan-int100 Vlan-int400 Vlan-int400 Switch A Vlan-int200 Vlan-int500 AS 65001 Vlan-int200 Vlan-int500 Switch E AS 200 Device Interface IP address Device Interface IP address...
  • Page 265 <SwitchC> system-view [SwitchC] bgp 65003 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] confederation id 200 [SwitchC-bgp] confederation peer-as 65001 65002 [SwitchC-bgp] peer 10.1.2.1 as-number 65001 [SwitchC-bgp] quit Configure iBGP connections in AS65001. # Configure Switch A. [SwitchA] bgp 65001 [SwitchA-bgp] peer 10.1.3.2 as-number 65001 [SwitchA-bgp] peer 10.1.3.2 next-hop-local [SwitchA-bgp] peer 10.1.4.2 as-number 65001 [SwitchA-bgp] peer 10.1.4.2 next-hop-local...
  • Page 266 Total Number of Routes: 1 BGP Local router ID is 2.2.2.2 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...

  • Page 267: Bgp Path Selection Configuration

    Origin : igp Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, internal, best, Not advertised to any peers yet The output information shows the following: • Switch F can send route information to Switch B and Switch C through the confederation by establishing only an eBGP connection with Switch A.
  • Page 268 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ospf [SwitchD-ospf] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit...
  • Page 269 Method I: Configure a higher MED value for the route 1.0.0.0/8 advertised from Switch A to peer • 192.1.1.2. # Define an ACL numbered 2000 to permit route 1.0.0.0/8. [SwitchA] acl number 2000 [SwitchA-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [SwitchA-acl-basic-2000] quit # Define two routing policies, apply_med_50, which sets the MED for route 1.0.0.0/8 to 50, and apply_med_100, which sets the MED for route 1.0.0.0/8 to 100.

  • Page 270: Bgp Gr Configuration

    [SwitchC-route-policy] apply local-preference 200 [SwitchC-route-policy] quit # Apply routing policy localpref to routes from peer 193.1.1.1. [SwitchC] bgp 200 [SwitchC-bgp] peer 193.1.1.1 route-policy localpref import [SwitchC-bgp] quit # Display the routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, ^ - VPNv4 best, >...

  • Page 271: Configuring Bfd For Bgp

    # Inject network 8.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 8.0.0.0 # Enable GR capability for BGP. [SwitchA-bgp] graceful-restart Configure Switch B. # Configure IP addresses for interfaces. (Details not shown) # Configure the eBGP connection. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.1.2 as-number 65008 # Configure the iBGP connection.
  • Page 272 Figure 98 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 3.0.1.1/24 Switch C Vlan-int101 3.0.2.2/24 Vlan-int200 2.0.1.1/24 Vlan-int201 2.0.2.2/24 Switch B Vlan-int100 3.0.1.2/24 Switch D Vlan-int200 2.0.1.2/24 Vlan-int101 3.0.2.1/24 Vlan-int201 2.0.2.1/24 Configuration procedure Configure IP addresses for interfaces. (Details not shown) Configure OSPF to make sure that Switch A and Switch C are reachable to each other.
  • Page 273 [SwitchA-route-policy] quit [SwitchA] route-policy apply_med_100 permit node 10 [SwitchA-route-policy] if-match acl 2000 [SwitchA-route-policy] apply cost 100 [SwitchA-route-policy] quit Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing policy • apply_med_100 to routes outgoing to peer 2.0.2.2. [SwitchA] bgp 100 [SwitchA-bgp] peer 3.0.2.2 route-policy apply_med_50 export [SwitchA-bgp] peer 2.0.2.2 route-policy apply_med_100 export...
  • Page 274 The following operations are made on Switch C. Operations on Switch A are similar. (Details not shown) # Display detailed BFD session information. <SwitchC> display bfd session verbose Total Session Num: 1 Init Mode: Active IP Session Working Under Ctrl Mode: Local Discr: 17 Remote Discr: 13 Source IP: 3.0.2.2...
  • Page 275 Destination: 1.1.1.0/24 Protocol: BGP Process ID: 0 Preference: 0 Cost: 100 NextHop: 2.0.1.1 Interface: Vlan-interface201 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 2.0.2.1 Neighbor : 2.0.1.1 Tunnel ID: 0x0 Label: NULL State: Invalid Adv Age: 00h08m54s Tag: 0 The output shows that Switch C has two routes to reach network 1.1.1.0/24: Switch C<—>Switch B<—>Switch A, which is the active route;...

  • Page 276: Troubleshooting Bgp

    Troubleshooting BGP BGP peer relationship not established Symptom Display BGP peer information by using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers must establish a TCP session using port 179 and exchange Open messages successfully.

  • Page 277: Ipv6 Static Routing Configuration

    IPv6 static routing configuration NOTE: router The term in this document refers to both routers and Layer 3 switches. • The S5500-SI Switch Series does not support VPN-related parameters. • Introduction to IPv6 static routing Static routes are manually configured. They work well in simple networks. Proper configuration and use can improve network performance and ensure enough bandwidth for important applications.

  • Page 278: Displaying And Maintaining Ipv6 Static Routes

    To do… Use the commands… Remarks Enter system view system-view — ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name Required nexthop-address } [ preference preference-value ] Use either approach. Configure an IPv6 static route ipv6 route-static vpn-instance The default s-vpn-instance-name&<1-6>...
  • Page 279 Figure 99 Network diagram Configuration procedure Configure the IPv6 addresses for all VLAN interfaces. (Details not shown) Configure IPv6 static routes. # Configure a default IPv6 static route on Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on Switch B.
  • Page 280 Interface : InLoop0 Cost Destination : 1::/64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan-interface100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0...

  • Page 281: Ripng Configuration

    RIPng configuration NOTE: router The term in this document refers to both routers and Layer 3 switches. • The S5500-SI Switch Series does not support VPN-related parameters. • Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: •...

  • Page 282: Ripng Packet Format

    RIPng packet format Basic format A RIPng packet consists of a header and multiple route table entries (RTEs). The maximum number of RTEs in a packet depends on the IPv6 MTU of the sending interface. Figure 100 RIPng basic packet format Packet header description: Command: Type of message.

  • Page 283: Ripng Packet Processing Procedure

    RIPng packet processing procedure Request packet When a RIPng router first starts or needs to update entries in its routing table, usually a multicast request packet is sent to ask for needed routes from neighbors. The receiving RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages.

  • Page 284: Configuring Ripng Basic Functions

    Configuring RIPng basic functions This section presents the information to configure the basic RIPng features. You must enable RIPng first before configuring other tasks, but it is not necessary for RIPng-related interface configurations, such as assigning an IPv6 address. Configuration prerequisites Before configuring RIPng basic functions, complete the following tasks: •...

  • Page 285: Configuring An Additional Routing Metric

    Define an IPv6 address prefix list before using it for route filtering. See the chapter “Routing policy • configuration” for related information. Configuring an additional routing metric An additional routing metric can be added to the metric of an inbound or outbound RIP route. The outbound additional metric is added to the metric of a sent route.

  • Page 286: Configuring A Ripng Route Filtering Policy

    Configuring a RIPng route filtering policy Reference a configured IPv6 ACL or prefix list to filter received or advertised routing information. You can also filter outbound routes redistributed from a routing specific routing protocol. Follow these steps to configure a RIPng route filtering policy: To do…...

  • Page 287: Tuning And Optimizing The Ripng Network

    Tuning and optimizing the RIPng network This section describes how to tune and optimize the performance of the RIPng network, as well as applications under special network environments. Before tuning and optimizing the RIPng network, complete the following tasks: Configure a network layer address for each interface •...

  • Page 288: Configuring Zero Field Check On Ripng Packets

    NOTE: H3C recommends enabling split horizon to prevent routing loops. Configuring the poison reverse function The poison reverse function enables a route learned from an interface to be advertised through the interface. However, the metric of the route is set to 16 (unreachable).

