HP 5500 EI & 5500 SI Switch Series Layer 3 - IP Routing Configuration Guide Part number: 5998-1718 Software version: Release 2220 Document version: 6W100-20130810...
Page 2
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Page 4
Setting the DSCP value for RIP packets ··············································································································· 26 Configuring RIP route control ········································································································································ 27 Configuring an additional routing metric ··········································································································· 27 Configuring RIPv2 route summarization·············································································································· 27 Disabling host route reception ····························································································································· 28 Advertising a default route ··································································································································· 29 ...
Page 5
Configuring a virtual link ······································································································································ 75 Configuring OSPF network types ································································································································· 76 Configuration prerequisites ·································································································································· 76 Configuring the broadcast network type for an interface ················································································· 76 Configuring the NBMA network type for an interface ······················································································ 77 ...
Page 7
Configuring IS-IS FRR ··················································································································································· 157 Enabling IS-IS SNMP trap ··········································································································································· 159 Binding an IS-IS process with MIBs ···························································································································· 159 Configuring BFD for IS-IS············································································································································· 159 Displaying and maintaining IS-IS ······························································································································· 159 IS-IS configuration examples ······································································································································· 161 ...
Page 8
Configuration prerequisites ································································································································ 213 Configuring the BGP keepalive interval and holdtime ···················································································· 214 Configuring the interval for sending the same update ···················································································· 214 Configuring BGP soft-reset·································································································································· 215 Enabling the BGP ORF capability······················································································································ 216 Enabling 4-byte AS number suppression ·········································································································· 217 ...
Page 9
Protocols and standards ····································································································································· 260 RIPng configuration task list ········································································································································ 260 Configuring RIPng basic functions ······························································································································ 261 Configuring RIPng route control ································································································································· 261 Configuring an additional routing metric ········································································································· 261 Configuring RIPng route summarization ··········································································································· 262 ...
Page 10
Configuration prerequisites ································································································································ 284 Configuring OSPFv3 timers ································································································································ 284 Configuring a DR priority for an interface ········································································································ 285 Ignoring MTU check for DD packets ················································································································· 286 Disabling interfaces from receiving and sending OSPFv3 packets ······························································· 286 ...
Page 11
Configuration prerequisites ································································································································ 328 Configuring IPv6 BGP route redistribution ········································································································ 328 Configuring IPv6 BGP route summarization ····································································································· 329 Advertising a default route to an IPv6 peer or peer group ············································································· 329 Configuring outbound route filtering ················································································································· 330 ...
Page 12
Creating a routing policy ··································································································································· 363 Defining if-match clauses ···································································································································· 364 Defining apply clauses ········································································································································ 365 Defining a continue clause ································································································································· 366 Displaying and maintaining the routing policy ········································································································· 367 Routing policy configuration examples ······················································································································ 368 ...
Page 13
IPv6 MCE configuration examples ····························································································································· 428 Using IPv6 ISIS to advertise VPN routes to the PE ··························································································· 428 Support and other resources ·································································································································· 435 Contacting HP ······························································································································································ 435 Subscription service ············································································································································ 435 Related information ······················································································································································ 435 ...
IP routing basics Hardware compatibility The A5500 SI Switch Series does not support configuring Layer 3 Ethernet interfaces. The A5500 SI Switch Series does not support VPN-related parameters. The A5500 SI Switch Series does not support OSPF, BGP, IS-IS, OSPFv3, IPv6 BGP, or IPv6 IS-IS. Overview IP routing directs the forwarding of IP packets on routers based on a routing table.
Static routes are easy to configure and require less system resources. They work well in small and stable networks. In networks where topology changes may occur frequently, using a dynamic routing protocol is better. To display brief information about a routing table, use the display ip routing-table command: <Sysname>...
NOTE: An AS refers to a group of routers sharing the same routing policy and working under the same administration. Routing preference Different routing protocols can find different routes to the same destination. However, not all of those routes are optimal. For route selection, routing protocols, direct routes, and static routes are assigned different preferences.
The router forwards matching packets through the main route. When the main route fails, the route with the highest preference among the backup routes is selected to forward packets. When the main route recovers, the router uses it to forward packets. Route recursion To use a BGP route, static route (that is configured with a next hop but with no output interface), or RIP route that has an indirectly-connected next hop, a router must perform route recursion to find the outgoing...
Page 18
Task Command Remarks display ip routing-table [ vpn-instance vpn-instance-name ] protocol protocol [ inactive | verbose ] [ | { begin | exclude Display routes of a routing | include } regular-expression ] [ | { begin Available in any view protocol.
Configuring static routing Hardware compatibility The A5500 SI Switch Series does not support VPN and BFD related parameters or FRR. Introduction Static route Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly.
Follow these guidelines when you specify the output interface: If the output interface is a Null 0 interface, no next hop address is required. If you specify a broadcast interface (such as an Ethernet interface or VLAN interface) as the output interface, you must specify the corresponding next hop for the output interface.
Step Command Remarks Not configured by default. Configure the For more information about source address of bfd echo-source-ip ip-address this command, see High echo packets. Availability Command Reference. • Approach 1: ip route-static dest-address { mask | mask-length } interface-type interface-number next-hop-address bfd echo-packet [ preference preference-value ] [ tag tag-value ] [ description description-text ]...
Configuration guidelines FRR takes effect only for static routes that have both an output interface and next hop. • Do not use FRR and BFD at the same time. • Configuration procedure To configure static route FRR: Step Command Remarks Enter system view.
Page 25
Figure 2 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure static routes: # Configure a default route on Switch A. <SwitchA> system-view [SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2 # Configure two static routes on Switch B. <SwitchB>...
[SwitchB] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 1.1.2.0/24 Static 60 1.1.4.1 Vlan500 1.1.3.0/24 Static 60 1.1.5.6 Vlan600 1.1.4.0/30 Direct 0 1.1.4.2 Vlan500 1.1.4.2/32 Direct 0 127.0.0.1 InLoop0 1.1.5.0/30 Direct 0 1.1.5.5 Vlan600 1.1.5.5/32...
Page 27
Figure 3 Network diagram Configuration procedure Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.) Configure static routes on Switch S, Switch A, and Switch D so that Switch S can reach Loopback 0 on Switch D and Switch D can reach Loopback 0 on Switch S: # Configure static routes on Switch S.
# Display route 4.4.4.4/32 on Switch S to view the backup next hop information. [SwitchS] display ip routing-table 4.4.4.4 verbose Routing Table : Public Summary Count : 1 Destination: 4.4.4.4/32 Protocol: Static Process ID: 0 Preference: 60 Cost: 0 IpPrecedence: QosLcId: NextHop: 13.13.13.2 Interface: vlan 200...
Page 29
Figure 4 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int10 12.1.1.1/24 Switch B Vlan-int10 12.1.1.2/24 Vlan-int11 10.1.1.102/24 Vlan-int13 13.1.1.1/24 Switch C Vlan-int11 10.1.1.100/24 Vlan-int13 13.1.1.2/24 Configuration procedure Configure IP addresses for the interfaces. (Details not shown.) Configure static routes and BFD: # Configure static routes on Switch A and enable BFD control mode for the static route that traverses the Layer 2 switch.
# Display the BFD session information on Switch A. <SwitchA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr State Holdtime Interface 12.1.1.1 12.1.1.2 2000ms Vlan10 The output shows that the BFD session has been created. # Display static routes on Switch A.
Page 31
so that when the link between Switch A and Switch B through Switch D fails, BFD can detect the failure immediately and Switch A and Switch B can communicate through Switch C. Figure 5 Network diagram Loop1 Loop1 121.1.1.0/24 120.1.1.0/24 1.1.1.9/32 2.2.2.9/32 Switch D...
Page 32
<SwitchC> system-view [SwitchC] ip route-static 120.1.1.0 24 vlan-interface 13 13.1.1.1 [SwitchC] ip route-static 121.1.1.0 24 vlan-interface 11 10.1.1.102 # Configure static routes on Switch D. <SwitchD> system-view [SwitchD] ip route-static 120.1.1.0 24 vlan-interface 12 11.1.1.1 [SwitchD] ip route-static 121.1.1.0 24 vlan-interface 10 12.1.1.1 Verify the configuration: # Display the BFD session information on Switch A.
Configuring RIP Hardware compatibility The A5500 SI Switch Series does not support VPN and BFD related parameters or FRR. Overview Routing Information Protocol (RIP) is a distance-vector interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. The term "router"...
Routing loop prevention RIP uses the following mechanisms to prevent routing loops: Counting to infinity—A destination with a metric value of 16 is considered unreachable. When a • routing loop occurs, the metric value of a route will increment to 16 to avoid endless loopings. •...
RIP message format A RIP message consists of a header and up to 25 route entries. (A RIPv2 authentication message uses the first route entry as the authentication entry, leaving 24 available.) RIPv1 message format Figure 6 RIPv1 message format Command—Type of message.
Next hop—If set to 0.0.0.0, it indicates that the originator of the route is the best next hop. • Otherwise, it indicates a next hop better than the originator of the route. RIPv2 authentication message format RIPv2 sets the AFI field of the first route entry to 0xFFFF to identify authentication information. Figure 8 RIPv2 authentication message Command Version...
RIP configurations made in interface view before enabling RIP take effect after RIP is enabled. • • RIP runs only on the interfaces residing on the specified networks. Specify the network after enabling RIP to validate RIP on a specific interface. You can enable RIP on all interfaces using the command network 0.0.0.0.
With RIPv1 configured, an interface sends RIPv1 broadcasts, and can receive RIPv1 broadcasts • and RIPv1 unicasts. With RIPv2 configured, a multicast interface sends RIPv2 multicasts and can receive RIPv2 unicasts, • broadcasts, and multicasts. With RIPv2 configured, a broadcast interface sends RIPv2 broadcasts and can receive RIPv1 •...
Step Command Remarks Create a RIP process and rip [ process-id ] [ vpn-instance By default, no RIP process is enter RIP view. vpn-instance-name ] created. Optional. Set the DSCP value for RIP dscp dscp-value By default, the DSCP value in RIP packets.
Enabling RIPv2 route automatic summarization You can disable RIPv2 route automatic summarization if you want to advertise all subnet routes. To enable RIPv2 route automatic summarization: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Optional.
Advertising a default route Under the following conditions, you can configure RIP to advertise a default route with a specified metric to RIP neighbors: In RIP view, you can configure all the interfaces of the RIP process to advertise a default route; in •...
Step Command Remarks Not configured by default. filter-policy { acl-number | The filter-policy import command gateway ip-prefix-name | ip-prefix Configure the filtering of filters incoming routes. Routes not ip-prefix-name [ gateway incoming routes. passing the filtering will be neither ip-prefix-name ] } import installed into the routing table nor [ interface-type interface-number ] advertised to neighbors.
Step Command Remarks import-route protocol [ process-id Redistribute routes from | all-processes | allow-ibgp ] [ cost By default, no redistribution is another protocol. cost | route-policy configured. route-policy-name | tag tag ] * Tuning and optimizing RIP networks Before you tune and optimize RIP networks, complete the following tasks: •...
Step Command Remarks Optional. Enable split horizon. rip split-horizon Enabled by default. Enabling poison reverse The poison reverse function allows an interface to advertise the routes received from it, but the metric of these routes is set to 16, making them unreachable. This can avoid routing loops between neighbors. To enable poison reverse: Step Command...
Enabling source IP address check on incoming RIP updates You can enable source IP address check on incoming RIP updates. For a message received on an Ethernet interface, RIP compares the source IP address of the message with the IP address of the interface. If they are not in the same network segment, RIP discards the message. IMPORTANT: Disable the source IP address check feature if the RIP neighbor is not directly connected.
Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Specify a RIP neighbor. peer ip-address Disable source address check undo validate-source-address Not disabled by default. on incoming RIP updates. Configuring RIP-to-MIB binding This task allows you to enable a specific RIP process to receive SNMP requests.
Figure 9 Network diagram for RIP FRR Figure 9, after you enable FRR on Router B, RIP designates a backup next hop using a routing policy when a network failure is detected. Packets are directed to the backup next hop to reduce traffic recovery time.
Bidirectional detection in BFD control packet mode for an indirectly connected neighbor. In this • mode, a BFD session is established only when both ends have routes to send and BFD is enabled on the receiving interface. For more information about BFD, see High Availability Configuration Guide. Single-hop echo detection mode To configure BFD for RIP (single-hop echo detection mode): Step...
Task Command Remarks display rip [ process-id | Display RIP current status and vpn-instance vpn-instance-name ] Available in any view configuration information. [ | { begin | exclude | include } regular-expression ] display rip process-id database [ | Display all active routes in RIP { begin | exclude | include } Available in any view database.
[SwitchB-rip-1] network 192.168.1.0 [SwitchB-rip-1] network 10.0.0.0 [SwitchB-rip-1] quit # Display the RIP routing table on Switch A. [SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100...
