Page 1: Configuration Guide
HP 5500 EI & 5500 SI Switch Series Layer 3 - IP Routing Configuration Guide Part number: 5998-1718 Software version: Release 2220 Document version: 6W100-20130810...
Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 3: Table Of Contents
Contents IP routing basics ··························································································································································· 1 Hardware compatibility ···················································································································································· 1 Overview ············································································································································································ 1 Routing table ······································································································································································ 1 Dynamic routing protocols ··············································································································································· 2 Routing preference ···························································································································································· 3 Load sharing ······································································································································································ 3 Route backup ····································································································································································· 3 ...
Page 4 Setting the DSCP value for RIP packets ··············································································································· 26 Configuring RIP route control ········································································································································ 27 Configuring an additional routing metric ··········································································································· 27 Configuring RIPv2 route summarization·············································································································· 27 Disabling host route reception ····························································································································· 28 Advertising a default route ··································································································································· 29 ...
Page 5 Configuring a virtual link ······································································································································ 75 Configuring OSPF network types ································································································································· 76 Configuration prerequisites ·································································································································· 76 Configuring the broadcast network type for an interface ················································································· 76 Configuring the NBMA network type for an interface ······················································································ 77 ...
Page 6 Configuring OSPF DR election ··························································································································· 109 Configuring OSPF virtual links ··························································································································· 113 Configuring OSPF Graceful Restart ··················································································································· 115 Configuring route filtering ·································································································································· 118 Configuring OSPF FRR ········································································································································ 120 Configuring BFD for OSPF ································································································································· 122 Troubleshooting OSPF configuration ·························································································································...
Page 7 Configuring IS-IS FRR ··················································································································································· 157 Enabling IS-IS SNMP trap ··········································································································································· 159 Binding an IS-IS process with MIBs ···························································································································· 159 Configuring BFD for IS-IS············································································································································· 159 Displaying and maintaining IS-IS ······························································································································· 159 IS-IS configuration examples ······································································································································· 161 ...
Page 8 Configuration prerequisites ································································································································ 213 Configuring the BGP keepalive interval and holdtime ···················································································· 214 Configuring the interval for sending the same update ···················································································· 214 Configuring BGP soft-reset·································································································································· 215 Enabling the BGP ORF capability······················································································································ 216 Enabling 4-byte AS number suppression ·········································································································· 217 ...
Page 9 Protocols and standards ····································································································································· 260 RIPng configuration task list ········································································································································ 260 Configuring RIPng basic functions ······························································································································ 261 Configuring RIPng route control ································································································································· 261 Configuring an additional routing metric ········································································································· 261 Configuring RIPng route summarization ··········································································································· 262 ...
Page 10 Configuration prerequisites ································································································································ 284 Configuring OSPFv3 timers ································································································································ 284 Configuring a DR priority for an interface ········································································································ 285 Ignoring MTU check for DD packets ················································································································· 286 Disabling interfaces from receiving and sending OSPFv3 packets ······························································· 286 ...
Page 11 Configuration prerequisites ································································································································ 328 Configuring IPv6 BGP route redistribution ········································································································ 328 Configuring IPv6 BGP route summarization ····································································································· 329 Advertising a default route to an IPv6 peer or peer group ············································································· 329 Configuring outbound route filtering ················································································································· 330 ...
Page 12 Creating a routing policy ··································································································································· 363 Defining if-match clauses ···································································································································· 364 Defining apply clauses ········································································································································ 365 Defining a continue clause ································································································································· 366 Displaying and maintaining the routing policy ········································································································· 367 Routing policy configuration examples ······················································································································ 368 ...
Page 13 IPv6 MCE configuration examples ····························································································································· 428 Using IPv6 ISIS to advertise VPN routes to the PE ··························································································· 428 Support and other resources ·································································································································· 435 Contacting HP ······························································································································································ 435 Subscription service ············································································································································ 435 Related information ······················································································································································ 435 ...
Page 14: Ip Routing Basics
IP routing basics Hardware compatibility The A5500 SI Switch Series does not support configuring Layer 3 Ethernet interfaces. The A5500 SI Switch Series does not support VPN-related parameters. The A5500 SI Switch Series does not support OSPF, BGP, IS-IS, OSPFv3, IPv6 BGP, or IPv6 IS-IS. Overview IP routing directs the forwarding of IP packets on routers based on a routing table.
Page 15: Dynamic Routing Protocols
Static routes are easy to configure and require less system resources. They work well in small and stable networks. In networks where topology changes may occur frequently, using a dynamic routing protocol is better. To display brief information about a routing table, use the display ip routing-table command: <Sysname>...
Page 16: Routing Preference
NOTE: An AS refers to a group of routers sharing the same routing policy and working under the same administration. Routing preference Different routing protocols can find different routes to the same destination. However, not all of those routes are optimal. For route selection, routing protocols, direct routes, and static routes are assigned different preferences.
Page 17: Route Recursion
The router forwards matching packets through the main route. When the main route fails, the route with the highest preference among the backup routes is selected to forward packets. When the main route recovers, the router uses it to forward packets. Route recursion To use a BGP route, static route (that is configured with a next hop but with no output interface), or RIP route that has an indirectly-connected next hop, a router must perform route recursion to find the outgoing...
Page 18 Task Command Remarks display ip routing-table [ vpn-instance vpn-instance-name ] protocol protocol [ inactive | verbose ] [ | { begin | exclude Display routes of a routing | include } regular-expression ] [ | { begin Available in any view protocol.
Page 19: Configuring Static Routing
Configuring static routing Hardware compatibility The A5500 SI Switch Series does not support VPN and BFD related parameters or FRR. Introduction Static route Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly.
Page 20: Configuring A Static Route
Follow these guidelines when you specify the output interface: If the output interface is a Null 0 interface, no next hop address is required. If you specify a broadcast interface (such as an Ethernet interface or VLAN interface) as the output interface, you must specify the corresponding next hop for the output interface.
Page 21: Configuring Bfd For Static Routes
Step Command Remarks • Approach 1: ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number [ next-hop-address ] | Use either approach. vpn-instance d-vpn-instance-name By default, preference for next-hop-address [ track track-entry-number ] } static routes is 60, tag is 0, [ preference preference-value ] [ tag tag-value ] and no description...
Page 22: Bfd Echo Mode
Step Command Remarks • Approach 1: ip route-static dest-address { mask | mask-length } interface-type interface-number next-hop-address bfd control-packet [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure BFD Use either control mode for a • Approach 2: approach.
Page 23: Configuring Static Route Frr
Step Command Remarks Not configured by default. Configure the For more information about source address of bfd echo-source-ip ip-address this command, see High echo packets. Availability Command Reference. • Approach 1: ip route-static dest-address { mask | mask-length } interface-type interface-number next-hop-address bfd echo-packet [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
Page 24: Configuration Guidelines
Configuration guidelines FRR takes effect only for static routes that have both an output interface and next hop. • Do not use FRR and BFD at the same time. • Configuration procedure To configure static route FRR: Step Command Remarks Enter system view.
Page 25 Figure 2 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure static routes: # Configure a default route on Switch A. <SwitchA> system-view [SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2 # Configure two static routes on Switch B. <SwitchB>...
Page 26: Static Route Frr Configuration Example
[SwitchB] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 1.1.2.0/24 Static 60 1.1.4.1 Vlan500 1.1.3.0/24 Static 60 1.1.5.6 Vlan600 1.1.4.0/30 Direct 0 1.1.4.2 Vlan500 1.1.4.2/32 Direct 0 127.0.0.1 InLoop0 1.1.5.0/30 Direct 0 1.1.5.5 Vlan600 1.1.5.5/32...
Page 27 Figure 3 Network diagram Configuration procedure Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.) Configure static routes on Switch S, Switch A, and Switch D so that Switch S can reach Loopback 0 on Switch D and Switch D can reach Loopback 0 on Switch S: # Configure static routes on Switch S.
Page 28: Bfd For Static Routes Configuration Example (Direct Next Hop)
# Display route 4.4.4.4/32 on Switch S to view the backup next hop information. [SwitchS] display ip routing-table 4.4.4.4 verbose Routing Table : Public Summary Count : 1 Destination: 4.4.4.4/32 Protocol: Static Process ID: 0 Preference: 60 Cost: 0 IpPrecedence: QosLcId: NextHop: 13.13.13.2 Interface: vlan 200...
Page 29 Figure 4 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int10 12.1.1.1/24 Switch B Vlan-int10 12.1.1.2/24 Vlan-int11 10.1.1.102/24 Vlan-int13 13.1.1.1/24 Switch C Vlan-int11 10.1.1.100/24 Vlan-int13 13.1.1.2/24 Configuration procedure Configure IP addresses for the interfaces. (Details not shown.) Configure static routes and BFD: # Configure static routes on Switch A and enable BFD control mode for the static route that traverses the Layer 2 switch.
Page 30: Bfd For Static Routes Configuration Example (Indirect Next Hop)
# Display the BFD session information on Switch A. <SwitchA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr State Holdtime Interface 12.1.1.1 12.1.1.2 2000ms Vlan10 The output shows that the BFD session has been created. # Display static routes on Switch A.
Page 31 so that when the link between Switch A and Switch B through Switch D fails, BFD can detect the failure immediately and Switch A and Switch B can communicate through Switch C. Figure 5 Network diagram Loop1 Loop1 121.1.1.0/24 120.1.1.0/24 1.1.1.9/32 2.2.2.9/32 Switch D...
Page 32 <SwitchC> system-view [SwitchC] ip route-static 120.1.1.0 24 vlan-interface 13 13.1.1.1 [SwitchC] ip route-static 121.1.1.0 24 vlan-interface 11 10.1.1.102 # Configure static routes on Switch D. <SwitchD> system-view [SwitchD] ip route-static 120.1.1.0 24 vlan-interface 12 11.1.1.1 [SwitchD] ip route-static 121.1.1.0 24 vlan-interface 10 12.1.1.1 Verify the configuration: # Display the BFD session information on Switch A.
Page 33: Configuring Rip
Configuring RIP Hardware compatibility The A5500 SI Switch Series does not support VPN and BFD related parameters or FRR. Overview Routing Information Protocol (RIP) is a distance-vector interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. The term "router"...
Page 34: Routing Loop Prevention
Routing loop prevention RIP uses the following mechanisms to prevent routing loops: Counting to infinity—A destination with a metric value of 16 is considered unreachable. When a • routing loop occurs, the metric value of a route will increment to 16 to avoid endless loopings. •...
Page 35: Rip Message Format
RIP message format A RIP message consists of a header and up to 25 route entries. (A RIPv2 authentication message uses the first route entry as the authentication entry, leaving 24 available.) RIPv1 message format Figure 6 RIPv1 message format Command—Type of message.
Page 36: Supported Rip Features
Next hop—If set to 0.0.0.0, it indicates that the originator of the route is the best next hop. • Otherwise, it indicates a next hop better than the originator of the route. RIPv2 authentication message format RIPv2 sets the AFI field of the first route entry to 0xFFFF to identify authentication information. Figure 8 RIPv2 authentication message Command Version...
Page 37: Rip Configuration Task List
RFC 2453, RIP Version 2 • RIP configuration task list Task Remarks Configuring RIP basic functions Required Configuring an additional routing metric Optional Configuring RIPv2 route summarization Optional Disabling host route reception Optional Configuring RIP route Advertising a default route Optional control Configuring inbound or outbound route filtering...
Page 38: Configuring The Interface Behavior
RIP configurations made in interface view before enabling RIP take effect after RIP is enabled. • • RIP runs only on the interfaces residing on the specified networks. Specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
Page 39: Setting The Dscp Value For Rip Packets
With RIPv1 configured, an interface sends RIPv1 broadcasts, and can receive RIPv1 broadcasts • and RIPv1 unicasts. With RIPv2 configured, a multicast interface sends RIPv2 multicasts and can receive RIPv2 unicasts, • broadcasts, and multicasts. With RIPv2 configured, a broadcast interface sends RIPv2 broadcasts and can receive RIPv1 •...
Page 40: Configuring Rip Route Control
Step Command Remarks Create a RIP process and rip [ process-id ] [ vpn-instance By default, no RIP process is enter RIP view. vpn-instance-name ] created. Optional. Set the DSCP value for RIP dscp dscp-value By default, the DSCP value in RIP packets.
Page 41: Disabling Host Route Reception
Enabling RIPv2 route automatic summarization You can disable RIPv2 route automatic summarization if you want to advertise all subnet routes. To enable RIPv2 route automatic summarization: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Optional.
Page 42: Advertising A Default Route
Advertising a default route Under the following conditions, you can configure RIP to advertise a default route with a specified metric to RIP neighbors: In RIP view, you can configure all the interfaces of the RIP process to advertise a default route; in •...
Page 43: Configuring A Priority For Rip
Step Command Remarks Not configured by default. filter-policy { acl-number | The filter-policy import command gateway ip-prefix-name | ip-prefix Configure the filtering of filters incoming routes. Routes not ip-prefix-name [ gateway incoming routes. passing the filtering will be neither ip-prefix-name ] } import installed into the routing table nor [ interface-type interface-number ] advertised to neighbors.
Page 44: Tuning And Optimizing Rip Networks
Step Command Remarks import-route protocol [ process-id Redistribute routes from | all-processes | allow-ibgp ] [ cost By default, no redistribution is another protocol. cost | route-policy configured. route-policy-name | tag tag ] * Tuning and optimizing RIP networks Before you tune and optimize RIP networks, complete the following tasks: •...
Page 45: Configuring The Maximum Number Of Ecmp Routes
Step Command Remarks Optional. Enable split horizon. rip split-horizon Enabled by default. Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable. This can avoid routing loops between neighbors. To enable poison reverse: Step Command...
Page 46: Enabling Source Ip Address Check On Incoming Rip Updates
Enabling source IP address check on incoming RIP updates You can enable source IP address check on incoming RIP updates. For a message received on an Ethernet interface, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. IMPORTANT: Disable the source IP address check feature if the RIP neighbor is not directly connected.
Page 47: Configuring Rip-To-Mib Binding
Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Specify a RIP neighbor. peer ip-address Disable source address check undo validate-source-address Not disabled by default. on incoming RIP updates. Configuring RIP-to-MIB binding This task allows you to enable a specific RIP process to receive SNMP requests.
Page 48: Configuring Bfd For Rip
Figure 9 Network diagram for RIP FRR Figure 9, after you enable FRR on Router B, RIP designates a backup next hop using a routing policy when a network failure is detected. Packets are directed to the backup next hop to reduce traffic recovery time.
Page 49: Single-Hop Echo Detection Mode
Bidirectional detection in BFD control packet mode for an indirectly connected neighbor. In this • mode, a BFD session is established only when both ends have routes to send and BFD is enabled on the receiving interface. For more information about BFD, see High Availability Configuration Guide. Single-hop echo detection mode To configure BFD for RIP (single-hop echo detection mode): Step...
Page 50: Rip Configuration Examples
Task Command Remarks display rip [ process-id | Display RIP current status and vpn-instance vpn-instance-name ] Available in any view configuration information. [ | { begin | exclude | include } regular-expression ] display rip process-id database [ | Display all active routes in RIP { begin | exclude | include } Available in any view database.
Page 51: Configuring Rip Route Redistribution
[SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 [SwitchB-rip-1] quit # Display the RIP routing table on Switch A. [SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100...
Page 52 Configure a filtering policy on Switch B to filter out the route 10.2.1.1/24 from RIP 100, making the route not advertised to Switch C. Figure 11 Network diagram Configuration procedure Configure an IP address for each interface. (Details not shown.) Configure basic RIP functions: # Enable RIP 100 and specify RIP version 2 on Switch A.
Page 53 12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure route redistribution: # On Switch B, configure RIP 200 to redistribute direct routes and routes from RIP 100. [SwitchB] rip 200 [SwitchB-rip-200] import-route rip 100 [SwitchB-rip-200] import-route direct...
Page 54: Configuring An Additional Metric For A Rip Interface
Configuring an additional metric for a RIP interface Network requirements In the following figure, RIP is enabled on all the interfaces of Switch A, Switch B, Switch C, Switch D, and Switch E. The switches are interconnected through RIPv2. Switch A has two links to Switch D. The link from Switch B to Switch D is more stable than that from Switch C to Switch D.