  • Page 289: Applying Ipsec Policies For Ripng

    Applying IPsec policies for RIPng To protect routing information and defend attacks, RIPng supports using an IPsec policy to authenticate protocol packets. Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet;...

  • Page 290: Displaying And Maintaining Ripng

    Displaying and maintaining RIPng To do… Use the command… Remarks display ripng [ process-id | Display configuration information vpn-instance vpn-instance-name ] Available in any view of a RIPng process [ | { begin | exclude | include } regular-expression ] display ripng process-id database Display routes in the RIPng [ | { begin | exclude | include }...
  • Page 291 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 400 [SwitchA-Vlan-interface400] ripng 1 enable [SwitchA-Vlan-interface400] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ripng 1 [SwitchB-ripng-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ripng 1 enable [SwitchB-Vlan-interface200] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C.
  • Page 292 Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::200:2FF:FE64:8904 on Vlan-interface100 Dest 1::/64, via FE80::200:2FF:FE64:8904, cost 1, tag 0, A, 31 Sec Dest 4::/64, via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec Dest 5::/64, via FE80::200:2FF:FE64:8904, cost 2, tag 0, A, 31 Sec Dest 3::/64,...

  • Page 293: Configuring Ripng Route Redistribution

    Configuring RIPng route redistribution Network requirements Two RIPng processes are running on Switch B, which communicates with Switch A through RIPng 100 and with Switch C through RIPng 200. Configure route redistribution on Switch B, letting the two RIPng processes redistribute routes from each other.
  • Page 294 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ripng 200 enable [SwitchC-Vlan-interface400] quit # Display the routing table of Switch A. [SwitchA] display ipv6 routing-table Routing Table : Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0...

  • Page 295: Configuring Ripng Ipsec Policies

    NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : Direct NextHop : 1::1 Preference: 0 Interface : Vlan100 Cost Destination: 1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2::/64 Protocol : Direct NextHop : 2::1...
  • Page 296 [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ripng 1 [SwitchB-ripng-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ripng 1 enable [SwitchB-Vlan-interface200] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable...
  • Page 297 [SwitchB-ipsec-proposal-tran1] quit [SwitchB] ipsec policy policy001 10 manual [SwitchB-ipsec-policy-manual-policy001-10] proposal tran1 [SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] quit # On Switch C, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...

  • Page 298: Ospfv3 Configuration

    OSPFv3 configuration NOTE: router The term in this document refers to both routers and Layer 3 switches. • The S5500-SI Switch Series does not support OSPFv3. • Introduction to OSPFv3 OSPFv3 overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6). OSPFv3 and OSPFv2 have the following similarities: 32-bits router ID and area ID •...

  • Page 299: Ospfv3 Lsa Types

    Packet length—Packet length in bytes, including header. • • Instance ID—Instance ID for a link. 0—Reserved. It must be 0. • OSPFv3 LSA types OSPFv3 sends routing information in LSAs, which, as defined in RFC 2740, have the following types: Router-LSA—Originated by all routers.

  • Page 300: Ospfv3 Features Supported

    After sending an LSA to its adjacency, a router waits for an acknowledgment from the adjacency. If no response is received after the retransmission interval elapses, the router will send the LSA again. The retransmission interval must be longer than the round-trip time of the LSA. LSA delay time Each LSA has an age in the local LSDB (incremented by one per second), but an LSA does not age on transmission.

  • Page 301: Enabling Ospfv3

    Task Remarks Configuring an OSPFv3 cost for an interface Optional Configuring the maximum number of OSPFv3 Optional load-balanced routes Configuring a priority for OSPFv3 Optional Configuring OSPFv3 route redistribution Optional Configuring OSPFv3 timers Optional Configuring a DR priority for an interface Optional Tuning and optimizing OSPFv3 Ignoring MTU check for DD packets...

  • Page 302: Configuring Ospfv3 Area Parameters

    To do… Use the command… Remarks Specify a router ID router-id router-id Required interface interface-type Enter interface view — interface-number Required Enable an OSPFv3 process on the ospfv3 process-id area area-id interface [ instance instance-id ] Not enabled by default Configuring OSPFv3 area parameters The stub area and virtual link features of OSPFv3 are the same as OSPFv2.

  • Page 303: Configuring An Ospfv3 Virtual Link

    NOTE: You cannot remove an OSPFv3 area directly. The area can be removed only when you remove all • configurations in area view and all interfaces attached to the area become down. All the routers attached to a stub area must be configured with the stub command. The keyword •...

  • Page 304: Configuration Prerequisites

    Configuration prerequisites Before configuring OSPFv3 network types, complete the following tasks: Configure IPv6 functions • Configure OSPFv3 basic functions • Configuring the OSPFv3 network type for an interface Follow these steps to configure the OSPFv3 network type for an interface: To do…...

  • Page 305: Configuring Ospfv3 Route Summarization

    Configuring OSPFv3 route summarization If contiguous network segments exist in an area, use the abr-summary command to summarize them into one network segment on the ABR. The ABR will advertise only the summary route. Any LSA in the specified network segment will not be advertised, reducing the LSDB size in other areas. Follow these steps to configure route summarization: To do…...

  • Page 306: Configuring The Maximum Number Of Ospfv3 Load-Balanced Routes

    To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Optional The default cost depends on the interface type: Configure an OSPFv3 cost ospfv3 cost value [ instance 1 for a VLAN interface; 0 for a loopback for the interface instance-id ] interface;...

  • Page 307: Configuring Ospfv3 Route Redistribution

    Configuring OSPFv3 route redistribution Follow these steps to configure OSPFv3 route redistribution: To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Optional Specify a default cost for default cost value redistributed routes Defaults to 1 Required...

  • Page 308: Configuration Prerequisites

    Configuration prerequisites Before tuning and optimizing OSPFv3 networks, complete the following tasks: Enable IPv6 packet forwarding • Configure OSPFv3 basic functions • Configuring OSPFv3 timers Follow these steps to configure OSPFv3 timers: To do… Use the command… Remarks Enter system view system-view —...

  • Page 309: Configuring A Dr Priority For An Interface

    Configuring a DR priority for an interface Follow these steps to configure a DR priority for an interface: To do… Use the command… Remarks Enter system view system-view — Enter interface view interface interface-type interface-number — Optional Configure a DR priority ospfv3 dr-priority priority [ instance instance-id ] Defaults to 1 NOTE:...

  • Page 310: Enable The Logging Of Neighbor State Changes

    Enable the logging of neighbor state changes Follow these steps to enable the logging of neighbor state changes: To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Required Enable the logging of neighbor log-peer-change state changes Enabled by default...

  • Page 311: Configuring Gr Helper

    Configuring GR Helper You can configure the GR Helper capability on a GR Helper. Follow these steps to configure GR Helper To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Optional Enable the GR Helper graceful-restart helper enable...

  • Page 312: Applying Ipsec Policies For Ospfv3

    Applying IPsec policies for OSPFv3 To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using an IPsec policy. Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet;...

  • Page 313: Displaying And Maintaining Ospfv3

    To do… Use the command… Remarks Enter system view system-view — Enter OSPFv3 view ospfv3 [ process-id ] — Enter OSPF area view area area-id — vlink-peer router-id [ hello seconds | Required Apply an IPsec policy on a retransmit seconds | trans-delay seconds virtual link | dead seconds | instance instance-id | Not configured by default...

