Download Print this page

HP MSR Series Configuration Manual

HP MSR Series Configuration Manual

Layer 3 - ip routing

Hide thumbs Also See for MSR Series:

Configuration manual (889 pages)

,

Command reference manual (684 pages)

,

Wan access configuration manual (293 pages)

Table Of Contents

Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual

HP MSR Router Series

Layer 3 - IP Routing

Configuration Guide(V5)

Part number: 5998-6585

Software version: CMW520-R2511

Document version: 6PW105-20140813

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the MSR Series and is the answer not in the manual?

Questions and answers

Summary of Contents for HP MSR Series

Page 1 HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V5) Part number: 5998-6585 Software version: CMW520-R2511 Document version: 6PW105-20140813...
Page 2: Legal And Notice Information
The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...
Page 3: Table Of Contents
Contents Legal and notice information ·········································································································································i IP routing basics ··························································································································································· 1 Routing table ······································································································································································ 1 Dynamic routing protocols ··············································································································································· 2 Route preference ······························································································································································· 2 Load sharing ······································································································································································ 3 Route backup ····································································································································································· 3 Route recursion ·································································································································································· 3 ...
Page 4 Configuring RIP route redistribution ····················································································································· 28 Tuning and optimizing RIP networks ···························································································································· 28 Configuration prerequisites ·································································································································· 28 Configuring RIP timers ··········································································································································· 28 Configuring split horizon and poison reverse ···································································································· 29 Configuring the maximum number of ECMP routes ·························································································· 30 ...
Page 5 Configuring the P2MP network type for an interface ························································································ 67 Configuring the P2P network type for an interface ··························································································· 68 Configuring OSPF route control ··································································································································· 68 Configuration prerequisites ·································································································································· 68 Configuring OSPF route summarization ············································································································· 68 ...
Page 6 Configuring IS-IS ····················································································································································· 113 Overview ······································································································································································· 113 Terminology ························································································································································· 113 IS-IS address format ············································································································································· 113 NET ······································································································································································· 114 IS-IS area ······························································································································································ 115 IS-IS network types ·············································································································································· 117 IS-IS PDUs ····························································································································································· 118 Supported IS-IS features ······································································································································ 124 ...
Page 7 IS-IS GR configuration example ························································································································· 158 IS-IS authentication configuration example······································································································· 160 Configuring BFD for IS-IS ···································································································································· 162 Configuring BGP ····················································································································································· 167 Overview ······································································································································································· 167 BGP speaker and BGP peer ······························································································································· 167 BGP message types ············································································································································· 167 ...
Page 8 Configuring a BGP confederation ····················································································································· 210 Configuring BGP GR ··················································································································································· 211 Enabling trap ································································································································································ 212 Enabling logging of session state changes ··············································································································· 212 Configuring BFD for BGP ············································································································································ 213 Displaying and maintaining BGP ······························································································································· 213 ...
Page 9 Configuring actions for a node ·························································································································· 263 Configuring PBR ··························································································································································· 264 Configuring local PBR ········································································································································· 264 Configuring interface PBR ·································································································································· 264 Displaying and maintaining PBR ································································································································ 264 PBR configuration examples ········································································································································ 265 Configuring local PBR based on packet type ··································································································· 265 ...
Page 10 Enabling OSPFv3 ························································································································································· 297 Configuration prerequisites ································································································································ 297 Enabling OSPFv3 ················································································································································ 297 Configuring OSPFv3 area parameters ······················································································································ 297 Configuration prerequisites ································································································································ 298 Configuring an OSPFv3 stub area ···················································································································· 298 Configuring an OSPFv3 virtual link ··················································································································· 298 ...
Page 11 Configuring IPv6 BGP ············································································································································· 343 IPv6 BGP overview ······················································································································································· 343 IPv6 BGP configuration task list ·································································································································· 343 Configuring IPv6 BGP basic functions ······················································································································· 344 Configuration prerequisites ································································································································ 344 Specifying an IPv6 BGP peer ····························································································································· 344 ...
Page 12 Configuring IPv6 interface PBR based on packet type ···················································································· 389 Configuring IPv6 interface PBR based on packet length ················································································· 391 Support and other resources ·································································································································· 395 Contacting HP ······························································································································································ 395 Subscription service ············································································································································ 395 Related information ······················································································································································ 395 ...
Page 13: Ip Routing Basics
IP routing basics IP routing directs the forwarding of IP packets on routers based on a routing table. This book focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A router maintains at least two routing tables: one global routing table and one forwarding information base (FIB).
Page 14: Dynamic Routing Protocols
Mask—Mask length of the IP address. • • Pre—Preference of the route. Among routes to the same destination, the one with the highest preference is optimal. Cost—When multiple routes to a destination have the same preference, the one with the smallest •...
Page 15: Load Sharing
Table 3 Route types and their default route preferences Routing type Preference Direct route OSPF IS-IS Static route OSPF ASE OSPF NSSA IBGP EBGP Unknown (route from an untrusted source) Load sharing A routing protocol might find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing.
Page 16: Displaying And Maintaining A Routing Table
Displaying and maintaining a routing table Task Command Remarks display ip routing-table [ vpn-instance Display the routing table. vpn-instance-name ] [ verbose ] [ | { begin Available in any view. | exclude | include } regular-expression ] display ip routing-table [ vpn-instance Display routes matching an IPv4 vpn-instance-name ] acl acl-number Available in any view.
Page 17 Task Command Remarks display ipv6 routing-table [ vpn-instance Display IPv6 routes with vpn-instance-name ] ipv6-address1 destination addresses in an IPv6 prefix-length1 ipv6-address2 Available in any view. address range. prefix-length2 [ verbose ] [ | { begin | exclude | include } regular-expression ] display ipv6 routing-table [ vpn-instance Display routing information vpn-instance-name ] ipv6-prefix...
Page 18: Configuring Static Routing
Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.
Page 19: Configuring Bfd For Static Routes
Step Command Remarks Optional. Delete all static To delete one static routes, including delete [ vpn-instance vpn-instance-name ] static-routes all route, use the undo ip the default route. route-static command. Configuring BFD for static routes Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium-, and protocol-independent fast failure detection mechanism.
Page 20: Bfd Echo Packet Mode
Step Command Remarks • Method 1: ip route-static dest-address { mask | mask-length } next-hop-address bfd control-packet bfd-source ip-address [ preference preference-value ] [ tag tag-value ] [ description Configure a static description-text ] route and enable Use either • Method 2: BFD control packet method.
Page 21: Configuring Static Route Frr
Configuring static route FRR NOTE: Support for this feature depends on the device model. A link or router failure on a path can cause packet loss and even routing loop. Static route fast reroute (FRR) enables fast rerouting to minimize the impact of link or node failures. Figure 1 Network diagram for static route FRR As shown in Figure...
Page 22: Displaying And Maintaining Static Routes
Displaying and maintaining static routes Task Command Remarks display ip routing-table protocol static [ inactive | Display information of static Available in any verbose ] [ | { begin | exclude | include } routes. view. regular-expression ] Static route configuration examples Basic static route configuration example Network requirements Configure static routes in...
Page 23 Verify the configuration: # Display the IP routing table of Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 Eth1/2 1.1.2.0/24 Direct 0 1.1.2.3 Eth1/1 1.1.2.3/32 Direct 0 127.0.0.1...
Page 24: Bfd For Static Routes Configuration Example (Direct Next Hop)
C:\Documents and Settings\Administrator>tracert 1.1.2.2 Tracing route to 1.1.2.2 over a maximum of 30 hops <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete. BFD for static routes configuration example (direct next hop) Network requirements Figure 3, configure a static route to subnet 120.1.1.0/24 on Router A, configure a static route to subnet...
Page 25 [RouterA] ip route-static 120.1.1.0 24 ethernet 1/2 10.1.1.100 preference 65 [RouterA] quit # Configure static routes on Router B and enable BFD control packet mode for the static route through the Layer 2 switch. <RouterB> system-view [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bfd min-transmit-interval 500 [RouterB-Ethernet1/1] bfd min-receive-interval 500 [RouterB-Ethernet1/1] bfd detect-multiplier 9...
Page 26: Bfd For Static Routes Configuration Example (Indirect Next Hop)
<RouterA> debugging bfd event <RouterA> debugging bfd scm <RouterA> terminal debugging %Jul 27 10:18:18:672 2007 RouterA BFD/4/LOG:Sess[12.1.1.1/12.1.1.2, Ethernet1/1,Ctrl], Sta: UP->DOWN, Diag: 1 *Jul 27 10:18:18:672 2007 RouterA BFD/7/EVENT:Send sess-down Msg, [Src:12.1.1.1,Dst:12.1.1.2,Ethernet1/1,Ctrl], instance:0, protocol:STATIC *Jul 27 10:18:19:172 2007 RouterA BFD/7/EVENT:Receive Delete-sess, [Src:12.1.1.1,Dst:12.1.1.2,Ethernet1/1,Ctrl], Direct, Instance:0x0, Proto:STATIC *Jul 27 10:18:19:172 2007 RouterA BFD/7/EVENT:Notify driver to stop receiving bf # Display the static route information again.
Page 27 Figure 4 Network diagram 121.1.1.0/24 120.1.1.0/24 Loop1 Loop1 1.1.1.9/32 2.2.2.9/32 Router D Eth1/1 Eth1/1 Eth1/1 Eth1/2 Router A Router B Eth1/1 Eth1/2 Router C Device Interface IP address Device Interface IP address Router A Eth1/1 12.1.1.1/24 Router B Eth1/1 11.1.1.2/24 Eth1/2 10.1.1.102/24 Eth1/2...
Page 28 [RouterC] ip route-static 121.1.1.0 24 ethernet 1/1 10.1.1.102 # Configure static routes on Router D. <RouterD> system-view [RouterD] ip route-static 120.1.1.0 24 ethernet 1/2 11.1.1.2 [RouterD] ip route-static 121.1.1.0 24 ethernet 1/1 12.1.1.1 Verify the configuration: The following operations are performed on Router A. The operations on Router B are similar. # Display the BFD session information.