Page 55: Configuring Rip To Advertise A Summary Route
[SwitchD-rip-1] undo summary # Configure Switch E. <SwitchE> system-view [SwitchE] rip 1 [SwitchE-rip-1] network 1.0.0.0 [SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Display the IP routing table of Switch A. [SwitchA] display rip 1 database 1.0.0.0/8, cost 0, ClassfulSumm 1.1.1.0/24, cost 0, nexthop 1.1.1.1, Rip-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 1, nexthop 1.1.2.2...
Page 56 Figure 13 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B. <SwitchB>...
Page 57 <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 11.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Switch C. [SwitchC-rip-1] import-route direct [SwitchC-rip-1] import-route ospf 1 [SwitchC-rip-1] quit # Display the IP routing table information of Switch D.
Page 58: Rip Frr Configuration Example
RIP FRR configuration example Network requirements As shown in Figure 14, Switch S, Switch A, and Switch D are interconnected through RIPv2. Configure RIP FRR so that when Link A becomes unidirectional, services can be switched to Link B immediately. Figure 14 Network diagram Switch A Link B...
Page 59: Configuring Bfd For Rip (Single-Hop Echo Detection Mode)
[SwitchS] display ip routing-table 4.4.4.4 verbose Routing Table : Public Summary Count : 1 Destination: 4.4.4.4/32 Protocol: RIP Process ID: 1 Preference: 100 Cost: 1 IpPrecedence: QosLcId: NextHop: 13.13.13.2 Interface: vlan200 BkNextHop: 12.12.12.2 BkInterface: vlan100 RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0...
Page 60 learns the static route sent by Switch C with the output interface being the interface connected to Switch Figure 15 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure RIP basic functions: # Configure Switch A. <SwitchA>...
Page 61 [SwitchC-rip-1] undo summary [SwitchC-rip-1] network 192.168.1.0 [SwitchC-rip-1] network 192.168.3.0 [SwitchC-rip-1] import-route static [SwitchC-rip-1] quit Configure BFD parameters on Switch A. [SwitchA] bfd session init-mode active [SwitchA] bfd echo-source-ip 11.11.11.11 [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] bfd min-transmit-interval 500 [SwitchA-Vlan-interface100] bfd min-receive-interval 500 [SwitchA-Vlan-interface100] bfd detect-multiplier 7 [SwitchA-Vlan-interface100] quit [SwitchA] quit...
Page 62: Configuring Bfd For Rip (Bidirectional Control Detection Mode)
State: Inactive Adv Age: 00h12m50s Tag: 0 When the link over VLAN-interface 100 fails, Switch A can quickly detect the change. # Display the BFD session information on Switch A. <SwitchA> display bfd session Switch A has deleted the BFD session on VLAN-interface 100 to Switch C and displays no output. # Display the RIP routes of RIP process 1 on Switch A.
Page 63 relationship with Switch C and the route information received from Switch C. Then, Switch A learns the static route sent by Switch C, the output interface of the route is the interface connected to Switch D. Figure 16 Network diagram Configuration procedure Configure IP addresses for interfaces.
Page 64: Configure Static Routes
[SwitchC-rip-1] peer 192.168.1.1 [SwitchC-rip-1] undo validate-source-address [SwitchC-rip-1] import-route static [SwitchC-rip-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] rip bfd enable [SwitchC-Vlan-interface200] quit # Configure Switch D. <SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] network 192.168.3.0 [SwitchD-rip-1] network 192.168.4.0 Configure BFD parameters: # Configure Switch A.
Page 65 LD/RD SourceAddr DestAddr State Holdtime Interface 192.168.1.1 192.168.2.2 1700ms vlan100 # Display routes destined for 100.1.1.0/24 on Switch A. <SwitchA> display ip routing-table 100.1.1.0 24 verbose Routing Table : Public Summary Count : 2 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1 Preference: 100 Cost: 1 IpPrecedence:...
Page 66: Troubleshooting Rip
NextHop: 192.168.3.2 Interface: vlan-interface 300 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h18m40s Tag: 0 Troubleshooting RIP No RIP updates received Symptom No RIP updates are received when the links function. Analysis After enabling RIP, you must use the network command to enable corresponding interfaces.
Page 67: Configuring Ospf
Configuring OSPF Hardware compatibility The A5500 SI Switch Series does not support OSPF. Overview Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the IETF. Now, OSPF version 2 (RFC 2328) is used. Unless otherwise noted, OSPF refers to OSPFv2 throughout this chapter.
Page 68 Each router uses the SPF algorithm to compute a shortest path tree showing the routes to the nodes • in the AS. The router itself is the root of the tree. Router ID An OSPF process running on a router must have its own router ID. This ID is a 32-bit unsigned integer that uniquely identifies the router in the AS.
Page 69: Area Based Ospf Network Partition
Neighbor—After startup, OSPF sends a hello packet on each OSPF interface. A router that receives • the hello packet checks parameters in the packet. If the parameters match its own, the router considers the sending router an OSPF neighbor. • Adjacency—Two OSPF neighbors establish an adjacency relationship to synchronize their LSDBs.
Page 70 In practice, the requirements may not be satisfied due to lack of physical links. OSPF virtual links can solve this problem. A virtual link is established between two ABRs through a non-backbone area and is configured on both ABRs to take effect. The non-backbone area is called a transit area. In the following figure, Area 2 has no direct physical link to the backbone area 0.
Page 71 To configure an area as a totally stub area, the stub command must be configured on routers in the • area, and the ABR of the area must be configured with the stub [ no-summary ] command. A totally stub area cannot have an ASBR because AS external routes cannot be distributed into the •...
Page 72: Router Types
An NSSA area can import external routes in Type 7 LSAs through the ASBR, but a stub area cannot. • • A totally NSSA area cannot import inter-area routes but an NSSA area can. Router types Router classification The following are OSPF router types and their positions in the AS: Internal router—All interfaces on an internal router belong to one OSPF area.
Page 73: Ospf Network Classification
The intra-area and inter-area routes describe the network topology of the AS. The external routes describe routes to external ASs. OSPF classifies external routes as Type- 1 or Type-2. A Type- 1 external route has high credibility. The cost from a router to the destination of the Type- 1 external route = the cost from the router to the corresponding ASBR + the cost from the ASBR to the destination of the external route.
Page 74: Dr And Bdr
DR and BDR Introduction On a broadcast or NBMA network, any two routers need to establish an adjacency to exchange routing information with each other. If n routers are present on the network, n(n- 1 )/2 adjacencies are required. In addition, any topology change on the network results in traffic for route synchronization, which consumes many system and bandwidth resources.
Page 75: Ospf Packet Formats
OSPF packet formats OSPF packets are directly encapsulated into IP packets. OSPF uses the IP protocol number 89. The format of an OSPF LSU packet is shown in Figure Figure 24 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header. Figure 25 OSPF packet header Major fields of the OSPF packet header are as follows: •...
Page 76 Figure 26 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields of the hello packet are as follows: Network mask—Network mask associated with the router’s sending interface. If two routers have •...
Page 77 Figure 27 DD packet format Major fields of the DD packets are as follows: • Interface MTU—Specifies the largest IP datagram in bytes that the interface can send without fragmentation. I (Initial)—The Init bit, which is set to 1 if the packet is the first DD packet. It is set to 0 if not. •...
Page 78 Figure 28 LSR packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication LS type Link state ID Advertising router Major fields of the LSR packets are as follows: LS type—Type of the LSA to be requested. Type 1 for example indicates the Router LSA. •...
Page 79 Figure 30 LSAck packet format LSA header format All LSAs have the same header. Figure 31 LSA header format Major fields of the LSA header are as follows: LS age—Time, in seconds, elapsed since the LSA was originated. An LSA ages in the LSDB (added •...
Page 80 Figure 32 Router LSA format LS age Options Link state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields of the Router LSA are as follows: Link state ID—ID of the router that originated the LSA.
Page 81 Figure 33 Network LSA format Major fields of the Network LSA are as follows: Link state ID—The interface address of the DR. Network mask—The mask of the network (a broadcast or NBMA network). Attached router—The IDs of the routers, which are adjacent to the DR, including the DR itself. •...
Page 82 An AS external LSA is originated by an ASBR, and describes routing information to a destination outside the AS. Figure 35 AS external LSA format Major fields of the AS external LSA are as follows: Link state ID—The IP address of another AS to be advertised. When describing a default route, the Link state ID is always set to default destination (0.0.0.0) and the network mask is set to 0.0.0.0 Network mask—The IP address mask for the advertised destination...
Page 83: Supported Features
Figure 36 NSSA external LSA format Supported features Multi-process This feature allows multiple OSPF processes to run on a router both simultaneously and independently. Routing information interactions between different processes simulate interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.
Page 84: Protocols And Standards
Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide. Protocols and standards RFC 1765, OSPF Database Overflow •...
Page 85: Enabling Ospf
Task Remarks Configuring OSPF route redistribution Optional Configuring OSPF packet timers Optional Specifying LSA transmission delay Optional Specifying SPF calculation interval Optional Specifying the LSA arrival interval Optional Specifying the LSA generation interval Optional Disabling interfaces from receiving and sending OSPF Optional packets Configuring stub routers...
Page 86: Configuration Procedure
You can specify a router ID when creating the OSPF process. Any two routers in an AS must have different router IDs. In practice, the ID of a router is the IP address of one of its interfaces. If you specify no router ID when creating the OSPF process, the global router ID is used. HP •...
Page 87: Configuring Ospf Areas
Configuring OSPF areas After splitting an OSPF AS into multiple areas, configure some areas as stub areas or NSSA areas as needed. If no connection can be achieved between the backbone and a non-backbone area, or within the backbone itself, you can configure virtual links to solve it. Configuration prerequisites Before you configure an OSPF area, complete the following tasks: Configure IP addresses for interfaces, and make sure that all neighboring nodes can reach each...
Page 88: Configuring An Nssa Area
NOTE: Virtual links cannot transit totally stub areas. Configuring an NSSA area A stub area cannot redistribute routes. Configure the area as an NSSA area to allow for route redistribution by keeping other stub area characteristics. To configure an NSSA area: Step Command Remarks...
Page 89: Configuring Ospf Network Types
Step Command Remarks vlink-peer router-id [ hello seconds You must configure this command on | retransmit seconds | trans-delay both ends of a virtual link. seconds | dead seconds | simple Configure a virtual link. hello and dead intervals must be [ plain | cipher ] password | { md5 identical on both ends of the virtual | hmac-md5 } key-id [ plain |...
Page 90: Configuring The Nbma Network Type For An Interface
Step Command Remarks Configure the OSPF network By default, the network type of an type for the interface as ospf network-type broadcast interface depends on the link layer broadcast. protocol. Optional. Configure a router priority for ospf dr-priority priority the interface. The default router priority is 1.
Page 91: Configuring The P2P Network Type For An Interface
Step Command Remarks interface interface-type Enter interface view. interface-number By default, the network type of an interface depends on the link layer protocol. After you configure the OSPF Configure the OSPF network network type for an interface as type for the interface as ospf network-type p2mp [ unicast ] P2MP unicast, all packets are unicast P2MP.
Page 92: Configuring Ospf Route Summarization
Configuring OSPF route summarization Route summarization is when an ABR or ASBR summarizes routes with the same prefix into a single route and distributes it to other areas. Route summarization reduces the traffic of routing information exchanged between areas and the sizes of routing tables on routers, improving route calculation speed on routers.
Page 93: Configuring Ospf Inbound Route Filtering
Configuring OSPF inbound route filtering OSPF calculates routes by using LSAs. The calculated routes can be filtered and only permitted routes are installed into the OSPF routing table. OSPF provides the following filtering methods: • Filters routing information by destination address through ACLs and IP address prefixes Filters routing information by next hop through the filtering criteria configured with the gateway •...
Page 94: Configuring The Maximum Number Of Ospf Routes
calculated cost is greater than 65535, the value of 65535 is used. If the calculated cost is less than 1, the value of 1 is used. If the cost value is not configured for an interface, OSPF computes the interface cost automatically. To configure an OSPF cost for an interface: Step Command...
Page 95: Configuring Ospf Preference
Step Command Remarks ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Configure the maximum maximum load-balancing maximum number of ECMP routes. 8 by default. Configuring OSPF preference A router can run multiple routing protocols, and each protocol is assigned a preference. When the routing protocols find routes to the same destination, the route found by the protocol with the highest preference is selected as the best route.
Page 96 Step Command Remarks import-route protocol [ process-id | Configure OSPF to all-processes | allow-ibgp ] [ cost cost | type redistribute routes from Not configured by default type | tag tag | route-policy another protocol. route-policy-name ] * Configure OSPF to filter filter-policy { acl-number | ip-prefix Optional redistributed routes before...
Page 97: Advertising A Host Route
Step Command Remarks Optional. The default cost is 1, the Configure the default default maximum number parameters for default { cost cost | limit limit | tag tag | type of routes redistributed per redistributed routes (cost, type } * time is 1000, the default upper limit, tag, and tag is 1, and default type...
Page 98: Specifying Lsa Transmission Delay
Dead timer—Interval within which if the interface receives no hello packet from the neighbor, it • declares the neighbor is down. The dead interval must be at least four times the hello interval on an interface. • LSA retransmission timer—Interval within which if the interface receives no acknowledgement packets after sending an LSA to the neighbor, it retransmits the LSA.
Page 99: Specifying Spf Calculation Interval
Specifying SPF calculation interval LSDB changes lead to SPF calculations. When the topology changes frequently, a large amount of network and router resources are occupied by SPF calculation. Adjust the SPF calculation interval to reduce the impact. When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the SPF calculation interval is incremented by incremental-interval ×...
Page 100: Disabling Interfaces From Receiving And Sending Ospf Packets
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. lsa-generation-interval By default, the maximum interval is 5 Configure the LSA maximum-interval [ initial-interval seconds, the minimum interval is 0 generation interval.
Page 101: Configuring Ospf Authentication
Step Command Remarks Configure the router as a By default, the router is not a stub stub-router stub router. router in any OSPF process. Configuring OSPF authentication You can configure OSPF packet authentication to ensure the security of packet exchanges. After authentication is configured, OSPF only receives packets that pass authentication.
Page 102: Configuring The Maximum Number Of External Lsas In Lsdb
If RFC 1583 is made compatible with RFC 2328, the routes in the backbone area are preferred; if not, the routes in the non-backbone area are preferred to reduce the burden of the backbone area. To avoid routing loops, HP recommends configuring all the routers to be either compatible or incompatible with RFC 1583.
Page 103: Configuring Ospf Network Management
Configuring OSPF network management With trap generation enabled, OSPF generates traps to report important events. Traps fall into the following levels. Level-3—Fault traps • • Level-4—Alarm traps Level-5—Normal but important traps • Level-6—Notification traps • The generated traps are sent to the information center of the device. The output rules of the traps such as whether to output the traps and the output direction are determined according to the information center configuration.
Page 104: Configuring Ospf To Give Priority To Receiving And Processing Hello Packets
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Enable the advertisement and opaque-capability enable reception of opaque LSAs. Disabled by default. Configuring OSPF to give priority to receiving and processing hello packets To ensure OSPF runs properly, a router receives and processes hello packets and other protocol packets at the same time.
Page 105: Setting The Dscp Value For Ospf Packets
Setting the DSCP value for OSPF packets An IPv4 packet header contains an 8-bit TOS field. As defined in RFC 2474, the first six bits set the Differentiated Services Code Point (DSCP) value and the last two bits are reserved. Network devices use the DSCP value as a reference to determine the packet priority for transmission.
Page 106 Figure 37, after you enable FRR on Router B, OSPF automatically calculates or designates a backup next hop when a link failure is detected. Packets are directed to the backup next hop. At the same time, OSPF calculates the shortest path based on the new network topology, and forwards packets over the path after routing convergence.
Page 107: Configuring Ospf Graceful Restart
Configuring OSPF Graceful Restart OSPF GR involves the following: IETF standard GR—Uses Opaque LSAs to implement GR. • Non IETF standard GR—Uses link local signaling (LLS) to advertise GR capability and uses out of • band synchronization to synchronize the LSDB. A device can act as a GR Restarter and GR Helper at the same time.
Page 108: Configuring The Ospf Gr Helper
Configuring the OSPF GR Helper You can configure the IETF standard or non-IETF standard OSPF GR Helper. Configuring the IETF standard OSPF GR Helper Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enable OSPF and enter its router-id | vpn-instance view.