Page 52
Configure a filtering policy on Switch B to filter out the route 10.2.1.1/24 from RIP 100, making the route not advertised to Switch C. Figure 11 Network diagram Configuration procedure Configure an IP address for each interface. (Details not shown.) Configure basic RIP functions: # Enable RIP 100 and specify RIP version 2 on Switch A.
Page 53
12.3.1.0/24 Direct 0 12.3.1.2 Vlan200 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 16.4.1.0/24 Direct 0 16.4.1.1 Vlan400 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure route redistribution: # On Switch B, configure RIP 200 to redistribute direct routes and routes from RIP 100. [SwitchB] rip 200 [SwitchB-rip-200] import-route rip 100 [SwitchB-rip-200] import-route direct...
Configuring an additional metric for a RIP interface Network requirements In the following figure, RIP is enabled on all the interfaces of Switch A, Switch B, Switch C, Switch D, and Switch E. The switches are interconnected through RIPv2. Switch A has two links to Switch D. The link from Switch B to Switch D is more stable than that from Switch C to Switch D.
Page 56
Figure 13 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B. <SwitchB>...
Page 57
<SwitchD> system-view [SwitchD] rip 1 [SwitchD-rip-1] network 11.0.0.0 [SwitchD-rip-1] version 2 [SwitchD-rip-1] undo summary [SwitchD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Switch C. [SwitchC-rip-1] import-route direct [SwitchC-rip-1] import-route ospf 1 [SwitchC-rip-1] quit # Display the IP routing table information of Switch D.
RIP FRR configuration example Network requirements As shown in Figure 14, Switch S, Switch A, and Switch D are interconnected through RIPv2. Configure RIP FRR so that when Link A becomes unidirectional, services can be switched to Link B immediately. Figure 14 Network diagram Switch A Link B...
Page 60
learns the static route sent by Switch C with the output interface being the interface connected to Switch Figure 15 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure RIP basic functions: # Configure Switch A. <SwitchA>...
State: Inactive Adv Age: 00h12m50s Tag: 0 When the link over VLAN-interface 100 fails, Switch A can quickly detect the change. # Display the BFD session information on Switch A. <SwitchA> display bfd session Switch A has deleted the BFD session on VLAN-interface 100 to Switch C and displays no output. # Display the RIP routes of RIP process 1 on Switch A.
Page 63
relationship with Switch C and the route information received from Switch C. Then, Switch A learns the static route sent by Switch C, the output interface of the route is the interface connected to Switch D. Figure 16 Network diagram Configuration procedure Configure IP addresses for interfaces.
NextHop: 192.168.3.2 Interface: vlan-interface 300 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h18m40s Tag: 0 Troubleshooting RIP No RIP updates received Symptom No RIP updates are received when the links function. Analysis After enabling RIP, you must use the network command to enable corresponding interfaces.
Configuring OSPF Hardware compatibility The A5500 SI Switch Series does not support OSPF. Overview Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the IETF. Now, OSPF version 2 (RFC 2328) is used. Unless otherwise noted, OSPF refers to OSPFv2 throughout this chapter.
Page 68
Each router uses the SPF algorithm to compute a shortest path tree showing the routes to the nodes • in the AS. The router itself is the root of the tree. Router ID An OSPF process running on a router must have its own router ID. This ID is a 32-bit unsigned integer that uniquely identifies the router in the AS.
Neighbor—After startup, OSPF sends a hello packet on each OSPF interface. A router that receives • the hello packet checks parameters in the packet. If the parameters match its own, the router considers the sending router an OSPF neighbor. • Adjacency—Two OSPF neighbors establish an adjacency relationship to synchronize their LSDBs.
Page 70
In practice, the requirements may not be satisfied due to lack of physical links. OSPF virtual links can solve this problem. A virtual link is established between two ABRs through a non-backbone area and is configured on both ABRs to take effect. The non-backbone area is called a transit area. In the following figure, Area 2 has no direct physical link to the backbone area 0.
Page 71
To configure an area as a totally stub area, the stub command must be configured on routers in the • area, and the ABR of the area must be configured with the stub [ no-summary ] command. A totally stub area cannot have an ASBR because AS external routes cannot be distributed into the •...
An NSSA area can import external routes in Type 7 LSAs through the ASBR, but a stub area cannot. • • A totally NSSA area cannot import inter-area routes but an NSSA area can. Router types Router classification The following are OSPF router types and their positions in the AS: Internal router—All interfaces on an internal router belong to one OSPF area.
The intra-area and inter-area routes describe the network topology of the AS. The external routes describe routes to external ASs. OSPF classifies external routes as Type- 1 or Type-2. A Type- 1 external route has high credibility. The cost from a router to the destination of the Type- 1 external route = the cost from the router to the corresponding ASBR + the cost from the ASBR to the destination of the external route.
DR and BDR Introduction On a broadcast or NBMA network, any two routers need to establish an adjacency to exchange routing information with each other. If n routers are present on the network, n(n- 1 )/2 adjacencies are required. In addition, any topology change on the network results in traffic for route synchronization, which consumes many system and bandwidth resources.
OSPF packet formats OSPF packets are directly encapsulated into IP packets. OSPF uses the IP protocol number 89. The format of an OSPF LSU packet is shown in Figure Figure 24 OSPF packet format OSPF packet header OSPF packets are classified into five types that have the same packet header. Figure 25 OSPF packet header Major fields of the OSPF packet header are as follows: •...
Page 76
Figure 26 Hello packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication Network mask HelloInterval Options Rtr Pri RouterDeadInterval Designated router Backup designated router Neighbor Neighbor Major fields of the hello packet are as follows: Network mask—Network mask associated with the router’s sending interface. If two routers have •...
Page 77
Figure 27 DD packet format Major fields of the DD packets are as follows: • Interface MTU—Specifies the largest IP datagram in bytes that the interface can send without fragmentation. I (Initial)—The Init bit, which is set to 1 if the packet is the first DD packet. It is set to 0 if not. •...
Page 78
Figure 28 LSR packet format Version Packet length Router ID Area ID Checksum AuType Authentication Authentication LS type Link state ID Advertising router Major fields of the LSR packets are as follows: LS type—Type of the LSA to be requested. Type 1 for example indicates the Router LSA. •...
Page 79
Figure 30 LSAck packet format LSA header format All LSAs have the same header. Figure 31 LSA header format Major fields of the LSA header are as follows: LS age—Time, in seconds, elapsed since the LSA was originated. An LSA ages in the LSDB (added •...
Page 80
Figure 32 Router LSA format LS age Options Link state ID Advertising router LS sequence number LS checksum Length # Links Link ID Link data Type #TOS Metric TOS metric Link ID Link data Major fields of the Router LSA are as follows: Link state ID—ID of the router that originated the LSA.
Page 81
Figure 33 Network LSA format Major fields of the Network LSA are as follows: Link state ID—The interface address of the DR. Network mask—The mask of the network (a broadcast or NBMA network). Attached router—The IDs of the routers, which are adjacent to the DR, including the DR itself. •...
Page 82
An AS external LSA is originated by an ASBR, and describes routing information to a destination outside the AS. Figure 35 AS external LSA format Major fields of the AS external LSA are as follows: Link state ID—The IP address of another AS to be advertised. When describing a default route, the Link state ID is always set to default destination (0.0.0.0) and the network mask is set to 0.0.0.0 Network mask—The IP address mask for the advertised destination...
Figure 36 NSSA external LSA format Supported features Multi-process This feature allows multiple OSPF processes to run on a router both simultaneously and independently. Routing information interactions between different processes simulate interactions between different routing protocols. Multiple OSPF processes can use the same RID. An interface of a router can only belong to a single OSPF process.
Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide. Protocols and standards RFC 1765, OSPF Database Overflow •...
You can specify a router ID when creating the OSPF process. Any two routers in an AS must have different router IDs. In practice, the ID of a router is the IP address of one of its interfaces. If you specify no router ID when creating the OSPF process, the global router ID is used. HP •...
Configuring OSPF areas After splitting an OSPF AS into multiple areas, configure some areas as stub areas or NSSA areas as needed. If no connection can be achieved between the backbone and a non-backbone area, or within the backbone itself, you can configure virtual links to solve it. Configuration prerequisites Before you configure an OSPF area, complete the following tasks: Configure IP addresses for interfaces, and make sure that all neighboring nodes can reach each...
NOTE: Virtual links cannot transit totally stub areas. Configuring an NSSA area A stub area cannot redistribute routes. Configure the area as an NSSA area to allow for route redistribution by keeping other stub area characteristics. To configure an NSSA area: Step Command Remarks...
Step Command Remarks vlink-peer router-id [ hello seconds You must configure this command on | retransmit seconds | trans-delay both ends of a virtual link. seconds | dead seconds | simple Configure a virtual link. hello and dead intervals must be [ plain | cipher ] password | { md5 identical on both ends of the virtual | hmac-md5 } key-id [ plain |...
Step Command Remarks Configure the OSPF network By default, the network type of an type for the interface as ospf network-type broadcast interface depends on the link layer broadcast. protocol. Optional. Configure a router priority for ospf dr-priority priority the interface. The default router priority is 1.
Step Command Remarks interface interface-type Enter interface view. interface-number By default, the network type of an interface depends on the link layer protocol. After you configure the OSPF Configure the OSPF network network type for an interface as type for the interface as ospf network-type p2mp [ unicast ] P2MP unicast, all packets are unicast P2MP.
Configuring OSPF route summarization Route summarization is when an ABR or ASBR summarizes routes with the same prefix into a single route and distributes it to other areas. Route summarization reduces the traffic of routing information exchanged between areas and the sizes of routing tables on routers, improving route calculation speed on routers.
Configuring OSPF inbound route filtering OSPF calculates routes by using LSAs. The calculated routes can be filtered and only permitted routes are installed into the OSPF routing table. OSPF provides the following filtering methods: • Filters routing information by destination address through ACLs and IP address prefixes Filters routing information by next hop through the filtering criteria configured with the gateway •...
calculated cost is greater than 65535, the value of 65535 is used. If the calculated cost is less than 1, the value of 1 is used. If the cost value is not configured for an interface, OSPF computes the interface cost automatically. To configure an OSPF cost for an interface: Step Command...
Step Command Remarks ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Configure the maximum maximum load-balancing maximum number of ECMP routes. 8 by default. Configuring OSPF preference A router can run multiple routing protocols, and each protocol is assigned a preference. When the routing protocols find routes to the same destination, the route found by the protocol with the highest preference is selected as the best route.
Page 96
Step Command Remarks import-route protocol [ process-id | Configure OSPF to all-processes | allow-ibgp ] [ cost cost | type redistribute routes from Not configured by default type | tag tag | route-policy another protocol. route-policy-name ] * Configure OSPF to filter filter-policy { acl-number | ip-prefix Optional redistributed routes before...
Step Command Remarks Optional. The default cost is 1, the Configure the default default maximum number parameters for default { cost cost | limit limit | tag tag | type of routes redistributed per redistributed routes (cost, type } * time is 1000, the default upper limit, tag, and tag is 1, and default type...
Dead timer—Interval within which if the interface receives no hello packet from the neighbor, it • declares the neighbor is down. The dead interval must be at least four times the hello interval on an interface. • LSA retransmission timer—Interval within which if the interface receives no acknowledgement packets after sending an LSA to the neighbor, it retransmits the LSA.
Specifying SPF calculation interval LSDB changes lead to SPF calculations. When the topology changes frequently, a large amount of network and router resources are occupied by SPF calculation. Adjust the SPF calculation interval to reduce the impact. When network changes are not frequent, the minimum-interval is adopted. If network changes become frequent, the SPF calculation interval is incremented by incremental-interval ×...
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. lsa-generation-interval By default, the maximum interval is 5 Configure the LSA maximum-interval [ initial-interval seconds, the minimum interval is 0 generation interval.
Step Command Remarks Configure the router as a By default, the router is not a stub stub-router stub router. router in any OSPF process. Configuring OSPF authentication You can configure OSPF packet authentication to ensure the security of packet exchanges. After authentication is configured, OSPF only receives packets that pass authentication.
If RFC 1583 is made compatible with RFC 2328, the routes in the backbone area are preferred; if not, the routes in the non-backbone area are preferred to reduce the burden of the backbone area. To avoid routing loops, HP recommends configuring all the routers to be either compatible or incompatible with RFC 1583.
Configuring OSPF network management With trap generation enabled, OSPF generates traps to report important events. Traps fall into the following levels. Level-3—Fault traps • • Level-4—Alarm traps Level-5—Normal but important traps • Level-6—Notification traps • The generated traps are sent to the information center of the device. The output rules of the traps such as whether to output the traps and the output direction are determined according to the information center configuration.
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Enable the advertisement and opaque-capability enable reception of opaque LSAs. Disabled by default. Configuring OSPF to give priority to receiving and processing hello packets To ensure OSPF runs properly, a router receives and processes hello packets and other protocol packets at the same time.