Page 29 Static Routing table Status : <Active> Summary Count : 1 Destination/Mask Proto Cost NextHop Interface 120.1.1.0/24 Static 65 10.1.1.100 Eth1/2 Static Routing table Status : <Inactive> Summary Count : 1 Destination/Mask Proto Cost NextHop Interface 120.1.1.0/24 Static 60 2.2.2.9...
Page 30: Configuring A Default Route
Configuring a default route A default route is used to forward packets that match no entry in the routing table. Without a default route, a packet that does not match any routing entries is discarded. A default route can be configured in either of the following ways: •...
Page 31: Configuring Rip
Configuring RIP Routing Information Protocol (RIP) is a distance-vector simple interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0.
Page 32: Rip Operation
Split horizon—Disables RIP from sending routing information on the interface from which the • information was learned to prevent routing loops and save bandwidth. Poison reverse—Enables RIP to set the metric of routes received from a neighbor to 16 and sends •...
Page 33: Supported Rip Features
Because the periodic update delivery is canceled, an acknowledgement and retransmission • mechanism is required to guarantee successful updates transmission on WANs. Message types RIP uses the following new types of message which are identified by the value of the command field: Update request (Type-9)—Requests the needed routes from the neighbor.
Page 34: Rip Configuration Task List
RIP configuration task list Task Remarks Configuring basic RIP Required. Configuring an additional routing metric Optional. Configuring RIPv2 route summarization Optional. Disabling host route reception Optional. Configuring RIP route Advertising a default route Optional. control Configuring received/redistributed route filtering Optional. Configuring a preference for RIP Optional.
Page 35: Configuring The Interface Behavior
If you configure RIP settings in interface view before enabling RIP, the settings do not take effect until RIP is enabled. If a physical interface is attached to multiple networks, you cannot advertise these networks in different RIP processes. To enable RIP: Step Command Remarks...
Page 36: Configuring Rip Route Control
With RIPv2 configured, a broadcast interface sends RIPv2 broadcasts and can receive RIPv1 unicasts, and broadcasts, and RIPv2 broadcasts, multicasts, and unicasts. To configure a RIP version: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view.
Page 37: Configuring Ripv2 Route Summarization
To configure additional routing metrics: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Specify an inbound rip metricin [ route-policy additional routing metric. route-policy-name ] value The default setting is 0. Optional. Specify an outbound rip metricout [ route-policy additional routing metric.
Page 38: Disabling Host Route Reception
Step Command Remarks rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Disable RIPv2 automatic route By default, RIPv2 automatic route undo summary summarization. summarization is enabled. Return to system view. quit interface interface-type Enter interface view. interface-number rip summary-address ip-address Configure a summary route.
Page 39: Configuring Received/Redistributed Route Filtering
Step Command Remarks Optional. rip default-route { { only | By default, a RIP interface can Configure the RIP interface to originate } [ cost cost ] | advertise a default route if the RIP advertise a default route. no-originate } process is configured with default route advertisement.
Page 40: Configuring Rip Route Redistribution
Step Command Remarks Optional. Configure a preference for preference [ route-policy RIP. route-policy-name ] value The default setting is 100. Configuring RIP route redistribution Perform this task to configure RIP to redistribute routes from other routing protocols, including OSPF, IS-IS, BGP, static, and direct routes.
Page 41: Configuring Split Horizon And Poison Reverse
Step Command Remarks Optional. By default: • The update timer is 30 seconds. timers { garbage-collect garbage-collect-value | suppress • The timeout timer is 180 Configure RIP timers. suppress-value | timeout seconds. timeout-value | update • The suppress timer is 120 update-value } * seconds.
Page 42: Configuring The Maximum Number Of Ecmp Routes
Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Optional.
Page 43: Configuring Ripv2 Message Authentication
Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Enable source IP address Optional. check on incoming RIP validate-source-address By default, this function is enabled. messages. Configuring RIPv2 message authentication Perform this task to enable authentication on RIPv2 messages. This feature does not apply to RIPv1 because RIPv1 does not support authentication.
Page 44: Configuring Trip
Configuring TRIP In a connection oriented network, a router can establish connections to multiple remote devices. In a WAN, links are created and removed as needed. In such applications, a link created between two nodes for data transmission is temporary and infrequently. TRIP should be enabled when it is necessary to exchange routing information through on-demand links or triggered RIP.
Page 45: Configuring The Rip Packet Sending Rate
Step Command Remarks Enter system view. system-view Optional. Bind RIP to MIB. rip mib-binding process-id By default, MIB is bound to RIP process 1. Configuring the RIP packet sending rate Perform this task to specify the interval for sending RIP packets and the maximum number of RIP packets that can be sent at each interval.
Page 46: Enabling Single-Hop Detection In Bfd Echo Packet (For A Specific Destination)
Step Command Remarks interface interface-type Enter interface view. interface-number By default, BFD for RIP is disabled. This command and the rip bfd enable destination command are Enable BFD for RIP. rip bfd enable mutually exclusive and cannot be configured on a device at the same time.
Page 47: Displaying And Maintaining Rip
Step Command Remarks interface interface-type Enter interface view. interface-number Enable BFD on the RIP rip bfd enable Disabled by default. interface. NOTE: Because the undo peer command does not remove the neighbor relationship at once, executing the command cannot bring down the BFD session at once. Displaying and maintaining RIP Task Command...
Page 48 Figure 5 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP: # Configure Router A. <RouterA> system-view [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] network 3.0.0.0 [RouterA-rip-1] quit # Configure Router B. <RouterB>...
Page 49: Configuring Rip Route Redistribution
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------------------- Peer 1.1.1.2 on Ethernet1/1 Destination/Mask Nexthop Cost Flags 10.0.0.0/8 1.1.1.2 10.1.1.0/24 1.1.1.2 10.2.1.0/24 1.1.1.2 The output shows that RIPv2 uses classless subnet mask. NOTE: After RIPv2 is configured, RIPv1 routes might still exist in the routing table until they are aged out. Configuring RIP route redistribution Network requirements As shown in...
Page 50 [RouterB-rip-100] undo summary [RouterB-rip-100] quit [RouterB] rip 200 [RouterB-rip-200] network 12.0.0.0 [RouterB-rip-200] version 2 [RouterB-rip-200] undo summary [RouterB-rip-200] quit # Enable RIP 200 and configure RIPv2 on Router C. <RouterC> system-view [RouterC] rip 200 [RouterC-rip-200] network 12.0.0.0 [RouterC-rip-200] network 16.0.0.0 [RouterC-rip-200] version 2 [RouterC-rip-200] undo summary [RouterC-rip-200] quit...
Page 51: Configuring An Additional Metric For A Rip Interface
# On Router B, define ACL 2000 and reference it to a filtering policy to filter routes redistributed from RIP 100, making the route not advertised to Router C. [RouterB] acl number 2000 [RouterB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [RouterB-acl-basic-2000] rule permit [RouterB-acl-basic-2000] quit [RouterB] rip 200 [RouterB-rip-200] filter-policy 2000 export rip 100...
Page 52 [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] version 2 [RouterA-rip-1] undo summary [RouterA-rip-1] quit # Configure Router B. <RouterB> system-view [RouterB] rip [RouterB-rip-1] network 1.0.0.0 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary # Configure Router C. <RouterC> system-view [RouterB] rip [RouterC-rip-1] network 1.0.0.0 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary # Configure Router D.
Page 53: Configuring Rip To Advertise A Summary Route
1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 The output shows that only one RIP route reaches network 1.1.5.0/24, with the next hop as Router B (1.1.1.2) and a cost of 2. Configuring RIP to advertise a summary route Network requirements As shown in...
Page 54 <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit Configure basic RIP: # Configure Router C. [RouterC] rip 1 [RouterC-rip-1] network 11.3.1.0 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary # Configure Router D. <RouterD>...
Page 55: Configuring Bfd For Rip (Single-Hop Echo Detection For A Directly Connected Rip Neighbor)
Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/8 11.3.1.1 Eth1/1 11.3.1.0/24 Direct 0 11.3.1.2 Eth1/1 11.3.1.2/32 Direct 0 127.0.0.1 InLoop0 11.4.1.0/24 Direct 0 11.4.1.2 Eth1/2 11.4.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0...
Page 56 [RouterA-rip-1] network 192.168.1.0 [RouterA-rip-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] rip bfd enable [RouterA-Ethernet1/1] quit [RouterA] rip 2 [RouterA-rip-2] network 192.168.2.0 [RouterA-rip-2] quit # Configure Router B. <RouterB> system-view [RouterB] rip 1 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C.
Page 57 Protocol: RIP Process ID: 1 Preference: 100 Cost: 1 IpPrecedence: QosLcId: NextHop: 192.168.1.2 Interface: Ethernet1/1 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.1.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h00m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2...
Page 58: Configuring Bfd For Rip (Single-Hop Echo Detection For A Specified Destination)
IpPrecedence: QosLcId: NextHop: 192.168.2.2 Interface: Ethernet1/2 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h18m40s Tag: 0 Configuring BFD for RIP (single-hop echo detection for a specified destination) Network requirements As shown in...
Page 59 [RouterA-rip-1] network 192.168.2.0 [RouterA-rip-1] import-route static [RouterA-rip-1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] rip bfd enable destination 192.168.2.2 [RouterA-Ethernet1/2] quit # Configure Router B. <RouterB> system-view [RouterB] rip 1 [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C. <RouterC>...
Page 60 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h02m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1 Preference: 100 Cost: 4 IpPrecedence: QosLcId: NextHop: 192.168.3.2 Interface: Ethernet1/2 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0...
Page 61: Configuring Bfd For Rip (Bidirectional Control Detection)
Tag: 0 Configuring BFD for RIP (bidirectional control detection) Network requirements As shown in Figure 1 1, Ethernet 1/2 of Router A and Ethernet 1/1 of Router C run RIP process 1. Ethernet 1/1 on Router A runs RIP process 2. Ethernet 1/2 on Router C, and Ethernet 1/1 and Ethernet 1/2 on Router D run RIP process 1.
Page 62 [RouterA-rip-1] network 101.1.1.0 [RouterA-rip-1] peer 192.168.2.2 [RouterA-rip-1] undo validate-source-address [RouterA-rip-1] import-route static [RouterA-rip-1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] rip bfd enable [RouterA-Ethernet1/2] quit [RouterA] rip 2 [RouterA-rip-2] version 2 [RouterA-rip-2] undo summary [RouterA-rip-2] network 192.168.3.0 [RouterA-rip-2] quit # Configure Router C. <RouterC>...
Page 63 # Configure Router B. <RouterB> system-view [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ip address 192.168.1.2 24 [RouterB-Ethernet1/2] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 192.168.2.1 24 # Configure Router C. [RouterC] bfd session init-mode active [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ip address 192.168.2.2 24 [RouterC-Ethernet1/1] bfd min-transmit-interval 500 [RouterC-Ethernet1/1] bfd min-receive-interval 500 [RouterC-Ethernet1/1] bfd detect-multiplier 6...
Page 64 NextHop: 192.168.2.2 Interface: Ethernet1/2 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 192.168.1.2 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv GotQ Age: 00h04m02s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.3.2...
Page 65: Troubleshooting Rip
RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h10m35s Tag: 0 Troubleshooting RIP No RIP updates received Symptom No RIP updates are received when the links work correctly. Analysis After enabling RIP, use the network command to enable corresponding interfaces.
Page 66: Configuring Ospf
Configuring OSPF This chapter describes how to configure OSPF. Overview Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. Unless otherwise stated, OSPF refers to OSPFv2 throughout this document.
Page 67: Lsa Types
LSA types OSPF advertises routing information in Link State Advertisements (LSAs). The following describes some commonly used LSAs: Router LSA—Type- 1 LSA, originated by all routers and flooded throughout a single area only. This • LSA describes the collected states of the router's interfaces to an area. •...
Page 68 Figure 12 Area based OSPF network partition Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF requires the following: All non-backbone areas must maintain connectivity to the backbone area.
Page 69 Figure 14 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. You can configure interface parameters, such as hello interval, on the virtual link as they are configured on a physical interface. The two ABRs on the virtual link unicast OSPF packets to each other, and the OSPF routers in between convey these OSPF packets as normal IP packets.
Page 70: Router Types
Router types OSPF classifies routers into the following types based on their positions in the AS: Internal router—All interfaces on an internal router belong to one OSPF area. • Area Border Router (ABR)—Belongs to more than two areas, one of which must be the backbone •...
Page 71: Route Calculation
A Type-2 external route has low credibility. OSPF considers the cost from the ASBR to the destination of a Type-2 external route is much greater than the cost from the ASBR to an OSPF internal router. The cost from the internal router to the destination of the Type-2 external route = the cost from the ASBR to the destination of the Type-2 external route.
Page 72: Protocols And Standards
DR—Elected to advertise routing information among other routers. If the DR fails, routers on the • network must elect another DR and synchronize information with the new DR. Using this mechanism alone is time-consuming and prone to route calculation errors. •...
Page 73: Ospf Configuration Task List
RFC 3630, Traffic Engineering Extensions to OSPF Version 2 • • RFC 481 1, OSPF Out-of-Band LSDB Resynchronization RFC 4812, OSPF Restart Signaling • RFC 4813, OSPF Link-Local Signaling • OSPF configuration task list To run OSPF in a routing domain, you must first enable OSPF on the routers. Make a proper configuration plan to avoid wrong settings that can result in route blocking and routing loops.
Page 74: Enabling Ospf
You can specify a router ID when you create an OSPF process. Any two routers in an AS must have different router IDs. A typical practice is to specify the IP address of an interface as the router ID. If you specify no router ID when creating the OSPF process, the global router ID is used. HP •...
Page 75: Configuration Procedure
Configuration procedure To enable OSPF: Step Command Remarks Enter system view. system-view Optional. Not configured by default. If no global router ID is configured, the Configure a global router highest loopback interface IP address, if router id router-id any, is used as the router ID. If no loopback interface IP address is available, the highest physical interface IP address is used, regardless of the interface status.
Page 76: Configuring An Nssa Area
flooded within the stub area. The ABR generates a default route into the stub area so all packets destined outside of the AS are sent through the default route. To further reduce the routing table size and routing information exchanged in the stub area, you can configure it as a totally stub area by using the stub no-summary command on the ABR.
Page 77: Configuring A Virtual Link
Step Command Remarks Enter area view. area area-id nssa [ default-route-advertise | no-import-route | no-summary | Configure the area as an translate-always | Not configured by default. NSSA area. translator-stability-interval value ] Optional. The default cost is 1. Specify a cost for the default The default-cost command takes route advertised to the default-cost cost...
Page 78: Configuration Prerequisites
NBMA—When the link layer protocol is Frame Relay, ATM, or X.25, OSPF considers the network • type as NBMA by default. P2P—When the link layer protocol is PPP, LAPB, or HDLC, OSPF considers the network type as P2P • by default. Follow these guidelines when you change the network type of an interface: When an NBMA network becomes fully meshed (any two routers in the network have a direct •...
Page 79: Configuring The P2Mp Network Type For An Interface
The router priority configured with the ospf dr-priority command is for actual DR election. The priority configured with the peer command indicates whether a neighbor has the election right or not. If you configure the router priority for a neighbor as 0, the local router will assume the neighbor has no election right, and thus send no hello packets to this neighbor.
Page 80: Configuring The P2P Network Type For An Interface