Page 109: Configuring Bfd For Ospf
Configuring BFD for OSPF OSPF supports the following BFD detection methods: Control packet bidirectional detection, which requires BFD configuration to be made on both OSPF • routers on the link. Echo packet single-hop detection, which requires BFD configuration to be made on one OSPF router •...
Page 110 Task Command Remarks display ospf [ process-id ] lsdb [ brief | [ { ase | router | network | summary | asbr | nssa | Display Link State Database opaque-link | opaque-area | opaque-as } Available in any information. [ link-state-id ] ] [ originate-router view advertising-router-id | self-originate ] ] [ | { begin...
Page 111: Ospf Configuration Examples
OSPF configuration examples These examples only cover commands for OSPF configuration. Configuring OSPF basic functions Network requirements As shown in Figure 38, all switches run OSPF. The AS is split into three areas, where Switch A and Switch B act as ABRs to forward routing information between areas. After configuration, all switches can learn routes to every network segment in the AS.
Page 112 # Configure Switch C <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit # Configure Switch D <SwitchD> system-view [SwitchD] ospf [SwitchD-ospf-1] area 2 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit [SwitchD-ospf-1] quit Verify the configuration:...
Page 113 Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 10.2.1.1 0.0.0.1 10.3.1.0/24 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.4.1.0/24 Stub 10.2.1.2 10.4.1.1 0.0.0.1 10.5.1.0/24 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.1.1.0/24 Transit 10.1.1.1 10.2.1.1 0.0.0.0 Total Nets: 5 Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0...
Page 114: Configuring Ospf Route Redistribution
Total Nets: 5 Intra Area: 2 Inter Area: 3 ASE: 0 NSSA: 0 # On Switch D, ping the IP address 10.4.1.1 to check connectivity. [SwitchD] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=2 ms Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms...
Page 115: Configuring Ospf To Advertise A Summary Route
[SwitchC-ospf-1] import-route static Verify the configuration: # Display the ABR/ASBR information of Switch D. <SwitchD> display ospf abr-asbr OSPF Process 1 with Router ID 10.5.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.3.1.1 0.0.0.2 10.3.1.1 Inter 10.4.1.1...
Page 116 Figure 40 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB>...
Page 117 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit # Configure Switch E. <SwitchE> system-view [SwitchE] ospf [SwitchE-ospf-1] area 0 [SwitchE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [SwitchE-ospf-1-area-0.0.0.0] quit [SwitchE-ospf-1] quit Configure BGP to redistribute OSPF routes and direct routes: # Configure Switch B.
Page 118: Configuring An Ospf Stub Area
Configure summary route 10.0.0.0/8 on Switch B and advertise it: [SwitchB-ospf-1] asbr-summary 10.0.0.0 8 # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/8 O_ASE...
Page 119 [SwitchD-ospf-1] quit # Display ABR/ASBR information on Switch C. <SwitchC> display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.2.1.1 0.0.0.1 10.2.1.1 Inter 10.3.1.1 0.0.0.1 10.2.1.1 Inter 10.5.1.1 0.0.0.1...
Page 120: Configuring An Ospf Nssa Area
[SwitchC-ospf-1] quit # Display OSPF routing information on Switch C [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.2.1.1 0.0.0.1 10.3.1.0/24...
Page 121 Configure Area 1 as an NSSA area and configure Switch C as the ASBR to redistribute static routes into the AS. Figure 42 Network diagram Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions. (See "Configuring OSPF basic functions") Configure Area 1 as an NSSA area: # Configure Switch A.
Page 122: Configuring Ospf Dr Election
Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure route redistribution: # Configure Switch C to redistribute static routes.
Page 123 Figure 43 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.
Page 124 [SwitchD-ospf-1] return # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3...
Page 125 Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 31 Neighbor is up for 00:11:17 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal...
Page 126: Configuring Ospf Virtual Links
Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode: Nbr is Slave Priority: 2 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:41 Authentication Sequence: [ 0 ] Switch A becomes the DR, and Switch C is the BDR. The full neighbor state means an adjacency has been established.
Page 127 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255...
Page 128: Configuring Ospf Graceful Restart
Area 0 has no direct connection to Area 2, so the routing table of Switch B has no route to Area Configure a virtual link: # Configure Switch B. [SwitchB] ospf [SwitchB-ospf-1] area 1 [SwitchB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3 [SwitchB-ospf-1-area-0.0.0.1] quit [SwitchB-ospf-1] quit # Configure Switch C.
Page 129 Figure 45 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf 100 [SwitchA-ospf-100] area 0 [SwitchA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchA-ospf-100-area-0.0.0.0] quit # Configure Switch B <SwitchB>...
Page 130 [SwitchB-ospf-100] enable link-local-signaling [SwitchB-ospf-100] enable out-of-band-resynchronization # Configure Switch C as the GR Helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [SwitchC-ospf-100] enable link-local-signaling [SwitchC-ospf-100] enable out-of-band-resynchronization Verify the configuration: # After the configurations on Switch A, Switch B, and Switch C are completed and the switches are running steadily, enable OSPF Graceful Restart event debugging and then restart the OSPF process using GR on Switch A.
Page 131: Configuring Route Filtering
Configuring route filtering Network requirements As shown in Figure All the switches in the network run OSPF. The AS is divided into three areas. • • Switch A and Switch B work as ABRs. Configure Switch C as an ASBR to redistribute external routes (static routes), and configure a filter policy on Switch C to filter out redistributed route 3.1.3.0/24.
Page 132 3.1.1.0/24 O_ASE 10.2.1.2 Vlan200 3.1.2.0/24 O_ASE 10.2.1.2 Vlan200 3.1.3.0/24 O_ASE 10.2.1.2 Vlan200 10.1.1.0/24 Direct 0 10.1.1.1 Vlan200 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 10.5.1.0/24 OSPF 10.1.1.2...
Page 133: Configuring Ospf Frr
[SwitchA] ospf 1 [SwitchA-ospf-1] filter-policy 2000 import [SwitchA-ospf-1] quit # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 3.1.1.0/24 O_ASE 10.2.1.2 Vlan200 3.1.2.0/24 O_ASE 10.2.1.2...
Page 134 # Configure Switch S. <SwitchS> system-view [SwitchS] bfd echo-source-ip 1.1.1.1 [SwitchS] ospf 1 [SwitchS-ospf-1] fast-reroute auto [SwitchS-ospf-1] quit # Configure Switch D. <SwitchD> system-view [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] ospf 1 [SwitchD-ospf-1] fast-reroute auto [SwitchD-ospf-1] quit (Method II.) Enable OSPF FRR to designate a backup next hop by using a routing policy. # Configure Switch S.
Page 135: Configuring Bfd For Ospf
NextHop: 13.13.13.2 Interface: Vlan-interface200 BkNextHop: 12.12.12.2 BkInterface: Vlan-interface100 RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h01m27s Tag: 0 # Display route 1.1.1.1/32 on Switch D to view the backup next hop information. [SwitchD] display ip routing-table 1.1.1.1 verbose Routing Table : Public Summary Count : 1...
Page 136 Switch C Vlan-int11 11.1.1.2/24 Vlan-int13 13.1.1.2/24 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit [SwitchA] interface vlan 11...
Page 137 [SwitchA-Vlan-interface10] quit [SwitchA] quit # Enable BFD on Switch B and configure BFD parameters. [SwitchB] bfd session init-mode active [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ospf bfd enable [SwitchB-Vlan-interface10] bfd min-transmit-interval 500 [SwitchB-Vlan-interface10] bfd min-receive-interval 500 [SwitchB-Vlan-interface10] bfd detect-multiplier 6 Verify the configuration: # Display the BFD information on Switch A.
Page 138: Troubleshooting Ospf Configuration
RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h58m10s Tag: 0 The output shows that Switch A communicates with Switch B through VLAN-interface 11. Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom No OSPF neighbor relationship can be established.
Page 139 Use the display current-configuration configuration ospf command to display information about area configuration. If more than two areas are configured, at least one area is connected to the backbone. In a stub area, all routers attached are configured with the stub command. In an NSSA area, all routers attached are configured with the nssa command.
Page 140: Configuring Is-Is
Configuring IS-IS Hardware compatibility The A5500 SI Switch Series does not support IS-IS. IS-IS overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP). The IS-IS routing protocol was modified and extended in RFC 1 195 by the International Engineer Task Force (IETF) for application in both TCP/IP and OSI reference models, and the new one is named "Integrated IS-IS"...
Page 141 IS-IS address format NSAP • As shown in Figure 49, an NSAP address consists of the Initial Domain Part (IDP) and the Domain Specific Part (DSP). The IDP is equal to the network ID of an IP address, and the DSP is equal to the subnet and host ID.
Page 142: Is-Is Area
A network entity title (NET) indicates the network layer information of an IS, and does not include transport layer information. It is a special NSAP address with the SEL being 0. The length of the NET is equal to the NSAP, and is in the range of 8 bytes to 20 bytes. A NET comprises the following parts: Area ID—Its length is in the range of 1 to 13 bytes.
Page 143 Figure 50 IS-IS topology 1 Figure 51 is another IS-IS topology. The Level- 1 -2 routers connect to the Level- 1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology.
Page 144: Is-Is Network Type
The routing information of a Level- 1 area is sent to the Level-2 area through the Level- 1 -2 router; therefore, the Level-2 router knows the routing information of the entire IS-IS routing domain. But the Level- 1 -2 router does not share the information of other Level- 1 areas and the Level-2 area with the Level- 1 area by default.
Page 145: Is-Is Pdu Format
NOTE: On IS-IS broadcast networks, all routers are adjacent with each other. However, the DIS is responsible for the synchronization of their LSDBs. IS-IS PDU format PDU header format IS-IS packets are encapsulated into link layer frames. The Protocol Data Unit (PDU) consists of two parts, the headers and the variable length fields.
Page 146 Type PDU Type Acronym Level-1 Link State PDU L1 LSP Level-2 Link State PDU L2 LSP Level-1 Complete Sequence Numbers PDU L1 CSNP Level-2 Complete Sequence Numbers PDU L2 CSNP Level-1 Partial Sequence Numbers PDU L1 PSNP Level-2 Partial Sequence Numbers PDU L2 PSNP Hello Hello packets are used by routers to establish and maintain neighbor relationships.
Page 147 LAN ID—Includes the system ID and a one-byte pseudonode ID. • Figure 56 shows the hello packet format on the point-to-point networks. Figure 56 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDU (LSP) carries link state information.
Page 148 Figure 57 L1/L2 LSP format Major fields of the L1/L2 LSP are as follows: PDU length—Total length of the PDU in bytes. • Remaining lifetime—LSP remaining lifetime in seconds. • LSP ID—Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one •...
Page 149 Figure 58 LSDB overload • IS type—Type of the router generating the LSP. SNP format A sequence number PDU (SNP) acknowledges the latest received LSPs. It is similar to an Acknowledge packet, but more efficient. SNP involves Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level- 1 CSNP, Level-2 CSNP, Level- 1 PSNP and Level-2 PSNP.
Page 150 Figure 60 L1/L2 PSNP format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 61 CLV format Table 5 shows that different PDUs contain different CLVs.
Page 151: Supported Is-Is Features
CLV Code Name PDU Type IP Interface Address IIH, LSP Supported IS-IS features Multiple instances and processes IS-IS supports multiple instances and processes. Multiple processes allow an IS-IS process to work in concert with a group of interfaces. A router can run multiple IS-IS processes, and each process corresponds to a unique group of interfaces.
Page 152 The LSP fragment extension feature allows an IS-IS router to generate more LSP fragments. Up to 50 additional virtual systems can be configured on the router, and each virtual system is capable of generating 256 LSP fragments to enable the IS-IS router to generate up to 13056 LSP fragments. •...
Page 153: Protocols And Standards
A host name is easier to remember than a system ID. After enabling this feature on the router, you can see the host names instead of system IDs using the display command. Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect any link failures between IS-IS neighbors to reduce network convergence time.
Page 154: Configuring Is-Is Basic Functions
Task Remarks optimizing IS-IS Specifying the IS-IS hello multiplier Optional networks Configuring a DIS priority for an interface Optional Disabling an interface from sending or receiving IS-IS packets Optional Enabling an interface to send small hello packets Optional Configuring LSP parameters Optional Configuring SPF parameters Optional...
Page 155: Configuring The Is Level And Circuit Level
Configuring the IS level and circuit level If only one area is available, HP recommends you to perform the following operations: Configure the IS level of all routers as Level- 1 or Level-2 rather than different levels because the •...
Page 156: Configuring Is-Is Routing Information Control
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. By default, the network type of an Configure the network type for the interface depends on isis circuit-type p2p interface as P2P. the physical media. The network type of a VLAN interface is broadcast.
Page 157: Specifying A Priority For Is-Is
Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] cost-style { narrow | wide | wide-compatible Optional. Specify an IS-IS cost style. | { compatible | narrow-compatible } narrow by default. [ relax-spf-limit ] } Return to system view.
Page 158: Configuring The Maximum Number Of Ecmp Routes
To configure the priority of IS-IS: Step Command Remarks Enter system view. system-view Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] preference { route-policy route-policy-name | Specify a priority for IS-IS. 15 by default. preference } * Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes.
Page 159: Configuring Is-Is Route Redistribution
The default route is only advertised to routers at the same level. You can use a routing policy to generate the default route only when a local routing entry is matched by the policy. To advertise a default route: Step Command Remarks Enter system view.
Page 160: Configuring Is-Is Route Leaking
To filter routes calculated from received LSPs: Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] filter-policy { acl-number | ip-prefix Filter routes calculated By default, no filtering is ip-prefix-name | route-policy route-policy-name } from received LSPs.
Page 161: Tuning And Optimizing Is-Is Networks
Tuning and optimizing IS-IS networks Configuration prerequisites Before you tune and optimize IS-IS networks, complete the following tasks: Configure IP addresses for interfaces, and make adjacent nodes can reach each other at the • network layer. • Enable IS-IS. Specifying intervals for sending IS-IS hello and CSNP packets Step Command Remarks...
Page 162: Configuring A Dis Priority For An Interface
Configuring a DIS priority for an interface On an IS-IS broadcast network, you must elect a router as the DIS at a routing level. You can specify a DIS priority at a level for an interface. The greater the interface’s priority, the more likely it becomes the DIS.
Page 163: Configuring Lsp Parameters
Configuring LSP parameters Configuring LSP timers • Specify the maximum age of LSPs. Each LSP has an age that decreases in the LSDB. Any LSP with an age of 0 is deleted from the LSDB. You can adjust the age value based on the scale of a network. To specify the maximum age of LSPs: Step Command...
Page 164 IS-IS routers in an area must send LSPs smaller than the smallest interface MTU in this area. If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in this area. If they are not, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.
Page 165: Configuring Spf Parameters
Enabling LSP fragment extension After LSP fragment extension is enabled for an IS-IS process, the MTUs of all the interfaces running the IS-IS process must not be less than 512; otherwise, LSP fragment extension will not take effect. At least one virtual system must be configured for the router to generate extended LSP fragments. An IS-IS process allows 50 virtual systems.
Page 166: Setting The Lsdb Overload Bit
Step Command Remarks Optional. Not assigned by default. If no IS-IS route is assigned a high Assign a high priority to IS-IS priority high { ip-prefix priority, IS-IS host routes are routes. prefix-name | tag tag-value } processed first in network convergence because they have higher priority than other types of IS-IS routes.
Page 167: Enabling The Logging Of Neighbor State Changes
Step Command Remarks Configure a system ID to host A system ID can only correspond to name mapping for a remote is-name map sys-id map-sys-name a host name. Configuring dynamic system ID to host name mapping Configure a static system ID to host name mapping for any other router in a network. When a new router is added into the network or a mapping must be modified, perform configuration on all routers.
Page 168: Enhancing Is-Is Network Security
Enhancing IS-IS network security To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication and routing domain authentication. Configuration prerequisites Before you enhance IS-IS network security, complete the following tasks: Configure IP addresses for interfaces, and make sure that all neighboring nodes can reach each •...
Page 169: Configuring Routing Domain Authentication
Step Command Remarks Specify the area area-authentication-mode { md5 | By default, no area authentication authentication mode and simple } [ cipher ] password [ ip | osi ] is configured. password. Configuring routing domain authentication Routing domain authentication prevents untrusted routing information from entering into a routing domain.