  • Page 314: Ospfv3 Configuration Examples

    To do… Use the command… Remarks display ospfv3 [ process-id ] request-list [ { external | inter-prefix | inter-router | intra-prefix | link | network Display OSPFv3 link state request | router | grace } [ link-state-id ] [ originate-router list information ip-address ] | statistics ] [ | { begin | exclude | include } regular-expression ]...
  • Page 315 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 300 [SwitchA-Vlan-interface300] ospfv3 1 area 1 [SwitchA-Vlan-interface300] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ospfv3 1 area 1 [SwitchA-Vlan-interface200] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] ospfv3 [SwitchB-ospf-1] router-id 2.2.2.2 [SwitchB-ospf-1] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ospfv3 1 area 0...
  • Page 316 3.3.3.3 Full/DR 00:00:39 Vlan100 OSPFv3 Area ID 0.0.0.1 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 1.1.1.1 Full/Backup 00:00:38 Vlan200 # Display OSPFv3 neighbor information on Switch C. [SwitchC] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State...
  • Page 317 [SwitchC-ospfv3-1] area 2 [SwitchC-ospfv3-1-area-0.0.0.2] stub [SwitchC-ospfv3-1-area-0.0.0.2] default-cost 10 # Display OSPFv3 routing table information on Switch D. A default route is added, and its cost is the cost of a direct route plus the configured cost. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route...

  • Page 318: Configuring Ospfv3 Dr Election

    NextHop : directly-connected Interface: Vlan400 Configuring OSPFv3 DR election Network requirements As shown in Figure 108: • The priority of Switch A is 100, the highest priority on the network, so it will be the DR. The priority of Switch C is 2, the second highest priority on the network, so it will be the BDR. •...
  • Page 319 # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 [SwitchC-ospfv3-1] router-id 3.3.3.3 [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ipv6 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit...

  • Page 320: Configuring Ospfv3 Route Redistribution

    [SwitchC-Vlan-interface100] ospfv3 dr-priority 2 [SwitchC-Vlan-interface100] quit # Display neighbor information on Switch A. DR priorities have been updated, but the DR and BDR are not changed. [SwitchA] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID...
  • Page 321 Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Switch B and set the default metric for redistributed routes to 3. Then, Switch C can learn the routes destined for 1::0/64 and 2::0/64, and Switch A cannot learn the routes destined for 3::0/64 or 4::0/64.
  • Page 322 <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 2 [SwitchC-ospfv3-2] router-id 4.4.4.4 [SwitchC-ospfv3-2] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] ospfv3 2 area 2 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ospfv3 2 area 2 [SwitchC-Vlan-interface400] quit # Display the routing table of Switch C. [SwitchC] display ipv6 routing-table Routing Table : Destinations : 6...

  • Page 323: Configuring Ospfv3

    # Display the routing table of Switch C. [SwitchC] display ipv6 routing-table Routing Table : Destinations : 8 Routes : 8 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150...
  • Page 324 Figure 110 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown) Configure OSPFv3 basic functions. # On Switch A, enable OSPFv3 process 1, enable GR, and set the router ID to 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] graceful-restart enable [SwitchA-ospfv3-1] quit...

  • Page 325: Configuring Bfd For Ospfv3

    After all switches function properly, perform a master/slave switchover on Switch A to trigger an OSPFv3 GR operation. Configuring BFD for OSPFv3 Network requirements Figure 1 1 1, configure OSPFv3 on Switch A, Switch B and Switch C and configure BFD over the link Switch A<—>L2 Switch<—>Switch B.
  • Page 326 [SwitchB] ospfv3 [SwitchB-ospf-1] router-id 2.2.2.2 [SwitchB-ospf-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ospfv3 1 area 0 [SwitchB-Vlan-interface10] quit [SwitchB] interface vlan-interface 13 [SwitchB-Vlan-interface13] ospfv3 1 area 0 [SwitchB-Vlan-interface13] quit # Configure Switch C. Enable OSPFv3 and configure the router ID as 3.3.3.3. <SwitchC>...
  • Page 327 Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of VLAN-interface 10 on Switch A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of VLAN-interface 10 on Switch B) Session State: Up Interface: Vlan10 Hold Time: # Display routes to 2001:4::0/64 on Switch A, and you can see that Switch A communicates with Switch B through the Layer 2 switch.

  • Page 328: Configuring Ospfv3 Ipsec Policies

    # Display the BFD information of Switch A. You can see that Switch A has removed its neighbor relationship with Switch B and therefore no information is output. <SwitchA> display bfd session # Display routes to 2001:4::0/64 on Switch A, and you can see that Switch A communicates with Switch B through Switch C.
  • Page 329 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ospfv3 1 area 1 [SwitchA-Vlan-interface200] quit # Configure Switch B: enable OSPFv3 and configure the router ID as 2.2.2.2. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] ospfv3 1 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ospfv3 1 area 0 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 200...
  • Page 330 tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg; create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...

  • Page 331: Troubleshooting Ospfv3 Configuration

    [SwitchC-ipsec-policy-manual-policy002-10] quit Apply the IPsec policies in areas. # Configure Switch A. [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] area 1 [SwitchA-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001 [SwitchA-ospfv3-1-area-0.0.0.1] quit [SwitchA-ospfv3-1] quit # Configure Switch B. [SwitchB] ospfv3 1 [SwitchB-ospfv3-1] area 0 [SwitchB-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002 [SwitchB-ospfv3-1-area-0.0.0.0] quit [SwitchB-ospfv3-1] area 1 [SwitchB-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001...

  • Page 332: Incorrect Routing Information

    Incorrect routing information Symptom OSPFv3 cannot find routes to other areas. Analysis The backbone area must maintain connectivity to all other areas. If a router connects to more than one area, at least one area must be connected to the backbone. The backbone cannot be configured as a stub area.

  • Page 333: Ipv6 Is-Is Configuration

    IPv6 IS-IS configuration NOTE: IPv6 IS-IS supports all IPv4 IS-IS features, but advertises IPv6 routing information. This document • describes only IPv6 IS-IS exclusive configuration tasks. For other configuration tasks, see the chapter “IS-IS configuration.” router The term in this document refers to both routers and Layer 3 switches. •...

  • Page 334: Configuring Ipv6 Is-Is Routing Information Control

    To do… Use command to… Remarks Enter system view system-view –– Required Enable an IS-IS process and enter isis [ process-id ] IS-IS view Not enabled by default Required Configure the network entity title network-entity net for the IS-IS process Not configured by default Required Enable IPv6 for the IS-IS process...

  • Page 335: Configuring Bfd For Ipv6 Is

    To do… Use command to… Remarks Optional Configure the maximum number of redistributed Level 1/Level 2 ipv6 import-route limit number The default varies with IPv6 routes devices. ipv6 filter-policy { acl6-number | ipv6-prefix Optional Configure the filtering of ipv6-prefix-name | route-policy Not configured by outgoing redistributed routes route-policy-name } export [ protocol...

  • Page 336: Displaying And Maintaining Ipv6 Is

    NOTE: High Availability Configuration Guide For more information about BFD, see Displaying and maintaining IPv6 IS-IS To do… Use the command… Remarks display isis brief [ | { begin | exclude | Display brief IPv6 IS-IS information Available in any view include } regular-expression ] display isis debug-switches { process-id | Display the status of the debug...

  • Page 337: Ipv6 Is-Is Configuration Examples

    IPv6 IS-IS configuration examples IPv6 IS-IS basic configuration example Network requirements As shown in Figure 1 13, Switch A, Switch B, Switch C, and Switch D reside in the same autonomous system, and all are enabled with IPv6. Switch A and Switch B are Level- 1 switches, Switch D is a Level-2 switch, and Switch C is a Level- 1 -2 switch. Switch A, Switch B, and Switch C are in area 10, and Switch D is in area 20.
  • Page 338 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis ipv6 enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] ipv6 enable [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis ipv6 enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1 [SwitchC-Vlan-interface200] quit...
  • Page 339 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan100 Destination: 2001:2:: PrefixLen: 64 Flag : R/-/- Cost : 20 Next Hop : FE80::200:FF:FE0F:4 Interface: Vlan100 Destination: 2001:3:: PrefixLen: 64 Flag : R/-/- Cost : 20 Next Hop : FE80::200:FF:FE0F:4 Interface: Vlan100 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set...
  • Page 340 Destination: 2001:2:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan200 Destination: 2001:3:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan300 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 2001:1::...