Step Command Remarks Optional. By default, no neighbor is specified. Specify a neighbor and its peer ip-address [ cost value | This step must be performed if the router priority. dr-priority dr-priority ] network type is P2MP unicast, and is optional if the network type is P2MP.
Page 81: Configuring Ospf Inbound Route Filtering
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id Enter OSPF view. | vpn-instance vpn-instance-name ] * Enter OSPF area view. area area-id Not configured by default. abr-summary ip-address { mask | Configure ABR route mask-length } [ advertise | The command is available on an summarization.
Page 82: Configuring Abr Type-3 Lsa Filtering
Step Command Remarks ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * filter-policy { acl-number [ gateway ip-prefix-name ] | gateway ip-prefix-name | Configure inbound ip-prefix ip-prefix-name [ gateway Not configured by default. route filtering. ip-prefix-name ] | route-policy route-policy-name } import Configuring ABR Type-3 LSA filtering...
Page 83: Configuring The Maximum Number Of Ecmp Routes
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Configure a bandwidth bandwidth-reference value The value defaults to 100 reference value. Mbps. Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes.
Page 84 Configuring OSPF to redistribute routes from other routing protocols On a router running OSPF and other routing protocols, you can configure OSPF to redistribute routes from other protocols such as RIP, IS-IS, BGP, static routes, and direct routes, and advertise them in Type-5 LSAs or Type-7 LSAs.
Page 85: Advertising A Host Route
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. The default cost is 1, the Configure the default default maximum number parameters for default { cost cost | limit limit | tag tag | type of routes redistributed per redistributed routes (cost, type } *...
Page 86: Specifying Lsa Transmission Delay
Poll timer—Interval for sending hello packets to a neighbor that is down on the NBMA network. The • poll interval is at least four times the hello interval. Dead timer—Interval within which if the interface receives no hello packet from the neighbor, it •...
Page 87: Specifying Spf Calculation Interval
Step Command Remarks Optional. Specify the LSA transmission ospf trans-delay seconds delay. The default setting is 1 second. Specifying SPF calculation interval LSDB changes result in SPF calculations. When the topology changes frequently, a large amount of network and router resources are occupied by SPF calculation. You can adjust the SPF calculation interval to reduce the impact.
Page 88: Specifying The Lsa Generation Interval
Specifying the LSA generation interval You can adjust the LSA generation interval to protect network resources and routers from being over consumed by frequent network changes. When network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, the LSA generation interval is incremented by incremental-interval ×...
Page 89: Configuring Ospf Authentication
a link to a transit network, or a virtual link. On such links, a maximum cost value of 65,535 is used. Neighbors do not send packets to the stub router as long as they have a route with a smaller cost. To configure a router as a stub router: Step Command...
Page 90: Adding The Interface Mtu Into Dd Packets
Configuring OSPF interface authentication Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number • Configure simple authentication: ospf authentication-mode simple [ cipher Use either method. | plain ] password Configure OSPF interface By default, no authentication mode. •...
Page 91: Logging Neighbor State Changes
To avoid routing loops, configure all the routers in a routing domain to be either compatible or incompatible with RFC 1583. To make them compatible: Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional.
Page 92: Enabling Message Logging
Step Command Remarks snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | Optional. Enable OSPF trap lsdbapproachoverflow | lsdboverflow | generation. maxagelsa | nbrstatechange | originatelsa Enabled by default. | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * Enabling message logging...
Page 93: Configuring The Lsu Transmit Rate
Step Command Remarks Configure OSPF to give priority ospf packet-process to receiving and processing Not configured by default. prioritized-treatment hello packets. Configuring the LSU transmit rate Sending large numbers of LSU packets affects router performance and consumes too much network bandwidth.
Page 94: Configuring The Ospf Gr Helper
IETF standard GR—Uses Opaque LSAs to implement GR. • • Non IETF standard GR—Uses link local signaling (LLS) to advertise GR capability and uses out of band synchronization to synchronize the LSDB. Configuring the OSPF GR helper You can configure the IETF standard or non IETF standard OSPF GR helper. Configuring the IETF standard OSPF GR helper Step Command...
Page 95: Configuring Bfd For Ospf
Configuring BFD for OSPF Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide. OSPF supports the following BFD detection methods: Control packet bidirectional detection, which requires BFD configuration to be made on both OSPF •...
Page 96 Task Command Remarks display ospf [ process-id ] lsdb [ brief | [ { ase | router | network | summary | asbr | nssa | Display Link State Database opaque-link | opaque-area | opaque-as } Available in any information. [ link-state-id ] ] [ originate-router view.
Page 97: Ospf Configuration Examples
OSPF configuration examples These configuration examples only cover OSPF configuration related commands. Configuring OSPF basic functions Network requirements • Enable OSPF on all routers, and split the AS into three areas. Configure Router A and Router B as ABRs. • Figure 18 Network diagram Configuration procedure Configure IP addresses for interfaces.
Page 98 <RouterC> system-view [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] quit # Configure Router D. <RouterD> system-view [RouterD] ospf [RouterD-ospf-1] area 2 [RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] quit [RouterD-ospf-1] quit Verify the configuration: # Display the OSPF neighbors of Router A.
Page 99 10.2.1.0/24 Transit 10.2.1.1 10.2.1.1 0.0.0.1 10.3.1.0/24 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.4.1.0/24 Stub 10.2.1.2 10.4.1.1 0.0.0.1 10.5.1.0/24 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.1.1.0/24 Transit 10.1.1.1 10.2.1.1 0.0.0.0 Total Nets: 5 Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0 # Display the Link State Database on Router A. [RouterA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database...
Page 100: Configuring Ospf Route Redistribution
# Ping 10.4.1.1 to check connectivity. [RouterD] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=2 ms Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms --- 10.4.1.1 ping statistics ---...
Page 101: Configuring Ospf To Advertise A Summary Route
<RouterD> display ospf abr-asbr OSPF Process 1 with Router ID 10.5.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.3.1.1 0.0.0.2 10.3.1.1 Inter 10.4.1.1 0.0.0.2 10.3.1.1 ASBR # Display the OSPF routing table of Router D. <RouterD>...
Page 102 Figure 20 Network diagram Eth1/2 Eth1/2 10.4.1.1/24 10.3.1.1/24 Eth1/1 Eth1/1 10.1.1.1/24 10.2.1.2/24 Router E Router D Eth1/1 Eth1/3 10.1.1.2/24 10.2.1.1/24 Router C Eth1/2 AS 100 11.1.1.2/24 EBGP Eth1/2 11.1.1.1/24 Router B Eth1/1 11.2.1.1/24 Eth1/1 11.2.1.2/24 AS 200 Router A Configuration procedure Configure IP addresses for interfaces.
Page 103 [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit # Configure Router E. <RouterE> system-view [RouterE] ospf [RouterE-ospf-1] area 0 [RouterE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [RouterE-ospf-1-area-0.0.0.0] quit [RouterE-ospf-1] quit Configure BGP to redistribute OSPF routes and direct routes: # Configure Router B.
Page 104: Configuring An Ospf Stub Area
Configure summary route 10.0.0.0/8 on Router B and advertise it: [RouterB-ospf-1] asbr-summary 10.0.0.0 8 # Display the routing table of Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/8 O_ASE 11.2.1.1...
Page 105 # Display ABR/ASBR information on Router C. <RouterC> display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.2.1.1 0.0.0.1 10.2.1.1 Inter 10.3.1.1 0.0.0.1 10.2.1.1 Inter 10.5.1.1 0.0.0.1 10.2.1.1 ASBR...
Page 106: Configuring An Ospf Nssa Area
[RouterC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.2.1.1 0.0.0.1 10.3.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 10.5.1.0/24...
Page 107 Figure 22 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configuring OSPF basic functions (see "Configuring OSPF basic functions"). Configure Area 1 as an NSSA area: # Configure Router A. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] nssa [RouterA-ospf-1-area-0.0.0.1] quit # Configure Router C.
Page 108: Configuring Ospf Dr Election
10.3.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 10.5.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.1.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 Total Nets: 5 Intra Area: 2 Inter Area: 3 ASE: 0 NSSA: 0 Configure a static route and configure OSPF to redistribute the static route on Router C: [RouterC] ip route-static 3.1.2.1 24 10.4.1.2 [RouterC] ospf [RouterC-ospf-1] import-route static...
Page 109 Figure 23 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Router A. <RouterA> system-view [RouterA] router id 1.1.1.1 [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B.
Page 110 [RouterD-ospf-1] return # Display neighbor information on Router A. [RouterA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Ethernet1/1)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...
Page 111 Area 0.0.0.0 interface 192.168.1.4(Ethernet1/1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Dead timer due in 31 Neighbor is up for 00:11:17 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal...
Page 112: Configuring Ospf Virtual Links
Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal State: Full Mode: Nbr is Slave Priority: 2 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:41 Authentication Sequence: [ 0 ] The output shows that Router A becomes the DR and Router C becomes the BDR. The full neighbor state means an adjacency has been established.
Page 113 Configure OSPF basic functions: # Configure Router A. <RouterA> system-view [RouterA] ospf 1 router-id 1.1.1.1 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit # Configure Router B. <RouterB> system-view [RouterB] ospf 1 router-id 2.2.2.2 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] area 1 [RouterB–ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255...
Page 114: Configuring Ospf Graceful Restart
# Configure Router B. [RouterB] ospf [RouterB-ospf-1] area 1 [RouterB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3 [RouterB-ospf-1-area-0.0.0.1] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2 [RouterC-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Router B. [RouterB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network...
Page 115 Figure 25 Network diagram Configuration procedure Configure IP address for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Router A <RouterA> system-view [RouterA] router id 1.1.1.1 [RouterA] ospf 100 [RouterA-ospf-100] area 0 [RouterA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterA-ospf-100-area-0.0.0.0] quit # Configure Router B <RouterB>...
Page 116 # Configure Router B as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [RouterB-ospf-100] enable link-local-signaling [RouterB-ospf-100] enable out-of-band-resynchronization # Configure Router C as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100.
Page 117: Configuring Route Filtering
Configuring route filtering Network requirements • Figure 26, all the routers in the network run OSPF. The AS is divided into three areas. Router A works as the ABR between Area 0 and Area 1. Router B works as the ABR between Area •...
Page 118 3.1.2.0/24 O_ASE 10.2.1.2 Eth1/2 3.1.3.0/24 O_ASE 10.2.1.2 Eth1/2 10.1.1.0/24 Direct 0 10.1.1.1 Eth1/1 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Eth1/2 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Eth1/1 10.4.1.0/24 OSPF 10.2.1.2 Eth1/2 10.5.1.0/24 OSPF 10.1.1.2 Eth1/1 127.0.0.0/8 Direct 0 127.0.0.1...
Page 119: Configuring Bfd For Ospf
[RouterA-ospf-1] filter-policy 2000 import [RouterA-ospf-1] quit # Display the OSPF routing table of Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 3.1.1.0/24 O_ASE 10.2.1.2 Eth1/2 3.1.2.0/24 O_ASE 10.2.1.2 Eth1/2 10.1.1.0/24 Direct 0...
Page 120 Router C Eth 1/1 10.1.1.100/24 Eth 1/2 13.1.1.2/24 Configuration procedure Configure IP addresses for the interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Router A. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit...
Page 121 [RouterB] bfd session init-mode active [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospf bfd enable [RouterB-Ethernet1/1] bfd min-transmit-interval 500 [RouterB-Ethernet1/1] bfd min-receive-interval 500 [RouterB-Ethernet1/1] bfd detect-multiplier 6 Verify the configuration: The following operations are performed on Router A. The operations on Router B and Router C are similar.
Page 122 # After the link over which Router A and Router B communicates through the Layer 2 switch fails, Router A quickly detects the change on Router B. %Nov 12 18:34:48:823 2005 RouterA BFD/5/LOG: Sess[192.168.0.102/192.168.0.100, Eth1/1], Sta : UP->DOWN, Diag: 1 %Nov 12 18:34:48:824 2005 RouterA RM/4/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbour 192.168.0.102 (Ethernet1/1) from Full to Down *0.50673825 RouterA BFD/8/SCM:Sess[192.168.0.102/192.168.0.100,Eth1/1],Oper: Reset...
Page 123: Troubleshooting Ospf Configuration
Tag: 0 Destination: 120.1.1.0/24 Protocol: OSPF Process ID: 0 Preference: 0 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.0.100 Interface: Ethernet1/1 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Invalid Adv Age: 00h58m05s Tag: 0 Troubleshooting OSPF configuration...
Page 124 Solution Use the display ospf peer command to verify neighbor information. Use the display ospf interface command to verify OSPF interface information. Use the display ospf lsdb command to verify the LSDB. Use the display current-configuration configuration ospf command to verify area configuration. If more than two areas are configured, at least one area is connected to the backbone.
Page 125: Configuring Is-Is
Configuring IS-IS This chapter describes how to configure IS-IS for an IPv4 network. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1 195 by the IETF for application in both TCP/IP and OSI reference models, and the new one is called "Integrated IS-IS"...
Page 126: Net
The IDP and DSP are variable in length. The length of an NSAP address varies from 8 bytes to 20 bytes. Figure 28 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain.
Page 127: Is-Is Area
System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of • 6-byte. SEL—Has a value of 0 and a fixed length of 1-byte. • For example, for a NET is ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is 1234.5678.9abc, and the SEL is 00.
Page 128 Figure 29 IS-IS topology 1 Figure 30 shows another IS-IS topology. The Level- 1 -2 routers connect to the Level- 1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology.
Page 129: Is-Is Network Types
router does not advertise the routing information of other Level- 1 areas and the Level-2 area to a Level- 1 area, so a Level- 1 router sends packets destined for other areas to the nearest Level- 1 -2 router. The path passing through the Level- 1 -2 router might not be the best.
Page 130: Is-Is Pdus
A pseudonode represents a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID of the DIS and a 1-byte Circuit ID (a non-zero value). Using pseudonodes can reduce the resources consumed by SPF and simplify network topology. NOTE: On an IS-IS broadcast networks, all routers establish adjacency relationships, but they synchronize their LSDBs through the DIS.
Page 131 Table 4 PDU types Type PDU Type Acronym Level-1 LAN IS-IS hello PDU L1 LAN IIH Level-2 LAN IS-IS hello PDU L2 LAN IIH Point-to-Point IS-IS hello PDU P2P IIH Level-1 Link State PDU L1 LSP Level-2 Link State PDU L2 LSP Level-1 Complete Sequence Numbers PDU L1 CSNP...
Page 132 Holding time—If no hello packets are received from the neighbor within the holding time, the • neighbor is considered down. PDU length—Total length of the PDU in bytes. • Priority—DIS priority. • LAN ID—Includes the system ID and a 1-byte pseudonode ID. •...
Page 133 Figure 36 L1/L2 LSP format Major fields of the L1/L2 LSP are as follows: PDU length—Total length of the PDU in bytes. • Remaining lifetime—LSP remaining lifetime in seconds. • LSP ID—Consists of the system ID, the pseudonode ID (1 byte) and the LSP fragment number (1 •...
Page 134 Figure 37 LSDB overload A sequence number PDU (SNP) describes the complete or partial LSPs for LSDB synchronization. SNPs include Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level- 1 CSNP, Level-2 CSNP, Level- 1 PSNP and Level-2 PSNP. A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers.
Page 135 Figure 39 L1/L2 PSNP format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address PDU length Source ID ID length+1 Variable length fields The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 40 CLV format Table 5 shows that different PDUs contain different CLVs.
Page 136: Supported Is-Is Features
Graceful restart (GR)—Backs up only the configuration of IS-IS. After an active/standby MPU • switchover, IS-IS performs graceful restart to synchronize the LSDB with neighbors. The MSR series routers do not support IS-IS NSR. IS-IS Graceful Restart GR ensures the continuity of packet forwarding when a routing protocol restarts or an active/standby switchover occurs: •...