Page 170: Configuring Is-Is Nsr
Step Command Remarks Optional. By default, the SA bit is not suppressed. Suppress the SA bit By enabling the GR Restarter to suppress the graceful-restart suppress-sa during restart. Suppress-Advertisement (SA) bit in the hello PDUs, the neighbors will still advertise their adjacency with the GR Restarter.
Page 171 traffic recovery time. Meanwhile, IS-IS calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence. You can either enable IS-IS FRR to calculate a backup next hop automatically, or to designate a backup next hop with a routing policy for routes matching specific criteria.
Page 172: Enabling Is-Is Snmp Trap
Enabling IS-IS SNMP trap This task enables IS-IS to generate traps and send them to the information center of the device. The information center determines whether to output the traps and where to output. For more information about information center, see Network Management and Monitoring Configuration Guide. To enable IS-IS SNMP trap: Step Command...
Page 173 Task Command Remarks display isis brief [ process-id | vpn-instance Display brief IS-IS configuration Available in any vpn-instance-name ] [ | { begin | exclude | information. view include } regular-expression ] display isis debug-switches { process-id | Display the status of IS-IS debug Available in any vpn-instance vpn-instance-name } [ | { begin | switches.
Page 174: Is-Is Configuration Examples
IS-IS configuration examples IS-IS basic configuration Network requirements As shown in Figure 63, Switch A, B, C, and D reside in an IS-IS AS. Switch A and B are Level- 1 switches, Switch D is a Level-2 switch, and Switch C is a Level- 1 -2 switch. Switch A, B, and C are in Area 10, and Switch D is in Area 20.
Page 175 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD>...
Page 176 LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00* 0x00000008 0xe651 1189 0/0/0 0000.0000.0002.01-00* 0x00000005 0xd2b3 1188 0/0/0 0000.0000.0003.00-00 0x00000014 0x194a 1190 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [SwitchC] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database...
Page 177 0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches must have a default route with the next hop being the Level-1-2 switch. The Level-2 switch must have both routing information of Level-1 and Level-2.
Page 178: Dis Election Configuration
Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchD] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan300 192.168.0.1...
Page 179 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] isis enable 1 [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC>...
Page 180 Interface: Vlan-interface100 Circuit Id: 0000.0000.0004.01 State: Up HoldTime: 30s Type: L2 PRI: 64 # Display information about IS-IS interfaces of Switch A. [SwitchA] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No # Display information about IS-IS interfaces of Switch C.
Page 181 System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64 System Id: 0000.0000.0004 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 30s Type: L2 PRI: 64 # Display information about IS-IS interfaces on Switch A. [SwitchA] display isis interface Interface information for ISIS(1) ---------------------------------...
Page 182: Configuring Is-Is Route Redistribution
System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 28s Type: L2 PRI: 64 [SwitchD] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS route redistribution Network requirements As shown in Figure 65, Switch A, Switch B, Switch C, and Switch D reside in the same AS.
Page 183 # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] is-level level-1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit...
Page 184 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100 Direct D/L/- 10.1.2.0/24 NULL VLAN200 Direct...
Page 185 [SwitchD] rip 1 [SwitchD-rip-1] network 10.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary # Configure RIPv2 on Switch E. [SwitchE] rip 1 [SwitchE-rip-1] network 10.0.0.0 [SwitchE-rip-1] version 2 [SwitchE-rip-1] undo summary # Configure route redistribution from RIP to IS-IS on Switch D. [SwitchD-rip-1] quit [SwitchD] isis 1 [SwitchD–isis-1] import-route rip level-2...
Page 186: Is-Is Graceful Restart Configuration Example
IS-IS Graceful Restart configuration example Network requirements Switch A, Switch B, and Switch C belong to the same IS-IS routing domain, as illustrated in Figure Figure 66 Network diagram for IS-IS GR configuration Configuration procedure Configure IP addresses and subnet masks for interfaces. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch B and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.
Page 187: Is-Is Nsr Configuration Example
Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status:...
Page 188 isis route command to check if routes from Switch A to the loopback interface on Switch B and from Switch B to the loopback interface on Switch A exist. # When a master/slave switchover occurs on Switch S, display IS-IS neighbors and routes on Switch A.
Page 189: Is-Is Frr Configuration Example
System Id: 0000.0000.0001 Interface: vlan200 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 25s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0001 Interface: vlan200 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 27s Type: L2(L1L2) PRI: 64 <SwitchB> display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 190 Figure 68 Network diagram for IS-IS FRR configuration Switch A Link B Link A Loop 0 Loop 0 1.1.1.1/32 4.4.4.4/32 Vlan-int200 Vlan-int200 13.13.13.1/24 13.13.13.2/24 Switch S Switch D Configuration procedure Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch D, and Switch S can communicate with each other at Layer 3.
Page 191: Is-Is Authentication Configuration Example
[SwitchD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [SwitchD] route-policy frr permit node 10 [SwitchD-route-policy] if-match ip-prefix abc [SwitchD-route-policy] apply fast-reroute backup-interface vlan-interface 101 backup-nexthop 24.24.24.2 [SwitchD-route-policy] quit [SwitchD] isis 1 [SwitchD-isis-1] fast-reroute route-policy frr [SwitchD-isis-1] quit Verify the configuration: # Display route 4.4.4.4/32 on Switch S to view the backup next hop information.
Page 192 Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20. Configure relationship authentication between neighbors. Configure area authentication in Area 10 to prevent untrusted routes from entering into the area. Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain.
Page 193 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] network-entity 20.0000.0000.0001.00 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 300 [SwitchD-Vlan-interface300] isis enable 1 [SwitchD-Vlan-interface300] quit Configure neighbor relationship authentication between neighbors: # Specify the MD5 authentication mode and password eRq on VLAN-interface 100 of Switch A and on VLAN-interface 100 of Switch C.
Page 194: Configuring Bfd For Is-Is
[SwitchC-isis-1] area-authentication-mode md5 10Sec [SwitchC-isis-1] quit Configure routing domain authentication. Specify the MD5 authentication mode and password 1020Sec on Switch C and Switch D. [SwitchC] isis 1 [SwitchC-isis-1] domain-authentication-mode md5 1020Sec [SwitchC-isis-1] quit [SwitchD] isis 1 [SwitchD-isis-1] domain-authentication-mode md5 1020Sec Configuring BFD for IS-IS Network requirements As shown in...
Page 195 [SwitchA-Vlan-interface10] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] isis enable [SwitchA-Vlan-interface11] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] isis enable [SwitchB-Vlan-interface10] quit [SwitchB] interface vlan-interface 13 [SwitchB-Vlan-interface13] isis enable [SwitchB-Vlan-interface13] quit # Configure Switch C.
Page 196 LD/RD SourceAddr DestAddr State Holdtime Interface 10.1.0.102 10.1.0.100 1700ms vlan10 # Display routes destined for 120.1.1.0/24 on Switch A. <SwitchA> display ip routing-table 120.1.1.0 verbose Routing Table : Public Summary Count : 1 Destination: 120.1.1.0/24 Protocol: ISIS Process ID: 1 Preference: 0 Cost: 2 IpPrecedence:...
Page 197: Configuring Bgp
Configuring BGP Hardware compatibility The A5500 SI Switch Series does not support BGP. BGP overview The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. The three early BGP versions are BGP- 1 (RFC 1 105), BGP-2 (RFC 1 163) and BGP-3 (RFC 1267). The current version is BGP-4 (RFC 4271), and is the Internet exterior gateway protocol.
Page 198 Keepalive • • Route-refresh They have the same header. Figure 71 BGP message header • Marker—The 16-byte field is used to delimit BGP messages. The Marker must be all ones. Length—The two-byte unsigned integer indicates the total length of the message. •...
Page 199 Optional parameters—Used for multiprotocol extensions and other functions. • Update The update messages are used to exchange routing information between peers. It can advertise feasible routes or remove multiple unfeasible routes. Figure 73 BGP update message format Each update message can advertise a group of feasible routes with identical attributes, and the routes are contained in the network layer reachability information (NLRI) field.
Page 200: Bgp Path Attributes
Keepalive Keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Route-refresh A route-refresh message is sent to a peer to request the specified address family routing information. Figure 75 BGP route-refresh message format AFI—Address family identifier.
Page 201 Name Category CLUSTER_LIST Optional non-transitive Usage of BGP path attributes • ORIGIN ORIGIN is a well-known mandatory attribute that defines the origin of routing information (how a route became a BGP route). This attribute has the following types: IGP—Has the highest priority. Routes added to the BGP routing table using the network command have the IGP attribute.
Page 202 Use the AS_PATH attribute for route selection and filtering. BGP gives priority to the route with the shortest AS_PATH length, if other factors are the same. As shown in Figure 76, the BGP router in AS 50 gives priority to the route passing AS 40 for sending data to the destination 8.0.0.0. In some applications, you can apply a routing policy to control BGP route selection by modifying the AS_PATH length.
Page 203 Figure 78 MED attribute In general, BGP compares MEDs of routes received from the same AS only. NOTE: The current implementation supports using the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs. LOCAL_PREF •...
Page 204: Bgp Route Selection
usage and facilitates management and maintenance. Well-known community attributes are as follows: INTERNET—By default, all routes belong to the Internet community. Routes with this attribute can be advertised to all BGP peers. NO_EXPORT—After received, routes with this attribute cannot be advertised out the local AS or out the local confederation, but can be advertised to other sub-ASs in the confederation.
Page 205 IGP routing protocols such as RIP and OSPF compute metrics of routes, and then implement load • balancing over routes with the same metric and to the same destination. The route selection criterion is metric. • BGP has no route computation algorithm, so it cannot implement load balancing according to metrics of routes.
Page 206: Bgp And Igp Synchronization
A BGP speaker advertises all routes to a newly connected peer. • BGP and IGP synchronization Enable BGP and IGP route synchronization in an AS to avoid giving wrong directions to routers. If a non-BGP router works in an AS, it can discard a packet because a destination is unreachable. As shown in Figure 81, Router E has learned a route of 8.0.0.0/8 from Router D via BGP.
Page 207 In most cases, BGP is used in complex networks, where route changes are more frequent. To solve the problem caused by route flaps, BGP route dampening is used to suppress unstable routes. BGP route dampening, as shown in Figure 82, uses a penalty value to judge the stability of a route. The bigger the value, the less stable the route.
Page 208 Route reflector IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n (n- 1 )/2, and large amounts of network and CPU resources are consumed. Using route reflectors can resolve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector.
Page 209: Bgp Gr
NOTE: After route reflection is disabled between clients, routes can still be reflected between a client and a non-client. Confederation Confederation is another method to manage growing IBGP connections in ASs. This method splits an AS into multiple sub-ASs. In each sub-AS, IBGP peers are fully meshed, and, as shown in Figure intra-confederation EBGP connections are established between sub-ASs.
Page 210: Mp-Bgp
session. If neither party has the GR capability, the session established between them will not be GR capable. When a Master/Slave switchover occurs on the GR Restarter, sessions on it will go down. Then, GR-capable peers will mark all routes associated with the GR Restarter as stale. However, during the configured GR Time, they still use these routes for packet forwarding.
Page 211: Bgp Configuration Task List
RFC 1997, BGP Communities Attribute • • RFC 2796, BGP Route Reflection RFC 3065, Autonomous System Confederations for BGP • RFC 4271, A Border Gateway Protocol 4 (BGP-4) • • RFC 5291, Outbound Route Filtering Capability for BGP-4 RFC 5292, Address-Prefix-Based Outbound Route Filter for BGP-4 •...
Page 212: Configuring Bgp Basic Functions
Task Remarks Configuring the interval for sending the same Optional. update Configuring BGP soft-reset Optional. Enabling the BGP ORF capability Optional. Enabling 4-byte AS number suppression Optional. Setting the DSCP value for BGP packets Optional. Enabling quick EBGP session reestablishment Optional.
Page 213: Specifying The Source Interface For Tcp Connections
If a BGP router has multiple links to a peer, and the source interface fails, BGP must reestablish TCP connections, causing network oscillation. To enhance stability of BGP connections, HP recommends using a loopback interface as the source interface.
Page 214: Allowing Establishment Of Ebgp Connection To An Indirectly Connected Peer Or Peer Group
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number By default, BGP uses the outbound Specify the source interface interface of the best route to the BGP peer { group-name | ip-address } for establishing TCP peer or peer group as the source connect-interface interface-type connections to a peer or peer interface for establishing a TCP...
Page 215: Configuring Bgp Route Redistribution
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number network ip-address [ mask | Optional. Inject a network to the BGP mask-length ] route-policy routing table. Not injected by default. route-policy-name Configuring BGP route redistribution BGP does not find routes by itself. Rather, it redistributes routing information in the local AS from other routing protocols.
Page 216: Controlling Route Distribution And Reception
Controlling route distribution and reception Configuration prerequisites BGP connections must be created. Configuring BGP route summarization To reduce the routing table size on medium and large BGP networks, you need to configure route summarization on BGP routers. BGP supports automatic and manual summarization modes. Manual summary routes have a higher priority than automatic ones.
Page 217: Configuring Bgp Route Distribution/Reception Filtering Policies
To advertise a default route to a peer or peer group: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | ip-address } Advertise a default route to a Not advertised by default-route-advertise [ route-policy peer or peer group.
Page 218 Step Command Remarks • Configure the filtering of redistributed routes: filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure at least one command. • Reference a routing policy to filter Not configured by default.
Page 219: Enabling Bgp And Igp Route Synchronization
Step Command Remarks • Filter incoming routes with an ACL or IP prefix list: filter-policy { acl-number | ip-prefix ip-prefix-name } import • Reference a routing policy to filter routes from a peer or peer group: Configure at least one command. peer { group-name | ip-address } No route reception filtering is route-policy route-policy-name...
Page 220: Configuring Bgp Route Dampening
Step Command Remarks • Specify the maximum number of prefixes that can be received from a peer or peer group: Use one of the commands. peer { group-name | No limit is configured by default. ip-address } route-limit prefix-number If the specified maximum number is [ percentage-value ] reached: •...
Page 221: Configuring Bgp Route Attributes
Step Command Remarks Optional. network ip-address [ mask | mask-length ] By default, an EBGP Configure a shortcut route. short-cut route received has a priority of 255. Configuring BGP route attributes Configuration prerequisites BGP connections must be created. Specifying a preferred value for routes received By default, routes received from a peer have a preferred value of 0.
Page 222: Configuring The Default Local Preference
Configuring the default local preference The local preference is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest local preference as the best route.
Page 223 Figure 86 Route selection based on MED As shown in Figure 86, Router D learns network 10.0.0.0 from both Router A and Router B. Because Router B has a smaller router ID, the route learned from it is optimal. Network NextHop LocPrf PrefVal Path/Ogn...
Page 224: Configuring The Next_Hop Attribute
Enabling the comparison of MED of routes from confederation peers The MED attributes of routes from confederation peers are not compared if their AS_PATH attributes contain AS numbers that do not belong to the confederation, such as these three routes: AS_PATH attributes of them are 65006 65009, 65007 65009, and 65008 65009;...
Page 225: Configuring The As_Path Attribute
If you have configured BGP load balancing on a BGP router, the router will set it as the next hop for routes sent to an IBGP peer or peer group. This is done regardless of whether the peer next-hop-local command is configured.
Page 226: Tuning And Optimizing Bgp Networks
Specifying a fake AS number for a peer or peer group When Router A in AS 2 is moved to AS 3, you can configure Router A to specify a fake AS number of 2 for created connections to EBGP peers or peer groups. In this way, these EBGP peers still think Router A is in AS 2 and need not change their configurations.
Page 227: Configuring The Bgp Keepalive Interval And Holdtime
Configuring the BGP keepalive interval and holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the connection. You can configure the keepalive interval and holdtime globally or for a specific peer or peer group.
Page 228: Configuring Bgp Soft-Reset
Step Command Remarks Optional. The intervals for sending the Configure the interval for sending the peer { group-name | ip-address } same update to an IBGP same update to a peer or peer group. route-update-interval interval peer and an EBGP peer default to 15 seconds and 30 seconds.
Page 229: Enabling The Bgp Orf Capability
Step Command Remarks Disable BGP route-refresh and peer { group-name | ip-address } multi-protocol extension capability for capability-advertise Enabled by default. a peer or peer group. conventional Save all routes from a peer or peer peer { group-name | ip-address } Not saved by default.
Page 230: Enabling 4-Byte As Number Suppression
Table 8 Description of the both, send, and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result • receive The ORF sending capability is enabled locally and the send • ORF receiving capability is enabled on the peer. both •...