Setting the DSCP value for OSPF packets An IPv4 packet header contains an 8-bit TOS field. As defined in RFC 2474, the first six bits set the Differentiated Services Code Point (DSCP) value and the last two bits are reserved. Network devices use the DSCP value as a reference to determine the packet priority for transmission.
Page 106
Figure 37, after you enable FRR on Router B, OSPF automatically calculates or designates a backup next hop when a link failure is detected. Packets are directed to the backup next hop. At the same time, OSPF calculates the shortest path based on the new network topology, and forwards packets over the path after routing convergence.
Configuring OSPF Graceful Restart OSPF GR involves the following: IETF standard GR—Uses Opaque LSAs to implement GR. • Non IETF standard GR—Uses link local signaling (LLS) to advertise GR capability and uses out of • band synchronization to synchronize the LSDB. A device can act as a GR Restarter and GR Helper at the same time.
Configuring the OSPF GR Helper You can configure the IETF standard or non-IETF standard OSPF GR Helper. Configuring the IETF standard OSPF GR Helper Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enable OSPF and enter its router-id | vpn-instance view.
Configuring BFD for OSPF OSPF supports the following BFD detection methods: Control packet bidirectional detection, which requires BFD configuration to be made on both OSPF • routers on the link. Echo packet single-hop detection, which requires BFD configuration to be made on one OSPF router •...
Page 110
Task Command Remarks display ospf [ process-id ] lsdb [ brief | [ { ase | router | network | summary | asbr | nssa | Display Link State Database opaque-link | opaque-area | opaque-as } Available in any information. [ link-state-id ] ] [ originate-router view advertising-router-id | self-originate ] ] [ | { begin...
OSPF configuration examples These examples only cover commands for OSPF configuration. Configuring OSPF basic functions Network requirements As shown in Figure 38, all switches run OSPF. The AS is split into three areas, where Switch A and Switch B act as ABRs to forward routing information between areas. After configuration, all switches can learn routes to every network segment in the AS.
Total Nets: 5 Intra Area: 2 Inter Area: 3 ASE: 0 NSSA: 0 # On Switch D, ping the IP address 10.4.1.1 to check connectivity. [SwitchD] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=2 ms Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms...
[SwitchC-ospf-1] import-route static Verify the configuration: # Display the ABR/ASBR information of Switch D. <SwitchD> display ospf abr-asbr OSPF Process 1 with Router ID 10.5.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.3.1.1 0.0.0.2 10.3.1.1 Inter 10.4.1.1...
Page 116
Figure 40 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB>...
Page 117
[SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit # Configure Switch E. <SwitchE> system-view [SwitchE] ospf [SwitchE-ospf-1] area 0 [SwitchE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [SwitchE-ospf-1-area-0.0.0.0] quit [SwitchE-ospf-1] quit Configure BGP to redistribute OSPF routes and direct routes: # Configure Switch B.
Configure summary route 10.0.0.0/8 on Switch B and advertise it: [SwitchB-ospf-1] asbr-summary 10.0.0.0 8 # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/8 O_ASE...
Page 119
[SwitchD-ospf-1] quit # Display ABR/ASBR information on Switch C. <SwitchC> display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.2.1.1 0.0.0.1 10.2.1.1 Inter 10.3.1.1 0.0.0.1 10.2.1.1 Inter 10.5.1.1 0.0.0.1...
[SwitchC-ospf-1] quit # Display OSPF routing information on Switch C [SwitchC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.2.1.1 0.0.0.1 10.3.1.0/24...
Page 121
Configure Area 1 as an NSSA area and configure Switch C as the ASBR to redistribute static routes into the AS. Figure 42 Network diagram Configuration procedure Configure IP addresses for interfaces. Configure OSPF basic functions. (See "Configuring OSPF basic functions") Configure Area 1 as an NSSA area: # Configure Switch A.
Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 65536 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 65535 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 Configure route redistribution: # Configure Switch C to redistribute static routes.
Page 123
Figure 43 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B.
Page 124
[SwitchD-ospf-1] return # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Vlan-interface1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3...
Page 125
Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 31 Neighbor is up for 00:11:17 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal...
Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode: Nbr is Slave Priority: 2 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:41 Authentication Sequence: [ 0 ] Switch A becomes the DR, and Switch C is the BDR. The full neighbor state means an adjacency has been established.
Page 127
Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255...
Area 0 has no direct connection to Area 2, so the routing table of Switch B has no route to Area Configure a virtual link: # Configure Switch B. [SwitchB] ospf [SwitchB-ospf-1] area 1 [SwitchB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3 [SwitchB-ospf-1-area-0.0.0.1] quit [SwitchB-ospf-1] quit # Configure Switch C.
Page 129
Figure 45 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf 100 [SwitchA-ospf-100] area 0 [SwitchA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchA-ospf-100-area-0.0.0.0] quit # Configure Switch B <SwitchB>...
Page 130
[SwitchB-ospf-100] enable link-local-signaling [SwitchB-ospf-100] enable out-of-band-resynchronization # Configure Switch C as the GR Helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [SwitchC-ospf-100] enable link-local-signaling [SwitchC-ospf-100] enable out-of-band-resynchronization Verify the configuration: # After the configurations on Switch A, Switch B, and Switch C are completed and the switches are running steadily, enable OSPF Graceful Restart event debugging and then restart the OSPF process using GR on Switch A.
Configuring route filtering Network requirements As shown in Figure All the switches in the network run OSPF. The AS is divided into three areas. • • Switch A and Switch B work as ABRs. Configure Switch C as an ASBR to redistribute external routes (static routes), and configure a filter policy on Switch C to filter out redistributed route 3.1.3.0/24.
[SwitchA] ospf 1 [SwitchA-ospf-1] filter-policy 2000 import [SwitchA-ospf-1] quit # Display the OSPF routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 3.1.1.0/24 O_ASE 10.2.1.2 Vlan200 3.1.2.0/24 O_ASE 10.2.1.2...
Page 134
# Configure Switch S. <SwitchS> system-view [SwitchS] bfd echo-source-ip 1.1.1.1 [SwitchS] ospf 1 [SwitchS-ospf-1] fast-reroute auto [SwitchS-ospf-1] quit # Configure Switch D. <SwitchD> system-view [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] ospf 1 [SwitchD-ospf-1] fast-reroute auto [SwitchD-ospf-1] quit (Method II.) Enable OSPF FRR to designate a backup next hop by using a routing policy. # Configure Switch S.
RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h58m10s Tag: 0 The output shows that Switch A communicates with Switch B through VLAN-interface 11. Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom No OSPF neighbor relationship can be established.
Page 139
Use the display current-configuration configuration ospf command to display information about area configuration. If more than two areas are configured, at least one area is connected to the backbone. In a stub area, all routers attached are configured with the stub command. In an NSSA area, all routers attached are configured with the nssa command.
Configuring IS-IS Hardware compatibility The A5500 SI Switch Series does not support IS-IS. IS-IS overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP). The IS-IS routing protocol was modified and extended in RFC 1 195 by the International Engineer Task Force (IETF) for application in both TCP/IP and OSI reference models, and the new one is named "Integrated IS-IS"...
Page 141
IS-IS address format NSAP • As shown in Figure 49, an NSAP address consists of the Initial Domain Part (IDP) and the Domain Specific Part (DSP). The IDP is equal to the network ID of an IP address, and the DSP is equal to the subnet and host ID.
A network entity title (NET) indicates the network layer information of an IS, and does not include transport layer information. It is a special NSAP address with the SEL being 0. The length of the NET is equal to the NSAP, and is in the range of 8 bytes to 20 bytes. A NET comprises the following parts: Area ID—Its length is in the range of 1 to 13 bytes.
Page 143
Figure 50 IS-IS topology 1 Figure 51 is another IS-IS topology. The Level- 1 -2 routers connect to the Level- 1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology.
The routing information of a Level- 1 area is sent to the Level-2 area through the Level- 1 -2 router; therefore, the Level-2 router knows the routing information of the entire IS-IS routing domain. But the Level- 1 -2 router does not share the information of other Level- 1 areas and the Level-2 area with the Level- 1 area by default.
NOTE: On IS-IS broadcast networks, all routers are adjacent with each other. However, the DIS is responsible for the synchronization of their LSDBs. IS-IS PDU format PDU header format IS-IS packets are encapsulated into link layer frames. The Protocol Data Unit (PDU) consists of two parts, the headers and the variable length fields.
Page 146
Type PDU Type Acronym Level-1 Link State PDU L1 LSP Level-2 Link State PDU L2 LSP Level-1 Complete Sequence Numbers PDU L1 CSNP Level-2 Complete Sequence Numbers PDU L2 CSNP Level-1 Partial Sequence Numbers PDU L1 PSNP Level-2 Partial Sequence Numbers PDU L2 PSNP Hello Hello packets are used by routers to establish and maintain neighbor relationships.
Page 147
LAN ID—Includes the system ID and a one-byte pseudonode ID. • Figure 56 shows the hello packet format on the point-to-point networks. Figure 56 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. LSP packet format The Link State PDU (LSP) carries link state information.
Page 148
Figure 57 L1/L2 LSP format Major fields of the L1/L2 LSP are as follows: PDU length—Total length of the PDU in bytes. • Remaining lifetime—LSP remaining lifetime in seconds. • LSP ID—Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one •...
Page 149
Figure 58 LSDB overload • IS type—Type of the router generating the LSP. SNP format A sequence number PDU (SNP) acknowledges the latest received LSPs. It is similar to an Acknowledge packet, but more efficient. SNP involves Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level- 1 CSNP, Level-2 CSNP, Level- 1 PSNP and Level-2 PSNP.
Page 150
Figure 60 L1/L2 PSNP format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 61 CLV format Table 5 shows that different PDUs contain different CLVs.
CLV Code Name PDU Type IP Interface Address IIH, LSP Supported IS-IS features Multiple instances and processes IS-IS supports multiple instances and processes. Multiple processes allow an IS-IS process to work in concert with a group of interfaces. A router can run multiple IS-IS processes, and each process corresponds to a unique group of interfaces.
Page 152
The LSP fragment extension feature allows an IS-IS router to generate more LSP fragments. Up to 50 additional virtual systems can be configured on the router, and each virtual system is capable of generating 256 LSP fragments to enable the IS-IS router to generate up to 13056 LSP fragments. •...
A host name is easier to remember than a system ID. After enabling this feature on the router, you can see the host names instead of system IDs using the display command. Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect any link failures between IS-IS neighbors to reduce network convergence time.
Task Remarks optimizing IS-IS Specifying the IS-IS hello multiplier Optional networks Configuring a DIS priority for an interface Optional Disabling an interface from sending or receiving IS-IS packets Optional Enabling an interface to send small hello packets Optional Configuring LSP parameters Optional Configuring SPF parameters Optional...
Configuring the IS level and circuit level If only one area is available, HP recommends you to perform the following operations: Configure the IS level of all routers as Level- 1 or Level-2 rather than different levels because the •...
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. By default, the network type of an Configure the network type for the interface depends on isis circuit-type p2p interface as P2P. the physical media. The network type of a VLAN interface is broadcast.
To configure the priority of IS-IS: Step Command Remarks Enter system view. system-view Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] preference { route-policy route-policy-name | Specify a priority for IS-IS. 15 by default. preference } * Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes.
The default route is only advertised to routers at the same level. You can use a routing policy to generate the default route only when a local routing entry is matched by the policy. To advertise a default route: Step Command Remarks Enter system view.
To filter routes calculated from received LSPs: Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] filter-policy { acl-number | ip-prefix Filter routes calculated By default, no filtering is ip-prefix-name | route-policy route-policy-name } from received LSPs.
Tuning and optimizing IS-IS networks Configuration prerequisites Before you tune and optimize IS-IS networks, complete the following tasks: Configure IP addresses for interfaces, and make adjacent nodes can reach each other at the • network layer. • Enable IS-IS. Specifying intervals for sending IS-IS hello and CSNP packets Step Command Remarks...
Configuring a DIS priority for an interface On an IS-IS broadcast network, you must elect a router as the DIS at a routing level. You can specify a DIS priority at a level for an interface. The greater the interface’s priority, the more likely it becomes the DIS.
Configuring LSP parameters Configuring LSP timers • Specify the maximum age of LSPs. Each LSP has an age that decreases in the LSDB. Any LSP with an age of 0 is deleted from the LSDB. You can adjust the age value based on the scale of a network. To specify the maximum age of LSPs: Step Command...
Page 164
IS-IS routers in an area must send LSPs smaller than the smallest interface MTU in this area. If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in this area. If they are not, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.
Enabling LSP fragment extension After LSP fragment extension is enabled for an IS-IS process, the MTUs of all the interfaces running the IS-IS process must not be less than 512; otherwise, LSP fragment extension will not take effect. At least one virtual system must be configured for the router to generate extended LSP fragments. An IS-IS process allows 50 virtual systems.