Page 137 LSP fragment extension IS-IS advertises link state information by flooding LSPs. Because one LSP carries a limited amount of link state information, IS-IS fragments LSPs. Each LSP fragment is uniquely identified by a combination of the System ID, Pseudonode ID (0 for a common LSP or a non-zero value for a Pseudonode LSP), and LSP Number (LSP fragment number) of the node or pseudo node that generated the LSP.
Page 138: Protocols And Standards
Dynamic host name mapping mechanism The dynamic host name mapping mechanism provides the mappings between the host names and the system IDs for the IS-IS routers. The dynamic host name information is announced in the dynamic host name CLV of an LSP. This mechanism also provides the mapping between a host name and the DIS of a broadcast network, which is announced in the dynamic host name TLV of a pseudonode LSP.
Page 139: Configuring Is-Is Basic Functions
Task Remarks control Configuring the maximum number of ECMP routes Optional. Configuring IS-IS route summarization Optional. Advertising a default route Optional. Configuring IS-IS route redistribution Optional. Configuring IS-IS route filtering Optional. Configuring IS-IS route leaking Optional. Specifying intervals for sending IS-IS hello and CSNP packets Optional.
Page 140: Enabling Is-Is
Enabling IS-IS Step Command Remarks Enter system view. system-view Enable the IS-IS routing isis [ process-id ] [ vpn-instance Not enabled by default. process and enter its view. vpn-instance-name ] Assign a network entity title. network-entity net Not assigned by default. Return to system view.
Page 141: Configuring Is-Is Routing Information Control
Interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the DIS and flood CSNP packets to synchronize the LSDBs, but P2P interfaces on a network do not need to elect the DIS, and have a different LSDB synchronization mechanism. If only two routers exist on a broadcast network, configure the network type of attached interfaces as P2P to avoid DIS election and CSNP flooding, saving network bandwidth and speeding up network convergence.
Page 142 Interface bandwidth Interface cost ≤ 2500 Mbps > 2500 Mbps If none of the above costs is used, a default cost of 10 applies. Configuring an IS-IS cost for an interface Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view.
Page 143: Specifying A Priority For Is-Is
Specifying a priority for IS-IS A router can run multiple routing protocols. When routes to the same destination are found by multiple routing protocols, the route learned by the protocol with the highest priority is adopted. You can reference a routing policy to specify a priority for specific routes. For information about routing policy, see "Configuring routing policies."...
Page 144: Advertising A Default Route
Advertising a default route A router running IS-IS cannot redistribute any default routes or advertise a default route to neighbors. Perform this task to advertise a default route of 0.0.0.0/0 to the same level neighbors. You can use a routing policy to generate the default route only when a local routing entry is matched by the policy.
Page 145: Configuring Is-Is Route Leaking
Filtering routes calculated from received LSPs IS-IS saves the LSPs received from neighbors in the LSDB, uses the SPF algorithm to calculate the shortest path tree with itself as the root, and installs the routes into the IS-IS routing table. By referencing a configured ACL, IP prefix list, or routing policy, you can filter the calculated routes.
Page 146: Tuning And Optimizing Is-Is Networks
Step Command Remarks Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] import-route isis level-2 into level-1 [ filter-policy Enable IS-IS route Disabled by { acl-number | ip-prefix ip-prefix-name | route-policy leaking. default. route-policy-name } | tag tag ] * Tuning and optimizing IS-IS networks Configuration prerequisites Before the configuration, complete the following tasks:...
Page 147: Configuring A Dis Priority For An Interface
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Specify the number of hello packets a Optional. isis timer holding-multiplier value neighbor must miss before declaring [ level-1 | level-2 ] 3 by default. the router is down. Configuring a DIS priority for an interface On a broadcast network, ISIS must elect a router as the DIS at a routing level.
Page 148: Enabling An Interface To Send Small Hello Packets
If a PPP interface's peer IP address is on a different network segment, disable the hello source address check for the PPP interface to establish the neighbor relationship with the peer. To enable neighbor relationships over different network segments: Step Command Remarks Enter system view.
Page 149 Each router needs to refresh LSPs generated by itself at a configurable interval and send them to other routers to prevent valid routes from being aged out. A smaller refresh interval speeds up network convergence but consumes more bandwidth. When the network topology changes, for example, a neighbor is down or up, or the interface metric, system ID, or area ID is changed, the router generates an LSP after a configurable interval.
Page 150 If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in this area. Otherwise, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.
Page 151: Configuring Spf Parameters
Limiting LSP flooding In well-connected ATM, FR and NBMA networks, many P2P links exist. Figure 41 shows a fully meshed network, where Routers A, B, C and D run IS-IS. When Router A generates an LSP, it floods the LSP out of Ethernet 1/1, Ethernet 1/2 and Ethernet 1/3.
Page 152: Assigning A High Priority To Is-Is Routes
Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] Optional. Configure the SPF timer spf maximum-interval [ initial-interval The default SPF calculation calculation interval. [ second-wait-interval ] ] interval is 10 seconds. Assigning a high priority to IS-IS routes An IS-IS topology change causes network convergence.
Page 153: Configuring System Id To Host Name Mappings
Configuring system ID to host name mappings In IS-IS, a system ID identifies a router or host uniquely. A system ID has a fixed length of 6 bytes. When an administrator needs to view IS-IS neighbor information, routing table, or LSDB information, using the system IDs in dotted decimal notation is not convenient.
Page 154: Enabling The Logging Of Neighbor State Changes
Step Command Remarks Optional. Not configured by default. This command takes effect only on a Configure a DIS name. isis dis-name symbolic-name router with dynamic system ID to host name mapping configured. This command is not supported on P2P interfaces. Enabling the logging of neighbor state changes Logging of neighbor state changes enables the router to output neighbor state changes to the console terminal.
Page 155: Configuring Area Authentication
If neither ip nor osi is specified, the OSI related fields in LSPs are checked. • To configure neighbor relationship authentication: Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number isis authentication-mode { md5 | simple } Specify the authentication By default, no authentication [ cipher ] password [ level-1 | level-2 ]...
Page 156: Configuring Is-Is Gr
Configuring IS-IS GR Restarting IS-IS on a router will cause network disconnections and route reconvergence. With the GR feature, the restarting router (known as the "GR restarter") can notify the event to its GR capable neighbors. GR capable neighbors (known as "GR helpers") keep their adjacencies with the router within a configurable GR interval.
Page 157: Binding An Is-Is Process With Mibs
Binding an IS-IS process with MIBs This task allows you to bind MIB with an IS-IS process to send and collect information. For more information about MIB, see Network Management and Monitoring Configuration Guide. To bind an IS-IS process with MIBs: Step Command Remarks...
Page 158: Is-Is Configuration Examples
Task Command Remarks display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ lsp-id lspid | lsp-name lspname ] | local | Available in any Display IS-IS LSDB information. verbose ] * [ process-id | vpn-instance view.
Page 159 Figure 42 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure IS-IS: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] isis enable 1 [RouterA-Serial2/0] quit # Configure Router B.
Page 160 [RouterC] interface serial 2/2 [RouterC-Serial2/2] isis enable 1 [RouterC-Serial2/2] quit # Configure Router D. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.00 [RouterD-isis-1] quit [RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] isis enable 1 [RouterD-Ethernet1/1] quit [RouterD] interface serial 2/0 [RouterD-Serial2/0] isis enable 1 [RouterD-Serial2/0] quit Verify the configuration:...
Page 161 Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL ------------------------------------------------------------------------ 0000.0000.0001.00-00 0x0000000d 0xc57a 0/0/0 0000.0000.0002.00-00 0x0000000c 0xef4d 1025 0/0/0 0000.0000.0003.00-00* 0x00000013 0x93dd 1026 1/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload Level-2 Link State Database LSPID Seq Num Checksum...
Page 162 IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL S2/0 Direct D/L/- 10.1.2.0/24 NULL S2/0 10.1.1.1 R/-/- 192.168.0.0/24 NULL S2/0 10.1.1.1 R/-/- 0.0.0.0/0 NULL S2/0 10.1.1.1 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [RouterC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table...
Page 163: Dis Election Configuration
192.168.0.0/24 NULL S2/0 Direct D/L/- 10.1.1.0/24 NULL S2/0 192.168.0.1 R/-/- 10.1.2.0/24 NULL S2/0 192.168.0.1 R/-/- 172.16.0.0/16 NULL Eth1/1 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set DIS election configuration Network requirements As shown in Figure 43, on a broadcast network (Ethernet), Router A, Router B, Router C, and Router D reside in IS-IS area 10.
Page 164 [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis enable 1 [RouterB-Ethernet1/1] quit # Configure Router C. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] is-level level-1 [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis enable 1 [RouterC-Ethernet1/1] quit # Configure Router D. <RouterD>...
Page 165 Interface: Ethernet1/1 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No # Display IS-IS interfaces of Router C. [RouterC] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Ethernet1/1 IPV4.State IPV6.State Type Down 1497 L1/L2 Yes/No # Display information about IS-IS interfaces of Router D. [RouterD] display isis interface Interface information for ISIS(1) ---------------------------------...
Page 166 # Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Ethernet1/1 IPV4.State IPV6.State Type Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, you can see Router A is the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01.
Page 167: Configuring Is-Is Route Redistribution
IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS route redistribution Network requirements As shown in Figure 44, Router A, Router B, Router C, and Router D reside in the same AS. They use IS-IS to interconnect. Router A and Router B are Level- 1 routers, Router D is a Level-2 router, and Router C is a Level- 1 -2 router.
Page 168 # Configure Router C. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface serial 2/0 [RouterC-Serial2/0] isis enable 1 [RouterC-Serial2/0] quit [RouterC] interface serial 2/1 [RouterC-Serial2/1] isis enable 1 [RouterC-Serial2/1] quit [RouterC] interface serial 2/2 [RouterC-Serial2/2] isis enable 1 [RouterC-Serial2/2] quit # Configure Router D.
Page 169 IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL S2/1 Direct D/L/- 10.1.2.0/24 NULL S2/0 Direct D/L/- 192.168.0.0/24 NULL S2/2 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface...
Page 170: Is-Is Gr Configuration Example
# Configure route redistribution from RIP to IS-IS on Router D. [RouterD-rip-1] quit [RouterD] isis 1 [RouterD–isis-1] import-route rip level-2 # Display IS-IS routing information on Router C. [RouterC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost...
Page 171 Figure 45 Network diagram Configuration procedure Configure IP addresses of the interfaces on each router and configure IS-IS: Follow Figure 45 to configure the IP address and subnet mask of each interface on the router. (Details not shown.) Configure IS-IS on the routers, ensuring that Router A, Router B, and Router C can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS.
Page 172: Is-Is Authentication Configuration Example
T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS authentication configuration example Network requirements As shown in...
Page 173 [RouterA-isis-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis enable 1 [RouterA-Ethernet1/1] quit # Configure Router B. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis enable 1 [RouterB-Ethernet1/1] quit # Configure Router C. <RouterC>...
Page 174: Configuring Bfd For Is-Is
[RouterB-Ethernet1/1] isis authentication-mode md5 t5Hr [RouterB-Ethernet1/1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis authentication-mode md5 t5Hr [RouterC-Ethernet1/1] quit # Specify the MD5 authentication mode and password hSec on Ethernet 1/1 of Router D and on Ethernet 1/2 of Router C. [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis authentication-mode md5 hSec [RouterC-Ethernet1/2] quit...
Page 175 Figure 47 Network diagram Device Interface IP address Device Interface IP address Router A Eth1/1 192.168.0.102/24 Router B Eth1/1 192.168.0.100/24 Eth1/2 10.1.1.102/24 Eth1/2 13.1.1.1/24 Router C Eth1/1 10.1.1.100/24 Eth1/2 13.1.1.2/24 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure IS-IS basic functions: # Configure Router A.
Page 176 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis enable [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis enable [RouterC-Ethernet1/2] quit Configure BFD functions: # Enable BFD on Router A and configure BFD parameters. [RouterA] bfd session init-mode active [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis bfd enable [RouterA-Ethernet1/1] bfd min-receive-interval 500...
Page 177 Tag: 0 Destination: 120.1.1.0/24 Protocol: ISIS Process ID: 1 Preference: 10 Cost: 4 IpPrecedence: QosLcId: NextHop: 10.1.1.100 Interface: Ethernet1/2 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Invalid Adv Age: 00h58m05s Tag: 0 # Enable debugging on Router A.
Page 178 Routing Table : Public Summary Count : 2 Destination: 120.1.1.0/24 Protocol: ISIS Process ID: 1 Preference: 10 Cost: 4 IpPrecedence: QosLcId: NextHop: 10.1.1.100 Interface: Ethernet1/2 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h58m10s...
Page 179: Configuring Bgp
Configuring BGP Overview Border Gateway Protocol (BGP) is an exterior gateway protocol. It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271). Unless otherwise stated, BGP refers to BGP-4 in this document.
Page 180: Bgp Path Attributes
BGP path attributes BGP uses the following path attributes in update messages for route filtering and selection: ORIGIN • The ORIGIN attribute identifies the origin of routing information (how a route became a BGP route). This attribute has the following types: IGP—Has the highest priority.
Page 181 Filter routes—By configuring an AS path filtering list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about routing policies and AS path filtering lists, see "Configuring routing policies." • NEXT_HOP The NEXT_HOP attribute is not necessarily the IP address of a directly-connected router. Its value is determined as follows: When a BGP speaker advertises a self-originated route to a BGP peer, it sets the address of the sending interface as the NEXT_HOP.
Page 182 Figure 50 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 EBGP IBGP MED = 0 9.0.0.0 IBGP Router A Router D D = 9.0.0.0 EBGP IBGP Next_hop = 3.1.1.1 MED = 100 AS 10 3.1.1.1 Router C AS 20...
Page 183 Figure 51 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a four-byte integer).
Page 184: Bgp Route Selection
BGP route selection BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the best route in the following sequence: Highest Preferred_value Highest LOCAL_PREF Summary route Shortest AS_PATH IGP, EGP, or INCOMPLETE route in turn Lowest MED value Learned from EBGP, confederation, or IBGP in turn Smallest next hop metric...
Page 185: Settlements For Problems In Large-Scale Bgp Networks
BGP load balancing through route selection • BGP differs from IGP in the implementation of load balancing in the following ways: IGP routing protocols, such as RIP and OSPF, compute metrics of routes, and then implement load balancing over routes with the same metric and to the same destination. The route selection criterion is metric.
Page 186 The system supports both manual and automatic route summarization. Manual route summarization allows you to determine the attribute of a summary route and whether to advertise more specific routes. • Route dampening BGP route dampening solves the issue of route instability such as route flaps—a route comes up and disappears in the routing table frequently.
Page 187 IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n(n-1)/2. If a large number of IBGP peers exist, large amounts of network and CPU resources are consumed to maintain sessions. Using route reflectors can solve this issue.
Page 188: Mp-Bgp
Confederation • Confederation is another method to manage growing IBGP connections in an AS. It splits an AS into multiple sub ASs. In each sub AS, IBGP peers are fully meshed. As shown in Figure intra-confederation EBGP connections are established between sub Ass in AS 200. Figure 56 Confederation network diagram A non-confederation BGP speaker does not need to know sub ASs in the confederation.
Page 189: Bgp Configuration Views