Page 231: Enabling Quick Ebgp Session Reestablishment
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or Enter BGP-VPN instance view: Use either approach. BGP-VPN view. bgp as-number ipv4-family vpn-instance vpn-instance-name Set the DSCP value Optional. for the BGP packets peer { group-name | ip-address } dscp sent to the specified By default, the DSCP value in BGP dscp-value...
Page 232: Configuring Bgp Load Balancing
Configuring BGP load balancing If multiple paths to a destination exist, you can configure load balancing over such paths to improve link utilization. To configure BGP load balancing: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Optional.
Page 233 Configuring an IBGP peer group After you create an IBGP peer group and then add a peer into it, the system creates the peer in BGP view and specifies the local AS number for the peer. To configure an IBGP peer group: Step Command Enter system view.
Page 234: Configuring Bgp Community
Step Command Remarks Specify an AS number for a peer ip-address as-number peer. as-number The AS number can be either specified or not specified in the peer ip-address group command. If specified, the AS Add the peer into the group. group-name [ as-number number must be the same as that as-number ]...
Page 235: Configuring A Bgp Route Reflector
Step Command Remarks • Advertise the COMMUNITY attribute to a peer or peer group: peer { group-name | ip-address } advertise-community Advertise the COMMUNITY Not configured by attribute to a peer or peer group. • default. Advertise the extended community attribute to a peer or peer group: peer { group-name | ip-address } advertise-ext-community...
Page 236: Configuring Bgp Gr
If routers not compliant with RFC 3065 exist in the confederation, use the confederation nonstandard command to make the local router compatible with these routers. Configuring a BGP confederation After you split an AS into multiple sub ASs, you can configure a router in a sub AS as follows: Enable BGP and specify the AS number of the router.
Page 237: Enabling Trap
Step Command Remarks Enter system view. system-view Enable BGP and enter its view. bgp as-number Enable GR Capability for BGP. graceful-restart Disabled by default. Configure the maximum time Optional. graceful-restart timer restart allowed for the peer to timer 150 seconds by default. reestablish a BGP session.
Page 238: Displaying And Maintaining Bgp
After a link failure occurs, BFD may detect the failure before the system performs GR. As a result, GR will fail. If GR capability is enabled for BGP, use BFD with caution. If GR and BFD are both enabled, do not disable BFD during a GR process;...
Page 239: Resetting Bgp Connections
Task Command Remarks display bgp routing-table community-list Display routing information { { basic-community-list-number | comm-list-name } Available in matching a BGP community list. [ whole-match ] | adv-community-list-number } [ | any view { begin | exclude | include } regular-expression ] Display BGP dampened routing display bgp routing-table dampened [ | { begin | Available in...
Page 240: Clearing Bgp Information
Task Command Remarks Available in user Reset all IPv4 unicast BGP connections. reset bgp ipv4 all view Clearing BGP information Task Command Remarks Clear dampened BGP routing reset bgp dampening [ ip-address [ mask | Available in information and release suppressed mask-length ] ] user view routes.
Page 241 <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 3.3.3.3 as-number 65009 [SwitchB-bgp] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp] quit [SwitchB] ospf 1 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.1 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC>...
Page 242 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 [SwitchB-bgp] quit # Display BGP peer information on Switch B. [SwitchB] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 2 Peers in established state : 2 Peer MsgRcvd...
Page 243 Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 244: Bgp And Igp Synchronization Configuration Example
i 2.2.2.2/32 2.2.2.2 *>i 3.1.1.0/24 2.2.2.2 *>i 8.1.1.0/24 3.1.1.2 65008i * i 9.1.1.0/24 2.2.2.2 The output shows that the route 8.1.1.0 becomes valid with the next hop as Switch A. Verify the configuration: # Ping 8.1.1.1 on Switch C. [SwitchC] ping 8.1.1.1 PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms...
Page 245 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf 1 [SwitchC-ospf-1] import-route direct [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit Configure the EBGP connection: Configure the EBGP connection and inject network 8.1.1.0/24 to the BGP routing table of Switch A, so that Switch B can obtain the route to 8.1.1.0/24.
Page 246 *> 3.3.3.3/32 3.1.1.1 65009? *> 8.1.1.0/24 0.0.0.0 *> 9.1.2.0/24 3.1.1.1 65009? # Display the routing table on Switch C. [SwitchC] display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 2.2.2.2/32 OSPF 9.1.1.1 Vlan300 3.3.3.3/32 Direct 0...
Page 247: Bgp Load Balancing Configuration Example
BGP load balancing configuration example Network requirements As shown in Figure 91, all the switches run BGP. Switch A resides in AS 65008, Switch B and Switch C in AS 65009. Between Switch A and Switch B, Switch A and Switch C are EBGP connections, and between Switch B and Switch C is an IBGP connection.
Page 248 <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 [SwitchB-bgp] peer 3.3.3.3 as-number 65009 [SwitchB-bgp] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp] network 9.1.1.0 255.255.255.0 [SwitchB-bgp] quit [SwitchB] ip route-static 3.3.3.3 32 9.1.1.2 # Configure Switch C. <SwitchC>...
Page 249: Bgp Community Configuration Example
# Display the BGP routing table on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Page 250 [SwitchA-bgp] peer 200.1.2.2 as-number 20 [SwitchA-bgp] network 9.1.1.0 255.255.255.0 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 30 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 200.1.3.1 as-number 20...
Page 251: Bgp Route Reflector Configuration Example
# Configure a routing policy. [SwitchA] route-policy comm_policy permit node 0 [SwitchA-route-policy] apply community no-export [SwitchA-route-policy] quit # Apply the routing policy. [SwitchA] bgp 10 [SwitchA-bgp] peer 200.1.2.2 route-policy comm_policy export [SwitchA-bgp] peer 200.1.2.2 advertise-community # Display the routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20...
Page 252 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure BGP connections: # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B.
Page 253: Bgp Confederation Configuration Example
h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 1.0.0.0 192.1.1.1 100i # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.1...
Page 254 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure BGP confederation: # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 65001 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] confederation id 200 [SwitchA-bgp] confederation peer-as 65002 65003 [SwitchA-bgp] peer 10.1.1.2 as-number 65002 [SwitchA-bgp] peer 10.1.1.2 next-hop-local [SwitchA-bgp] peer 10.1.2.2 as-number 65003 [SwitchA-bgp] peer 10.1.2.2 next-hop-local [SwitchA-bgp] quit...
Page 255 # Configure Switch E. <SwitchE> system-view [SwitchE] bgp 65001 [SwitchE-bgp] router-id 5.5.5.5 [SwitchE-bgp] confederation id 200 [SwitchE-bgp] peer 10.1.4.1 as-number 65001 [SwitchE-bgp] peer 10.1.5.1 as-number 65001 [SwitchE-bgp] quit Configure the EBGP connection between AS 100 and AS 200: # Configure Switch A. [SwitchA] bgp 65001 [SwitchA-bgp] peer 200.1.1.2 as-number 100 [SwitchA-bgp] quit...
Page 256: Bgp Path Selection Configuration Example
Not advertised to any peers yet # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 257 Figure 95 Network diagram AS 200 Vlan-int100 Vlan-int300 AS 100 Switch B Vlan-int101 Vlan-int300 Vlan-int100 Vlan-int400 Vlan-int200 Switch D Vlan-int400 Switch A Vlan-int200 Switch C Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24...
Page 258 # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table on Switch A. [SwitchA-bgp] network 1.0.0.0 8 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 200 [SwitchB-bgp] peer 192.1.1.1 as-number 100 [SwitchB-bgp] peer 194.1.1.1 as-number 200...
Page 259 # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Page 260: Bgp Gr Configuration Example
BGP GR configuration example Network requirements All switches run BGP in Figure 96. Between Switch A and Switch B is an EBGP connection. Switch B and Switch C are connected over an IBGP connection. Enable GR capability for BGP so that the communication between Switch A and Switch C is not affected when a master/slave switchover occurs on Switch B.
Page 261: Bfd For Bgp Configuration Example
# Configure the IBGP connection. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 9.1.1.1 as-number 65009 # Enable GR capability for BGP. [SwitchC-bgp] graceful-restart Verify the configuration: Ping Switch C on Switch A. Meanwhile, perform a master/slave switchover on Switch B. The ping operation is successful during the whole switchover process.
Page 262 Configure OSPF in AS 200 to make sure Switch A and Switch C can reach each other and configure Switch A to redistribute BGP routes. (Details not shown.) Configure BGP on Switch A: # Establish two IBGP connections between Switch A and Switch C, and configure Switch A to advertise itself as the next hop.
Page 263 [SwitchC] bgp 100 [SwitchC-bgp] peer 3.0.1.1 as-number 200 [SwitchC-bgp] peer 2.0.1.1 as-number 200 # Configure BFD over the link to peer 3.0.1.1 so that when the link Switch A<—>Switch B<—>Switch C fails, BFD can quickly detect the failure and notify it to BGP, and then the link Switch A<—>Switch D<—>Switch C takes effect immediately.
Page 264 IP Session Working Under Ctrl Mode: Local Discr: 17 Remote Discr: 13 Source IP: 3.0.2.2 Destination IP: 3.0.1.1 Session State: Up Interface: Vlan-interface101 Min Trans Inter: 500ms Act Trans Inter: 500ms Min Recv Inter: 500ms Act Detect Inter: 3000ms Running Up for: 00:00:06 Auth mode: None Connect Type: Indirect Board Num: 0...
Page 265 State: Invalid GotQ Age: 00h08m54s Tag: 0 Destination: 1.1.1.0/24 Protocol: O_ASE Process ID: 1 Preference: 150 Cost: 1 IpPrecedence: QosLcId: NextHop: 3.0.2.1 Interface: Vlan-interface101 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Inactive Adv Age: 00h14m10s...
Page 266: Troubleshooting Bgp
Troubleshooting BGP BGP peer relationship not established Symptom Display BGP peer information by using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers must establish a TCP session using port 179 and exchange Open messages successfully.
Page 267: Configuring Ipv6 Static Routing
Configuring IPv6 static routing Hardware compatibility The A5500 SI Switch Series does not support VPN-related parameters. Overview Static routes are manually configured. They work well in simple networks. Proper configuration and use can improve network performance and ensure enough bandwidth for important applications. Static routes cannot adapt to network topology changes.
Page 268: Displaying And Maintaining Ipv6 Static Routes
Step Command Remarks • Approach 1: ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference Use either approach. preference-value ] The default Configure an IPv6 static route. • Approach 2: preference of IPv6 ipv6 route-static vpn-instance static routes is 60.
Page 269: Configuration Procedure
Figure 98 Network diagram Configuration procedure Configure the IPv6 addresses for all VLAN interfaces. (Details not shown.) Configure IPv6 static routes: # Enable IPv6 and configure a default IPv6 static route on Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ipv6 route-static :: 0 4::2 # Enable IPv6 and configure two IPv6 static routes on Switch B.
Page 270 Destination : 1::/64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command.
Page 271: Configuring Ripng
Configuring RIPng Hardware compatibility The A5500 SI Switch Series does not support VPN-related parameters. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. The term "router" in this chapter refers to both routers and Layer 3 switches. RIPng for IPv6 has the following basic differences from RIP: •...
Page 272: Ripng Packet Format
RIPng packet format Basic format A RIPng packet consists of a header and multiple route table entries (RTEs). The maximum number of RTEs in a packet depends on the IPv6 MTU of the sending interface. Figure 99 RIPng basic packet format Command Version Must be zero...
Page 273: Ripng Packet Processing Procedure
RIPng packet processing procedure Request packet When a RIPng router first starts or needs to update entries in its routing table, usually a multicast request packet is sent to ask for needed routes from neighbors. The receiving RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages.
Page 274: Configuring Ripng Basic Functions
Configuring RIPng basic functions This section presents the information to configure the basic RIPng features. You must enable RIPng first before configuring other tasks, but it is not necessary for RIPng-related interface configurations, such as assigning an IPv6 address. Before you configure RIPng basic functions, complete the following tasks: Enable IPv6 packet forwarding.
Page 275: Configuring Ripng Route Summarization
Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Optional. Specify an inbound routing ripng metricin value additional metric. 0 by default. Optional. Specify an outbound ripng metricout value routing additional metric. 1 by default. Configuring RIPng route summarization Step Command Enter system view.
Page 276: Configuring A Priority For Ripng
Step Command Remarks filter-policy { acl6-number | Configure a filter policy to By default, RIPng does not filter ipv6-prefix ipv6-prefix-name } filter outgoing routes. outgoing routing information. export [ protocol [ process-id ] ] Configuring a priority for RIPng Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority for RIPng manually.
Page 277: Configuring Ripng Timers
Configuring split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors. HP recommends enabling split horizon to prevent routing loops. To configure split horizon:...
Page 278: Configuring Zero Field Check On Ripng Packets
Step Command Remarks Enable the poison reverse ripng poison-reverse Disabled by default. function. Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called "zero fields". With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded. If you are sure that all packets are trustworthy, disable the zero field check to reduce the CPU processing time.
Page 279: Configuration Prerequisites
Configuration prerequisites Before you apply an IPsec policy for RIPng, complete following tasks: Create an IPsec proposal. • Create an IPsec policy. • For more information about IPsec policy configuration, see Security Configuration Guide. Configuration guidelines An IPsec policy used for RIPng can only be in manual mode. For more information, see Security Configuration Guide.
Page 280: Ripng Configuration Examples
Task Command Remarks display ripng process-id interface Display RIPng interface [ interface-type interface-number ] Available in any view information. [ | { begin | exclude | include } regular-expression ] Reset a RIPng process. reset ripng process-id process Available in user view Clear statistics of a RIPng process.
Page 281 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 500 [SwitchC-Vlan-interface500] ripng 1 enable [SwitchC-Vlan-interface500] quit [SwitchC] interface vlan-interface 600 [SwitchC-Vlan-interface600] ripng 1 enable [SwitchC-Vlan-interface600] quit # Display the routing table on Switch B.
Page 282: Configuring Ripng Route Redistribution
# Configure Switch B to filter incoming and outgoing route. [SwitchB] acl ipv6 number 2000 [SwitchB-acl6-basic-2000] rule deny source 3::/64 [SwitchB-acl6-basic-2000] rule permit [SwitchB-acl6-basic-2000] quit [SwitchB] ripng 1 [SwitchB-ripng-1] filter-policy 2000 import [SwitchB-ripng-1] filter-policy 2000 export # Display routing tables of Switch B and Switch A. [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ----------------------------------------------------------------...
Page 283 Figure 103 Network diagram Configuration procedure Configure IPv6 addresses for the interfaces. (Details not shown.) Configure RIPng basic functions: # Enable RIPng 100 on Switch A. <SwitchA> system-view [SwitchA] ripng 100 [SwitchA-ripng-100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 100 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ripng 100 enable...
Page 284 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : Direct NextHop : 1::1 Preference: 0 Interface : Vlan100 Cost Destination: 1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2::/64 Protocol...
Page 285: Configuring Ripng Ipsec Policies
Interface : InLoop0 Cost Destination: 2::/64 Protocol : Direct NextHop : 2::1 Preference: 0 Interface : Vlan200 Cost Destination: 2::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 4::/64 Protocol : RIPng NextHop : FE80::200:BFF:FE01:1C02 Preference: 100 Interface : Vlan100...
Page 286 [SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable [SwitchC-Vlan-interface200] quit Configure RIPng IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...
Page 287 algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg. [SwitchC] ipsec proposal tran1 [SwitchC-ipsec-proposal-tran1] encapsulation-mode transport [SwitchC-ipsec-proposal-tran1] transform esp...
Page 288: Configuring Ospfv3
Configuring OSPFv3 Hardware compatibility The A5500 SI Switch Series does not support OSPFv3. Introduction to OSPFv3 OSPFv3 overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6). The term "router" in this chapter refers to both routers and Layer 3 switches. OSPFv3 and OSPFv2 have the following similarities: •...
Page 289: Ospfv3 Lsa Types
Instance ID—Instance ID for a link. • • 0—Reserved. It must be 0. OSPFv3 LSA types OSPFv3 sends routing information in LSAs, which, as defined in RFC 2740, have the following types: • Router-LSA—Originated by all routers. This LSA describes the collected states of the router's interfaces to an area, and is flooded throughout a single area only.