Step Command Remarks Optional. Not assigned by default. If no IS-IS route is assigned a high Assign a high priority to IS-IS priority high { ip-prefix priority, IS-IS host routes are routes. prefix-name | tag tag-value } processed first in network convergence because they have higher priority than other types of IS-IS routes.
Step Command Remarks Configure a system ID to host A system ID can only correspond to name mapping for a remote is-name map sys-id map-sys-name a host name. Configuring dynamic system ID to host name mapping Configure a static system ID to host name mapping for any other router in a network. When a new router is added into the network or a mapping must be modified, perform configuration on all routers.
Enhancing IS-IS network security To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication and routing domain authentication. Configuration prerequisites Before you enhance IS-IS network security, complete the following tasks: Configure IP addresses for interfaces, and make sure that all neighboring nodes can reach each •...
Step Command Remarks Specify the area area-authentication-mode { md5 | By default, no area authentication authentication mode and simple } [ cipher ] password [ ip | osi ] is configured. password. Configuring routing domain authentication Routing domain authentication prevents untrusted routing information from entering into a routing domain.
Step Command Remarks Optional. By default, the SA bit is not suppressed. Suppress the SA bit By enabling the GR Restarter to suppress the graceful-restart suppress-sa during restart. Suppress-Advertisement (SA) bit in the hello PDUs, the neighbors will still advertise their adjacency with the GR Restarter.
Page 171
traffic recovery time. Meanwhile, IS-IS calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence. You can either enable IS-IS FRR to calculate a backup next hop automatically, or to designate a backup next hop with a routing policy for routes matching specific criteria.
Enabling IS-IS SNMP trap This task enables IS-IS to generate traps and send them to the information center of the device. The information center determines whether to output the traps and where to output. For more information about information center, see Network Management and Monitoring Configuration Guide. To enable IS-IS SNMP trap: Step Command...
Page 173
Task Command Remarks display isis brief [ process-id | vpn-instance Display brief IS-IS configuration Available in any vpn-instance-name ] [ | { begin | exclude | information. view include } regular-expression ] display isis debug-switches { process-id | Display the status of IS-IS debug Available in any vpn-instance vpn-instance-name } [ | { begin | switches.
IS-IS configuration examples IS-IS basic configuration Network requirements As shown in Figure 63, Switch A, B, C, and D reside in an IS-IS AS. Switch A and B are Level- 1 switches, Switch D is a Level-2 switch, and Switch C is a Level- 1 -2 switch. Switch A, B, and C are in Area 10, and Switch D is in Area 20.
Page 177
0000.0000.0004.01-00* 0x00000002 0xec96 1007 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload # Display the IS-IS routing information of each switch. Level-1 switches must have a default route with the next hop being the Level-1-2 switch. The Level-2 switch must have both routing information of Level-1 and Level-2.
Page 180
Interface: Vlan-interface100 Circuit Id: 0000.0000.0004.01 State: Up HoldTime: 30s Type: L2 PRI: 64 # Display information about IS-IS interfaces of Switch A. [SwitchA] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No # Display information about IS-IS interfaces of Switch C.
Page 181
System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 28s Type: L2(L1L2) PRI: 64 System Id: 0000.0000.0004 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 30s Type: L2 PRI: 64 # Display information about IS-IS interfaces on Switch A. [SwitchA] display isis interface Interface information for ISIS(1) ---------------------------------...
System Id: 0000.0000.0002 Interface: Vlan-interface100 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 28s Type: L2 PRI: 64 [SwitchD] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS route redistribution Network requirements As shown in Figure 65, Switch A, Switch B, Switch C, and Switch D reside in the same AS.
IS-IS Graceful Restart configuration example Network requirements Switch A, Switch B, and Switch C belong to the same IS-IS routing domain, as illustrated in Figure Figure 66 Network diagram for IS-IS GR configuration Configuration procedure Configure IP addresses and subnet masks for interfaces. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch B and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.
Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status:...
Page 188
isis route command to check if routes from Switch A to the loopback interface on Switch B and from Switch B to the loopback interface on Switch A exist. # When a master/slave switchover occurs on Switch S, display IS-IS neighbors and routes on Switch A.
System Id: 0000.0000.0001 Interface: vlan200 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 25s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0001 Interface: vlan200 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 27s Type: L2(L1L2) PRI: 64 <SwitchB> display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 190
Figure 68 Network diagram for IS-IS FRR configuration Switch A Link B Link A Loop 0 Loop 0 1.1.1.1/32 4.4.4.4/32 Vlan-int200 Vlan-int200 13.13.13.1/24 13.13.13.2/24 Switch S Switch D Configuration procedure Configure IP addresses and subnet masks for interfaces on the switches. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch D, and Switch S can communicate with each other at Layer 3.
[SwitchD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [SwitchD] route-policy frr permit node 10 [SwitchD-route-policy] if-match ip-prefix abc [SwitchD-route-policy] apply fast-reroute backup-interface vlan-interface 101 backup-nexthop 24.24.24.2 [SwitchD-route-policy] quit [SwitchD] isis 1 [SwitchD-isis-1] fast-reroute route-policy frr [SwitchD-isis-1] quit Verify the configuration: # Display route 4.4.4.4/32 on Switch S to view the backup next hop information.
Page 192
Switch A, Switch B, and Switch C belong to Area 10, and Switch D belongs to Area 20. Configure relationship authentication between neighbors. Configure area authentication in Area 10 to prevent untrusted routes from entering into the area. Configure routing domain authentication on Switch C and Switch D to prevent untrusted routes from entering the routing domain.
Page 193
[SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] network-entity 20.0000.0000.0001.00 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 300 [SwitchD-Vlan-interface300] isis enable 1 [SwitchD-Vlan-interface300] quit Configure neighbor relationship authentication between neighbors: # Specify the MD5 authentication mode and password eRq on VLAN-interface 100 of Switch A and on VLAN-interface 100 of Switch C.
Configuring BGP Hardware compatibility The A5500 SI Switch Series does not support BGP. BGP overview The Border Gateway Protocol (BGP) is a dynamic inter-AS Exterior Gateway Protocol. The three early BGP versions are BGP- 1 (RFC 1 105), BGP-2 (RFC 1 163) and BGP-3 (RFC 1267). The current version is BGP-4 (RFC 4271), and is the Internet exterior gateway protocol.
Page 198
Keepalive • • Route-refresh They have the same header. Figure 71 BGP message header • Marker—The 16-byte field is used to delimit BGP messages. The Marker must be all ones. Length—The two-byte unsigned integer indicates the total length of the message. •...
Page 199
Optional parameters—Used for multiprotocol extensions and other functions. • Update The update messages are used to exchange routing information between peers. It can advertise feasible routes or remove multiple unfeasible routes. Figure 73 BGP update message format Each update message can advertise a group of feasible routes with identical attributes, and the routes are contained in the network layer reachability information (NLRI) field.
Keepalive Keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Route-refresh A route-refresh message is sent to a peer to request the specified address family routing information. Figure 75 BGP route-refresh message format AFI—Address family identifier.
Page 201
Name Category CLUSTER_LIST Optional non-transitive Usage of BGP path attributes • ORIGIN ORIGIN is a well-known mandatory attribute that defines the origin of routing information (how a route became a BGP route). This attribute has the following types: IGP—Has the highest priority. Routes added to the BGP routing table using the network command have the IGP attribute.
Page 202
Use the AS_PATH attribute for route selection and filtering. BGP gives priority to the route with the shortest AS_PATH length, if other factors are the same. As shown in Figure 76, the BGP router in AS 50 gives priority to the route passing AS 40 for sending data to the destination 8.0.0.0. In some applications, you can apply a routing policy to control BGP route selection by modifying the AS_PATH length.
Page 203
Figure 78 MED attribute In general, BGP compares MEDs of routes received from the same AS only. NOTE: The current implementation supports using the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs. LOCAL_PREF •...
usage and facilitates management and maintenance. Well-known community attributes are as follows: INTERNET—By default, all routes belong to the Internet community. Routes with this attribute can be advertised to all BGP peers. NO_EXPORT—After received, routes with this attribute cannot be advertised out the local AS or out the local confederation, but can be advertised to other sub-ASs in the confederation.
Page 205
IGP routing protocols such as RIP and OSPF compute metrics of routes, and then implement load • balancing over routes with the same metric and to the same destination. The route selection criterion is metric. • BGP has no route computation algorithm, so it cannot implement load balancing according to metrics of routes.
A BGP speaker advertises all routes to a newly connected peer. • BGP and IGP synchronization Enable BGP and IGP route synchronization in an AS to avoid giving wrong directions to routers. If a non-BGP router works in an AS, it can discard a packet because a destination is unreachable. As shown in Figure 81, Router E has learned a route of 8.0.0.0/8 from Router D via BGP.
Page 207
In most cases, BGP is used in complex networks, where route changes are more frequent. To solve the problem caused by route flaps, BGP route dampening is used to suppress unstable routes. BGP route dampening, as shown in Figure 82, uses a penalty value to judge the stability of a route. The bigger the value, the less stable the route.
Page 208
Route reflector IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n (n- 1 )/2, and large amounts of network and CPU resources are consumed. Using route reflectors can resolve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector.
NOTE: After route reflection is disabled between clients, routes can still be reflected between a client and a non-client. Confederation Confederation is another method to manage growing IBGP connections in ASs. This method splits an AS into multiple sub-ASs. In each sub-AS, IBGP peers are fully meshed, and, as shown in Figure intra-confederation EBGP connections are established between sub-ASs.
session. If neither party has the GR capability, the session established between them will not be GR capable. When a Master/Slave switchover occurs on the GR Restarter, sessions on it will go down. Then, GR-capable peers will mark all routes associated with the GR Restarter as stale. However, during the configured GR Time, they still use these routes for packet forwarding.
Task Remarks Configuring the interval for sending the same Optional. update Configuring BGP soft-reset Optional. Enabling the BGP ORF capability Optional. Enabling 4-byte AS number suppression Optional. Setting the DSCP value for BGP packets Optional. Enabling quick EBGP session reestablishment Optional.
If a BGP router has multiple links to a peer, and the source interface fails, BGP must reestablish TCP connections, causing network oscillation. To enhance stability of BGP connections, HP recommends using a loopback interface as the source interface.
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number By default, BGP uses the outbound Specify the source interface interface of the best route to the BGP peer { group-name | ip-address } for establishing TCP peer or peer group as the source connect-interface interface-type connections to a peer or peer interface for establishing a TCP...
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number network ip-address [ mask | Optional. Inject a network to the BGP mask-length ] route-policy routing table. Not injected by default. route-policy-name Configuring BGP route redistribution BGP does not find routes by itself. Rather, it redistributes routing information in the local AS from other routing protocols.
Controlling route distribution and reception Configuration prerequisites BGP connections must be created. Configuring BGP route summarization To reduce the routing table size on medium and large BGP networks, you need to configure route summarization on BGP routers. BGP supports automatic and manual summarization modes. Manual summary routes have a higher priority than automatic ones.
To advertise a default route to a peer or peer group: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number peer { group-name | ip-address } Advertise a default route to a Not advertised by default-route-advertise [ route-policy peer or peer group.
Page 218
Step Command Remarks • Configure the filtering of redistributed routes: filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] Configure at least one command. • Reference a routing policy to filter Not configured by default.
Step Command Remarks • Filter incoming routes with an ACL or IP prefix list: filter-policy { acl-number | ip-prefix ip-prefix-name } import • Reference a routing policy to filter routes from a peer or peer group: Configure at least one command. peer { group-name | ip-address } No route reception filtering is route-policy route-policy-name...
Step Command Remarks • Specify the maximum number of prefixes that can be received from a peer or peer group: Use one of the commands. peer { group-name | No limit is configured by default. ip-address } route-limit prefix-number If the specified maximum number is [ percentage-value ] reached: •...
Step Command Remarks Optional. network ip-address [ mask | mask-length ] By default, an EBGP Configure a shortcut route. short-cut route received has a priority of 255. Configuring BGP route attributes Configuration prerequisites BGP connections must be created. Specifying a preferred value for routes received By default, routes received from a peer have a preferred value of 0.
Configuring the default local preference The local preference is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest local preference as the best route.
Page 223
Figure 86 Route selection based on MED As shown in Figure 86, Router D learns network 10.0.0.0 from both Router A and Router B. Because Router B has a smaller router ID, the route learned from it is optimal. Network NextHop LocPrf PrefVal Path/Ogn...
Enabling the comparison of MED of routes from confederation peers The MED attributes of routes from confederation peers are not compared if their AS_PATH attributes contain AS numbers that do not belong to the confederation, such as these three routes: AS_PATH attributes of them are 65006 65009, 65007 65009, and 65008 65009;...
If you have configured BGP load balancing on a BGP router, the router will set it as the next hop for routes sent to an IBGP peer or peer group. This is done regardless of whether the peer next-hop-local command is configured.