MP_UNREACH_NLRI—Multiprotocol Unreachable NLRI, for carrying prefixes of unfeasible routes • for multiple network layer protocols. Such routes can then be withdrawn. MP-BGP uses these attributes to advertise feasible and unfeasible routes of different network layer protocols. BGP speakers not supporting MP-BGP ignore updates containing these attributes and do not forward them to its peers.
Page 190: Protocols And Standards
View names Ways to enter the views Remarks <Sysname> system-view Configurations in this view apply to [Sysname] bgp 100 IPv6 BGP-VPN instance view IPv6 unicast routes in the specified [Sysname-bgp] ipv6-family VPN instance. vpn-instance vpn1 [Sysname-bgp-ipv6-vpn1] <Sysname> system-view [Sysname] bgp 100 Configurations in this view apply to BGP VPNv4 instance view [Sysname-bgp] ipv4-family...
Page 191: Bgp Configuration Task List
Complete the following tasks to configure BGP: Task Remarks Enabling BGP Required. Configuring a BGP peer Required. HP recommends configuring BGP peer groups on large scale BGP Configuring basic BGP Configuring a BGP peer group networks for easy configuration and maintenance.
Page 192: Configuring Basic Bgp
Task Remarks Configuring the AS_PATH attribute Optional. Configuring the BGP keepalive interval and Optional. holdtime Configuring the interval for sending the same Optional. update Allowing establishment of EBGP session to an Optional. indirectly connected peer or peer group Enabling the BGP ORF capability Optional.
Page 193: Configuring A Bgp Peer
Step Command Remarks Enter system view. system-view Optional. By default, no global router ID is configured. BGP uses the highest loopback interface IP address as the Configure a global router ID. router id router-id router ID. If no loopback interface IP address is available, BGP uses the highest physical interface IP address as the router ID regardless of the...
Page 194: Configuring A Bgp Peer Group
Configuring a BGP peer group In a large-scale network, grouping peers that use the same route selection policy simplifies overall configuration. When you modify the policy of the group, the modification applies to all peers in the group. However, if a peer group already contains peers, you cannot remove or change its AS number. A peer group is an IBGP peer group if peers in it belong to the local AS, and is an EBGP peer group if peers in it belong to different ASs.
Page 195 To configure an EBGP peer group by using Method 1: Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name By default, no EBGP peer group is...
Page 196: Specifying The Source Interface For Tcp Connections
Step Command Remarks Enable the default use of IPv4 Optional. unicast address family for the Enabled by default. peers that are established default ipv4-unicast This command is not supported in using the peer as-number BGP-VPN instance view. command. Optional. Enable a peer. peer ip-address enable Enabled by default.
Page 197: Generating Bgp Routes
To establish multiple BGP sessions between two routers, you must specify the source interface for • establishing TCP connections to each peer on the local router. Otherwise, the local BGP router might fail to establish a TCP connection to a peer when using the outbound interface of the best route to the peer as the source interface.
Page 198: Redistributing Igp Routes
Step Command Remarks Optional. network ip-address [ mask | Not injected by default. Inject a local network to the mask-length ] [ route-policy The network to be injected must be BGP routing table. route-policy-name ] available and active in the local IP routing table.
Page 199: Advertising A Default Route To A Peer Or Peer Group
To configure automatic route summarization: Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name Configure automatic route summary automatic Not configured by default.
Page 200: Configuring Bgp Route Distribution/Reception Filtering Policies
Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Advertise a default route to a default-route-advertise Not advertised by default.
Page 201 Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or BGP-VPN Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name • Configure the filtering of redistributed routes advertised to all peers: filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip...
Page 202: Enabling Bgp And Igp Route Synchronization
peer ip-prefix import peer route-policy import Only routes passing all the configured policies can be received. To configure BGP route reception filtering policies: Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or BGP-VPN Use either method.
Page 203: Limiting Prefixes Received From A Peer Or Peer Group
discard a packet due to an unreachable destination. As shown in Figure 57, Router E has learned a route of 8.0.0.0/8 from Router D through BGP. Router E then sends a packet to 8.0.0.0/8 through Router D, which finds from its routing table that Router B is the next hop (configured using the peer next-hop-local command).
Page 204: Configuring Bgp Route Dampening
You can specify the threshold value for the router to display an alarm message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router displays an alarm message. To configure the maximum number of prefixes allowed to be received from a peer or peer group: Step Command Remarks...
Page 205: Configuring Preferences For Bgp Routes
Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the route to the destination. To specify a preferred value for routes from a peer or peer group: Step Command Remarks...
Page 206: Configure The Default Local Preference
Configure the default local preference The local preference is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest local preference as the best route.
Page 207 Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or BGP-VPN Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name Enable the comparison of MED of routes from different compare-different-as-med Not enabled by default. ASs.
Page 208 To resolve this issue, configure the bestroute compare-med command on Router D. After that, Router D puts routes received from the same AS into a group. Router D then selects the route with the lowest MED from the same group, and compares routes from different groups. The following output is the BGP routing table on Router D after the comparison of MED of routes from each AS is enabled.
Page 209: Configuring The Next_Hop Attribute
Configuring the NEXT_HOP attribute By default, when advertising routes to an IBGP peer or peer group, a BGP router does not set itself as the next hop. However, to ensure a BGP peer can find the correct next hop in some cases, you need to configure the router as the next hop for routes sent to the peer.
Page 210: Configuring The As_Path Attribute
Step Command Remarks Optional. By default, the router sets it as the Specify the router as the next peer { group-name | ip-address } next hop for routes sent to an EBGP hop of routes sent to a peer or next-hop-local peer or peer group, but does not peer group.
Page 211 Step Command Remarks Optional. Disable BGP from considering By default, BGP considers AS_PATH during best route bestroute as-path-neglect AS_PATH during best route selection. selection. Specifying a fake AS number for a peer or peer group When Router A in AS 2 is moved to AS 3, you can configure Router A to specify a fake AS number of 2 for created connections to EBGP peers or peer groups.
Page 212 Use AS number substitution only in the specific scenario. Improper configuration can result in routing loops. To configure AS number substitution for a peer or peer group: Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number •...
Page 213: Tuning And Optimizing Bgp Networks
Step Command Remarks Enter BGP view or BGP-VPN bgp as-number instance view. Configure BGP to ignore the By default, BGP checks the first AS first AS number of EBGP route ignore-first-as number of EBGP route updates. updates. Tuning and optimizing BGP networks Configuring the BGP keepalive interval and holdtime After establishing a BGP session, two routers send keepalive messages at the specified keepalive interval to each other to keep the session.
Page 214: Configuring The Interval For Sending The Same Update
Step Command Remarks • Configure the global keepalive interval and holdtime: timer keepalive keepalive hold holdtime Optional. Configure BGP keepalive interval • Configure the keepalive interval By default, the keepalive and holdtime. and holdtime for a peer or peer interval is 60 seconds, and group: holdtime is 180 seconds.
Page 215: Enabling The Bgp Orf Capability
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name Allow the establishment of By default, the EBGP session to an EBGP session to an indirectly peer { group-name | ip-address } indirectly connected peer or peer...
Page 216: Enabling 4-Byte As Number Suppression
Table 8 Description of the both, send, and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result • receive The local end can only send ORF information, and the peer send • end can only receive ORF information. both •...
Page 217: Enabling Md5 Authentication For Bgp Peers
Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name Optional. Enable quick reestablishment ebgp-interface-sensitive of direct EBGP session. Not enabled by default.
Page 218: Forbidding Session Establishment With A Peer Or Peer Group
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or BGP-VPN Use either method. instance view. bgp as-number ipv4-family vpn-instance vpn-instance-name Configure the maximum By default, load balancing is not number of BGP routes for load balance number enabled.
Page 219 Configuring automatic soft-reset After route refresh is enabled for peers and a policy is modified, the router advertises a route-refresh message to the peers, which then resend their routing information to the router. After receiving the routing information, the router performs dynamic route update by using the new policy. To enable BGP route refresh for a peer or peer group: Step Command...
Page 220: Configuring A Large Scale Bgp Network
Step Command Remarks Return to user view. return refresh bgp { all | ip-address | group Perform manual soft-reset on group-name | external | internal } BGP sessions. { export | import } Configuring a large scale BGP network In a large-scale BGP network, configuration and maintenance might become difficult due to large numbers of BGP peers.
Page 221: Configuring A Bgp Route Reflector
Step Command Remarks • Advertise the community attribute to a peer or peer group: peer { group-name | ip-address } Advertise the community advertise-community Use either method. attribute or extended community attribute to a peer • Advertise the extended Not configured by default. or peer group.
Page 222: Configuring A Bgp Confederation
Step Command Remarks Not configured by default. The peer reflect-client command can be configured in both BGP view and BGP-VPNv4 subaddress family view. In BGP view, the command enables the router to reflect routes of the public network; Configure the router as a route in BGP-VPNv4 subaddress family peer { group-name | ip-address } reflector and specify a peer or...
Page 223: Configuring Bgp Gr
Step Command Remarks Configure a confederation ID. confederation id as-number Not configured by default. Specify peering sub ASs in the confederation peer-as Not configured by default. confederation. as-number-list Configuring confederation compatibility If some other routers in the confederation do not comply with RFC 3065, you must enable confederation compatibility to allow the router to work with those routers.
Page 224: Enabling Trap
In general, the maximum time allowed for the peer to reestablish a BGP session must be less than • the Holdtime carried in the Open message. The End-Of-RIB (End of Routing-Information-Base) indicates the end of route updates. • Perform the following configuration on the GR helper. To configure BGP GR: Step Command...
Page 225: Configuring Bfd For Bgp
Step Command Remarks Optional. ipv4-family vpn-instance Enter BGP-VPN instance view. vpn-instance-name Enable the logging of session Optional. peer { group-name | ip-address } state changes for a peer or log-change Enabled by default. peer group. Configuring BFD for BGP BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds.
Page 226 Task Command Remarks display bgp paths [ as-regular-expression | | { begin | Available in Display AS path information. exclude | include } regular-expression ] any view. display bgp peer [ ip-address { log-info | verbose } | Display BGP peer or peer group Available in group-name log-info | verbose ] [ | { begin | exclude information.
Page 227: Resetting Bgp Session
Task Command Remarks display router id [ | { begin | exclude | include } Available in Display the global router ID. regular-expression ] any view. Resetting BGP session Task Command Remarks reset bgp { as-number | ip-address | all | Reset the specified BGP session.
Page 228 To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections. Because loopback interfaces are virtual interfaces, you need to use the peer connect-interface command to specify the loopback interface as the source interface for establishing BGP connections.
Page 229 To enable Router C to access the network 8.1.1.0/24 connected directly to Router A, inject network 8.1.1.0/24 to the BGP routing table of Router A. # Configure Router A. <RouterA> system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] network 8.1.1.1 24 [RouterA-bgp] quit # Configure Router B.
Page 230 Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *> 8.1.1.0/24 3.1.1.2 65008i # Display the BGP routing table on Router C. [RouterC] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, >...
Page 231: Bgp And Igp Synchronization Configuration
[RouterC] display bgp routing-table Total Number of Routes: 4 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop...
Page 232 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF: Enable OSPF in AS 65009, so that Router B can obtain the route to 9.1.2.0/24. # Configure Router B. <RouterB> system-view [RouterB] ospf 1 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit...
Page 233 # Display the BGP routing table on Router A. [RouterA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...
Page 234: Bgp Load Balancing Configuration
PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=2 ms --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted...
Page 235 internal network through Router C; configure a static route to interface loopback 0 on Router B (or use another protocol like OSPF) to establish the IBGP connection. # Configure Router A. <RouterA> system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] peer 3.1.2.1 as-number 65009 [RouterA-bgp] network 8.1.1.1 24 [RouterA-bgp] quit...
Page 236: Bgp Route Summarization Configuration
The output shows two valid routes to destination 9.1.1.0/24: the route with next hop 3.1.1.1 is marked with a greater-than sign (>), indicating it is the best route; the route with next hop 3.1.2.1 is marked with only an asterisk (*), indicating it is a valid route, but not the best. By using the display ip routing-table command, you can find only one route to 9.1.1.0/24 with next hop 3.1.1.1 and outbound interface S2/0.
Page 237 Figure 65 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure static routing between Router A and Router B: # Configure a default route with the next hop 192.168.212.1 on Router A. <RouterA> system-view [RouterA] ip route-static 0.0.0.0 0 192.168.212.1 # Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B.
Page 238 Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 3.3.3.3/32 Direct 0 127.0.0.1 InLoop0 10.220.2.0/24 Direct 0 10.220.2.16 S2/0 10.220.2.16/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.17.100.0/24 Direct 0 172.17.100.2 S2/1 172.17.100.2/32 Direct 0...
Page 239 After the above configurations, ping the hosts on networks 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 from Router D. The ping operations succeed. Configure route summarization on Router C: # Summarize 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 into a single route 192.168.64.0/18 on Router C and disable advertisement of the specific routes. [RouterC-bgp] aggregate 192.168.64.0 18 detail-suppressed [RouterC-bgp] quit Verifying the configuration...
Page 240: Bgp Community Configuration
BGP community configuration Network requirements As shown in Figure 66, EBGP runs between Router B and Router A, and between Router B and Router C. Configure No_Export community attribute on Router A to make routes from AS 10 not advertised by AS 20 to any other AS.
Page 241 Local AS number : 20 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Original nexthop: 200.1.2.1 AS-path : 10 Origin : igp Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Advertised to such 1 peers: 200.1.3.2...
Page 242: Bgp Route Reflector Configuration
Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Not advertised to any peers yet The output shows that BGP has not learned any route. BGP route reflector configuration Network requirements As shown in Figure 67, all routers run BGP.
Page 243: Bgp Confederation Configuration
[RouterC-bgp] peer 193.1.1.2 as-number 200 [RouterC-bgp] peer 194.1.1.2 as-number 200 [RouterC-bgp] quit # Configure Router D. <RouterD> system-view [RouterD] bgp 200 [RouterD-bgp] peer 194.1.1.1 as-number 200 [RouterD-bgp] quit Configure the route reflector: # Configure Router C as the route reflector. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.2 reflect-client [RouterC-bgp] peer 194.1.1.2 reflect-client...
Page 244 Figure 68 Network diagram Router C Router B Eth1/1 Eth1/1 Eth1/1 AS 65002 AS 65003 S2/0 Router F Eth1/4 AS 100 Eth1/1 S2/1 Eth1/2 Eth1/2 Router A Eth1/1 Eth1/3 Router D AS 65001 Eth1/2 Eth1/1 Router E AS 200 Device Interface IP address Device...