Page 290: Ospfv3 Features Supported
LSA delay time Each LSA has an age in the local LSDB (incremented by one per second), but an LSA does not age on transmission. You must add an LSA delay time into the age time before transmission, which is important for low-speed networks.
Page 291: Enabling Ospfv3
Task Remarks Configuring a priority for OSPFv3 Optional Configuring OSPFv3 route redistribution Optional Configuring OSPFv3 timers Optional Configuring a DR priority for an interface Optional Tuning and optimizing OSPFv3 Ignoring MTU check for DD packets Optional networks Disabling interfaces from receiving and sending Optional OSPFv3 packets Enabling the logging of neighbor state changes...
Page 292: Configuring Ospfv3 Area Parameters
Step Command Remarks Enable an OSPFv3 process on ospfv3 process-id area area-id Not enabled by default. the interface. [ instance instance-id ] Configuring OSPFv3 area parameters The stub area and virtual link features of OSPFv3 are the same as OSPFv2. Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications.
Page 293: Configuring An Ospfv3 Virtual Link
Configuring an OSPFv3 virtual link You can configure a virtual link to maintain connectivity between a non-backbone area and the backbone, or in the backbone itself. IMPORTANT: Both ends of a virtual link are ABRs that must be configured with the vlink-peer command. •...
Page 294: Configuring An Nbma Or P2Mp Neighbor
Step Command Remarks interface interface-type Enter interface view. interface-number Optional. ospfv3 network-type { broadcast | Configure a network type for The network type of an interface nbma | p2mp [ non-broadcast ] | the OSPFv3 interface. depends on the media type of the p2p } [ instance instance-id ] interface.
Page 295: Configuring Ospfv3 Inbound Route Filtering
Step Command Remarks Not configured by default. abr-summary ipv6-address Configure a summary route. The abr-summary command takes prefix-length [ not-advertise ] effect on ABRs only. Configuring OSPFv3 inbound route filtering According to some rules, you can configure OSPFv3 to filter routes that are computed from received LSAs.
Page 296: Configuring The Maximum Number Of Ospfv3 Ecmp Routes
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Optional. Configure a bandwidth bandwidth-reference value reference value. 100 Mbps by default. Configuring the maximum number of OSPFv3 ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command...
Page 297: Tuning And Optimizing Ospfv3 Networks
Using the filter-policy export command filters routes redistributed with the import-route command. • If the import-route command is not configured, executing the filter-policy export command does not take effect. To configure OSPFv3 route redistribution: Step Command Remarks Enter system view. system-view Enter OSPFv3 view.
Page 298: Configuring A Dr Priority For An Interface
Step Command Remarks interface interface-type Enter interface view. interface-number Optional. ospfv3 timer hello seconds By default, the hello interval on Configure the hello interval. [ instance instance-id ] P2P, broadcast interfaces is 10 seconds. Optional. ospfv3 timer poll seconds Specify the poll interval. By default, the poll interval is 120 [ instance instance-id ] seconds.
Page 299: Ignoring Mtu Check For Dd Packets
Step Command Remarks Optional. By default, the DR priority is 1. The DR priority of an interface ospfv3 dr-priority priority [ instance Configure a DR priority. determines the interface’s instance-id ] qualification in DR election. Interfaces having the priority 0 cannot become a DR or BDR.
Page 300: Configuring Ospfv3 Gr
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Enable the logging of log-peer-change Enabled by default. neighbor state changes. Configuring OSPFv3 GR IMPORTANT: You cannot configure OSPFv3 GR after configuring OSPFv3 virtual links, because they are not supported at the same time.
Page 301: Configuring Bfd For Ospfv3
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Optional. Enable the GR Helper graceful-restart helper enable capability. Enabled by default. Optional. Enable strict LSA graceful-restart helper checking. strict-lsa-checking Disabled by default. Configuring BFD for OSPFv3 Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.
Page 302 To implement area-based IPsec protection, you need to configure the same IPsec policy on the • routers in the target area. To implement interface-based IPsec protection, you need to configure the same IPsec policy on the • interfaces between two neighboring routers. To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the •...
Page 303: Displaying And Maintaining Ospfv3
Step Command Remarks vlink-peer router-id [ hello seconds | Apply an IPsec policy on a retransmit seconds | trans-delay seconds Not configured by default. virtual link. | dead seconds | instance instance-id | ipsec-policy policy-name ] * Displaying and maintaining OSPFv3 Task Command Remarks...
Page 304: Ospfv3 Configuration Examples
Task Command Remarks display ospfv3 statistics [ | { begin | exclude | include } Available in Display OSPFv3 statistics. regular-expression ] any view Display the GR status of the display ospfv3 [ process-id ] graceful-restart status [ | Available in specified OSPFv3 process.
Page 305 [SwitchB] ipv6 [SwitchB] ospfv3 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ospfv3 1 area 0 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 [SwitchC-ospfv3-1] router-id 3.3.3.3 [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100...
Page 306 2.2.2.2 Full/Backup 00:00:39 Vlan100 OSPFv3 Area ID 0.0.0.2 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 4.4.4.4 Full/DR 00:00:38 Vlan400 # Display OSPFv3 routing table information on Switch D. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route,...
Page 307: Configuring Ospfv3 Dr Election
*Destination: ::/0 Type : IA Cost : 11 NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64...
Page 308 Figure 107 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 309 [SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. The switches have the same default DR priority 1. Then, Switch D (the switch with the highest Router ID) is elected as the DR, and Switch C is the BDR. [SwitchA] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ----------------------------------------------------------------------...
Page 310: Configuring Ospfv3 Route Redistribution
OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 1.1.1.1 Full/DROther 00:00:33 Vlan100 2.2.2.2 Full/DROther 00:00:36 Vlan200 3.3.3.3 Full/Backup 00:00:40 Vlan100 Restart DR and BDR election: # Use the shutdown and undo shutdown commands on interfaces to restart DR and BDR election. (Details not shown.) # Display neighbor information on Switch A.
Page 311 Figure 108 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Enable OSPFv3 process 1 on Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 2 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200...
Page 312 [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] ospfv3 2 area 2 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ospfv3 2 area 2 [SwitchC-Vlan-interface400] quit # Display the routing table of Switch C. [SwitchC] display ipv6 routing-table Routing Table : Destinations : 6 Routes : 6 Destination: ::1/128 Protocol...
Page 313: Configuring Ospfv3 Gr
NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : Vlan300 Cost Destination: 2::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : Vlan300 Cost Destination: 3::/64 Protocol : Direct NextHop : 3::2...
Page 314 Figure 109 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # On Switch A, enable OSPFv3 process 1, enable GR, and set the router ID to 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] graceful-restart enable [SwitchA-ospfv3-1] quit...
Page 315: Configuring Bfd For Ospfv3
After all switches function properly, perform a master/slave switchover on Switch A to trigger an OSPFv3 GR operation. Configuring BFD for OSPFv3 Network requirements Figure 1 10, configure OSPFv3 on Switch A, Switch B and Switch C and configure BFD over the link Switch A<—>L2 Switch<—>Switch B.
Page 316 [SwitchB] ospfv3 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ospfv3 1 area 0 [SwitchB-Vlan-interface10] quit [SwitchB] interface vlan-interface 13 [SwitchB-Vlan-interface13] ospfv3 1 area 0 [SwitchB-Vlan-interface13] quit # Configure Switch C. Enable OSPFv3 and configure the router ID as 3.3.3.3. <SwitchC>...
Page 317: Configuring Ospfv3 Ipsec Policies
Destination IP: FE80::20F:FF:FE00:1200 (link-local address of VLAN-interface 10 on Switch B) Session State: Up Interface: Vlan10 Hold Time: # Display routes destined for 2001:4::0/64 on Switch A. <SwitchA> display ipv6 routing-table 2001:4::0 64 verbose Routing Table : Summary Count : 1 Destination : 2001:4:: PrefixLength : 64...
Page 318 Figure 111 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Configure Switch A: enable OSPFv3 and configure the router ID as 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ospfv3 1 area 1...
Page 319 Configure OSPFv3 IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg.
Page 320 [SwitchB-ipsec-policy-manual-policy002-10] proposal tran2 [SwitchB-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321 [SwitchB-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321 [SwitchB-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba [SwitchB-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba [SwitchB-ipsec-policy-manual-policy002-10] quit # On Switch C, create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...
Page 321: Troubleshooting Ospfv3 Configuration
OSPFv3 packets between Switches A, B, and C are protected by IPsec. Troubleshooting OSPFv3 configuration No OSPFv3 neighbor relationship established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower protocol function properly, verify OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask, and network type.
Page 322: Configuring Ipv6 Is-Is
Configuring IPv6 IS-IS This chapter describes how to configure IPv6 IS-IS, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information. For information about IS-IS, see "Configuring IS-IS." The term "router" in this chapter refers to both routers and Layer 3 switches. Hardware compatibility The A5500 SI Switch Series does not support IPv6 IS-IS.
Page 323: Configuring Ipv6 Is-Is Routing Information Control
Step Command Remarks Return to system view. quit interface interface-type Enter interface view. interface-number Enable IPv6 for an IS-IS isis ipv6 enable [ process-id ] Disabled by default. process on the interface. Configuring IPv6 IS-IS routing information control Complete the IPv6 IS-IS basic function configuration before configuring this task. For information about ACL, see ACL and QoS Configuration Guide.
Page 324: Configuring Bfd For Ipv6 Is-Is
Step Command Remarks Specify the maximum Optional. number of equal-cost load ipv6 maximum load-balancing number 8 by default. balanced routes. NOTE: The ipv6 filter-policy export command is usually combined with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement.
Page 325: Configuration Prerequisites
Figure 112 Network diagram Figure 1 12, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6. Router C supports only IPv4 and cannot forward IPv6 packets. Enable IPv6 IS-IS MTR on Router A, Router B, Router C, and Router D to make them perform route calculation separately in IPv4 and IPv6 topologies.
Page 326: Ipv6 Is-Is Configuration Examples
Task Command Remarks display isis interface [ statistics | [ interface-type interface-number ] Display IS-IS enabled interface [ verbose ] ] [ process-id | vpn-instance Available in any view information. vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ [ lsp-id lsp-id | lsp-name lspname | Display LSDB information.
Page 327 Figure 113 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure IPv6 IS-IS: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] ipv6 enable [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis ipv6 enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 328 [SwitchC-Vlan-interface100] isis ipv6 enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis ipv6 enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ipv6 [SwitchD] isis 1 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] network-entity 20.0000.0000.0004.00 [SwitchD-isis-1] ipv6 enable...
Page 329 # Display the IPv6 IS-IS routing table on Switch B. [SwitchB] display isis route ipv6 Route information for ISIS(1) ----------------------------- ISIS(1) IPv6 Level-1 Forwarding Table ------------------------------------- Destination: :: PrefixLen: 0 Flag : R/-/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4 Interface: Vlan200 Destination: 2001:1:: PrefixLen: 64...
Page 330 ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan100 Destination: 2001:2:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan200 Destination: 2001:3:: PrefixLen: 64 Flag : D/L/-...
Page 331: Bfd For Ipv6 Is-Is Configuration Example
BFD for IPv6 IS-IS configuration example Network requirements As shown in Figure 1 14, configure IPv6 IS-IS on Switch A, Switch B, and Switch C and configure BFD over the link Switch A<—>L2 Switch<—>Switch B. After the link between Switch B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure.
Page 332 [SwitchB-isis-1] is-level level-1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] ipv6 enable [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] isis ipv6 enable 1 [SwitchB-Vlan-interface10] quit [SwitchB] interface vlan-interface 13 [SwitchB-Vlan-interface13] isis ipv6 enable 1 [SwitchB-Vlan-interface13] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] ipv6 enable...
Page 333: Ipv6 Is-Is Mtr Configuration Example
Source IP: FE80::20F:FF:FE00:1202 (link-local address of VLAN-interface 10 on Switch A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of VLAN-interface 10 on Switch B) Session State: Up Interface: Vlan10 Hold Time: # Display routes destined for 2001:4::0/64 on Switch A. <SwitchA> display ipv6 routing-table 2001:4::0 64 verbose Routing Table : Summary Count : 1 Destination...
Page 334 Figure 115 Network diagram Switch A Switch B Vlan-int12 Vlan-int12 12::1/64 12::2/64 Vlan-int14 Vlan-int11 14::1/64 11.1.1.1/24 Vlan-int14 Vlan-int11 14::2/64 11.1.1.2/24 Vlan-int13 Vlan-int13 Loop0 22.1.1.1/24 22.1.1.2/24 44::1/128 Switch C Switch D Configuration procedure Configure IPv4 and IPv6 addresses and subnet masks for interfaces on the switches. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch B, Switch C, and Switch D can communicate with each other at Layer 3 and dynamic route update can be implemented among...
Page 335 Next Hop : Direct Interface: Vlan12 Destination: 44::1 PrefixLen: 128 Flag : R/L/- Cost : 36 Next Hop : FE80::200:5EFF:FE00:F11 Interface: Vlan14 Destination: 14:: PrefixLen: 64 Flag : D/L/- Cost : 36 Next Hop : Direct Interface: Vlan14 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 12::...
Page 336: Configuring Ipv6 Bgp
Configuring IPv6 BGP This chapter describes only configuration for IPv6 BGP. For BGP related information, see "Configuring BGP." The term "router" in this chapter refers to both routers and Layer 3 switches. Hardware compatibility The A5500 SI Switch Series does not support IPv6 BGP. IPv6 BGP overview BGP-4 was designed to carry only IPv4 routing information, so other network layer protocols such as IPv6 are not supported.
Page 337 Task Remarks Injecting a local IPv6 route Optional Configuring a preferred value for routes from a Optional peer or peer group Specifying the source interface for establishing TCP Optional connections Allowing the establishment of an indirect EBGP Optional connection Configuring a description for an IPv6 peer or peer Optional group Disabling session establishment to an IPv6 peer or...
Page 338: Configuring Ipv6 Bgp Basic Functions
Task Remarks Configuring BFD for IPv6 BGP Optional Configuring IPv6 BGP basic functions Configuration prerequisites Before you configure IPv6 BGP basic functions, complete the following tasks: Specify IP addresses for interfaces. • Enable IPv6 with the ipv6 command in system view. •...
Page 339: Configuring A Preferred Value For Routes From A Peer Or Peer Group
TCP connections, causing network oscillation. To enhance stability of IPv6 BGP connections, HP recommends using a loopback interface as the source interface. To establish a BGP connection, specify on the local router the source interface for establishing the TCP connection to the peer on the peering BGP router.
Page 340: Allowing The Establishment Of An Indirect Ebgp Connection
Step Command Remarks By default, IPv6 BGP uses the Specify the source interface peer { ipv6-group-name | outbound interface of the best for establishing TCP ipv6-address } connect-interface route to the IPv6 BGP peer or peer connections to an IPv6 BGP interface-type interface-number group as the source interface for peer or peer group.
Page 341: Logging Ipv6 Peer Or Peer Group State Changes
Step Command Remarks Enter IPv6 address family view. ipv6-family Optional. Disable session establishment to an peer { ipv6-group-name | IPv6 peer or peer group. ipv6-address } ignore Not disabled by default. Logging IPv6 peer or peer group state changes Step Command Remarks Enter system view.
Page 342: Configuring Ipv6 Bgp Route Summarization
Step Command Remarks Optional. Not enabled by default. If the default-route imported Enable default route redistribution into default-route imported command is not configured, the IPv6 BGP routing table. using the import-route command cannot redistribute any IGP default route. import-route protocol Enable route redistribution from [ process-id [ med med-value Not enabled by default.
Page 343: Configuring Outbound Route Filtering
Step Command Remarks Not advertised by default. With the peer default-route-advertise command executed, the Advertise a default route to peer { ipv6-group-name | ipv6-address } local router advertises a an IPv6 peer or peer default-route-advertise [ route-policy default route with itself as group.
Page 344: Configuring Ipv6 Bgp And Igp Route Synchronization
To configure inbound route filtering: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. filter-policy { acl6-number | Configure inbound route ipv6-prefix ipv6-prefix-name } Not configured by default. filtering. import Apply a routing policy to peer { ipv6-group-name | routes from an IPv6 peer or ipv6-address } route-policy...
Page 345: Configuring Route Dampening
Configuring route dampening Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Optional. dampening [ half-life-reachable Configure IPv6 BGP route half-life-unreachable reuse suppress ceiling | Not configured by dampening parameters. route-policy route-policy-name ]* default.