  • Page 341: Configuring Bfd For Ipv6 Is

    Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan300 Destination: 2001:4::1 PrefixLen: 128 Flag : D/L/- Cost Next Hop : Direct Interface: Loop1 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set Configuring BFD for IPv6 IS-IS Network requirements As shown in Figure 1...
  • Page 342 [SwitchA-Vlan-interface10] isis ipv6 enable 1 [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] isis ipv6 enable 1 [SwitchA-Vlan-interface11] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] isis 1 [SwitchB-isis-1] is-level level-1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] ipv6 enable [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] isis ipv6 enable 1 [SwitchB-Vlan-interface10] quit...
  • Page 343 [SwitchB-Vlan-interface10] bfd detect-multiplier 6 Verify configuration. The following operations are made on Switch A. Operations for Switch B are similar and are not shown here. # Display the BFD information of Switch A. <SwitchA> display bfd session Total Session Num: 1 Init Mode: Active IPv6 Session Working Under Ctrl Mode: Local Discr: 1441...
  • Page 344 # When the link between Switch B and the Layer-2 switch fails, BFD can quickly detect the failure. #Aug 8 14:54:05:362 2009 SwitchA IFNET/4/INTERFACE UPDOWN: Trap 1.3.6.1.6.3.1.1.5.3<linkDown>: Interface 983041 is Down, ifAdminStatus is 1, ifOperStatus is 2 #Aug 8 14:54:05:363 2009 SwitchA ISIS/4/ADJ_CHANGE:TrapID(1.3.6.1.2.1.138.0.17< isisAdjacencyChange>), ISIS Level-2 Adjencency IN Circuit-983041 State Change.

  • Page 345: Ipv6 Bgp Configuration

    IPv6 BGP configuration NOTE: router The term in this document refers to both routers and Layer 3 switches. • This chapter describes only configuration for IPv6 BGP. For BGP related information, see the chapter • “BGP configuration.” • The S5500-SI Switch Series does not support IPv6 BGP. IPv6 BGP overview BGP-4 was designed to carry only IPv4 routing information, so other network layer protocols such as IPv6 are not supported.

  • Page 346: Ipv6 Bgp Configuration Task List

    IPv6 BGP configuration task list Complete the following tasks to configure IPv6 BGP: Task Remarks Specifying an IPv6 BGP peer Required Injecting a local IPv6 route Optional Configuring a preferred value for routes from a Optional peer or peer group Specifying the source interface for establishing TCP Optional connections...

  • Page 347: Configuring Ipv6 Bgp Basic Functions

    Task Remarks Configuring an IPv6 BGP route reflector Optional Configuring BFD for IPv6 BGP Optional Configuring IPv6 BGP basic functions Configuration prerequisites Before configuring IPv6 BGP basic functions, complete the following tasks: Specify IP addresses for interfaces • Enable IPv6 •...

  • Page 348: Configuring A Preferred Value For Routes From A Peer Or Peer Group

    TCP connections, causing network oscillation. To enhance stability of IPv6 BGP connections, H3C recommends using a loopback interface as the source interface. Follow these steps to specify the source interface for establishing TCP connections to a BGP peer or peer group: To do…...

  • Page 349: Allowing The Establishment Of An Indirect Ebgp Connection

    NOTE: To establish a BGP connection, specify on the local router the source interface for establishing the TCP connection to the peer on the peering BGP router. Otherwise, the local BGP router may fail to establish TCP connection to the peer when using the outbound interface of the best route as the source interface. Allowing the establishment of an indirect eBGP connection Follow these steps to allow the establishment of eBGP connection to an indirectly connected peer or peer group:...

  • Page 350: Logging Ipv6 Peer Or Peer Group State Changes

    To do… Use the command… Remarks Enter IPv6 address family view ipv6-family — Optional Disable session establishment to an IPv6 peer { ipv6-group-name | peer or peer group ipv6-address } ignore Not disabled by default Logging IPv6 peer or peer group state changes Follow these steps to configure to log on the session and event information of an IPv6 peer or peer group: To do…...

  • Page 351: Configuring Ipv6 Bgp Route Summarization

    To do… Use the command… Remarks Required import-route protocol [ process-id [ med Enable route redistribution from another med-value | route-policy route-policy-name ] Not enabled by routing protocol default. NOTE: If the default-route imported command is not configured, using the import-route command cannot redistribute any IGP default route.

  • Page 352: Configuring Inbound Route Filtering

    To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family view ipv6-family — filter-policy { acl6-number | ipv6-prefix Required Configure the filtering of outgoing ipv6-prefix-name } export [ protocol routes Not configured by default.

  • Page 353: Configuring Ipv6 Bgp And Igp Route Synchronization

    To do… Use the command… Remarks Specify an AS path ACL to filter peer { ipv6-group-name | Required routing information imported from ipv6-address } as-path-acl Not specified by default. an IPv6 peer or peer group as-path-acl-number import Specify an IPv6 prefix list to filter peer { ipv6-group-name | Required routing information imported from...

  • Page 354: Configuring Ipv6 Bgp Route Attributes

    Configuring IPv6 BGP route attributes Use the following IPv6 BGP route attributes to modify BGP routing policy: IPv6 BGP protocol preference • • Default LOCAL_PREF attribute MED attribute • NEXT_HOP attribute • • AS_PATH attribute Configuration prerequisites Before configuring IPv6 BGP route attributes, complete the following tasks: Enabled IPv6 function •...

  • Page 355: Configuring The Med Attribute

    NOTE: To ensure an iBGP peer can find the correct next hop, configure routes advertised to the IPv6 iBGP peer • or peer group to use the local router as the next hop. If BGP load balancing is configured, the local router specifies itself as the next hop of routes sent to an IPv6 iBGP peer or peer group regardless of whether the peer next-hop-local command is configured.

  • Page 356: Tuning And Optimizing Ipv6 Bgp Networks

    To do… Use the command… Remarks Optional Configure to carry only the public peer { ipv6-group-name | AS number in updates sent to a By default, IPv6 BGP updates carry ipv6-address } public-as-only peer or peer group a private AS number. Substitute the local AS number for Optional the AS number of an IPv6 peer or...

  • Page 357: Configuring Ipv6 Bgp Soft Reset

    To do… Use the command… Remarks Enter IPv6 address family view ipv6-family — Specify keepalive timer keepalive keepalive hold interval and holdtime holdtime Optional Configure The keepalive interval defaults to Configure keepalive IPv6 BGP peer { ipv6-group-name | 60 seconds, holdtime defaults to interval and holdtime for timers ipv6-address } timer keepalive...

  • Page 358: Enabling The Ipv6 Bgp Orf Capability

    To do… Use the command… Remarks Return to user view return refresh bgp ipv6 { all | ipv6-address | group Required Soft-reset BGP connections ipv6-group-name | external | internal } { export manually | import } NOTE: If the peer keep-all-routes command is used, all routes from the peer or peer group are saved regardless of whether the filtering policy is available.

  • Page 359: Enabling 4-Byte As Number Suppression

    Table 6 Description of the both, send, and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result receive The ORF sending capability is enabled locally and send the ORF receiving capability is enabled on the both peer. send The ORF receiving capability is enabled locally and receive...

  • Page 360: Enabling Md5 Authentication For Tcp Connections

    To do… Use the command… Remarks Required Configure the maximum number of balance number By default, no load balancing is load balanced routes enabled. Enabling MD5 authentication for TCP connections IPv6 BGP employs TCP as the transport protocol. To enhance security, configure IPv6 BGP to perform MD5 authentication when establishing a TCP connection.