Page 245 <RouterC> system-view [RouterC] bgp 65003 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] confederation id 200 [RouterC-bgp] confederation peer-as 65001 65002 [RouterC-bgp] peer 10.1.2.1 as-number 65001 [RouterC-bgp] quit Configure IBGP connections in AS 65001: # Configure Router A. [RouterA] bgp 65001 [RouterA-bgp] peer 10.1.3.2 as-number 65001 [RouterA-bgp] peer 10.1.3.2 next-hop-local [RouterA-bgp] peer 10.1.4.2 as-number 65001 [RouterA-bgp] peer 10.1.4.2 next-hop-local...
Page 246 Total Number of Routes: 1 BGP Local router ID is 2.2.2.2 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Page 247: Bgp Path Selection Configuration
Origin : igp Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, internal, best, Not advertised to any peers yet The output shows the following: • Router F can send route information to Router B and Router C through the confederation by establishing only an EBGP connection with Router A.
Page 248 [RouterB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. <RouterC> system-view [RouterC] ospf [RouterC-ospf] area 0 [RouterC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. <RouterD> system-view [RouterD] ospf [RouterD-ospf] area 0 [RouterD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit...
Page 249 Method 1: Specify a higher MED value for the route 1.0.0.0/8 advertised to 192.1.1.2 to make Router D give priority to the route learned from Router C. # Define ACL 2000 to permit the route 1.0.0.0/8 [RouterA] acl number 2000 [RouterA-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [RouterA-acl-basic-2000] quit # Define routing policy apply_med_50 that sets the MED value of route 1.0.0.0/8 to 50, and...
Page 250: Bgp Gr Configuration
[RouterC-route-policy] quit # Apply the routing policy localpref to the route from the peer 193.1.1.1 on Router C. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.1 route-policy localpref import [RouterC-bgp] quit # Display the BGP routing table on Router D. [RouterD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, ^ - VPNv4 best, >...
Page 251: Configuring Bfd For Bgp
# Enable GR capability for BGP. [RouterA-bgp] graceful-restart Configure Router B: # Configure IP addresses for interfaces. (Details not shown.) # Configure the EBGP connection. <RouterB> system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 200.1.1.2 as-number 65008 # Configure the IBGP connection. [RouterB-bgp] peer 9.1.1.2 as-number 65009 # Inject networks 200.1.1.0/24 and 9.1.1.0/24 to the BGP routing table.
Page 252 Figure 71 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF so that Router A and Router C are reachable to each other. (Details not shown.) Configure BGP on Router A: # Establish two IBGP connections to Router C. <RouterA>...
Page 253 [RouterA-bgp] quit Configure BGP on Router C: <RouterC> system-view [RouterC] bgp 200 [RouterC-bgp] peer 3.0.1.1 as-number 200 [RouterC-bgp] peer 3.0.1.1 bfd [RouterC-bgp] peer 2.0.1.1 as-number 200 [RouterC-bgp] quit Configure BFD parameters (you can use default BFD parameters instead): # Configure Router A. Configure active-mode BFD on Ethernet 1/2.
Page 254 Recv Pkt Num: 57 Send Pkt Num: 53 Hold Time: 2200ms Connect Type: Indirect Running Up for: 00:00:06 Auth mode: Simple Protocol: BGP Diag Info: No Diagnostic The output shows that a BFD session is established between Ethernet 1/2 of Router A and Ethernet 1/1 of Router C and that BFD runs correctly.
Page 255: Troubleshooting Bgp
# Enable BFD debugging on Router C. <RouterC> debugging bfd scm <RouterC> debugging bfd event <RouterC> debugging bgp bfd <RouterC> terminal monitor <RouterC> terminal debugging # The following debugging information shows that: when the link between Router A and Router B fails, Router C can quickly detect the link failure.
Page 256 Solution Use the display current-configuration command to verify that the peer's AS number is correct. Use the display bgp peer command to verify that the peer's IP address is correct. If a loopback interface is used, verify that the loopback interface is specified with the peer connect-interface command.
Page 257: Configuring Routing Policies
Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: Configure filters based on route attributes, such as destination address and the advertising router's address.
Page 258: Configuring Filters
Extended community list An extended community list matches the extended community attribute (Route-Target for VPN and Source of Origin) of BGP routing information. For more information about extended community list, see MPLS Configuration Guide. Routing policy A routing policy can comprise multiple nodes, which are in a logical OR relationship. A node with a smaller number is matched first.
Page 259: Configuring An As Path List
[Sysname] ip ip-prefix abc index 10 deny 10.1.0.0 16 [Sysname] ip ip-prefix abc index 20 deny 10.2.0.0 16 [Sysname] ip ip-prefix abc index 30 deny 10.3.0.0 16 [Sysname] ip ip-prefix abc index 40 permit 0.0.0.0 0 less-equal 32 Configuring an IPv6 prefix list Step Command Remarks...
Page 260: Configuring An Extended Community List
Step Command Remarks • Configure a basic community list: ip community-list { basic-comm-list-num | basic comm-list-name } { deny | permit } [ community-number-list ] [ internet | no-advertise Use either method. Configure a community | no-export | no-export-subconfed ] * Not configured by list.
Page 261: Configuring If-Match Clauses
Step Command Remarks Enter system view. system-view route-policy Create a routing policy and a node and By default, no routing policy route-policy-name { deny | enter routing policy view. is created. permit } node node-number Configuring if-match clauses Follow these guidelines when you configure if-match clauses: The if-match clauses of a routing policy node have a logical AND relationship.
Page 262: Configuring Apply Clauses
Step Command Remarks if-match community Optional. Match BGP routing information whose { { basic-community-list-number | community attribute is specified in the Not configured by comm-list-name } [ whole-match ] | community lists. default. adv-community-list-number }&<1-16> Optional. Match routes having the specified if-match cost value Not configured by cost.
Page 263: Configuring A Continue Clause
Step Command Remarks apply community { none | additive | { community-number&<1-16> | Optional. Set the community attribute for aa:nn&<1-16> | internet | BGP routes. Not set by default. no-advertise | no-export | no-export-subconfed } * [ additive ] } Optional.
Page 264: Displaying And Maintaining The Routing Policy
If you configure the apply community clause for multiple nodes that are combined by the continue • clause, the apply comm-list delete clause configured on the current node cannot delete the community attributes set by preceding nodes. To configure a continue clause for a routing policy: Step Command Remarks...
Page 265 Configure Router B to redistribute IS-IS routes into OSPF, and use a routing policy to set the cost of route 172.17.1.0/24 to 100 and the tag of route 172.17.2.0/24 to 20. Figure 72 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure IS-IS: # Configure Router C.
Page 266 <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # On Router B, configure OSPF and enable route redistribution from IS-IS. [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] import-route isis 1 [RouterB-ospf-1] quit # Display the OSPF routing table on Router A.
Page 267: Applying A Routing Policy To Ipv6 Route Redistribution
[RouterB-route-policy] quit [RouterB] route-policy isis2ospf permit node 30 [RouterB-route-policy] quit Apply the routing policy to route redistribution on Router B: # On Router B, enable route redistribution from IS-IS and apply the routing policy. [RouterB] ospf [RouterB-ospf-1] import-route isis 1 route-policy isis2ospf [RouterB-ospf-1] quit # Display OSPF routing table information on Router A.
Page 268 # Configure IPv6 addresses for interfaces Ethernet 1/1 and Ethernet 1/2. <RouterA> system-view [RouterA] ipv6 [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ipv6 address 10::1 32 [RouterA-Ethernet1/1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] ipv6 address 11::1 32 [RouterA-Ethernet1/2] quit # Enable RIPng on Ethernet 1/1. [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ripng 1 enable [RouterA-Ethernet1/1] quit...
Page 269: Applying A Routing Policy To Filter Received Bgp Routes
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec Dest 20::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 Sec Dest 40::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 3 Sec Applying a routing policy to filter received BGP routes Network requirements •...
Page 270 [RouterC-bgp] peer 1.1.3.2 as-number 400 # Configure Router D. <RouterD> system-view [RouterD] bgp 400 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] peer 1.1.3.1 as-number 300 [RouterD-bgp] quit # Inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 on Router A. [RouterA-bgp] network 4.4.4.4 24 [RouterA-bgp] network 5.5.5.5 24 [RouterA-bgp] network 6.6.6.6 24 # Inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 on Router B.
Page 271: Troubleshooting Routing Policy Configuration
# On Router D, specify routing policy rt1 to filter routes received from peer 1.1.3.1. [RouterD] bgp 400 [RouterD-bgp] peer 1.1.3.1 route-policy rt1 import # Display the BGP routing table information of Router D. [RouterD-bgp] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 4.4.4.4 Status codes: * - valid, >...
Page 272: Configuring Pbr
Configuring PBR Overview Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address, packet length, and other criteria. A policy can specify the output interface, next hop, default output interface, default next hop, and other parameters for packets that match specific criteria such as ACLs or have specific lengths.
Page 273 Table 9 Priorities and meanings of apply clauses Clause Meaning Priority Sets the DF (Don't Fragment) bit in the IP header to 0, This clause is always executed. apply ip-df zero which means the packet can be fragmented. If this clause is configured, other apply clauses, except the apply ip-df zero clause, are not executed.
Page 274: Pbr And Track
All packets can match a node where no if-match clauses are configured. If a permit-mode node has no apply clause, packets matching all the if-match clauses of the node are forwarded according to the routing table. If a node has no if-match or apply clauses configured, all packets can match the node and are forwarded according to the routing table.
Page 275: Configuring Actions For A Node
NOTE: An ACL match criterion uses the specified ACL to match packets if the match mode is configured as permit. If the specified ACL does not exist or the match mode is configured as deny, no packet can match the criterion. Configuring actions for a node Step Command...
Page 276: Configuring Pbr
Configuring PBR Configuring local PBR Configure PBR by applying a policy locally. PBR uses the policy to guide the forwarding of locally generated packets. You can apply only one policy locally. If you perform the ip local policy-based-route command multiple times, only the last specified policy takes effect.
Page 277: Pbr Configuration Examples
Task Command Remarks Display information about local display ip policy-based-route [ | { begin | Available in any view. PBR and interface PBR. exclude | include } regular-expression ] display ip policy-based-route setup { interface interface-type interface-number | Display PBR configuration. Available in any view.
Page 278: Configuring Interface Pbr Based On Packet Type
[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 1.1.2.1 255.255.255.0 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ip address 1.1.3.1 255.255.255.0 Configure Router B: # Configure the IP address of the serial interface. <RouterB> system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 1.1.2.2 255.255.255.0 Configure Router C: # Configure the IP address of the serial interface.
Page 279 Figure 76 Network diagram Router B Router C S2/0 S2/1 1.1.2.2/24 1.1.3.2/24 S2/0 S2/1 1.1.2.1/24 1.1.3.1/24 Router A Eth1/1 10.110.0.10/24 Subnet 10.110.0.0/24 Host A Host B 10.110.0.20/24 Gateway: 10.110.0.10 Configuration procedure NOTE: In this example, static routes are configured to ensure the reachability among devices. Configure Router A: # Configure ACL 3101 to match TCP packets.
Page 280: Configuring Interface Pbr Based On Packet Length
Configure Router B: # Configure a static route to subnet 10.110.0.0/24. <RouterB> system-view [RouterB] ip route-static 10.110.0.0 24 1.1.2.1 # Configure the IP address of the serial interface. [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 1.1.2.2 255.255.255.0 Configure Router C: # Configure a static route to subnet 10.110.0.0/24.
Page 281 Configuration procedure Configure Router A: # Configure RIP. <RouterA> system-view [RouterA] rip [RouterA-rip-1] network 192.1.1.0 [RouterA-rip-1] network 150.1.0.0 [RouterA-rip-1] network 151.1.0.0 [RouterA-rip-1] quit # Configure Node 10 for policy lab1 to forward packets with a length of 64 to 100 bytes to the next hop 150.1.1.2, and packets with a length of 101 to 1000 bytes to the next hop 151.1.1.2.
Page 282 [RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 10.1.1.1 32 Verify the configuration: # Run the debugging ip policy-based-route command on Router A. <RouterA> debugging ip policy-based-route <RouterA> terminal debugging <RouterA> terminal monitor # Ping Loopback 0 of Router B from Host A, and set the data length to 80 bytes. C:\>ping -l 80 10.1.1.1 Pinging 10.1.1.1 with 80 bytes of data: Reply from 10.1.1.1: bytes=80 time<1ms TTL=255...
Page 283: Configuring Local Pbr To Specify Output Interface And Next Hop
The debugging information about PBR displayed on Router A is as follows: <RouterA> *Jun 7 12:06:47:631 2009 RouterA PBR/7/POLICY-ROUTING: IP policy based routing success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2 *Jun 7 12:06:48:630 2009 RouterA PBR/7/POLICY-ROUTING: IP policy based routing success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2 *Jun 7 12:06:49:627 2009 RouterA PBR/7/POLICY-ROUTING: IP policy based routing...
Page 284 # Configure Node 1 for policy management to forward management packets through Ethernet1/1.1. (Because Ethernet1/1.1 obtains its IP address through DHCP and the next hop address is unknown, specify the gateway address learned through DHCP as the next hop address.) [Router] policy-based-route management permit node 1 [Router-pbr-management-1] if-match acl 3000 [Router-pbr-management-1] apply output-interface ethernet 1/1.1 ip-address next-hop dhcpc...
Page 285: Configuring Ipv6 Static Routing
Configuring IPv6 static routing Overview Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator has to modify the static routes manually.
Page 286: Displaying And Maintaining Ipv6 Static Routes
Displaying and maintaining IPv6 static routes Task Command Remarks display ipv6 routing-table protocol Display IPv6 static route static [ inactive | verbose ] [ | Available in any view. information. { begin | exclude | include } regular-expression ] For more information about the display ipv6 routing-table protocol static [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] command, see Layer 3—IP Routing Command Reference.
Page 287 Configure the IPv6 addresses of hosts and gateways: Configure the IPv6 addresses of all the hosts based on the network diagram, and configure the default gateway of Host A as 1::1, Host B as 2::1, and Host C as 3::1. Verify the configuration: # Display the IPv6 routing table on Router A.
Page 288: Configuring An Ipv6 Default Route
Configuring an IPv6 default route An IPv6 default route is used to forward packets that match no entry in the routing table. An IPv6 default route can be configured in either of the following ways: The network administrator can configure a default route with a destination prefix of ::/0. For more •...
Page 289: Configuring Ripng
Configuring RIPng Overview RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: • UDP port number—RIPng uses UDP port 521 for sending and receiving routing information. Multicast address—RIPng uses FF02::9 as the link-local-router multicast address.
Page 290: Ripng Packet Processing Procedure
Figure 80 RIPng basic packet format Packet header description: Command—Type of message. 0x01 indicates Request, 0x02 indicates Response. • Version—Version of RIPng. It can only be 0x01. • • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: •...
Page 291: Protocols And Standards
The receiving RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix length both being 0 and with a metric value of 16, the RIPng router responds with the entire routing table information in response messages. If multiple RTEs exist in the request message, the RIPng router examines each RTE, update its metric, and send the requested routing information to the requesting router in the response packet.
Page 292: Configuration Prerequisites
Configuration prerequisites Before you configure RIPng basic functions, complete the following tasks: Enable IPv6 packet forwarding. • Configure an IP address for each interface, and make sure all nodes are reachable to one another. • Configuration procedure To configure the basic RIPng functions: Step Command Remarks...
Page 293: Configuring Ripng Route Summarization
Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Optional. Specify an inbound routing ripng metricin value additional metric. 0 by default. Optional. Specify an outbound ripng metricout value routing additional metric. 1 by default. Configuring RIPng route summarization Step Command Enter system view.
Page 294: Configuring A Priority For Ripng
Step Command Remarks Configure a filter policy filter-policy { acl6-number | ipv6-prefix By default, RIPng does not filter to filter redistributed ipv6-prefix-name } export [ protocol redistributed routes. routes. [ process-id ] ] Configuring a priority for RIPng Routing protocols have their own protocol priorities used for optimal route selection. You can set a priority for RIPng manually.