Page 346: Configuring The Med Attribute
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Optional. preference { external-preference Configure preference values internal-preference The default preference values of for IPv6 BGP external, local-preference | route-policy external, internal, and local routes are internal, and local routes.
Page 347: Tuning And Optimizing Ipv6 Bgp Networks
Step Command Remarks Enter IPv6 address family ipv6-family view. Allow the local AS number to peer { ipv6-group-name | Optional. appear in AS_PATH of routes ipv6-address } allow-as-loop from a peer or peer group Not allowed by default. [ number ] and specify the repeat times.
Page 348: Configuration Prerequisites
Configuration prerequisites Before you configure IPv6 BGP timers, complete the following tasks: Enable IPv6. • Configure IPv6 BGP basic functions. • Configuring IPv6 BGP timers Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family view. ipv6-family Optional.
Page 349: Enabling The Ipv6 Bgp Orf Capability
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Optional. Not saved by default. If the peer keep-all-routes command is used, all routes Save all routes from an IPv6 from the peer or peer group peer or peer group, not letting peer { ipv6-group-name | ipv6-address } are saved regardless of...
Page 350: Enabling 4-Byte As Number Suppression
Step Command Remarks Optional. Enable the non-standard ORF peer { group-name | By default, standard BGP ORF capability for a BGP peer or ipv6-address } capability-advertise capability defined in RFC 5291 peer group. orf non-standard and RFC 5292 is supported. peer { group-name | ip-address | Enable the ORF IP prefix ipv6-address } capability-advertise...
Page 351: Setting The Dscp Value For Ipv6 Bgp Packets
Setting the DSCP value for IPv6 BGP packets An IPv6 packet header contains an 8-bit Traffic class field. This field identifies the service type of IPv6 packets. As defined in RFC 2474, the first six bits set the Differentiated Services Code Point (DSCP) value and the last two bits are reserved.
Page 352: Applying An Ipsec Policy To An Ipv6 Bgp Peer Or Peer Group
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Enable MD5 authentication peer { ipv6-group-name | when establishing a TCP ipv6-address } password { cipher | Not enabled by default. connection to the peer or peer simple } password group.
Page 353: Configuring A Large-Scale Ipv6 Bgp Network
Configuring a large-scale IPv6 BGP network In a large-scale IPv6 BGP network, configuration and maintenance become inconvenient because of too many peers. Configuring peer groups makes management easier and improves route distribution efficiency. Peer group includes IBGP peer group, where peers belong to the same AS, and EBGP peer group, where peers belong to different ASs.
Page 354: Configuring Ipv6 Bgp Community
Step Command Remarks Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Create an EBGP peer group. group ipv6-group-name external Configure the AS number for peer ipv6-group-name as-number Not configured by default. the peer group. as-number Add an IPv6 peer into the peer ipv6-address group Not added by default.
Page 355: Configuring An Ipv6 Bgp Route Reflector
Follow these guidelines when you configure an IPv6 BGP route reflector: Because the route reflector forwards routing information between clients, you must make clients of a route reflector fully meshed. If clients are fully meshed, HP recommends disabling route reflection between clients to reduce routing costs.
Page 356: Configuring Bfd For Ipv6 Bgp
Configuring BFD for IPv6 BGP IPv6 BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds. IPv6 BGP defines that the holdtime interval must be at least three times the keepalive interval. This mechanism makes the detection of a link failure rather slow and thus causes a large quantity of packets to be dropped especially when the failed link is a high-speed link.
Page 357: Resetting Ipv6 Bgp Connections
Task Command Remarks Display the prefix entries in the display bgp ipv6 peer { ip-address | ipv6-address } Available in ORF information of the specified received ipv6-prefix [ | { begin | exclude | include } any view BGP peer. regular-expression ] display bgp ipv6 routing-table [ ipv6-address Display IPv6 BGP routing table...
Page 358: Clearing Ipv6 Bgp Information
Task Command Remarks Reset IPv6 BGP reset bgp ipv6 { as-number | ipv4-address | ipv6-address | all | Available in connections. external | group group-name | internal } user view Clearing IPv6 BGP information Task Command Remarks Clear dampened IPv6 BGP routing reset bgp ipv6 dampening [ ipv6-address Available in information and release suppressed...
Page 359 [SwitchB] ipv6 [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] peer 9:3::1 as-number 65009 [SwitchC-bgp-af-ipv6] peer 9:2::2 as-number 65009 [SwitchC-bgp-af-ipv6] quit...
Page 360: Ipv6 Bgp Route Reflector Configuration Example
BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 3 Peers in established state : 3 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10::2 65008 0 00:01:16 Established 9:3::2 65009 0 00:00:40 Established 9:1::2 65009 0 00:00:19 Established...
Page 361: Ipv6 Bgp Ipsec Policy Configuration Example
Configure IPv6 BGP basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 100::2 as-number 200 [SwitchA-bgp-af-ipv6] network 1:: 64 #Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 100::1 as-number 100...
Page 362 Configure IPv6 BGP on the switches. Switches A and B establish an IBGP relationship. Switches B • and C establish an EBGP relationship. Configure IPsec policies on the switches to authenticate and encrypt protocol packets. • Figure 118 Network diagram Configuration procedure Configure IP addresses for interfaces.
Page 363 [SwitchC-bgp-af-ipv6] quit [SwitchC-bgp] quit # Configure Switch B. [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] group ebgp external [SwitchB-bgp-af-ipv6] peer 3::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 3::2 group ebgp [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit Configure IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...
Page 364 [SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] quit [SwitchB] ipsec proposal tran2 [SwitchB-ipsec-proposal-tran2] encapsulation-mode transport [SwitchB-ipsec-proposal-tran2] transform esp [SwitchB-ipsec-proposal-tran2] esp encryption-algorithm des [SwitchB-ipsec-proposal-tran2] esp authentication-algorithm sha1 [SwitchB-ipsec-proposal-tran2] quit [SwitchB] ipsec policy policy002 10 manual...
Page 365 [SwitchB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit Apply IPsec policies to EBGP peers: # Configure Switch C. [SwitchC] bgp 65009 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] peer ebgp ipsec-policy policy002 [SwitchC-bgp-af-ipv6] quit [SwitchC-bgp] quit # Configure Switch B. [SwitchB] bgp 65008 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer ebgp ipsec-policy policy002 [SwitchB-bgp-af-ipv6] quit...
Page 366: Configuring Bfd For Ipv6 Bgp
Routing policy configured: No routing policy is configured BGP Peer is 3::2, remote AS 65009, Type: EBGP link BGP version 4, remote router ID 3.3.3.3 BGP current state: Established, Up for 00h01m51s BGP current event: RecvKeepalive BGP last state: OpenConfirm Port: Local –...
Page 367 Figure 119 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 3000::1/64 Switch C Vlan-int101 3001::3/64 Vlan-int200 2000::1/64 Vlan-int201 2001::3/64 Switch B Vlan-int100 3000::2/64 Switch D Vlan-int200 2000::2/64 Vlan-int101 3001::2/64 Vlan-int201 2001::2/64 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPFv3 to make sure that Switch A and Switch C are reachable to each other.
Page 368 [SwitchA] route-policy apply_med_50 permit node 10 [SwitchA-route-policy] if-match ipv6 address acl 2000 [SwitchA-route-policy] apply cost 50 [SwitchA-route-policy] quit [SwitchA] route-policy apply_med_100 permit node 10 [SwitchA-route-policy] if-match ipv6 address acl 2000 [SwitchA-route-policy] apply cost 100 [SwitchA-route-policy] quit Apply routing policy apply_med_50 to routes outgoing to peer 3001::3, and apply routing policy apply_med_100 to routes outgoing to peer 2001::3.
Page 369 Configure the minimum interval for transmitting BFD control packets as 500 milliseconds. [SwitchC-Vlan-interface101] bfd min-transmit-interval 500 Configure the minimum interval for receiving BFD control packets as 500 milliseconds. [SwitchC-Vlan-interface101] bfd min-receive-interval 500 Configure the detect multiplier as 7. [SwitchC-Vlan-interface101] bfd detect-multiplier 7 [SwitchC-Vlan-interface101] return Verify the configuration: # Display detailed BFD session information.
Page 370: Troubleshooting Ipv6 Bgp Configuration
Neighbor : 3000::1 ProcessID Interface : Vlan-interface101 Protocol : BGP4+ State : Active Adv Cost : 50 Tunnel ID : 0x0 Label : NULL : 4538sec Destination : 1200:: PrefixLength : 64 NextHop : 2000::1 Preference : 255 RelayNextHop : 2001::2 : 0H Neighbor : 2000::1...
Page 371 Processing steps Use the display current-configuration configuration bgp command to verify that the peer’s AS number is correct. Use the display bgp ipv6 peer command to verify that the peer's IPv6 address is correct. If a loopback interface is used, verify that the loopback interface is specified with the peer connect-interface command.
Page 372: Configuring Routing Policies
Configuring routing policies Hardware compatibility The A5500 SI Switch Series does not support OSPF, BGP, IS-IS, OSPFv3, IPv6 BGP, IPv6 IS-IS, or FRR. Introduction to routing policy Routing policies are used to receive, advertise, and redistribute only specific routes and modify the attributes of some routes.
Page 373 An IP prefix list is configured to match the destination address of routing information. You can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, see "Configuring RIP" and "Configuring OSPF." An IP prefix list, identified by name, can comprise multiple items.
Page 374: Defining Filters
Defining filters Configuration prerequisites Before you configure this task, you must determine IP-prefix list name, matching address range, and extcommunity list sequence number. Defining an IP prefix list Defining an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number.
Page 375: Defining An As Path List
Step Command Remarks ip ipv6-prefix ipv6-prefix-name [ index index-number ] Define an IPv6 { deny | permit } ipv6-address prefix-length Not defined by default. prefix list. [ greater-equal min-prefix-length ] [ less-equal max-prefix-length ] If all items are set to the deny mode, no routes can pass the IPv6 prefix list. You must define the permit :: 0 less-equal 128 item following multiple deny items to allow other IPv6 routing information to pass.
Page 376: Defining An Extended Community List
Defining an extended community list You can define multiple items for an extended community list that is identified by number. During matching, the relation between items is logic OR. If routing information matches one of these items, it passes the extended community list. To define an extended community list: Step Command...
Page 377: Defining If-Match Clauses
To create a routing policy: Step Command Enter system view. system-view Create a routing policy, specify a node for it, and route-policy route-policy-name { deny | permit } node node-number enter routing policy view. Defining if-match clauses Follow these guidelines when you define if-match clauses: The if-match clauses of a routing policy node are in logic AND relationship.
Page 378: Defining Apply Clauses
Step Command Remarks Optional. Match BGP routing information whose if-match as-path AS_PATH attribute is specified in the AS Not configured by AS-PATH-number&<1-16> path lists. default. if-match community Optional. Match BGP routing information whose { { basic-community-list-number | COMMUNITY attribute is specified in the Not configured by comm-list-name } [ whole-match ] | community lists.
Page 379: Defining A Continue Clause
Step Command Remarks Optional. Set a cost for routing apply cost [ + | - ] value information. Not set by default. Optional. Set a cost type for routing apply cost-type [ external | internal information. | type-1 | type-2 ] Not set by default.
Page 380: Displaying And Maintaining The Routing Policy
If you configure the apply community clause for multiple nodes that are combined by the continue • clause, the apply comm-list delete clause configured on the current node cannot delete the COMMUNITY attributes of preceding nodes. To define a continue clause: Step Command Remarks...
Page 381: Routing Policy Configuration Examples
Routing policy configuration examples Applying a routing policy to IPv4 route redistribution Network requirements As shown in Figure 120, Switch B exchanges routing information with Switch A using OSPF, and with Switch C using IS-IS. On Switch B, enable route redistribution from IS-IS to OSPF, and apply a routing policy to set the cost of route 172.17.1.0/24 to 100 and the tag of route 172.17.2.0/24 to 20.
Page 382 <SwitchB> system-view [SwitchB] isis [SwitchB-isis-1] is-level level-2 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable [SwitchB-Vlan-interface200] quit Configure OSPF and route redistribution: # Configure OSPF on Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # On Switch B, configure OSPF and enable route redistribution from IS-IS.
Page 383: Applying A Routing Policy To Ipv6 Route Redistribution
# Configure IP prefix list prefix-a to permit route 172.17.1.0/24. [SwitchB] ip ip-prefix prefix-a index 10 permit 172.17.1.0 24 Configure a routing policy. [SwitchB] route-policy isis2ospf permit node 10 [SwitchB-route-policy] if-match ip-prefix prefix-a [SwitchB-route-policy] apply cost 100 [SwitchB-route-policy] quit [SwitchB] route-policy isis2ospf permit node 20 [SwitchB-route-policy] if-match acl 2002 [SwitchB-route-policy] apply tag 20 [SwitchB-route-policy] quit...
Page 384 Figure 121 Network diagram Configuration procedure Configure Switch A: # Configure IPv6 addresses for VLAN-interface 100 and VLAN-interface 200. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ipv6 address 10::1 32 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ipv6 address 11::1 32 [SwitchA-Vlan-interface200] quit # Enable RIPng on VLAN-interface 100.
Page 385: Applying A Routing Policy To Filter Received Bgp Routes
# Enable RIPng. [SwitchB] ripng # Display RIPng routing table information. [SwitchB-ripng-1] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::7D58:0:CA03:1 on Vlan-interface 100 Dest 10::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec Dest 20::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 Sec...
Page 386 # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 1.1.2.2 as-number 300 # Configure Switch C. <SwitchC> system-view [SwitchC] bgp 300 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 1.1.1.1 as-number 100 [SwitchC-bgp] peer 1.1.2.1 as-number 200 [SwitchC-bgp] peer 1.1.3.2 as-number 400 # Configure Switch D.
Page 387: Troubleshooting Routing Policy Configuration
[SwitchD] ip as-path 1 permit .*200.* # Create routing policy rt1 with node 1, and specify the match mode as deny to deny routes from AS 200. [SwitchD] route-policy rt1 deny node 1 [SwitchD-route-policy] if-match as-path 1 [SwitchD-route-policy] quit # Create routing policy rt1 with node 10, and specify the match mode as permit to permit routes from other ASs.
Page 388: Ipv6 Routing Information Filtering Failure
IPv6 routing information filtering failure Symptom The routing protocol is running properly, but filtering routing information failed. Analysis At least one item of the IPv6 prefix list must be configured as permit mode, and at least one node of the routing policy must be configured as permit mode.
Page 389: Configuring Policy-Based Routing
Configuring policy-based routing Hardware compatibility The A5500 SI Switch Series does not support PBR. Introduction to PBR Policy-based routing (PBR) is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use a policy (based on the source address or other criteria) to route packets.
Page 390: Concepts
Concepts Policy A policy is used to route IP packets. A policy can consist of one or multiple nodes. Node A node is identified by a node number. The node with the smallest node number has the highest priority. A policy node consists of if-match and apply clauses. An if-match clause specifies a match criterion on a node, and an apply clause specifies an action to be taken on packets.
Page 391: Configuring Pbr (Using A Pbr Policy)
Configuring PBR (using a PBR policy) Defining a policy Follow these guidelines when you define a policy: If an ACL match criterion is defined, packets are matched against the ACL rules, whereas the permit • or deny action and the time range of the specified ACL are ignored. If the specified ACL does not exist, no packet is matched.
Page 392: Configuring Local Pbr
Step Command Remarks Optional. You can specify two next hops at a time. apply ip-address next-hop ip-address • For local PBR, both the two next [ direct ] [ track track-entry-number ] hops take effect to implement Set next hops. [ ip-address [ direct ] [ track load sharing.
Page 393: Pbr And Track
Step Command Remarks Configure interface PBR ip policy-based-route policy-name Not configured by default. based on a policy. NOTE: If the specified policy does not exist, the interface PBR configuration succeeds, but it takes effect only when the policy is created. PBR and track Associated with a Track object, PBR can sense topology changes faster.
Page 394: Applying The Qos Policy
Applying the QoS policy When configuring PBR, you can apply a QoS policy to the following occasions: Applied globally—Affects the traffic sent or received on all ports. • Applied to an interface—Affects the traffic sent or received on the interface. •...
Page 395: Displaying And Maintaining Pbr Configuration
Displaying and maintaining PBR configuration PBR configuration (using a PBR policy) Task Command Remarks Display the PBR routing display ip policy-based-route [ | { begin | Available in any view information. exclude | include } regular-expression ] display ip policy-based-route setup Display the specified PBR routing { interface interface-type interface-number | Available in any view...