  • Page 361: Configuring A Large-Scale Ipv6 Bgp Network

    To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter IPv6 address family ipv6-family — view Required Apply an IPsec policy to a peer { group-name | ip-address } ipsec-policy peer or peer group policy-name Not configured by default NOTE:...
  • Page 362 To do… Use the command… Remarks peer ipv6-address group Required Add a peer into the group ipv6-group-name [ as-number Not added by default as-number ] Creating a pure eBGP peer group Follow these steps to configure a pure eBGP group: To do…...

  • Page 363: Configuring Ipv6 Bgp Community

    Configuring IPv6 BGP community Advertise community attribute to an IPv6 peer or peer group Follow these steps to advertise community attribute to an IPv6 peer or peer group: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number —...

  • Page 364: Configuring Bfd For Ipv6 Bgp

    • Because the route reflector forwards routing information between clients, you must make clients of a route reflector fully meshed. If clients are fully meshed, H3C recommends disabling route reflection between clients to reduce routing costs. If a cluster has multiple route reflectors, you must specify the same cluster ID for these route reflectors to •...

  • Page 365: Displaying And Maintaining Ipv6 Bgp

    Displaying and maintaining IPv6 BGP Displaying BGP To do… Use the command… Remarks Display IPv6 BGP peer group display bgp ipv6 group [ ipv6-group-name ] [ | { begin Available in information | exclude | include } regular-expression ] any view Display IPv6 BGP advertised display bgp ipv6 network [ | { begin | exclude | routing information...

  • Page 366: Resetting Ipv6 Bgp Connections

    To do… Use the command… Remarks display bgp ipv6 routing-table peer { ipv4-address | Display BGP routing information ipv6-address } { advertised-routes | received-routes } to or from an IPv4 or IPv6 peer [ network-address prefix-length | statistic ] [ | { begin | exclude | include } regular-expression ] Display IPv6 BGP routing display bgp ipv6 routing-table regular-expression...
  • Page 367 Figure 115 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown) Configure iBGP connections. # Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit # Configure Switch C.

  • Page 368: Ipv6 Bgp Route Reflector Configuration Example

    # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 10::1 as-number 65009 [SwitchA-bgp-af-ipv6] quit [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 10::2 as-number 65008 # Display IPv6 peer information on Switch B. [SwitchB] display bgp ipv6 peer BGP local router ID : 2.2.2.2 Local AS number : 65009...
  • Page 369 Figure 116 Network diagram Configuration procedure Configure IPv6 addresses for VLAN interfaces. (Details not shown) Configure IPv6 BGP basic functions. # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 100::2 as-number 200 [SwitchA-bgp-af-ipv6] network 1:: 64 #Configure Switch B.

  • Page 370: Ipv6 Bgp Ipsec Policy Configuration Example

    [SwitchD-bgp-af-ipv6] peer 102::1 as-number 200 Configure route reflector. # Configure Switch C as a route reflector, and configure Switch B and Switch D as its clients. [SwitchC-bgp-af-ipv6] peer 101::2 reflect-client [SwitchC-bgp-af-ipv6] peer 102::2 reflect-client Use the display bgp ipv6 routing-table command on Switch B and Switch D; both of them learned the network 1::/64.
  • Page 371 [SwitchB-bgp] quit Configure the eBGP connection. # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] group ebgp external [SwitchC-bgp-af-ipv6] peer 3::1 as-number 65008 [SwitchC-bgp-af-ipv6] peer 3::1 group ebgp [SwitchC-bgp-af-ipv6] quit [SwitchC-bgp] quit # Configure Switch B.
  • Page 372 IPsec proposal tran2, set the SPIs of the inbound and outbound SAs to 54321, and the keys for the inbound and outbound SAs using ESP to gfedcba. [SwitchB] ipsec proposal tran1 [SwitchB-ipsec-proposal-tran1] encapsulation-mode transport [SwitchB-ipsec-proposal-tran1] transform esp [SwitchB-ipsec-proposal-tran1] esp encryption-algorithm des [SwitchB-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchB-ipsec-proposal-tran1] quit [SwitchB] ipsec policy policy001 10 manual...
  • Page 373 [SwitchA] bgp 65008 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001 [SwitchA-bgp-af-ipv6] quit [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65008 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit Apply IPsec policies to eBGP peers. # Configure Switch C. [SwitchC] bgp 65009 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] peer ebgp ipsec-policy policy002...

  • Page 374: Configuring Bfd For Ipv6 Bgp

    Route refresh capability has been enabled ORF advertise capability based on prefix (type 64): Local: both Negotiated: send Peer Preferred Value: 0 IPsec policy name: policy001, SPI :12345 Routing policy configured: No routing policy is configured BGP Peer is 3::2, remote AS 65009, Type: EBGP link BGP version 4, remote router ID 3.3.3.3...
  • Page 375 and notify it to IPv6 BGP. Then the link Switch A<—>Switch D<—>Switch C takes effect immediately. Figure 118 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 3000::1/64 Switch C Vlan-int101 3001::3/64 Vlan-int200 2000::1/64 Vlan-int201 2001::3/64 Switch B Vlan-int100 3000::2/64...
  • Page 376 [SwitchA] route-policy apply_med_50 permit node 10 [SwitchA-route-policy] if-match ipv6 address acl 2000 [SwitchA-route-policy] apply cost 50 [SwitchA-route-policy] quit [SwitchA] route-policy apply_med_100 permit node 10 [SwitchA-route-policy] if-match ipv6 address acl 2000 [SwitchA-route-policy] apply cost 100 [SwitchA-route-policy] quit Apply routing policy apply_med_50 to routes outgoing to peer 3001::3, and apply routing policy •...
  • Page 377 Configure the minimum interval for receiving BFD control packets as 500 milliseconds. • [SwitchC-Vlan-interface101] bfd min-receive-interval 500 Configure the detect multiplier as 7. • [SwitchC-Vlan-interface101] bfd detect-multiplier 7 [SwitchC-Vlan-interface101] return Verify the configuration. The following operations are made on Switch C. Operations on Switch A and Switch B are similar and are not shown.
  • Page 378 Neighbor : 3000::1 ProcessID Interface : Vlan-interface101 Protocol : BGP4+ State : Active Adv Cost : 50 Tunnel ID : 0x0 Label : NULL : 4538sec Destination : 1200:: PrefixLength : 64 NextHop : 2000::1 Preference : 255 RelayNextHop : 2001::2 : 0H Neighbor : 2000::1...

  • Page 379: Troubleshooting Ipv6 Bgp Configuration

    The output shows that Switch C has one route to reach network 1200::0/64, that is, Switch C<—>Switch D<—>Switch A. Troubleshooting IPv6 BGP configuration IPv6 BGP peer relationship not established Symptom Display BGP peer information by using the display bgp ipv6 peer command. The state of the connection to the peer cannot become established.

  • Page 380: Routing Policy Configuration

    Routing policy configuration Routing policies are used to receive, advertise, and redistribute only specific routes and modify the attributes of some routes. NOTE: Routing policy in this chapter involves both IPv4 routing policy and IPv6 routing policy. • The S5500-SI Switch Series does not support OSPF, BGP, IS-IS, OSPFv3, IPv6 BGP, IPv6 IS-IS, or FRR. •...
  • Page 381 An IP prefix list is configured to match the destination address of routing information. You can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, see the chapters “RIP configuration” and “OSPF configuration.” An IP prefix list, identified by name, can comprise multiple items.

  • Page 382: Routing Policy Configuration Task List

    Routing policy configuration task list Complete the following tasks to configure a routing policy: Task Defining an IP-prefix list Defining an AS path list Defining filters Defining a community list Defining an extended community list Creating a routing policy Defining if-match clauses Configuring a routing policy Defining apply clauses Defining a continue clause...