Page 295: Configuring Split Horizon And Poison Reverse
The split horizon function disables a route learned from an interface from being advertised through the same interface to prevent routing loops between neighbors. HP recommends enabling split horizon to prevent routing loops. In frame relay, X.25 and other non-broadcast multi-access (NBMA) networks, split horizon should be disabled if multiple VCs are configured on the primary interface and secondary interfaces to ensure route advertisement.
Page 296: Configuring Zero Field Check On Ripng Packets
Step Command Remarks interface interface-type Enter interface view. interface-number Enable the poison reverse ripng poison-reverse Disabled by default. function. Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called "zero fields." With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded.
Page 297: Displaying And Maintaining Ripng
An IPsec policy used for RIPng can only be in manual mode. For more information, see Security Configuration Guide. Configuration prerequisites Before you apply an IPsec policy for RIPng, complete following tasks: Create an IPsec proposal. • • Create an IPsec policy. For more information about IPsec policy configuration, see Security Configuration Guide.
Page 298: Ripng Configuration Examples
Task Command Remarks Clear statistics of a RIPng process. reset ripng process-id statistics Available in user view. RIPng configuration examples Configuring RIPng basic functions Network requirements As shown in Figure 83, all routers learn IPv6 routing information through RIPng. Configure Router B to filter the route (3::/64) learned from Router C, which means the route is not added to the routing table of Router B, and Router B does not forward it to Router A.
Page 299 [RouterC] ripng 1 [RouterC-ripng-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ripng 1 enable [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] ripng 1 enable [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/3 [RouterC-Ethernet1/3] ripng 1 enable [RouterC-Ethernet1/3] quit # Display the routing table of Router B. [RouterB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ----------------------------------------------------------------...
Page 300: Configuring Ripng Route Redistribution
Peer FE80::20F:E2FF:FE00:100 on Ethernet1/2 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [RouterA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE00:1235 on Ethernet1/1...
Page 301 [RouterB] ripng 100 [RouterB-ripng-100] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ripng 100 enable [RouterB-Ethernet1/2] quit [RouterB] ripng 200 [RouterB-ripng-200] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ripng 200 enable # Enable RIPng 200 on Router C. <RouterC> system-view [RouterC] ripng 200 [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ripng 200 enable [RouterC-Ethernet1/1] quit...
Page 302: Configuring Ripng Ipsec Policies
[RouterB] ripng 100 [RouterB-ripng-100] default cost 3 [RouterB-ripng-100] import-route ripng 200 [RouterB-ripng-100] quit [RouterB] ripng 200 [RouterB-ripng-200] import-route ripng 100 [RouterB-ripng-200] quit # Display the routing table of Router A. [RouterA] display ipv6 routing-table Routing Table : Destinations : 7 Routes : 7 Destination: ::1/128 Protocol...
Page 303 Figure 85 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure RIPng basic functions: # Configure Router A. <RouterA> system-view [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ripng 1 enable [RouterA-Ethernet1/1] quit # Configure Router B. <RouterB>...
Page 304 [RouterA-ipsec-policy-manual-policy001-10] transform-set tran1 [RouterA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] quit # On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
Page 305 [RouterB] ripng 1 [RouterB-ripng-1] enable ipsec-policy policy001 [RouterB-ripng-1] quit # Configure Router C. [RouterC] ripng 1 [RouterC-ripng-1] enable ipsec-policy policy001 [RouterC-ripng-1] quit Verify the configuration: RIPng packets between Routers A, B and C are protected by IPsec.
Page 306: Configuring Ospfv3
Configuring OSPFv3 Overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6). OSPFv3 and OSPFv2 have the following similarities: • A 32-bits router ID and area ID Packets, including Hello, DD (Data Description), LSR (Link State Request), LSU (Link State Update), •...
Page 307: Timers
Router-LSA—Originated by all routers. This LSA describes the collected states of the router's • interfaces to an area, and is flooded throughout a single area only. Network-LSA—Originated for broadcast and NBMA networks by the Designated Router. This LSA • contains the list of routers connected to the network, and is flooded throughout a single area only. Inter-Area-Prefix-LSA—Similar to Type 3 LSA of OSPFv2, originated by Area Border Routers (ABRs), •...
Page 308: Supported Features
SPF timer Whenever the LSDB changes, an SPF calculation happens. If recalculations become frequent, a large amount of resources are occupied. You can adjust the SPF calculation interval and delay time to protect networks from being overloaded due to frequent changes. GR timer If a failure to establish adjacencies occurs during a GR, the device is in the GR process for a long time.
Page 309: Enabling Ospfv3
Task Remarks Disabling interfaces from receiving and sending OSPFv3 Optional. packets Enabling the logging of neighbor state changes Optional. Configuring Configuring GR helper Optional. OSPFv3 GR Configuring BFD for OSPFv3 Optional. Applying IPsec policies for OSPFv3 Optional. Enabling OSPFv3 Configuration prerequisites Before you enable OSPFv3, complete the following tasks: Make neighboring nodes accessible with each other at the network layer.
Page 310: Configuration Prerequisites
Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications. For those non-backbone areas residing on the AS boundary, configure them as stub areas to further reduce the size of routing tables and the number of LSAs. Non-backbone areas exchange routing information through the backbone area.
Page 311: Configuring Ospfv3 Network Types
To configure a virtual link: Step Command Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Enter OSPFv3 area view. area area-id vlink-peer router-id [ hello seconds | retransmit seconds | Configure a virtual link. trans-delay seconds | dead seconds | instance instance-id ] * Configuring OSPFv3 network types OSPFv3 classifies networks into the following types by the link layer protocol: By default, the OSPFv3 interface network types vary with the link layer protocols of the interfaces:...
Page 312: Configuring An Nbma Or P2Mp Neighbor
Configuring an NBMA or P2MP neighbor For NBMA and P2MP interfaces (only when in unicast mode), you must specify the link-local IP addresses of their neighbors because these interfaces cannot find neighbors through broadcasting hello packets. You can also specify DR priorities for neighbors. To configure an NBMA or P2MP (unicast) neighbor and its DR priority: Step Command...
Page 313: Configuring An Ospfv3 Cost For An Interface
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Configure inbound filter-policy { acl-number | ipv6-prefix Not configured by default. route filtering. ipv6-prefix-name } import NOTE: The filter-policy import command can only filter routes computed by OSPFv3. Only routes not filtered out can be added into the local routing table.
Page 314: Configuring A Priority For Ospfv3
To configure the maximum number of ECMP routes: Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Specify the maximum number maximum load-balancing Optional. of ECMP routes. maximum Configuring a priority for OSPFv3 A router can run multiple routing protocols. The system assigns a priority to each protocol. When these routing protocols find the same route, the route found by the protocol with the highest priority is selected.
Page 315: Tuning And Optimizing Ospfv3 Networks
Step Command Remarks Optional. default-route-advertise [ always | cost value | Inject a default route. Not injected by type type | route-policy route-policy-name ] * default. filter-policy { acl6-number | ipv6-prefix Optional. ipv6-prefix-name } export [ isisv6 process-id | Filter redistributed routes. Not configured by ospfv3 process-id | ripng process-id | bgp4+ | default.
Page 316: Configuring A Dr Priority For An Interface
Step Command Remarks Optional. ospfv3 timer poll seconds Specify the poll interval. By default, the poll interval is 120 [ instance instance-id ] seconds. Optional. ospfv3 timer dead seconds By default, the dead interval is 40 Configure the dead interval. [ instance instance-id ] seconds on P2P and broadcast interfaces.
Page 317: Disabling Interfaces From Receiving And Sending Ospfv3 Packets
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Ignore MTU check for DD ospfv3 mtu-ignore [ instance Not ignored by default. packets. instance-id ] Disabling interfaces from receiving and sending OSPFv3 packets Follow these guidelines when you disable interfaces from receiving and sending OSPFv3 packets: Multiple OSPFv3 processes can disable the same interface from receiving and sending OSPFv3 •...
Page 318: Configuring Gr Helper
Graceful Restart ensures the continuity of packet forwarding when a routing protocol restarts or an active/standby switchover occurs: GR restarter—Graceful restarting router. It must be Graceful Restart capable. • GR helper—The neighbor of the GR restarter. It helps the GR restarter to complete the GR process. •...
Page 319: Applying Ipsec Policies For Ospfv3
Applying IPsec policies for OSPFv3 To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using an IPsec policy. Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet.
Page 320: Displaying And Maintaining Ospfv3
To apply an IPsec policy on a virtual link: Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Enter OSPFv3 area view. area area-id vlink-peer router-id [ hello seconds | Apply an IPsec policy on a retransmit seconds | trans-delay seconds Not configured by default.
Page 321: Ospfv3 Configuration Examples
Task Command Remarks display ospfv3 [ process-id ] retrans-list [ { external | grace | inter-prefix | inter-router | intra-prefix | link | Display OSPFv3 link state network | router } [ link-state-id ] [ originate-router retransmission list information. ip-address ] | statistics ] [ | { begin | exclude | include } regular-expression ] display ospfv3 statistics [ | { begin | exclude | include } Display OSPFv3 statistics.
Page 322 [RouterA] interface serial 2/1 [RouterA-Serial2/1] ospfv3 1 area 1 [RouterA-Serial2/1] quit # Configure Router B. <RouterB> system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] ospfv3 1 area 0 [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] ospfv3 1 area 1 [RouterB-Serial2/1] quit # Configure Router C.
Page 323 # Display OSPFv3 neighbor information on Router C. [RouterC] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 2.2.2.2 Full/DR 00:00:35 S2/0 OSPFv3 Area ID 0.0.0.2 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface...
Page 324 # Display OSPFv3 routing information on Router D. A default route is added and its cost is the cost of a direct route plus the configured cost. [RouterD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Selected route...
Page 325: Configuring Ospfv3 Dr Election
Configuring OSPFv3 DR election Network requirements • Figure 88, the priority of Router A is 100, the highest priority on the network, so it becomes the The priority of Router C is 2, the second highest priority on the network, so it becomes the BDR. •...
Page 326 [RouterC] ipv6 [RouterC] ospfv3 [RouterC-ospfv3-1] router-id 3.3.3.3 [RouterC-ospfv3-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ospfv3 1 area 0 [RouterC-Ethernet1/1] quit # Configure Router D. <RouterD> system-view [RouterD] ipv6 [RouterD] ospfv3 [RouterD-ospfv3-1] router-id 4.4.4.4 [RouterD-ospfv3-1] quit [RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] ospfv3 1 area 0 [RouterD-Ethernet1/1] quit # Display neighbor information on Router A.
Page 327: Configuring Ospfv3 Route Redistribution
# Display neighbor information on Router A. DR priorities have been updated, but the DR and BDR are not changed. [RouterA] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 2.2.2.2 2-Way/DROther 00:00:38 Eth1/1...
Page 328 Figure 89 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Enable OSPFv3 process 1 on Router A. <RouterA> system-view [RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] ospfv3 1 area 2 [RouterA-Ethernet1/2] quit [RouterA] interface ethernet 1/1...
Page 329 [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] ospfv3 2 area 2 [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ospfv3 2 area 2 [RouterC-Ethernet1/1] quit # Display the routing table of Router C. [RouterC] display ipv6 routing-table Routing Table : Destinations : 6 Routes : 6 Destination: ::1/128 Protocol...
Page 330: Configuring Ospfv3 Gr
NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : Eth1/2 Cost Destination: 2::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : Eth/1/2 Cost Destination: 3::/64 Protocol : Direct NextHop : 3::2...
Page 331 Figure 90 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # On Router A, enable OSPFv3 process 1, enable GR, and set the router ID to 1.1.1.1. <RouterA> system-view [RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] graceful-restart enable [RouterA-ospfv3-1] quit...
Page 332: Configuring Bfd For Ospfv3
[RouterC-Ethernet1/1] quit Verify the configuration: # After all routers function correctly, perform a master/backup switchover on Router A to trigger an OSPFv3 GR operation. Configuring BFD for OSPFv3 Network requirements As shown in Figure Configure OSPFv3 on Router A, Router B and Router C and configure BFD over the link Router •...
Page 333 [RouterA-Ethernet1/2] quit # Configure Router B. Enable OSPFv3 and configure the router ID as 2.2.2.2. <RouterB> system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospfv3 1 area 0 [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ospfv3 1 area 0 [RouterB-Ethernet1/2] quit # Configure Router C.
Page 334 IPv6 Session Working Under Ctrl Mode: Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ethernet1/1 on Router Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ethernet1/1 on Router Session State: Up Interface: Eth1/1 Hold Time: # Display routes to 2001:4::0/64 on Router A, and you can see that Router A communicates with Router B through the Layer 2 switch.
Page 335: Configuring Ospfv3 Ipsec Policies
*Nov 5 11:37:43:062 2009 RouterA RM/6/RMDEBUG: OSPFv3 OSPFv3-BFD: Message Type delete session, Connect Type direct-connect, Src IP Address FE80::20F:FF:FE00:1202, Dst IP Address FE80::20F:FF:FE00:1200. # Display the BFD information of Router A. You can see that Router A has removed its neighbor relationship with Router B and therefore no information is output.
Page 336 [RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ospfv3 1 area 1 [RouterA-Serial2/1] quit # Configure Router B: enable OSPFv3 and configure the Router ID as 2.2.2.2. <RouterB> system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface serial 2/1...
Page 337 # On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1. Create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg.
Page 338: Troubleshooting Ospfv3 Configuration
[RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] quit Apply the IPsec policies in areas: # Configure Router A. [RouterA] ospfv3 1 [RouterA-ospfv3-1] area 1 [RouterA-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001 [RouterA-ospfv3-1-area-0.0.0.1] quit [RouterA-ospfv3-1] quit # Configure Router B.
Page 339: Incorrect Routing Information
Check OSPFv3 timers. The dead interval on an interface must be at least four times the hello interval. On a broadcast network, at least one interface must have a DR priority higher than 0. Incorrect routing information Symptom OSPFv3 cannot find routes to other areas. Analysis The backbone area must maintain connectivity to all other areas.
Page 340: Configuring Ipv6 Is-Is
Configuring IPv6 IS-IS This chapter describes how to configure IPv6 IS-IS, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information. For information about IS-IS, see "Configuring IS-IS." Overview Intermediate System-to-Intermediate System (IS-IS) supports multiple network protocols, including IPv6. To support IPv6, the IETF added two type-length-values (TLVs) and a new network layer protocol identifier (NLPID).
Page 341: Configuring Ipv6 Is-Is Route Control
Step Command Remarks interface interface-type Enter interface view. interface-number Enable IPv6 for an IS-IS isis ipv6 enable [ process-id ] Disabled by default. process on the interface. Configuring IPv6 IS-IS route control Before you configure IPv6 IS-IS route control, complete basic IPv6 IS-IS configuration. For information about ACL, see ACL and QoS Configuration Guide.
Page 342: Configuring Bfd For Ipv6 Is-Is
Step Command Remarks Specify the maximum number of equal-cost load ipv6 maximum load-balancing number Optional. balanced routes. NOTE: The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement.
Page 343: Displaying And Maintaining Ipv6 Is-Is
Figure 93 Network diagram Router A Router B IPv6 IPv6 IPv6 IPv4 IPv6 IPv4 IPv4 IPv4 Router C Router D Figure 93, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6.
Page 344: Ipv6 Is-Is Configuration Examples
Task Command Remarks display isis interface [ statistics | [ interface-type interface-number ] Display IS-IS enabled interface [ verbose ] ] [ process-id | vpn-instance Available in any view. information. vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ [ lsp-id lsp-id | lsp-name lspname | Display LSDB information.