Specifying a fake AS number for a peer or peer group When Router A in AS 2 is moved to AS 3, you can configure Router A to specify a fake AS number of 2 for created connections to EBGP peers or peer groups. In this way, these EBGP peers still think Router A is in AS 2 and need not change their configurations.
Configuring the BGP keepalive interval and holdtime After establishing a BGP connection, two routers send keepalive messages periodically to each other to keep the connection. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the connection. You can configure the keepalive interval and holdtime globally or for a specific peer or peer group.
Step Command Remarks Optional. The intervals for sending the Configure the interval for sending the peer { group-name | ip-address } same update to an IBGP same update to a peer or peer group. route-update-interval interval peer and an EBGP peer default to 15 seconds and 30 seconds.
Step Command Remarks Disable BGP route-refresh and peer { group-name | ip-address } multi-protocol extension capability for capability-advertise Enabled by default. a peer or peer group. conventional Save all routes from a peer or peer peer { group-name | ip-address } Not saved by default.
Table 8 Description of the both, send, and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result • receive The ORF sending capability is enabled locally and the send • ORF receiving capability is enabled on the peer. both •...
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or Enter BGP-VPN instance view: Use either approach. BGP-VPN view. bgp as-number ipv4-family vpn-instance vpn-instance-name Set the DSCP value Optional. for the BGP packets peer { group-name | ip-address } dscp sent to the specified By default, the DSCP value in BGP dscp-value...
Configuring BGP load balancing If multiple paths to a destination exist, you can configure load balancing over such paths to improve link utilization. To configure BGP load balancing: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Optional.
Page 233
Configuring an IBGP peer group After you create an IBGP peer group and then add a peer into it, the system creates the peer in BGP view and specifies the local AS number for the peer. To configure an IBGP peer group: Step Command Enter system view.
Step Command Remarks Specify an AS number for a peer ip-address as-number peer. as-number The AS number can be either specified or not specified in the peer ip-address group command. If specified, the AS Add the peer into the group. group-name [ as-number number must be the same as that as-number ]...
Step Command Remarks • Advertise the COMMUNITY attribute to a peer or peer group: peer { group-name | ip-address } advertise-community Advertise the COMMUNITY Not configured by attribute to a peer or peer group. • default. Advertise the extended community attribute to a peer or peer group: peer { group-name | ip-address } advertise-ext-community...
If routers not compliant with RFC 3065 exist in the confederation, use the confederation nonstandard command to make the local router compatible with these routers. Configuring a BGP confederation After you split an AS into multiple sub ASs, you can configure a router in a sub AS as follows: Enable BGP and specify the AS number of the router.
Step Command Remarks Enter system view. system-view Enable BGP and enter its view. bgp as-number Enable GR Capability for BGP. graceful-restart Disabled by default. Configure the maximum time Optional. graceful-restart timer restart allowed for the peer to timer 150 seconds by default. reestablish a BGP session.
After a link failure occurs, BFD may detect the failure before the system performs GR. As a result, GR will fail. If GR capability is enabled for BGP, use BFD with caution. If GR and BFD are both enabled, do not disable BFD during a GR process;...
Task Command Remarks Available in user Reset all IPv4 unicast BGP connections. reset bgp ipv4 all view Clearing BGP information Task Command Remarks Clear dampened BGP routing reset bgp dampening [ ip-address [ mask | Available in information and release suppressed mask-length ] ] user view routes.
Page 242
[SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 65009 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 [SwitchB-bgp] quit # Display BGP peer information on Switch B. [SwitchB] display bgp peer BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 2 Peers in established state : 2 Peer MsgRcvd...
Page 243
Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
i 2.2.2.2/32 2.2.2.2 *>i 3.1.1.0/24 2.2.2.2 *>i 8.1.1.0/24 3.1.1.2 65008i * i 9.1.1.0/24 2.2.2.2 The output shows that the route 8.1.1.0 becomes valid with the next hop as Switch A. Verify the configuration: # Ping 8.1.1.1 on Switch C. [SwitchC] ping 8.1.1.1 PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms...
Page 245
[SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ospf 1 [SwitchC-ospf-1] import-route direct [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit Configure the EBGP connection: Configure the EBGP connection and inject network 8.1.1.0/24 to the BGP routing table of Switch A, so that Switch B can obtain the route to 8.1.1.0/24.
Page 246
*> 3.3.3.3/32 3.1.1.1 65009? *> 8.1.1.0/24 0.0.0.0 *> 9.1.2.0/24 3.1.1.1 65009? # Display the routing table on Switch C. [SwitchC] display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 2.2.2.2/32 OSPF 9.1.1.1 Vlan300 3.3.3.3/32 Direct 0...
BGP load balancing configuration example Network requirements As shown in Figure 91, all the switches run BGP. Switch A resides in AS 65008, Switch B and Switch C in AS 65009. Between Switch A and Switch B, Switch A and Switch C are EBGP connections, and between Switch B and Switch C is an IBGP connection.
# Display the BGP routing table on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 1.0.0.0 192.1.1.1 100i # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.1...
Not advertised to any peers yet # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
Page 257
Figure 95 Network diagram AS 200 Vlan-int100 Vlan-int300 AS 100 Switch B Vlan-int101 Vlan-int300 Vlan-int100 Vlan-int400 Vlan-int200 Switch D Vlan-int400 Switch A Vlan-int200 Switch C Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24...
Page 258
# Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table on Switch A. [SwitchA-bgp] network 1.0.0.0 8 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 200 [SwitchB-bgp] peer 192.1.1.1 as-number 100 [SwitchB-bgp] peer 194.1.1.1 as-number 200...
Page 259
# Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
BGP GR configuration example Network requirements All switches run BGP in Figure 96. Between Switch A and Switch B is an EBGP connection. Switch B and Switch C are connected over an IBGP connection. Enable GR capability for BGP so that the communication between Switch A and Switch C is not affected when a master/slave switchover occurs on Switch B.
# Configure the IBGP connection. <SwitchC> system-view [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 9.1.1.1 as-number 65009 # Enable GR capability for BGP. [SwitchC-bgp] graceful-restart Verify the configuration: Ping Switch C on Switch A. Meanwhile, perform a master/slave switchover on Switch B. The ping operation is successful during the whole switchover process.
Page 262
Configure OSPF in AS 200 to make sure Switch A and Switch C can reach each other and configure Switch A to redistribute BGP routes. (Details not shown.) Configure BGP on Switch A: # Establish two IBGP connections between Switch A and Switch C, and configure Switch A to advertise itself as the next hop.
Page 263
[SwitchC] bgp 100 [SwitchC-bgp] peer 3.0.1.1 as-number 200 [SwitchC-bgp] peer 2.0.1.1 as-number 200 # Configure BFD over the link to peer 3.0.1.1 so that when the link Switch A<—>Switch B<—>Switch C fails, BFD can quickly detect the failure and notify it to BGP, and then the link Switch A<—>Switch D<—>Switch C takes effect immediately.
Page 264
IP Session Working Under Ctrl Mode: Local Discr: 17 Remote Discr: 13 Source IP: 3.0.2.2 Destination IP: 3.0.1.1 Session State: Up Interface: Vlan-interface101 Min Trans Inter: 500ms Act Trans Inter: 500ms Min Recv Inter: 500ms Act Detect Inter: 3000ms Running Up for: 00:00:06 Auth mode: None Connect Type: Indirect Board Num: 0...
Troubleshooting BGP BGP peer relationship not established Symptom Display BGP peer information by using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers must establish a TCP session using port 179 and exchange Open messages successfully.
Configuring IPv6 static routing Hardware compatibility The A5500 SI Switch Series does not support VPN-related parameters. Overview Static routes are manually configured. They work well in simple networks. Proper configuration and use can improve network performance and ensure enough bandwidth for important applications. Static routes cannot adapt to network topology changes.
Figure 98 Network diagram Configuration procedure Configure the IPv6 addresses for all VLAN interfaces. (Details not shown.) Configure IPv6 static routes: # Enable IPv6 and configure a default IPv6 static route on Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ipv6 route-static :: 0 4::2 # Enable IPv6 and configure two IPv6 static routes on Switch B.
Page 270
Destination : 1::/64 Protocol : Direct NextHop : 1::1 Preference Interface : Vlan100 Cost Destination : 1::1/128 Protocol : Direct NextHop : ::1 Preference Interface : InLoop0 Cost Destination : FE80::/10 Protocol : Direct NextHop : :: Preference Interface : NULL0 Cost # Verify the connectivity with the ping command.
Configuring RIPng Hardware compatibility The A5500 SI Switch Series does not support VPN-related parameters. Introduction to RIPng RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. The term "router" in this chapter refers to both routers and Layer 3 switches. RIPng for IPv6 has the following basic differences from RIP: •...
RIPng packet format Basic format A RIPng packet consists of a header and multiple route table entries (RTEs). The maximum number of RTEs in a packet depends on the IPv6 MTU of the sending interface. Figure 99 RIPng basic packet format Command Version Must be zero...
RIPng packet processing procedure Request packet When a RIPng router first starts or needs to update entries in its routing table, usually a multicast request packet is sent to ask for needed routes from neighbors. The receiving RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix length both being 0, and with a metric value of 16, the RIPng router will respond with the entire routing table information in response messages.
Configuring RIPng basic functions This section presents the information to configure the basic RIPng features. You must enable RIPng first before configuring other tasks, but it is not necessary for RIPng-related interface configurations, such as assigning an IPv6 address. Before you configure RIPng basic functions, complete the following tasks: Enable IPv6 packet forwarding.
Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Optional. Specify an inbound routing ripng metricin value additional metric. 0 by default. Optional. Specify an outbound ripng metricout value routing additional metric. 1 by default. Configuring RIPng route summarization Step Command Enter system view.
Step Command Remarks filter-policy { acl6-number | Configure a filter policy to By default, RIPng does not filter ipv6-prefix ipv6-prefix-name } filter outgoing routes. outgoing routing information. export [ protocol [ process-id ] ] Configuring a priority for RIPng Any routing protocol has its own protocol priority used for optimal route selection. You can set a priority for RIPng manually.
Configuring split horizon The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors. HP recommends enabling split horizon to prevent routing loops. To configure split horizon:...
Step Command Remarks Enable the poison reverse ripng poison-reverse Disabled by default. function. Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called "zero fields". With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded. If you are sure that all packets are trustworthy, disable the zero field check to reduce the CPU processing time.
Configuration prerequisites Before you apply an IPsec policy for RIPng, complete following tasks: Create an IPsec proposal. • Create an IPsec policy. • For more information about IPsec policy configuration, see Security Configuration Guide. Configuration guidelines An IPsec policy used for RIPng can only be in manual mode. For more information, see Security Configuration Guide.
Task Command Remarks display ripng process-id interface Display RIPng interface [ interface-type interface-number ] Available in any view information. [ | { begin | exclude | include } regular-expression ] Reset a RIPng process. reset ripng process-id process Available in user view Clear statistics of a RIPng process.
Page 286
[SwitchB-Vlan-interface100] ripng 1 enable [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ripng 1 [SwitchC-ripng-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] ripng 1 enable [SwitchC-Vlan-interface200] quit Configure RIPng IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...
Page 287
algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg. [SwitchC] ipsec proposal tran1 [SwitchC-ipsec-proposal-tran1] encapsulation-mode transport [SwitchC-ipsec-proposal-tran1] transform esp...
Configuring OSPFv3 Hardware compatibility The A5500 SI Switch Series does not support OSPFv3. Introduction to OSPFv3 OSPFv3 overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6). The term "router" in this chapter refers to both routers and Layer 3 switches. OSPFv3 and OSPFv2 have the following similarities: •...
Instance ID—Instance ID for a link. • • 0—Reserved. It must be 0. OSPFv3 LSA types OSPFv3 sends routing information in LSAs, which, as defined in RFC 2740, have the following types: • Router-LSA—Originated by all routers. This LSA describes the collected states of the router's interfaces to an area, and is flooded throughout a single area only.
LSA delay time Each LSA has an age in the local LSDB (incremented by one per second), but an LSA does not age on transmission. You must add an LSA delay time into the age time before transmission, which is important for low-speed networks.
Task Remarks Configuring a priority for OSPFv3 Optional Configuring OSPFv3 route redistribution Optional Configuring OSPFv3 timers Optional Configuring a DR priority for an interface Optional Tuning and optimizing OSPFv3 Ignoring MTU check for DD packets Optional networks Disabling interfaces from receiving and sending Optional OSPFv3 packets Enabling the logging of neighbor state changes...
Step Command Remarks Enable an OSPFv3 process on ospfv3 process-id area area-id Not enabled by default. the interface. [ instance instance-id ] Configuring OSPFv3 area parameters The stub area and virtual link features of OSPFv3 are the same as OSPFv2. Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications.
Configuring an OSPFv3 virtual link You can configure a virtual link to maintain connectivity between a non-backbone area and the backbone, or in the backbone itself. IMPORTANT: Both ends of a virtual link are ABRs that must be configured with the vlink-peer command. •...