Page 396: Pbr Configuration Examples
Task Command Remarks display qos vlan-policy { name policy-name | vlan Display VLAN QoS policy Available in vlan-id } [ slot slot-number ] [ inbound | outbound ] information. any view [ | { begin | exclude | include } regular-expression ] display qos policy global [ slot slot-number ] Display information about global Available in...
Page 397: Configuring Interface Pbr Based On Packet Type
[SwitchA-Vlan-interface20] ip address 1.1.3.1 255.255.255.0 Configure Switch B: # Configure the IP address of VLAN-interface 10. <SwitchB> system-view [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 [SwitchB-Vlan-interface10] quit Configure Switch C: # Configure the IP address of VLAN-interface 20. <SwitchC>...
Page 398 Figure 124 Network diagram Configuration procedure In this example, static routes are configured to ensure the reachability among devices. Configure Switch A: # Define ACL 3101 to match TCP packets. <SwitchA> system-view [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule permit tcp [SwitchA-acl-adv-3101] quit # Configure Node 5 of policy aaa to forward TCP packets to next hop 1.1.2.2.
Page 399: Ipv4 Pbr Configuration Example (Using A Qos Policy)
<SwitchB> system-view [SwitchB] ip route-static 10.110.0.0 24 1.1.2.1 # Configure the IP address of VLAN-interface 10. [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 [SwitchB-Vlan-interface10] quit Configure Switch C: # Configure a static route to subnet 10.110.0.0/24. <SwitchC> system-view [SwitchC] ip route-static 10.110.0.0 24 1.1.3.1 # Configure the IP address of VLAN-interface 20.
Page 400: Ipv6 Pbr Configuration Example (Using A Qos Policy)
[SwitchA-acl-basic-2000] rule 0 permit source any [SwitchA-acl-basic-2000] quit # Define a match criterion for class a to match ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202.1.1.2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202.1.1.2 [SwitchA-behavior-a] quit...
Page 401 [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl ipv6 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202::2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202::2 [SwitchA-behavior-a] quit # Associate class a with behavior a in QoS policy a. [SwitchA] qos policy a [SwitchA-qospolicy-a] classifier a behavior a [SwitchA-qospolicy-a] quit...
Page 402: Configuring Mce
Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). This chapter covers MCE related configuration. For information about routing protocols, see Layer 3—IP Services Configuration Guide. The MCE function is available only on the HP 5500 EI switch series. MCE overview MPLS L3VPN overview MPLS L3VPN is a type of PE-based L3VPN technology for service provider VPN solutions.
Page 403: Mpls L3Vpn Concepts
CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information. You can also configure static routes between them.
Page 404 VPN-IPv4 address Traditional BGP cannot process overlapping VPN routes. If, for example, both VPN 1 and VPN 2 use addresses on the segment 10.1 10.10.0/24 and each advertise a route to the segment, BGP selects only one of them, which results in the loss of the other route. PEs use MP-BGP to advertise VPN routes and use VPN-IPv4 address family to solve the problem with traditional BGP.
Page 405: Multi-Vpn-Instance Ce
Export target attribute: A local PE sets this type of route target attribute for VPN-IPv4 routes learned • from directly connected sites before advertising them to other PEs. Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by •...
Page 406: Configuring Routing On An Mce
Figure 129 Network diagram for the MCE function VPN 1 VPN 2 Site 1 Site 1 VLAN-int2 VLAN-int7 VLAN-int8 VLAN-int3 VPN 2 Site 2 Site 2 VPN 1 On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone through the MCE device.
Page 407 BGP within the VPN, the routes may be learned by other MCE devices, generating route loops. To prevent route loops, configure route tags for different VPN instances on each MCE. HP recommends that you assign the same route tag to the same VPN on all MCEs.
Page 408: Route Exchange Between An Mce And A Pe
Route exchange between an MCE and a PE Routing information entries are bound to specific VPN instances on an MCE device, and packets of each VPN instance are forwarded between MCE and PE according to interface. As a result, VPN routing information can be transmitted by performing relatively simple configurations between MCE and PE, such as importing the VPN routing entries on MCE devices to the routing table of the routing protocol running between MCE and PEs.
Page 409 Step Command Remarks Configure a description for description text Optional the VPN instance. Associating a VPN instance with an interface In an MPLS L3VPN application, you must associate VPN instances with the interfaces connecting the PEs. In a tunneling application, you must associate VPN instances with the tunnel interfaces connecting the peer MCE devices or CE devices.
Page 410: Configuring Routing On An Mce
Step Command Remarks Enter IPv4 VPN view. ipv4-family Optional. A single vpn-target command can Associate the current VPN vpn-target vpn-target&<1-8> configure up to eight route targets. instance with one or more [ both | export-extcommunity | You can configure up to 64 route route targets.
Page 411: Configuring Routing Between Mce And Vpn Site
Configuring routing between MCE and VPN site Configuring static routing between MCE and VPN site An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. An MCE supports binding a static route with a VPN instance, so that the static routes of different VPN instances can be isolated from each other.
Page 412 Step Command Remarks import-route protocol [ process-id ] Redistribute remote site routes [ allow-ibgp ] [ cost cost | By default, no route is redistributed advertised by the PE. route-policy route-policy-name | into RIP. tag tag ] * Configure the default cost Optional.
Page 413 VPN routes. the routes, resulting in routing loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. HP recommends configuring the same route tag for the same VPN on the MCEs.
Page 414 Step Command Remarks Configure a network entity network-entity net Not configured by default. title. Optional. import-route { isis [ process-id ] | ospf [ process-id ] | rip By default, IS-IS does not [ process-id ] | bgp [ allow-ibgp ] | redistribute routes of any other Redistribute remote site routes direct | static } [ cost cost |...
Page 415 Step Command Remarks Optional. Configure a filtering policy to filter-policy { acl-number | By default, BGP does not filter the filter the received routes. ip-prefix ip-prefix-name } import received routes. BGP checks routing loops by examining AS numbers. When EBGP is used, the MCE advertises routing information carrying the local AS number to the site and then receives routing updates from the site.
Page 416: Configuring Routing Between Mce And Pe
Step Command Remarks import-route protocol [ process-id Redistribute remote site routes By default, no route redistribution | all-processes ] [ med med-value | advertised by the PE. is configured. route-policy route-policy-name ] * filter-policy { acl-number | Optional. Configure a filtering policy to ip-prefix ip-prefix-name } export filter the routes to be By default, BGP does not filter the...
Page 417 Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route for a Use either •...
Page 418 Step Command Remarks Disabled by default. You must disable routing loop Disable routing loop detection for a VPN OSPF process on vpn-instance-capability simple detection. the MCE. Otherwise, the MCE cannot receive OSPF routes from the Optional. Configure the OSPF domain-id domain-id [ secondary ] domain ID.
Page 419 Step Command Remarks filter-policy { acl-number | ip-prefix Optional. Configure a filtering ip-prefix-name | route-policy policy to filter route-policy-name } export [ isis By default, IS-IS does not filter advertised routes. process-id | ospf process-id | rip advertised routes. process-id | bgp | direct | static ] Return to system view.
Page 420: Resetting Bgp Connections
Step Command Remarks import-route protocol [ process-id | Redistribute the VPN routes By default, no route all-processes ] [ med med-value | of the VPN site. redistribution is configured. route-policy route-policy-name ] * Optional. Configure the egress router peer { group-name | ip-address } of the site as a client of the By default, no route reflector or reflect-client...
Page 421: Displaying And Maintaining Mce
Displaying and maintaining MCE Task Command Remarks Display information about the display ip routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin | Available in any view VPN instance. exclude | include } regular-expression ] Display information about a display ip vpn-instance [ instance-name specific VPN instance or all VPN...
Page 422: Mce Configuration Examples
Task Command Remarks display bgp vpnv4 vpn-instance vpn-instance-name routing-table [ network-address [ { mask | mask-length } [ longer-prefixes ] ] | as-path-acl as-path-acl-number | cidr | community [ aa:nn ]&<1-13> [ no-advertise | no-export | no-export-subconfed ] * [ whole-match ] | community-list { basic-community-list-number Display the BGP VPNv4 routing [ whole-match ] |...
Page 423 Figure 130 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
Page 424 [MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20. [MCE-Vlan-interface10] quit [MCE] vlan 20 [MCE-vlan20] port gigabitethernet 1/0/2 [MCE-vlan20] quit [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2...
Page 425 # Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2.
Page 426 [MCE-Vlan-interface30] ip binding vpn-instance vpn1 [MCE-Vlan-interface30] ip address 30.1.1.1 24 [MCE-Vlan-interface30] quit # On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2...
Page 427: Using Bgp To Advertise Vpn Routes To The Pe
[PE1-ospf-10] quit # On PE 1, display the routing table of VPN1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 30.1.1.0/24 Direct 0 30.1.1.2 Vlan30 30.1.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8...
Page 428 Figure 131 Network diagram Configuration procedure Configure VPN instances: # Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces. For the configuration procedure, see "Using OSPF to advertise VPN routes to the PE."...
Page 429 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10. # On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The configuration procedure is similar to that for OSPF process 10.
Page 430 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 30.1.1.1 Vlan30 # Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of VPN instance vpn2 into the EBGP routing table. (Details not shown.) The following output shows that PE 1 has learned the private route of VPN 2 through BGP: [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5...
Page 431: Configuring Ipv6 Mce
Configuring IPv6 MCE The IPv6 MCE function is available only on the HP 5500 EI switch series. Overview In an IPv6 MPLS L3 VPN, an IPv6 MCE advertises IPv6 routing information between the VPN and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE. For more information, see "Configuring...
Page 432 Associating a VPN instance with an interface After configuring a VPN instance, you must associate the VPN instance with the interfaces connected to the VPN site or the PE. To associate a VPN instance with an interface: Step Command Remarks Enter system view.
Page 433: Configuring Routing On An Ipv6 Mce
Step Command Remarks Optional. Setting the maximum number of Set the maximum number of routing-table limit number routes for a VPN instance to routes supported. { warn-threshold | simply-alert } support is for preventing too many routes from being redistributed into the PE.
Page 434: Configuring Routing Between Ipv6 Mce And Vpn Site
Configuring routing between IPv6 MCE and VPN site Configuring static routing between IPv6 MCE and VPN site An IPv6 MCE can reach a VPN site through an IPv6 static route. IPv6 static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. An IPv6 MCE supports binding an IPv6 static route with an IPv6 VPN instance, so that the IPv6 static routes of different IPv6 VPN instances can be isolated from each other.
Page 435 Step Command Remarks Configure the default cost Optional. value for the redistributed default cost value 0 by default. routes. Return to system view. quit interface interface-type Enter interface view. interface-number Enable RIPng on the interface. ripng process-id enable Disabled by default. Configuring OSPFv3 between IPv6 MCE and VPN site An OSPFv3 process belongs to the public network or a single IPv6 VPN instance.
Page 436 By configuring IPv6 IS-IS process-to-IPv6 VPN instance bindings on an IPv6 MCE, you allow routes of different IPv6 VPNs to be exchanged between the IPv6 MCE and the sites through different IPv6 IS-IS processes, ensuring the separation and security of IPv6 VPN routes. For more information about IPv6 IS-IS, see Layer 3—IP Routing Configuration Guide.
Page 437: Configuring Routing Between Ipv6 Mce And Pe
Step Command Remarks Specify an IPv6 BGP peer in peer ipv6-address as-number an AS. as-number import-route protocol [ process-id Redistribute remote site routes By default, No route redistribution [ med med-value | route-policy advertised by the PE. is configured. route-policy-name ] * ] filter-policy { acl6-number | Optional.
Page 438 Step Command Remarks Enter system view. system-view • ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] Configure an IPv6 static User either route for an IPv6 VPN •...
Page 439 Step Command Remarks filter-policy { acl6-number | Optional. ipv6-prefix ipv6-prefix-name } Configure a filtering policy to export [ bgp4+ | direct | isisv6 By default, redistributed routes are filter the redistributed routes. process-id | ospfv3 process-id | not filtered. ripng process-id | static ] Return to system view.
Page 440: Resetting Bgp Connections
Step Command Remarks Enter BGP view. bgp as-number Enter IPv6 BGP-VPN ipv6-family vpn-instance vpn-instance-name instance view. Configure the PE as the peer ipv6-address as-number as-number EBGP peer. import-route protocol [ process-id [ med Redistribute the VPN By default, No route med-value | route-policy routes.
Page 441: Ipv6 Mce Configuration Examples
Task Command Remarks display ipv6 fib vpn-instance Display information about the IPv6 vpn-instance-name [ acl6 acl6-number | Available in any view FIB of a VPN instance. ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] display ipv6 fib vpn-instance Display a VPN instance’s FIB vpn-instance-name ipv6-address...
Page 442 Figure 132 Network diagram VPN 2 Site 1 PE 2 PE 1 GE1/0/1 Vlan-int30: 30::2/64 Vlan-int40: 40::2/64 PE 3 Vlan-int10 VPN 1 GE1/0/3 VPN 1 2001:1::2/64 Site 2 Vlan-int30: 30::1/64 2012:1::/64 GE1/0/1 Vlan-int11 Vlan-int40: 40::1/64 Vlan-int10 GE1/0/2 2012:1::2/64 VR 1 2001:1::1/64 Vlan-int20 2002:1::1/64...
Page 443 [MCE-vlan10] quit # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 10 [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ipv6 address 2001:1::1 64 [MCE-Vlan-interface10] quit # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and assign an IPv6 address to VLAN-interface 20.
Page 444 [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ripng 20 enable [MCE-Vlan-interface20] quit # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE and 2012::2/64 to the interface connected to VPN 2. (Details not shown.) # Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. <VR2>...
Page 445 Destination: 2002:1::/64 Protocol : Direct NextHop : 2002:1::1 Preference: 0 Interface : Vlan20 Cost Destination: 2002:1::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012::/64 Protocol : RIPng NextHop : FE80::20F:E2FF:FE3E:9CA2 Preference: 100 Interface : Vlan20 Cost Destination: FE80::/10 Protocol...
Page 446 [MCE-Vlan-interface40] ipv6 address 40::1 64 [MCE-Vlan-interface40] quit # On PE 1, create VLAN 30 and VLAN-interface 30, bind VLAN-interface 30 with VPN instance vpn1 and configure an IPv6 address for the VLAN-interface 30. [PE1] vlan 30 [PE1-vlan30] quit [PE1] interface vlan-interface 30 [PE1-Vlan-interface30] ip binding vpn-instance vpn1 [PE1-Vlan-interface30] ipv6 address 30::2 64 [PE1-Vlan-interface30] quit...
Page 447 NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 30::/64 Protocol : Direct NextHop : 30::2 Preference: 0 Interface : Vlan30 Cost Destination: 30::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 2012:1::/64 Protocol : OSPFv3 NextHop : FE80::202:FF:FE02:2...
Page 448: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 449: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 450 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 451: Index
Configuring routing on an MCE,393 Configuring BFD for IPv6 BGP,343 Configuring static route FRR,10 Configuring BFD for IPv6 IS-IS,31 1 Contacting HP,435 Configuring BFD for IS-IS,159 Controlling route distribution and reception,203 Configuring BFD for OSPF,96 Controlling route distribution and reception,328...
Page 452 Displaying and maintaining RIP,36 IS-IS overview,127 Displaying and maintaining RIPng,266 Displaying and maintaining static routes,1 1 Load sharing,3 Displaying and maintaining the routing policy,367 Displaying information about IPv6 MCE,427 Dynamic routing protocols,2 MCE configuration examples,409 overview,389 Enabling IS-IS SNMP trap,159 Enabling logging of peer state changes,224 OSPF configuration...
Page 453 Tuning and optimizing BGP networks,213 Tuning and optimizing OSPFv3 networks,284 Tuning and optimizing IPv6 BGP networks,334 Tuning and optimizing RIP networks,31 Tuning and optimizing IS-IS networks,148 Tuning and optimizing the RIPng network,263 Tuning and optimizing OSPF networks,84...

This manual is also suitable for:

Msr3000 series Msr4000 series

HP MSR2000 series Configuration Manual

Quick Links

Configuration Guide

Troubleshooting

Related Manuals for HP MSR2000 series

Summary of Contents for HP MSR2000 series