  • Page 383: Defining An As Path List

    [Sysname] ip ip-prefix abc index 10 deny 10.1.0.0 16 [Sysname] ip ip-prefix abc index 20 deny 10.2.0.0 16 [Sysname] ip ip-prefix abc index 30 deny 10.3.0.0 16 [Sysname] ip ip-prefix abc index 40 permit 0.0.0.0 0 less-equal 32 Define an IPv6 prefix list Identified by name, each IPv6 prefix list can comprise multiple items.

  • Page 384: Defining An Extended Community List

    Follow these steps to define a community list: To do… Use the command… Remarks Enter system view system-view — ip community-list { basic-comm-list-num | basic Define a basic comm-list-name } { deny | permit } Required to define community list [ community-number-list ] [ internet | no-advertise either Define a...

  • Page 385: Defining If-Match Clauses

    To do… Use the command… Remarks Enter system view system-view — Create a routing policy, specify a route-policy route-policy-name { deny | permit } node for it, and enter routing policy Required node node-number view NOTE: If a routing policy node has the permit keyword specified, routing information matching all the if-match •...

  • Page 386: Defining Apply Clauses

    To do… Use the command… Remarks if-match community Optional Match BGP routing information whose { { basic-community-list-number | community attribute is specified in the Not configured by comm-list-name } [ whole-match ] | community lists default. adv-community-list-number }&<1-16> Optional Match routes having the specified cost if-match cost value Not configured by default.
  • Page 387 To do… Use the command… Remarks Required route-policy route-policy-name Enter routing policy view { deny | permit } node node-number Not created by default. Optional Set the AS-PATH attribute for BGP apply as-path as-number&<1-10> routing information [ replace ] Not set by default. Delete the community attribute of Optional apply comm-list { comm-list-number...

  • Page 388: Defining A Continue Clause

    To do… Use the command… Remarks apply fast-reroute Optional { backup-interface interface-type Configure FRR interface-number [ backup-nexthop Not configured by default. ip-address ] } NOTE: • The difference between IPv4 and IPv6 apply clauses is the command for setting the next hop for routing information.

  • Page 389: Routing Policy Configuration Examples

    To do… Use the command… Remarks display ip ip-prefix [ ip-prefix-name ] [ | { begin | Display IPv4 prefix list statistics exclude | include } regular-expression ] display ip ipv6-prefix [ ipv6-prefix-name ] [ | Display IPv6 prefix list statistics { begin | exclude | include } regular-expression ] display route-policy [ route-policy-name ] [ | { begin Display routing policy information...
  • Page 390 [SwitchC-Vlan-interface200] isis enable [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 201 [SwitchC-Vlan-interface201] isis enable [SwitchC-Vlan-interface201] quit [SwitchC] interface vlan-interface 202 [SwitchC-Vlan-interface202] isis enable [SwitchC-Vlan-interface202] quit [SwitchC] interface vlan-interface 203 [SwitchC-Vlan-interface203] isis enable [SwitchC-Vlan-interface203] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis [SwitchB-isis-1] is-level level-2 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit...
  • Page 391 172.17.1.0/24 Type2 192.168.1.2 192.168.2.2 172.17.2.0/24 Type2 192.168.1.2 192.168.2.2 172.17.3.0/24 Type2 192.168.1.2 192.168.2.2 192.168.2.0/24 Type2 192.168.1.2 192.168.2.2 Total Nets: 5 Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0 Configure filtering lists. # Configure ACL 2002 to permit route 172.17.2.0/24. [SwitchB] acl number 2002 [SwitchB-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255 [SwitchB-acl-basic-2002] quit...

  • Page 392: Applying A Routing Policy To Ipv6 Route Redistribution

    192.168.2.0/24 Type2 192.168.1.2 192.168.2.2 Total Nets: 5 Intra Area: 1 Inter Area: 0 ASE: 4 NSSA: 0 Applying a routing policy to IPv6 route redistribution Network requirements As shown in Figure 120: Enable RIPng on Switch A and Switch B. •...

  • Page 393: Applying A Routing Policy To Filter Received Bgp Routes

    [SwitchA-route-policy] quit [SwitchA] route-policy static2ripng permit node 10 [SwitchA-route-policy] quit # Enable RIPng and apply the routing policy to static route redistribution. [SwitchA] ripng [SwitchA-ripng-1] import-route static route-policy static2ripng Configure Switch B. # Configure the IPv6 address for VLAN-interface 100. [SwitchB] ipv6 [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ipv6 address 10::2 32...
  • Page 394 Figure 121 Network diagram Configuration procedure Configure IP addresses for the interfaces. (Details not shown) Configure BGP. # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 1.1.1.2 as-number 300 # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 1.1.2.2 as-number 300...
  • Page 395 [SwitchA-bgp] network 6.6.6.6 24 # On Switch B, inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 to BGP. [SwitchB-bgp] network 7.7.7.7 24 [SwitchB-bgp] network 8.8.8.8 24 [SwitchB-bgp] network 9.9.9.9 24 # Display the BGP routing table information of Switch D. [SwitchD-bgp] display bgp routing-table Total Number of Routes: 6 BGP Local router ID is 4.4.4.4 Status codes: * - valid, >...

  • Page 396: Troubleshooting Routing Policy Configuration

    Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 4.4.4.0/24 1.1.3.1 300 100i...

  • Page 397: Policy-Based Routing Configuration

    Policy-based routing configuration NOTE: The S5500-SI Switch Series does not support PBR. Introduction to PBR Policy-based routing (PBR) is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use a policy (based on the source address or other criteria) to route packets.

  • Page 398: Concepts

    Concepts Policy A policy is used to route IP packets. A policy can consist of one or multiple nodes. Node A node is identified by a node number. The node with the smallest node number has the highest priority. A policy node consists of if-match and apply clauses. An if-match clause specifies a match criterion on a node, and an apply clause specifies an action to be taken on packets.

  • Page 399: Configuring Pbr (Using A Pbr Policy)

    NOTE: ACL and QoS Configuration Guide For more information about QoS policies, see Configuring PBR (using a PBR policy) Defining a policy Follow these steps to define a policy: To do… Use the command… Remarks Enter system view system-view –– policy-based-route policy-name Create a policy or policy node and [ deny | permit ] node...

  • Page 400: Configuring Local Pbr

    NOTE: If a policy has a node with no if-match clause configured, all packets can pass the policy node. • However, an action is taken according to the match mode, and the packets will not go to the next policy node for a match.

  • Page 401: Pbr And Track

    PBR and track Associated with a Track object, PBR can sense topology changes faster. You can associate PBR with a track entry when configuring the outgoing interface, default outgoing interface, next hop, and default next hop to dynamically determine link reachability. The PBR configuration takes effect when the status of the associated Track object is Positive or Invalid.

  • Page 402: Displaying And Maintaining Pbr Configuration

    Applied globally—affects the traffic sent or received on all ports • • Applied to an interface—affects the traffic sent or received on the interface Applied to a VLAN—affects the traffic sent or received on all ports in the VLAN • NOTE: A QoS policy used for PBR applies only to traffic received on all ports, on an interface, or on all ports in a VLAN.

  • Page 403: Pbr Configuration (Using A Qos Policy)

    To do… Use the command… Remarks display ip policy-based-route setup Display the specified PBR routing { interface interface-type interface-number | Available in any view information local | policy-name } [ | { begin | exclude | include } regular-expression ] display ip policy-based-route statistics { interface interface-type interface-number | Display PBR statistics...

  • Page 404: Pbr Configuration Examples

    PBR configuration examples Configuring local PBR based on packet type Network requirements As shown in Figure 122, configure PBR on Switch A, so that all TCP packets are forwarded to next hop 1.1.2.2 and other packets are forwarded according to the routing table. Switch A is directly connected to Switch B and Switch C.