Step Command Remarks interface interface-type Enter interface view. interface-number Optional. ospfv3 network-type { broadcast | Configure a network type for The network type of an interface nbma | p2mp [ non-broadcast ] | the OSPFv3 interface. depends on the media type of the p2p } [ instance instance-id ] interface.
Step Command Remarks Not configured by default. abr-summary ipv6-address Configure a summary route. The abr-summary command takes prefix-length [ not-advertise ] effect on ABRs only. Configuring OSPFv3 inbound route filtering According to some rules, you can configure OSPFv3 to filter routes that are computed from received LSAs.
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Optional. Configure a bandwidth bandwidth-reference value reference value. 100 Mbps by default. Configuring the maximum number of OSPFv3 ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command...
Using the filter-policy export command filters routes redistributed with the import-route command. • If the import-route command is not configured, executing the filter-policy export command does not take effect. To configure OSPFv3 route redistribution: Step Command Remarks Enter system view. system-view Enter OSPFv3 view.
Step Command Remarks Optional. By default, the DR priority is 1. The DR priority of an interface ospfv3 dr-priority priority [ instance Configure a DR priority. determines the interface’s instance-id ] qualification in DR election. Interfaces having the priority 0 cannot become a DR or BDR.
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Enable the logging of log-peer-change Enabled by default. neighbor state changes. Configuring OSPFv3 GR IMPORTANT: You cannot configure OSPFv3 GR after configuring OSPFv3 virtual links, because they are not supported at the same time.
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Optional. Enable the GR Helper graceful-restart helper enable capability. Enabled by default. Optional. Enable strict LSA graceful-restart helper checking. strict-lsa-checking Disabled by default. Configuring BFD for OSPFv3 Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.
Page 302
To implement area-based IPsec protection, you need to configure the same IPsec policy on the • routers in the target area. To implement interface-based IPsec protection, you need to configure the same IPsec policy on the • interfaces between two neighboring routers. To implement virtual link-based IPsec protection, you need to configure the same IPsec policy on the •...
Task Command Remarks display ospfv3 statistics [ | { begin | exclude | include } Available in Display OSPFv3 statistics. regular-expression ] any view Display the GR status of the display ospfv3 [ process-id ] graceful-restart status [ | Available in specified OSPFv3 process.
Page 306
2.2.2.2 Full/Backup 00:00:39 Vlan100 OSPFv3 Area ID 0.0.0.2 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 4.4.4.4 Full/DR 00:00:38 Vlan400 # Display OSPFv3 routing table information on Switch D. [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route,...
*Destination: ::/0 Type : IA Cost : 11 NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64...
Page 308
Figure 107 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
Page 309
[SwitchD] ospfv3 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. The switches have the same default DR priority 1. Then, Switch D (the switch with the highest Router ID) is elected as the DR, and Switch C is the BDR. [SwitchA] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ----------------------------------------------------------------------...
OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 1.1.1.1 Full/DROther 00:00:33 Vlan100 2.2.2.2 Full/DROther 00:00:36 Vlan200 3.3.3.3 Full/Backup 00:00:40 Vlan100 Restart DR and BDR election: # Use the shutdown and undo shutdown commands on interfaces to restart DR and BDR election. (Details not shown.) # Display neighbor information on Switch A.
Page 311
Figure 108 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Enable OSPFv3 process 1 on Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 2 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200...
Page 312
[SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] ospfv3 2 area 2 [SwitchC-Vlan-interface300] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ospfv3 2 area 2 [SwitchC-Vlan-interface400] quit # Display the routing table of Switch C. [SwitchC] display ipv6 routing-table Routing Table : Destinations : 6 Routes : 6 Destination: ::1/128 Protocol...
After all switches function properly, perform a master/slave switchover on Switch A to trigger an OSPFv3 GR operation. Configuring BFD for OSPFv3 Network requirements Figure 1 10, configure OSPFv3 on Switch A, Switch B and Switch C and configure BFD over the link Switch A<—>L2 Switch<—>Switch B.
Page 316
[SwitchB] ospfv3 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ospfv3 1 area 0 [SwitchB-Vlan-interface10] quit [SwitchB] interface vlan-interface 13 [SwitchB-Vlan-interface13] ospfv3 1 area 0 [SwitchB-Vlan-interface13] quit # Configure Switch C. Enable OSPFv3 and configure the router ID as 3.3.3.3. <SwitchC>...
Destination IP: FE80::20F:FF:FE00:1200 (link-local address of VLAN-interface 10 on Switch B) Session State: Up Interface: Vlan10 Hold Time: # Display routes destined for 2001:4::0/64 on Switch A. <SwitchA> display ipv6 routing-table 2001:4::0 64 verbose Routing Table : Summary Count : 1 Destination : 2001:4:: PrefixLength : 64...
Page 318
Figure 111 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Configure Switch A: enable OSPFv3 and configure the router ID as 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ospfv3 1 area 1...
Page 319
Configure OSPFv3 IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1; create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg.
Page 320
[SwitchB-ipsec-policy-manual-policy002-10] proposal tran2 [SwitchB-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321 [SwitchB-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321 [SwitchB-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba [SwitchB-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba [SwitchB-ipsec-policy-manual-policy002-10] quit # On Switch C, create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...
OSPFv3 packets between Switches A, B, and C are protected by IPsec. Troubleshooting OSPFv3 configuration No OSPFv3 neighbor relationship established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower protocol function properly, verify OSPF parameters configured on interfaces. The two neighboring interfaces must have the same parameters, such as the area ID, network segment and mask, and network type.
Configuring IPv6 IS-IS This chapter describes how to configure IPv6 IS-IS, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information. For information about IS-IS, see "Configuring IS-IS." The term "router" in this chapter refers to both routers and Layer 3 switches. Hardware compatibility The A5500 SI Switch Series does not support IPv6 IS-IS.
Step Command Remarks Return to system view. quit interface interface-type Enter interface view. interface-number Enable IPv6 for an IS-IS isis ipv6 enable [ process-id ] Disabled by default. process on the interface. Configuring IPv6 IS-IS routing information control Complete the IPv6 IS-IS basic function configuration before configuring this task. For information about ACL, see ACL and QoS Configuration Guide.
Step Command Remarks Specify the maximum Optional. number of equal-cost load ipv6 maximum load-balancing number 8 by default. balanced routes. NOTE: The ipv6 filter-policy export command is usually combined with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement.
Figure 112 Network diagram Figure 1 12, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6. Router C supports only IPv4 and cannot forward IPv6 packets. Enable IPv6 IS-IS MTR on Router A, Router B, Router C, and Router D to make them perform route calculation separately in IPv4 and IPv6 topologies.
BFD for IPv6 IS-IS configuration example Network requirements As shown in Figure 1 14, configure IPv6 IS-IS on Switch A, Switch B, and Switch C and configure BFD over the link Switch A<—>L2 Switch<—>Switch B. After the link between Switch B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure.
Source IP: FE80::20F:FF:FE00:1202 (link-local address of VLAN-interface 10 on Switch A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of VLAN-interface 10 on Switch B) Session State: Up Interface: Vlan10 Hold Time: # Display routes destined for 2001:4::0/64 on Switch A. <SwitchA> display ipv6 routing-table 2001:4::0 64 verbose Routing Table : Summary Count : 1 Destination...
Page 334
Figure 115 Network diagram Switch A Switch B Vlan-int12 Vlan-int12 12::1/64 12::2/64 Vlan-int14 Vlan-int11 14::1/64 11.1.1.1/24 Vlan-int14 Vlan-int11 14::2/64 11.1.1.2/24 Vlan-int13 Vlan-int13 Loop0 22.1.1.1/24 22.1.1.2/24 44::1/128 Switch C Switch D Configuration procedure Configure IPv4 and IPv6 addresses and subnet masks for interfaces on the switches. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch B, Switch C, and Switch D can communicate with each other at Layer 3 and dynamic route update can be implemented among...
Page 335
Next Hop : Direct Interface: Vlan12 Destination: 44::1 PrefixLen: 128 Flag : R/L/- Cost : 36 Next Hop : FE80::200:5EFF:FE00:F11 Interface: Vlan14 Destination: 14:: PrefixLen: 64 Flag : D/L/- Cost : 36 Next Hop : Direct Interface: Vlan14 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 12::...
Configuring IPv6 BGP This chapter describes only configuration for IPv6 BGP. For BGP related information, see "Configuring BGP." The term "router" in this chapter refers to both routers and Layer 3 switches. Hardware compatibility The A5500 SI Switch Series does not support IPv6 BGP. IPv6 BGP overview BGP-4 was designed to carry only IPv4 routing information, so other network layer protocols such as IPv6 are not supported.
Page 337
Task Remarks Injecting a local IPv6 route Optional Configuring a preferred value for routes from a Optional peer or peer group Specifying the source interface for establishing TCP Optional connections Allowing the establishment of an indirect EBGP Optional connection Configuring a description for an IPv6 peer or peer Optional group Disabling session establishment to an IPv6 peer or...
Task Remarks Configuring BFD for IPv6 BGP Optional Configuring IPv6 BGP basic functions Configuration prerequisites Before you configure IPv6 BGP basic functions, complete the following tasks: Specify IP addresses for interfaces. • Enable IPv6 with the ipv6 command in system view. •...
TCP connections, causing network oscillation. To enhance stability of IPv6 BGP connections, HP recommends using a loopback interface as the source interface. To establish a BGP connection, specify on the local router the source interface for establishing the TCP connection to the peer on the peering BGP router.
Step Command Remarks By default, IPv6 BGP uses the Specify the source interface peer { ipv6-group-name | outbound interface of the best for establishing TCP ipv6-address } connect-interface route to the IPv6 BGP peer or peer connections to an IPv6 BGP interface-type interface-number group as the source interface for peer or peer group.
Step Command Remarks Enter IPv6 address family view. ipv6-family Optional. Disable session establishment to an peer { ipv6-group-name | IPv6 peer or peer group. ipv6-address } ignore Not disabled by default. Logging IPv6 peer or peer group state changes Step Command Remarks Enter system view.
Step Command Remarks Optional. Not enabled by default. If the default-route imported Enable default route redistribution into default-route imported command is not configured, the IPv6 BGP routing table. using the import-route command cannot redistribute any IGP default route. import-route protocol Enable route redistribution from [ process-id [ med med-value Not enabled by default.
Step Command Remarks Not advertised by default. With the peer default-route-advertise command executed, the Advertise a default route to peer { ipv6-group-name | ipv6-address } local router advertises a an IPv6 peer or peer default-route-advertise [ route-policy default route with itself as group.
To configure inbound route filtering: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. filter-policy { acl6-number | Configure inbound route ipv6-prefix ipv6-prefix-name } Not configured by default. filtering. import Apply a routing policy to peer { ipv6-group-name | routes from an IPv6 peer or ipv6-address } route-policy...
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Optional. preference { external-preference Configure preference values internal-preference The default preference values of for IPv6 BGP external, local-preference | route-policy external, internal, and local routes are internal, and local routes.
Step Command Remarks Enter IPv6 address family ipv6-family view. Allow the local AS number to peer { ipv6-group-name | Optional. appear in AS_PATH of routes ipv6-address } allow-as-loop from a peer or peer group Not allowed by default. [ number ] and specify the repeat times.
Configuration prerequisites Before you configure IPv6 BGP timers, complete the following tasks: Enable IPv6. • Configure IPv6 BGP basic functions. • Configuring IPv6 BGP timers Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family view. ipv6-family Optional.
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Optional. Not saved by default. If the peer keep-all-routes command is used, all routes Save all routes from an IPv6 from the peer or peer group peer or peer group, not letting peer { ipv6-group-name | ipv6-address } are saved regardless of...
Step Command Remarks Optional. Enable the non-standard ORF peer { group-name | By default, standard BGP ORF capability for a BGP peer or ipv6-address } capability-advertise capability defined in RFC 5291 peer group. orf non-standard and RFC 5292 is supported. peer { group-name | ip-address | Enable the ORF IP prefix ipv6-address } capability-advertise...
Setting the DSCP value for IPv6 BGP packets An IPv6 packet header contains an 8-bit Traffic class field. This field identifies the service type of IPv6 packets. As defined in RFC 2474, the first six bits set the Differentiated Services Code Point (DSCP) value and the last two bits are reserved.
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Enable MD5 authentication peer { ipv6-group-name | when establishing a TCP ipv6-address } password { cipher | Not enabled by default. connection to the peer or peer simple } password group.
Configuring a large-scale IPv6 BGP network In a large-scale IPv6 BGP network, configuration and maintenance become inconvenient because of too many peers. Configuring peer groups makes management easier and improves route distribution efficiency. Peer group includes IBGP peer group, where peers belong to the same AS, and EBGP peer group, where peers belong to different ASs.
Step Command Remarks Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Create an EBGP peer group. group ipv6-group-name external Configure the AS number for peer ipv6-group-name as-number Not configured by default. the peer group. as-number Add an IPv6 peer into the peer ipv6-address group Not added by default.
Follow these guidelines when you configure an IPv6 BGP route reflector: Because the route reflector forwards routing information between clients, you must make clients of a route reflector fully meshed. If clients are fully meshed, HP recommends disabling route reflection between clients to reduce routing costs.
Configuring BFD for IPv6 BGP IPv6 BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds. IPv6 BGP defines that the holdtime interval must be at least three times the keepalive interval. This mechanism makes the detection of a link failure rather slow and thus causes a large quantity of packets to be dropped especially when the failed link is a high-speed link.
Task Command Remarks Display the prefix entries in the display bgp ipv6 peer { ip-address | ipv6-address } Available in ORF information of the specified received ipv6-prefix [ | { begin | exclude | include } any view BGP peer. regular-expression ] display bgp ipv6 routing-table [ ipv6-address Display IPv6 BGP routing table...
BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 3 Peers in established state : 3 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10::2 65008 0 00:01:16 Established 9:3::2 65009 0 00:00:40 Established 9:1::2 65009 0 00:00:19 Established...
Page 362
Configure IPv6 BGP on the switches. Switches A and B establish an IBGP relationship. Switches B • and C establish an EBGP relationship. Configure IPsec policies on the switches to authenticate and encrypt protocol packets. • Figure 118 Network diagram Configuration procedure Configure IP addresses for interfaces.
Page 363
[SwitchC-bgp-af-ipv6] quit [SwitchC-bgp] quit # Configure Switch B. [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] group ebgp external [SwitchB-bgp-af-ipv6] peer 3::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 3::2 group ebgp [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit Configure IPsec policies: # On Switch A, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1;...
Page 364
[SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] quit [SwitchB] ipsec proposal tran2 [SwitchB-ipsec-proposal-tran2] encapsulation-mode transport [SwitchB-ipsec-proposal-tran2] transform esp [SwitchB-ipsec-proposal-tran2] esp encryption-algorithm des [SwitchB-ipsec-proposal-tran2] esp authentication-algorithm sha1 [SwitchB-ipsec-proposal-tran2] quit [SwitchB] ipsec policy policy002 10 manual...
Routing policy configured: No routing policy is configured BGP Peer is 3::2, remote AS 65009, Type: EBGP link BGP version 4, remote router ID 3.3.3.3 BGP current state: Established, Up for 00h01m51s BGP current event: RecvKeepalive BGP last state: OpenConfirm Port: Local –...
Page 367
Figure 119 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int100 3000::1/64 Switch C Vlan-int101 3001::3/64 Vlan-int200 2000::1/64 Vlan-int201 2001::3/64 Switch B Vlan-int100 3000::2/64 Switch D Vlan-int200 2000::2/64 Vlan-int101 3001::2/64 Vlan-int201 2001::2/64 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPFv3 to make sure that Switch A and Switch C are reachable to each other.
Page 369
Configure the minimum interval for transmitting BFD control packets as 500 milliseconds. [SwitchC-Vlan-interface101] bfd min-transmit-interval 500 Configure the minimum interval for receiving BFD control packets as 500 milliseconds. [SwitchC-Vlan-interface101] bfd min-receive-interval 500 Configure the detect multiplier as 7. [SwitchC-Vlan-interface101] bfd detect-multiplier 7 [SwitchC-Vlan-interface101] return Verify the configuration: # Display detailed BFD session information.
Page 371
Processing steps Use the display current-configuration configuration bgp command to verify that the peer’s AS number is correct. Use the display bgp ipv6 peer command to verify that the peer's IPv6 address is correct. If a loopback interface is used, verify that the loopback interface is specified with the peer connect-interface command.
Configuring routing policies Hardware compatibility The A5500 SI Switch Series does not support OSPF, BGP, IS-IS, OSPFv3, IPv6 BGP, IPv6 IS-IS, or FRR. Introduction to routing policy Routing policies are used to receive, advertise, and redistribute only specific routes and modify the attributes of some routes.
Page 373
An IP prefix list is configured to match the destination address of routing information. You can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, see "Configuring RIP" and "Configuring OSPF." An IP prefix list, identified by name, can comprise multiple items.
Defining filters Configuration prerequisites Before you configure this task, you must determine IP-prefix list name, matching address range, and extcommunity list sequence number. Defining an IP prefix list Defining an IPv4 prefix list Identified by name, an IPv4 prefix list can comprise multiple items. Each item specifies a prefix range to match and is identified by an index number.
Step Command Remarks ip ipv6-prefix ipv6-prefix-name [ index index-number ] Define an IPv6 { deny | permit } ipv6-address prefix-length Not defined by default. prefix list. [ greater-equal min-prefix-length ] [ less-equal max-prefix-length ] If all items are set to the deny mode, no routes can pass the IPv6 prefix list. You must define the permit :: 0 less-equal 128 item following multiple deny items to allow other IPv6 routing information to pass.
Defining an extended community list You can define multiple items for an extended community list that is identified by number. During matching, the relation between items is logic OR. If routing information matches one of these items, it passes the extended community list. To define an extended community list: Step Command...
To create a routing policy: Step Command Enter system view. system-view Create a routing policy, specify a node for it, and route-policy route-policy-name { deny | permit } node node-number enter routing policy view. Defining if-match clauses Follow these guidelines when you define if-match clauses: The if-match clauses of a routing policy node are in logic AND relationship.
Step Command Remarks Optional. Match BGP routing information whose if-match as-path AS_PATH attribute is specified in the AS Not configured by AS-PATH-number&<1-16> path lists. default. if-match community Optional. Match BGP routing information whose { { basic-community-list-number | COMMUNITY attribute is specified in the Not configured by comm-list-name } [ whole-match ] | community lists.
Step Command Remarks Optional. Set a cost for routing apply cost [ + | - ] value information. Not set by default. Optional. Set a cost type for routing apply cost-type [ external | internal information. | type-1 | type-2 ] Not set by default.
If you configure the apply community clause for multiple nodes that are combined by the continue • clause, the apply comm-list delete clause configured on the current node cannot delete the COMMUNITY attributes of preceding nodes. To define a continue clause: Step Command Remarks...
Routing policy configuration examples Applying a routing policy to IPv4 route redistribution Network requirements As shown in Figure 120, Switch B exchanges routing information with Switch A using OSPF, and with Switch C using IS-IS. On Switch B, enable route redistribution from IS-IS to OSPF, and apply a routing policy to set the cost of route 172.17.1.0/24 to 100 and the tag of route 172.17.2.0/24 to 20.
Page 382
<SwitchB> system-view [SwitchB] isis [SwitchB-isis-1] is-level level-2 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable [SwitchB-Vlan-interface200] quit Configure OSPF and route redistribution: # Configure OSPF on Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # On Switch B, configure OSPF and enable route redistribution from IS-IS.
# Enable RIPng. [SwitchB] ripng # Display RIPng routing table information. [SwitchB-ripng-1] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::7D58:0:CA03:1 on Vlan-interface 100 Dest 10::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec Dest 20::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 Sec...
[SwitchD] ip as-path 1 permit .*200.* # Create routing policy rt1 with node 1, and specify the match mode as deny to deny routes from AS 200. [SwitchD] route-policy rt1 deny node 1 [SwitchD-route-policy] if-match as-path 1 [SwitchD-route-policy] quit # Create routing policy rt1 with node 10, and specify the match mode as permit to permit routes from other ASs.
IPv6 routing information filtering failure Symptom The routing protocol is running properly, but filtering routing information failed. Analysis At least one item of the IPv6 prefix list must be configured as permit mode, and at least one node of the routing policy must be configured as permit mode.
Configuring policy-based routing Hardware compatibility The A5500 SI Switch Series does not support PBR. Introduction to PBR Policy-based routing (PBR) is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use a policy (based on the source address or other criteria) to route packets.
Concepts Policy A policy is used to route IP packets. A policy can consist of one or multiple nodes. Node A node is identified by a node number. The node with the smallest node number has the highest priority. A policy node consists of if-match and apply clauses. An if-match clause specifies a match criterion on a node, and an apply clause specifies an action to be taken on packets.
Configuring PBR (using a PBR policy) Defining a policy Follow these guidelines when you define a policy: If an ACL match criterion is defined, packets are matched against the ACL rules, whereas the permit • or deny action and the time range of the specified ACL are ignored. If the specified ACL does not exist, no packet is matched.
Step Command Remarks Optional. You can specify two next hops at a time. apply ip-address next-hop ip-address • For local PBR, both the two next [ direct ] [ track track-entry-number ] hops take effect to implement Set next hops. [ ip-address [ direct ] [ track load sharing.
Step Command Remarks Configure interface PBR ip policy-based-route policy-name Not configured by default. based on a policy. NOTE: If the specified policy does not exist, the interface PBR configuration succeeds, but it takes effect only when the policy is created. PBR and track Associated with a Track object, PBR can sense topology changes faster.
Applying the QoS policy When configuring PBR, you can apply a QoS policy to the following occasions: Applied globally—Affects the traffic sent or received on all ports. • Applied to an interface—Affects the traffic sent or received on the interface. •...
Displaying and maintaining PBR configuration PBR configuration (using a PBR policy) Task Command Remarks Display the PBR routing display ip policy-based-route [ | { begin | Available in any view information. exclude | include } regular-expression ] display ip policy-based-route setup Display the specified PBR routing { interface interface-type interface-number | Available in any view...
[SwitchA-Vlan-interface20] ip address 1.1.3.1 255.255.255.0 Configure Switch B: # Configure the IP address of VLAN-interface 10. <SwitchB> system-view [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 [SwitchB-Vlan-interface10] quit Configure Switch C: # Configure the IP address of VLAN-interface 20. <SwitchC>...
Page 398
Figure 124 Network diagram Configuration procedure In this example, static routes are configured to ensure the reachability among devices. Configure Switch A: # Define ACL 3101 to match TCP packets. <SwitchA> system-view [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule permit tcp [SwitchA-acl-adv-3101] quit # Configure Node 5 of policy aaa to forward TCP packets to next hop 1.1.2.2.
<SwitchB> system-view [SwitchB] ip route-static 10.110.0.0 24 1.1.2.1 # Configure the IP address of VLAN-interface 10. [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 [SwitchB-Vlan-interface10] quit Configure Switch C: # Configure a static route to subnet 10.110.0.0/24. <SwitchC> system-view [SwitchC] ip route-static 10.110.0.0 24 1.1.3.1 # Configure the IP address of VLAN-interface 20.
[SwitchA-acl-basic-2000] rule 0 permit source any [SwitchA-acl-basic-2000] quit # Define a match criterion for class a to match ACL 2000. [SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202.1.1.2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202.1.1.2 [SwitchA-behavior-a] quit...
Page 401
[SwitchA] traffic classifier a [SwitchA-classifier-a] if-match acl ipv6 2000 [SwitchA-classifier-a] quit # Configure the action of redirecting traffic to the next hop 202::2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202::2 [SwitchA-behavior-a] quit # Associate class a with behavior a in QoS policy a. [SwitchA] qos policy a [SwitchA-qospolicy-a] classifier a behavior a [SwitchA-qospolicy-a] quit...
Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). This chapter covers MCE related configuration. For information about routing protocols, see Layer 3—IP Services Configuration Guide. The MCE function is available only on the HP 5500 EI switch series. MCE overview MPLS L3VPN overview MPLS L3VPN is a type of PE-based L3VPN technology for service provider VPN solutions.
CEs and PEs mark the boundary between the service providers and the customers. After a CE establishes adjacency with a directly connected PE, it advertises its VPN routes to the PE and learns remote VPN routes from the PE. A CE and a PE use BGP/IGP to exchange routing information. You can also configure static routes between them.
Page 404
VPN-IPv4 address Traditional BGP cannot process overlapping VPN routes. If, for example, both VPN 1 and VPN 2 use addresses on the segment 10.1 10.10.0/24 and each advertise a route to the segment, BGP selects only one of them, which results in the loss of the other route. PEs use MP-BGP to advertise VPN routes and use VPN-IPv4 address family to solve the problem with traditional BGP.
Export target attribute: A local PE sets this type of route target attribute for VPN-IPv4 routes learned • from directly connected sites before advertising them to other PEs. Import target attribute: A PE checks the export target attribute of VPN-IPv4 routes advertised by •...
Figure 129 Network diagram for the MCE function VPN 1 VPN 2 Site 1 Site 1 VLAN-int2 VLAN-int7 VLAN-int8 VLAN-int3 VPN 2 Site 2 Site 2 VPN 1 On the left-side network, there are two VPN sites, both of which are connected to the MPLS backbone through the MCE device.
Page 407
BGP within the VPN, the routes may be learned by other MCE devices, generating route loops. To prevent route loops, configure route tags for different VPN instances on each MCE. HP recommends that you assign the same route tag to the same VPN on all MCEs.