  • Page 405: Configuring Interface Pbr Based On Packet Type

    Configure Switch C. # Configure the IP address of VLAN-interface 20. <SwitchC> system-view [SwitchC] interface vlan-interface 20 [SwitchC-Vlan-interface20] ip address 1.1.3.2 255.255.255.0 [SwitchC-Vlan-interface20] quit Verify the configuration. # Telnet to Switch B (1.1.2.2/24) from Switch A. The operation succeeds. # Telnet to Switch C (1.1.3.2/24) from Switch A. The operation fails. <SwitchA>...
  • Page 406 Figure 123 Network diagram Configuration procedure NOTE: In this example, static routes are configured to ensure the reachability among devices. Configure Switch A. # Define ACL 3101 to match TCP packets. <SwitchA> system-view [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule permit tcp [SwitchA-acl-adv-3101] quit # Configure Node 5 of policy aaa to forward TCP packets to next hop 1.1.2.2.

  • Page 407: Ipv4 Pbr Configuration Example (Using A Qos Policy)

    [SwitchA-Vlan-interface20] ip address 1.1.3.1 255.255.255.0 Configure Switch B. # Configure a static route to subnet 10.1 10.0.0/24. <SwitchB> system-view [SwitchB] ip route-static 10.110.0.0 24 1.1.2.1 # Configure the IP address of VLAN-interface 10. [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 [SwitchB-Vlan-interface10] quit Configure Switch C.

  • Page 408: Ipv6 Pbr Configuration Example (Using A Qos Policy)

    Configuration procedure # Configure ACL 2000. <SwitchA> system-view [SwitchA] acl number 2000 [SwitchA-acl-basic-2000] rule 0 permit source any [SwitchA-acl-basic-2000] quit # Define a match criterion for class a to match ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202.1.1.2 for behavior a.
  • Page 409 <SwitchA> system-view [SwitchA] acl ipv6 number 2000 [SwitchA-acl6-basic-2000] rule 0 permit source any [SwitchA-acl6-basic-2000] quit # Define a match criterion for class a to match IPv6 ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl ipv6 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202::2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202::2 [SwitchA-behavior-a] quit...

  • Page 410: Mce Configuration

    The term Layer 3 interface in this chapter refers to route-mode (or Layer 3) Ethernet ports. You can set an Ethernet port to operate in route mode by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). The MCE function is only available on the S5500-EI switch series. • MCE overview MPLS L3VPN overview MPLS L3VPN is a type of PE-based L3VPN technology for service provider VPN solutions.

  • Page 411: Mpls L3Vpn Concepts

    Figure 126 Network diagram for MPLS L3VPN model VPN 1 VPN 2 Site 1 Site 3 Site 2 VPN 2 Site 4 VPN 1 CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE.
  • Page 412 Address space overlapping Each VPN independently manages the addresses it uses. The assembly of such addresses for a VPN is called an address space. The address spaces of VPNs may overlap. For example, if both VPN 1 and VPN 2 use the addresses on network segment 10.1 10.10.0/24, address space overlapping occurs.

  • Page 413: Multi-Vpn-Instance

    An RD can be in one of the following formats distinguished by the Type field: • When the value of the Type field is 0, the Administrator subfield occupies two bytes, the Assigned number subfield occupies four bytes, and the RD format is 16-bit AS number:32-bit user-defined number.

  • Page 414: How Mce Works

    How MCE works Figure 128 shows how an MCE maintains the routing entries of multiple VPNs and how an MCE exchanges VPN routes with PEs. Figure 128 Network diagram for the MCE function VPN 1 VPN 2 Site 1 Site 1 VLAN-int2 VLAN-int7 VLAN-int8...
  • Page 415 BGP within the VPN, the routes may be learned by other MCE devices, generating route loops. To prevent route loops, configure route tags for different VPN instances on each MCE. H3C recommends that you assign the same route tag to the same VPN on all MCEs.

  • Page 416: Route Exchange Between An Mce And A

    connected with multiple sites in the same VPN, you can configure the MCE as a route reflector (RR) and configure the egress routers of the sites as clients, making the MCE reflect routing information between the sites. This eliminates the necessity for BGP connections between sites, reducing the number of BGP connections and simplifying network configuration.
  • Page 417 Follow these steps to create and configure a VPN instance: To do… Use the command… Remarks Enter system view system-view — Create a VPN instance and enter ip vpn-instance vpn-instance-name Required VPN instance view Configure an RD for the VPN route-distinguisher Required instance...

  • Page 418: Configuring Routing On An Mce

    The VPN instance determines which routes it can accept and redistribute according to the • import-extcommunity in the VPN target. • The VPN instance determines how to change the VPN targets attributes for routes to be advertised according to the export-extcommunity in the VPN target. Follow these steps to configure route related attributes of a VPN instance: To do…...

  • Page 419: Configuration Prerequisites

    Configuration prerequisites Before you configure routing on an MCE, complete the following tasks: On the MCE, configure VPN instances, and bind the VPN instances with the interfaces connected • to the VPN sites and those connected to the PE. • Configure the link layer and network layer protocols on related interfaces to ensure IP connectivity.
  • Page 420 To do… Use the command… Remarks Required Enable RIP on the interface network network-address By default, RIP is disabled on an attached to the specified network interface. import-route protocol [ process-id ] Required Redistribute remote site routes [ allow-ibgp ] [ cost cost | By default, no route is redistributed advertised by the PE route-policy route-policy-name |...
  • Page 421 NOTE: An OSPF process that is bound with a VPN instance does not use the public network router ID • configured in system view. Therefore, you must configure a router ID when starting the OSPF process. All OSPF processes for the same VPN must be configured with the same OSPF domain ID to ensure correct route advertisement.
  • Page 422 Configuring eBGP between MCE and VPN site To use eBGP for exchanging routing information between an MCE and VPN sites, you must configure a BGP peer for each VPN instance on the MCE, and redistribute the IGP routes of each VPN instance on the VPN sites.
  • Page 423 After you configure a BGP VPN instance, the BGP route exchange for the VPN instance is the same with the normal BGP VPN route exchange. For more information about BGP, see Layer 3—IP Routing Configuration Guide. Configure a VPN site Follow these steps to configure a VPN site: To do…...

  • Page 424: Configuring Routing Between Mce And

    NOTE: After you configure a VPN site as an iBGP peer of the MCE, the MCE does not advertise the BGP routes learned from the VPN site to other iBGP peers, including VPNv4 peers. Only when you configure the VPN site as a client of the RR (the MCE), does the MCE advertise routes learned from it to other iBGP peers.
  • Page 425 To do… Use the command… Remarks Enter system view system-view — Create a RIP process for a rip [ process-id ] vpn-instance VPN instance and enter RIP Required vpn-instance-name view Required Enable RIP on the interface attached to the specified network network-address By default, RIP is disabled on network...
  • Page 426 To do… Use the command… Remarks Optional Configure the default parameters for The default cost is 1, the default maximum default { cost cost | limit limit | tag tag | redistributed routes number of routes redistributed per time is type type } * (cost, route number, 1000, the default tag is 1, and default...
  • Page 427 Configuring eBGP between MCE and PE Follow these steps to configure eBGP between MCE and PE: To do… Use the command… Remarks Enter system view system-view — Enter BGP view bgp as-number — Enter BGP-VPN instance view ipv4-family vpn-instance vpn-instance-name Required Configure the PE as the eBGP peer { group-name | ip-address }...

  • Page 428: Displaying And Maintaining Mce

    To do… Use the command… Remarks Optional By default, each RR in a cluster uses its own router ID as the cluster ID. Specify a cluster ID for the reflector cluster-id cluster-id If more than one RR exists in a route reflector cluster, use this command to configure the same cluster ID...
  • Page 429 To do… Use the command… Remarks display fib vpn-instance vpn-instance-name Display information about the FIB [ acl acl-number | ip-prefix ip-prefix-name ] Available in any view of a VPN instance [ | { begin | exclude | include } regular-expression ] display fib vpn-instance vpn-instance-name Display information about the FIB ip-address [ mask | mask-length ] [ |...