Route exchange between an MCE and a PE Routing information entries are bound to specific VPN instances on an MCE device, and packets of each VPN instance are forwarded between MCE and PE according to interface. As a result, VPN routing information can be transmitted by performing relatively simple configurations between MCE and PE, such as importing the VPN routing entries on MCE devices to the routing table of the routing protocol running between MCE and PEs.
Page 409
Step Command Remarks Configure a description for description text Optional the VPN instance. Associating a VPN instance with an interface In an MPLS L3VPN application, you must associate VPN instances with the interfaces connecting the PEs. In a tunneling application, you must associate VPN instances with the tunnel interfaces connecting the peer MCE devices or CE devices.
Step Command Remarks Enter IPv4 VPN view. ipv4-family Optional. A single vpn-target command can Associate the current VPN vpn-target vpn-target&<1-8> configure up to eight route targets. instance with one or more [ both | export-extcommunity | You can configure up to 64 route route targets.
Configuring routing between MCE and VPN site Configuring static routing between MCE and VPN site An MCE can reach a VPN site through a static route. Static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. An MCE supports binding a static route with a VPN instance, so that the static routes of different VPN instances can be isolated from each other.
Page 412
Step Command Remarks import-route protocol [ process-id ] Redistribute remote site routes [ allow-ibgp ] [ cost cost | By default, no route is redistributed advertised by the PE. route-policy route-policy-name | into RIP. tag tag ] * Configure the default cost Optional.
Page 413
VPN routes. the routes, resulting in routing loops. To avoid such routing loops, you can configure route tags for VPN instances on an MCE. HP recommends configuring the same route tag for the same VPN on the MCEs.
Page 414
Step Command Remarks Configure a network entity network-entity net Not configured by default. title. Optional. import-route { isis [ process-id ] | ospf [ process-id ] | rip By default, IS-IS does not [ process-id ] | bgp [ allow-ibgp ] | redistribute routes of any other Redistribute remote site routes direct | static } [ cost cost |...
Page 415
Step Command Remarks Optional. Configure a filtering policy to filter-policy { acl-number | By default, BGP does not filter the filter the received routes. ip-prefix ip-prefix-name } import received routes. BGP checks routing loops by examining AS numbers. When EBGP is used, the MCE advertises routing information carrying the local AS number to the site and then receives routing updates from the site.
Step Command Remarks import-route protocol [ process-id Redistribute remote site routes By default, no route redistribution | all-processes ] [ med med-value | advertised by the PE. is configured. route-policy route-policy-name ] * filter-policy { acl-number | Optional. Configure a filtering policy to ip-prefix ip-prefix-name } export filter the routes to be By default, BGP does not filter the...
Page 417
Step Command Remarks • ip route-static dest-address { mask | mask-length } { gateway-address | interface-type interface-number [ gateway-address ] | vpn-instance d-vpn-instance-name gateway-address } [ preference preference-value ] [ tag tag-value ] [ description description-text ] Configure a static route for a Use either •...
Page 418
Step Command Remarks Disabled by default. You must disable routing loop Disable routing loop detection for a VPN OSPF process on vpn-instance-capability simple detection. the MCE. Otherwise, the MCE cannot receive OSPF routes from the Optional. Configure the OSPF domain-id domain-id [ secondary ] domain ID.
Page 419
Step Command Remarks filter-policy { acl-number | ip-prefix Optional. Configure a filtering ip-prefix-name | route-policy policy to filter route-policy-name } export [ isis By default, IS-IS does not filter advertised routes. process-id | ospf process-id | rip advertised routes. process-id | bgp | direct | static ] Return to system view.
Step Command Remarks import-route protocol [ process-id | Redistribute the VPN routes By default, no route all-processes ] [ med med-value | of the VPN site. redistribution is configured. route-policy route-policy-name ] * Optional. Configure the egress router peer { group-name | ip-address } of the site as a client of the By default, no route reflector or reflect-client...
Displaying and maintaining MCE Task Command Remarks Display information about the display ip routing-table vpn-instance routing table associated with a vpn-instance-name [ verbose ] [ | { begin | Available in any view VPN instance. exclude | include } regular-expression ] Display information about a display ip vpn-instance [ instance-name specific VPN instance or all VPN...
Page 423
Figure 130 Network diagram Configuration procedure Assume that the system name of the MCE device is MCE, the system names of the edge devices of VPN 1 and VPN 2 are VR1 and VR2, respectively, and the system name of PE 1 is PE1. Configure the VPN instances on the MCE and PE 1: # On the MCE, configure VPN instances vpn1 and vpn2, and specify an RD and route targets for each VPN instance.
Page 424
[MCE-Vlan-interface10] ip address 10.214.10.3 24 # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and specify an IP address for VLAN-interface 20. [MCE-Vlan-interface10] quit [MCE] vlan 20 [MCE-vlan20] port gigabitethernet 1/0/2 [MCE-vlan20] quit [MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ip binding vpn-instance vpn2...
Page 425
# Run RIP in VPN 2. Create RIP process 20 and bind it with VPN instance vpn2 on the MCE, so that the MCE can learn the routes of VPN 2 and add them to the routing table of the VPN instance vpn2.
Page 426
[MCE-Vlan-interface30] ip binding vpn-instance vpn1 [MCE-Vlan-interface30] ip address 30.1.1.1 24 [MCE-Vlan-interface30] quit # On the MCE, create VLAN 40 and VLAN-interface 40, bind the VLAN interface with VPN instance vpn2, and configure an IP address for the VLAN interface. [MCE] vlan 40 [MCE-vlan40] quit [MCE] interface vlan-interface 40 [MCE-Vlan-interface40] ip binding vpn-instance vpn2...
[PE1-ospf-10] quit # On PE 1, display the routing table of VPN1. [PE1] display ip routing-table vpn-instance vpn1 Routing Tables: vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 30.1.1.0/24 Direct 0 30.1.1.2 Vlan30 30.1.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8...
Page 428
Figure 131 Network diagram Configuration procedure Configure VPN instances: # Create VPN instances on the MCE and PE 1, and bind the VPN instances with VLAN interfaces. For the configuration procedure, see "Using OSPF to advertise VPN routes to the PE."...
Page 429
127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 OSPF 10.214.10.2 Vlan10 The output shows that the MCE has learned the private route of VPN 1 through OSPF process 10. # On MCE, bind OSPF process 20 with VPN instance vpn2 to learn the routes of VPN 2. The configuration procedure is similar to that for OSPF process 10.
Page 430
127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 192.168.0.0/24 30.1.1.1 Vlan30 # Perform similar configuration on the MCE and PE 1 for VPN 2. Redistribute the OSPF routes of VPN instance vpn2 into the EBGP routing table. (Details not shown.) The following output shows that PE 1 has learned the private route of VPN 2 through BGP: [PE1] display ip routing-table vpn-instance vpn2 Routing Tables: vpn2 Destinations : 5...
Configuring IPv6 MCE The IPv6 MCE function is available only on the HP 5500 EI switch series. Overview In an IPv6 MPLS L3 VPN, an IPv6 MCE advertises IPv6 routing information between the VPN and the connected PE and forwards IPv6 packets. An IPv6 MCE operates in the same way as an IPv4 MCE. For more information, see "Configuring...
Page 432
Associating a VPN instance with an interface After configuring a VPN instance, you must associate the VPN instance with the interfaces connected to the VPN site or the PE. To associate a VPN instance with an interface: Step Command Remarks Enter system view.
Step Command Remarks Optional. Setting the maximum number of Set the maximum number of routing-table limit number routes for a VPN instance to routes supported. { warn-threshold | simply-alert } support is for preventing too many routes from being redistributed into the PE.
Configuring routing between IPv6 MCE and VPN site Configuring static routing between IPv6 MCE and VPN site An IPv6 MCE can reach a VPN site through an IPv6 static route. IPv6 static routing on a traditional CE is globally effective and thus does not support address overlapping among VPNs. An IPv6 MCE supports binding an IPv6 static route with an IPv6 VPN instance, so that the IPv6 static routes of different IPv6 VPN instances can be isolated from each other.
Page 435
Step Command Remarks Configure the default cost Optional. value for the redistributed default cost value 0 by default. routes. Return to system view. quit interface interface-type Enter interface view. interface-number Enable RIPng on the interface. ripng process-id enable Disabled by default. Configuring OSPFv3 between IPv6 MCE and VPN site An OSPFv3 process belongs to the public network or a single IPv6 VPN instance.
Page 436
By configuring IPv6 IS-IS process-to-IPv6 VPN instance bindings on an IPv6 MCE, you allow routes of different IPv6 VPNs to be exchanged between the IPv6 MCE and the sites through different IPv6 IS-IS processes, ensuring the separation and security of IPv6 VPN routes. For more information about IPv6 IS-IS, see Layer 3—IP Routing Configuration Guide.
Step Command Remarks Specify an IPv6 BGP peer in peer ipv6-address as-number an AS. as-number import-route protocol [ process-id Redistribute remote site routes By default, No route redistribution [ med med-value | route-policy advertised by the PE. is configured. route-policy-name ] * ] filter-policy { acl6-number | Optional.
Page 438
Step Command Remarks Enter system view. system-view • ipv6 route-static ipv6-address prefix-length { interface-type interface-number [ next-hop-address ] | next-hop-address | vpn-instance d-vpn-instance-name nexthop-address } [ preference preference-value ] Configure an IPv6 static User either route for an IPv6 VPN •...
Page 439
Step Command Remarks filter-policy { acl6-number | Optional. ipv6-prefix ipv6-prefix-name } Configure a filtering policy to export [ bgp4+ | direct | isisv6 By default, redistributed routes are filter the redistributed routes. process-id | ospfv3 process-id | not filtered. ripng process-id | static ] Return to system view.
Step Command Remarks Enter BGP view. bgp as-number Enter IPv6 BGP-VPN ipv6-family vpn-instance vpn-instance-name instance view. Configure the PE as the peer ipv6-address as-number as-number EBGP peer. import-route protocol [ process-id [ med Redistribute the VPN By default, No route med-value | route-policy routes.
Task Command Remarks display ipv6 fib vpn-instance Display information about the IPv6 vpn-instance-name [ acl6 acl6-number | Available in any view FIB of a VPN instance. ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] display ipv6 fib vpn-instance Display a VPN instance’s FIB vpn-instance-name ipv6-address...
Page 442
Figure 132 Network diagram VPN 2 Site 1 PE 2 PE 1 GE1/0/1 Vlan-int30: 30::2/64 Vlan-int40: 40::2/64 PE 3 Vlan-int10 VPN 1 GE1/0/3 VPN 1 2001:1::2/64 Site 2 Vlan-int30: 30::1/64 2012:1::/64 GE1/0/1 Vlan-int11 Vlan-int40: 40::1/64 Vlan-int10 GE1/0/2 2012:1::2/64 VR 1 2001:1::1/64 Vlan-int20 2002:1::1/64...
Page 443
[MCE-vlan10] quit # Bind VLAN-interface 10 with VPN instance vpn1, and configure an IPv6 address for the VLAN interface. [MCE] interface vlan-interface 10 [MCE-Vlan-interface10] ip binding vpn-instance vpn1 [MCE-Vlan-interface10] ipv6 address 2001:1::1 64 [MCE-Vlan-interface10] quit # Configure VLAN 20, add port GigabitEthernet 1/0/2 to VLAN 20, bind VLAN-interface 20 with VPN instance vpn2, and assign an IPv6 address to VLAN-interface 20.
Page 444
[MCE] interface vlan-interface 20 [MCE-Vlan-interface20] ripng 20 enable [MCE-Vlan-interface20] quit # On VR 2, assign IPv6 address 2002:1::2/64 to the interface connected to the MCE and 2012::2/64 to the interface connected to VPN 2. (Details not shown.) # Configure RIPng, and advertise subnets 2012::/64 and 2002:1::/64. <VR2>...
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 450
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Configuring routing on an MCE,393 Configuring BFD for IPv6 BGP,343 Configuring static route FRR,10 Configuring BFD for IPv6 IS-IS,31 1 Contacting HP,435 Configuring BFD for IS-IS,159 Controlling route distribution and reception,203 Configuring BFD for OSPF,96 Controlling route distribution and reception,328...
Page 452
Displaying and maintaining RIP,36 IS-IS overview,127 Displaying and maintaining RIPng,266 Displaying and maintaining static routes,1 1 Load sharing,3 Displaying and maintaining the routing policy,367 Displaying information about IPv6 MCE,427 Dynamic routing protocols,2 MCE configuration examples,409 overview,389 Enabling IS-IS SNMP trap,159 Enabling logging of peer state changes,224 OSPF configuration...
Page 453
Tuning and optimizing BGP networks,213 Tuning and optimizing OSPFv3 networks,284 Tuning and optimizing IPv6 BGP networks,334 Tuning and optimizing RIP networks,31 Tuning and optimizing IS-IS networks,148 Tuning and optimizing the RIPng network,263 Tuning and optimizing OSPF networks,84...