  • Page 430: Mce Configuration Examples

    To do… Use the command… Remarks reset bgp vpn-instance vpn-instance-name ip-address flap-info Clear route flap history information reset bgp vpn-instance vpn-instance-name about a BGP peer of a VPN Available in user view flap-info [ ip-address [ mask | instance mask-length ] | as-path-acl as-path-acl-number | regexp as-path-regexp ] NOTE:...
  • Page 431 Figure 129 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2 respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1.
  • Page 432 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20. [MCE-Vlan-interface10] quit [MCE] vlan 20 [MCE-vlan20] port gigabitethernet 1/0/2 [MCE-vlan20] quit [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2...
  • Page 433 # Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2. [MCE] rip 20 vpn-instance vpn2 # Advertise subnet 10.214.20.0.
  • Page 434 [MCE-Vlan-interface30] ip binding vpn-instance vpn1 [MCE-Vlan-interface30] ip address 30.1.1.1 24 [MCE-Vlan-interface30] quit # On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2...

  • Page 435: Using Bgp To Advertise Vpn Routes To The

    [PE1-ospf-10-area-0.0.0.0] quit [PE1-ospf-10] quit # On PE 1, display the routing table of VPN1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 30.1.1.0/24 Direct 0 30.1.1.2 Vlan30 30.1.1.2/32 Direct 0 127.0.0.1 InLoop0...
  • Page 436 Figure 130 Network diagram Configuration procedure Configure VPN instances. # Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces. For the configuration procedure, see “Using OSPF to advertise VPN routes to the PE.”...
  • Page 437 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10. # On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The configuration procedure is similar to that for OSPF process 10.
  • Page 438 192.168.0.0/24 30.1.1.1 Vlan30 # Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of VPN instance vpn2 into the eBGP routing table. (Details not shown) The following output shows that PE 1 has learned the private route of VPN 2 through BGP: [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5...

  • Page 439: Ipv6 Mce Configuration

    IPv6 MCE configuration NOTE: The IPv6 MCE function is available only on the S5500-EI switch series. Overview In an IPv6 MPLS L3 VPN, an IPv6 MCE advertises IPv6 routing information between the VPN and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE. For more information, see the chapter ”MCE configuration.”...
  • Page 440 Associating a VPN instance with an interface After creating and configuring a VPN instance, you need to associate the VPN instance with the interface for connecting the CE. Any LDP-capable interface can be associated with a VPN instance. For information about LDP-capable interfaces, see the chapter “MPLS basics configuration.” Follow these steps to associate a VPN instance with an interface: To do…...

  • Page 441: Configuring Routing On An Ipv6 Mce

    NOTE: Route related attributes configured in VPN instance view are applicable to both IPv4 VPNs and IPv6 • VPNs. You can configure route related attributes for IPv6 VPNs in both VPN instance view and IPv6 VPN view. • Those configured in IPv6 VPN view take precedence. •...
  • Page 442 To do… Use the command… Remarks Optional Configure the default precedence ipv6 route-static default-preference for IPv6 static routes default-preference-value 60 by default Configuring RIPng between IPv6 MCE and VPN site A RIPng process belongs to the public network or a single IPv6 VPN instance. If you create a RIPng process without binding it to an IPv6 VPN instance, the process belongs to the public network.
  • Page 443 To do… Use the command… Remarks Required Create an OSPFv3 process for a ospfv3 [ process-id ] vpn-instance Perform this configuration on the VPN instance and enter OSPFv3 vpn-instance-name IPv6 MCE. On a VPN site, view configure normal OSPFv3. Set the router ID router-id router-id Required Required...
  • Page 444 To do… Use the command… Remarks Optional By default, no routes from any ipv6 import-route protocol other routing protocol are [ process-id ] [ allow-ibgp ] [ cost Redistribute remote site routes redistributed to IPv6 IS-IS. cost | [ level-1 | level-1-2 | advertised by the PE If you do not specify the route level level-2 ] | route-policy...

  • Page 445: Configuring Routing Between Ipv6 Mce And

    NOTE: After you configure an IPv6 BGP VPN instance, the IPv6 BGP route exchange for the IPv6 VPN instance is Layer the same with the normal IPv6 BGP VPN route exchange. For more information about IPv6 BGP, see 3—IP Routing Configuration Guide Configure a VPN site.
  • Page 446 Configuring RIPng between IPv6 MCE and PE Follow these steps to configure RIPng between IPv6 MCE and PE: To do… Use the command… Remarks Enter system view system-view — Create a RIPng process for ripng [ process-id ] vpn-instance an IPv6 VPN instance and Required vpn-instance-name enter RIPng view...
  • Page 447 NOTE: Layer 3—IP Routing Configuration Guide For more information about OSPFv3, see Configuring IPv6 IS-IS between IPv6 MCE and PE Follow these steps to configure IPv6 IS-IS between IPv6 MCE and PE: To do… Use the command… Remarks Enter system view system-view —...

  • Page 448: Displaying And Maintaining Ipv6 Mce

    To do… Use the command… Remarks Required import-route protocol [ process-id [ med Redistribute the VPN routes med-value | route-policy By default, No route route-policy-name ] * ] redistribution is configured. Optional Configure a filtering policy to filter-policy { acl6-number | ipv6-prefix filter the routes to be ip-prefix-name } export [ direct | isisv6 By default, BGP does not filter...

  • Page 449: Ipv6 Mce Configuration Examples

    To do… Use the command… Remarks display ipv6 fib vpn-instance Display a VPN instance’s FIB vpn-instance-name ipv6-address entries that match the specified Available in any view [ prefix-length ] [ | { begin | exclude | destination IPv6 address include } regular-expression ] Display information about BGP display bgp vpnv6 all peer [ ipv4-address VPNv6 peers established between...
  • Page 450 Figure 131 Network diagram Configuration procedure Assume that the system name of the IPv6 MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2 respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1.
  • Page 451 # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 10 [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ipv6 address 2001:1::1 64 [MCE-Vlan-interface10] quit # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and assign an IPv6 address to VLAN-interface 20.
  • Page 452 # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE and 2012::2/64 to the interface connected to VPN 2. (Details not shown) # Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. <VR2> system-view [VR2] ripng 20 [VR2-ripng-20] quit [VR2] interface vlan-interface 20 [VR2-Vlan-interface20] ripng 20 enable...
  • Page 453 Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20F:E2FF:FE3E:9CA2 Preference: 100 Interface : Vlan20 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that the MCE has learned the private route of VPN 2.
  • Page 454 [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ipv6 address 30::2 64 [PE1-Vlan-interface30] quit # On PE 1, create VLAN 40 and VLAN-interface 40, bind VLAN-interface 40 with VPN instance vpn2 and configure an IPv6 address for the VLAN-interface 40. [PE1] vlan 40 [PE1-vlan40] quit [PE1] interface vlan-interface 40...
  • Page 455 Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2 Preference: 150 Interface : Vlan30 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost The output shows that PE 1 has learned the private route of VPN 1 through OSPFv3.

  • Page 456: Index

    Index A B C D E I M O P R S T Configuring OSPF FRR,94 Configuring OSPF Graceful Restart,96 Applying IPsec policies for OSPFv3,295 Configuring OSPF network types,78 Applying IPsec policies for RIPng,272 Configuring OSPF route control,81 Configuring OSPFv3 area parameters,285 Configuring OSPFv3 GR,293...
  • Page 457 Displaying and maintaining the routing policy,371 OSPF configuration examples,100 OSPF configuration task list,73 OSPFv3 configuration examples,297 Enabling IS-IS SNMP trap,163 OSPFv3 configuration task list,283 Enabling logging of peer state changes,230 Overview,422 Enabling OSPF,74 Enabling OSPFv3,284 Enabling trap,230 PBR configuration examples,387 Enhancing IS-IS network security,159 RIP configuration...

This manual is also suitable for:

S5500-si

Table of Contents