Page 345 Figure 94 Network diagram Router A S2/0 2001:1::2/64 Eth1/1 S2/1 S2/2 2001:4::1/64 2001:1::1/64 2001:3::1/64 S2/0 S2/0 2001:3::2/64 2001:2::1/64 Router D Router C L1/L2 S2/0 Area 20 2001:2::2/64 Router B Area 10 Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure IPv6 IS-IS: # Configure Router A.
Page 346 [RouterC-Serial2/0] isis ipv6 enable 1 [RouterC-Serial2/0] quit [RouterC] interface serial 2/1 [RouterC-Serial2/1] isis ipv6 enable 1 [RouterC-Serial2/1] quit [RouterC] interface serial 2/2 [RouterC-Serial2/2] isis ipv6 enable 1 [RouterC-Serial2/2] quit # Configure Router D. <RouterD> system-view [RouterD] ipv6 [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.00 [RouterD-isis-1] ipv6 enable...
Page 347 # Display the IPv6 IS-IS routing table of Router B. [RouterB] display isis route ipv6 Route information for ISIS(1) ----------------------------- ISIS(1) IPv6 Level-1 Forwarding Table ------------------------------------- Destination: :: PrefixLen: 0 Flag : R/-/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4 Interface: S2/0 Destination: 2001:1:: PrefixLen: 64...
Page 348 ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: S2/1 Destination: 2001:2:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: S2/0 Destination: 2001:3:: PrefixLen: 64 Flag : D/L/-...
Page 349: Configuring Bfd For Ipv6 Is-Is
Configuring BFD for IPv6 IS-IS Network requirements As shown in Figure 95, configure IPv6 IS-IS on Router A, Router B, and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B. When the link between Router B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure.
Page 350: Verify Configuration
[RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] ipv6 enable [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis ipv6 enable 1 [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] isis ipv6 enable 1 [RouterB-Ethernet1/2] quit # Configure Router C. <RouterC>...
Page 351 Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ethernet1/1 on Router Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ethernet1/1 on Router Session State: Up Interface: Eth1/1 Hold Time: # Display route 2001:4::0/64 on Router A, and you can see that Router A and Router B communicate through the Layer-2 switch.
Page 352: Configuring Ipv6 Is-Is Mtr
%Aug 8 14:54:05:365 2009 RouterA IFNET/4/LINK UPDOWN: Ethernet1/1: link status is DOWN %Aug 8 14:54:05:366 2008 RouterA IFNET/4/UPDOWN: Line protocol on the interface Ethernet0/1 is DOWN %Aug 8 14:54:05:367 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (Eth1/1) DOWN, Level-2 Circuit Down. %Aug 8 14:54:05:367 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (Eth1/1) DOWN, Level-2 Adjacency clear.
Page 353 Figure 96 Network diagram Configuration procedure Configure IPv4 and IPv6 addresses for the interfaces on each router and configure IS-IS: Follow Figure 96 to configure the IPv4 and IPv6 address and subnet mask of each interface on the routers. (Details not shown.) Configure IS-IS on the routers, making sure that Router A, Router B, Router C, and Router D can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS.
Page 354 Flag : D/L/- Cost Next Hop : Direct Interface: Eth1/1 Destination: 44::1 PrefixLen: 128 Flag : R/L/- Cost : 36 Next Hop : FE80::200:5EFF:FE00:F11 Interface: Eth1/2 Destination: 14:: PrefixLen: 64 Flag : D/L/- Cost : 36 Next Hop : Direct Interface: Eth1/2 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table...
Page 355: Configuring Ipv6 Bgp
Configuring IPv6 BGP This chapter describes only configuration for IPv6 BGP. For BGP-related information, see "Configuring BGP." IPv6 BGP overview BGP-4 can only carry IPv4 routing information. To support multiple network layer protocols, IETF extended BGP-4 by introducing Multiprotocol BGP (MP-BGP) defined in RFC 2858 multiprotocol extensions for BGP-4.
Page 356: Configuring Ipv6 Bgp Basic Functions
Task Remarks Configuring outbound route filtering Optional. Configuring inbound route filtering Optional. Configuring IPv6 BGP and IGP route Optional. synchronization Configuring route dampening Optional. Configuring IPv6 BGP preference and default Optional. LOCAL_PREF and NEXT_HOP attributes Configuring IPv6 BGP route attributes Configuring the MED attribute Optional.
Page 357: Injecting A Local Ipv6 Route
Step Command Remarks Enter BGP view. bgp as-number Optional. Specify a router ID. router-id router-id Required, if no IP addresses are configured for any interfaces. Enter IPv6 address family view ipv6-family [ vpn-instance or IPv6 BGP-VPN instance vpn-instance-name ] view. peer ipv6-address as-number Specify an IPv6 peer.
Page 358: Specifying The Source Interface For Establishing Tcp Connections
If an IPv6 BGP router has multiple links to a peer, and the source interface fails, IPv6 BGP must reestablish TCP connections, causing network oscillation. To enhance stability of IPv6 BGP connections, HP recommends using a loopback interface as the source interface.
Page 359: Configuring A Description For An Ipv6 Peer Or Peer Group
Step Command Remarks Allow the establishment of EBGP peer { ipv6-group-name | Not configured by connection to an indirectly connected peer ipv6-address } ebgp-max-hop default. or peer group. [ hop-count ] Configuring a description for an IPv6 peer or peer group Step Command Remarks...
Page 360: Controlling Route Distribution And Reception
Controlling route distribution and reception This task includes routing information filtering, routing policy application, and route dampening. Configuration prerequisites Before you configure route distribution and reception control, complete the following tasks: Enable IPv6. • Configure IPv6 BGP basic functions. • Configuring IPv6 BGP route redistribution IMPORTANT: If the default-route imported command is not configured, using the import-route command cannot...
Page 361: Advertising A Default Route To An Ipv6 Peer Or Peer Group
Advertising a default route to an IPv6 peer or peer group Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Advertise a default route to peer { ipv6-group-name | ipv6-address } Not advertised by an IPv6 peer or peer default-route-advertise [ route-policy...
Page 362: Configuring Inbound Route Filtering
NOTE: protocol IPv6 BGP advertises routes passing the specified policy to peers. Using the argument can filter protocol only the routes redistributed from the specified protocol. If no is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command. Configuring inbound route filtering Only routes passing the configured filtering can be added into the local IPv6 BGP routing table.
Page 363: Configuring Route Dampening
IGP route with the same destination network segment before it can advertise the IBGP route (use the display ipv6 routing-table protocol command to check the IGP route state). To configure IPv6 BGP and IGP route synchronization: Step Command Remarks Enter system view. system-view Enter BGP view.
Page 364: Configuring The Med Attribute
local router specifies itself as the next hop of routes sent to an IPv6 IBGP peer or peer group regardless of whether the peer next-hop-local command is configured. In a "third party next hop" network where the two IPv6 EBGP peers reside in a common broadcast subnet, the router does not change the next hop for routes sent to the IPv6 EBGP peer or peer group by default, unless the peer next-hop-local command is configured.
Page 365: Configuring The As_Path Attribute
Step Command Remarks Optional. Enable the comparison of Disabled by default. bestroute compare-med MED for routes from each AS. The IPv6 BGP-VPN instance view does not support this command. Optional. Enable the comparison of Disabled by default. MED for routes from bestroute med-confederation The IPv6 BGP-VPN instance view confederation peers.
Page 366: Configuration Prerequisites
IPv6 BGP connection soft reset • After modifying a route selection policy, reset IPv6 BGP connections to make the new one take effect. The current IPv6 BGP implementation supports the route-refresh feature that enables dynamic route refresh without needing to disconnect IPv6 BGP links. After this feature is enabled on all IPv6 BGP routers, a router that wants to apply a new route selection policy advertises a route-refresh message to its peers, which then send their routing information to the router.
Page 367: Configuring Ipv6 Bgp Soft Reset
Configuring IPv6 BGP soft reset Enabling route refresh Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address ipv6-family family view. Optional. peer { ipv6-group-name | ipv6-address } Enable route refresh. capability-advertise route-refresh Enabled by default. Performing manual soft-reset Step Command...
Page 368: Enabling 4-Byte As Number Suppression
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. peer { group-name | Enable BGP route refresh for a ipv6-address } capability-advertise Enabled by default. peer or peer group. route-refresh Optional. Enable the non-standard ORF peer { group-name | By default, standard BGP ORF...
Page 369: Configuring The Maximum Number Of Ecmp Routes
Step Command Remarks Enter BGP view. bgp as-number Enter IPv6 address ipv6-family [ vpn-instance family view or IPv6 vpn-instance-name ] BGP-VPN instance view. Disabled by default. Enable 4-byte AS peer { group-name | ip-address } IPv6 BGP-VPN instance view number suppression. capability-advertise suppress-4-byte-as does not support the group-name argument.
Page 370: Applying An Ipsec Policy To An Ipv6 Bgp Peer Or Peer Group
Applying an IPsec policy to an IPv6 BGP peer or peer group To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using an IPsec policy. Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy.
Page 371: Configuration Prerequisites
Configuration prerequisites Before you configure a large-scale IPv6 BGP network, complete the following tasks: Make peer nodes accessible to each other at the network layer. • Enable BGP and configure a router ID. • Configuring IPv6 BGP peer group Configuring an IBGP peer group Step Command Remarks...
Page 372: Configuring Ipv6 Bgp Community
Step Command Remarks Specify the AS number of an peer ipv6-address as-number Not specified by default. IPv6 peer. as-number Add the IPv6 peer into the peer ipv6-address group Not added by default. peer group. ipv6-group-name NOTE: When creating a mixed EBGP peer group, you must create a peer and specify its AS number, which can be different from AS numbers of other peers;...
Page 373: Configuring An Ipv6 Bgp Route Reflector
In general, because the route reflector forwards routing information between clients, you are not required to make clients of a route reflector fully meshed. If clients are fully meshed, HP recommends disabling route reflection between clients to reduce routing costs.
Page 374: Configuration Prerequisites
Figure 97 Network diagram for 6PE The P (Provider) router in the above figure refers to a backbone router in the network of a service provider. P is not directly connected with a CE, and is required to have the basic MPLS capability. When an ISP wants to utilize the existing IPv4/MPLS network to provide IPv6 traffic switching capability, only the PE routers must be upgraded.
Page 375 Step Command Remarks Specify the AS number for the peer { ipv4-group-name | Not specified by default. 6PE peer or peer group. ipv4-address } as-number as-number Enter IPv6 address family ipv6-family view. Enable the 6PE peer or peer peer { ipv4-group-name | Not enabled by default.
Page 376: Configuring Bfd For Ipv6 Bgp
Step Command Remarks display bgp ipv6 peer [ group-name Optional. Display information about the log-info | ipv4-address verbose ] [ | 6PE peer or peer group. { begin | exclude | include } Available in any view. regular-expression ] display bgp ipv6 routing-table peer ipv4-address { advertised-routes | Optional.
Page 377: Displaying And Maintaining Ipv6 Bgp
Displaying and maintaining IPv6 BGP Displaying BGP Task Command Remarks display bgp ipv6 group [ ipv6-group-name ] [ | Display IPv6 BGP peer group { begin | exclude | include } Available in any view. information. regular-expression ] Display IPv6 BGP advertised display bgp ipv6 network [ | { begin | exclude Available in any view.
Page 378: Resetting Ipv6 Bgp Connections
Task Command Remarks display bgp ipv6 routing-table flap-info [ regular-expression as-regular-expression | Display IPv6 BGP routing flap [ as-path-acl as-path-acl-number | ipv6-address Available in any view. statistics. prefix-length [ longer-match ] ] [ | { begin | exclude | include } regular-expression ] ] Display labeled IPv6 BGP routing display bgp ipv6 routing-table label [ | { begin Available in any view.
Page 379: Ipv6 Bgp Basic Configuration
IPv6 BGP basic configuration Network requirements As shown in Figure 98, all routers run IPv6 BGP. Between Router A and Router B is an EBGP connection. Router B, Router C, and Router D are fully meshed through IBGP connections. Figure 98 Network diagram Configuration procedure Configure IPv6 addresses for interfaces.
Page 380 [RouterD-bgp-af-ipv6] peer 9:2::1 as-number 65009 [RouterD-bgp-af-ipv6] quit [RouterD-bgp] quit Configure the EBGP connection: # Configure Router A. <RouterA> system-view [RouterA] ipv6 [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] ipv6-family [RouterA-bgp-af-ipv6] peer 10::1 as-number 65009 [RouterA-bgp-af-ipv6] quit [RouterA-bgp] quit # Configure Router B. [RouterB] bgp 65009 [RouterB-bgp] ipv6-family [RouterB-bgp-af-ipv6] peer 10::2 as-number 65008...
Page 381: Ipv6 Bgp Route Reflector Configuration
IPv6 BGP route reflector configuration Network requirements As shown in Figure 99, Router B receives an EBGP update and sends it to Router C, which is configured as a route reflector with two clients: Router B and Router D. Router B and Router D need not establish an IBGP connection because Router C reflects updates between them.
Page 382: 6Pe Configuration
[RouterC-bgp-af-ipv6] peer 101::2 as-number 200 [RouterC-bgp-af-ipv6] peer 102::2 as-number 200 # Configure Router D. <RouterD> system-view [RouterD] ipv6 [RouterD] bgp 200 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] ipv6-family [RouterD-bgp-af-ipv6] peer 102::1 as-number 200 Configure route reflector: # Configure Router C as a route reflector, and configure Router B and Router D as its clients. [RouterC-bgp-af-ipv6] peer 101::2 reflect-client [RouterC-bgp-af-ipv6] peer 102::2 reflect-client Verify the configuration:...
Page 383 <CE1> system-view [CE1] ipv6 # Specify IP addresses for interfaces. [CE1] interface serial 2/0 [CE1-Serial2/0] ipv6 address auto link-local [CE1-Serial2/0] quit [CE1] interface loopback0 [CE1-LoopBack0] ipv6 address 1::1/128 [CE1-LoopBack0] quit # Configure an IPv6 static route to PE 1. [CE1] ipv6 route-static :: 0 serial2/0 Configure PE 1: # Enable IPv6 packet forwarding, MPLS and LDP.
Page 384 [PE1-bgp] quit # Configure the static route to CE 1. [PE1] ipv6 route-static 1::1 128 serial2/0 # Configure OSPF for LSP establishment. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] Configure PE 2: <PE2>...
Page 385 [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] Configure CE 2: # Enable IPv6 packet forwarding and specify IP addresses for interfaces. <CE2> system-view [CE2] ipv6 [CE2] interface serial 2/0 [CE2-Serial2/0] ipv6 address auto link-local [CE2-Serial2/0] quit [CE2] interface loopback 0...
Page 386: Ipv6 Bgp Ipsec Policy Configuration
Origin : i - IGP, e - EGP, ? - incomplete *> Network : 1::1 PrefixLen : 128 NextHop : FE80::E142:0:4607:1 LocPrf PrefVal : 0 Label : NULL Path/Ogn: ? *> Network : 2::2 PrefixLen : 128 NextHop : ::1 LocPrf PrefVal : 0 Label...
Page 387 [RouterA] ipv6 [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] ipv6-family [RouterA-bgp-af-ipv6] group ibgp internal [RouterA-bgp-af-ipv6] peer 1::2 group ibgp [RouterA-bgp-af-ipv6] quit [RouterA-bgp] quit # Configure Router B. <RouterB> system-view [RouterB] ipv6 [RouterB] bgp 65008 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] ipv6-family [RouterB-bgp-af-ipv6] group ibgp internal [RouterB-bgp-af-ipv6] peer 1::1 group ibgp [RouterB-bgp-af-ipv6] quit [RouterB-bgp] quit...
Page 388 [RouterA-ipsec-proposal-tran1] esp authentication-algorithm sha1 [RouterA-ipsec-proposal-tran1] quit [RouterA] ipsec policy policy001 10 manual [RouterA-ipsec-policy-manual-policy001-10] proposal tran1 [RouterA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] quit # On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
Page 389 [RouterC] ipsec proposal tran2 [RouterC-ipsec-proposal-tran2] encapsulation-mode transport [RouterC-ipsec-proposal-tran2] transform esp [RouterC-ipsec-proposal-tran2] esp encryption-algorithm des [RouterC-ipsec-proposal-tran2] esp authentication-algorithm sha1 [RouterC-ipsec-proposal-tran2] quit [RouterC] ipsec policy policy002 10 manual [RouterC-ipsec-policy-manual-policy002-10] proposal tran2 [RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] quit...
Page 390 BGP last state: OpenConfirm Port: Local – 1029 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Peer optional capabilities: Peer support bgp multi-protocol extended Peer support bgp route refresh capability Address family IPv4 Unicast: advertised and received Received: Total 0 messages, Update messages 0...
Page 391: Configuring Bfd For Ipv6 Bgp
IPsec policy name: policy002, SPI :54321 Routing policy configured: No routing policy is configured The output shows that both IBGP and EBGP neighbor relationships have been established, and all protocol packets are protected by IPsec. Configuring BFD for IPv6 BGP Network requirements As shown in Figure...
Page 392 [RouterA-acl6-basic-2000] rule permit source 1200::0 64 [RouterA-acl6-basic-2000] quit Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the MED for route 1200::0/64 to 50. Policy apply_med_100 sets that to 100. [RouterA] route-policy apply_med_50 permit node 10 [RouterA-route-policy] if-match ipv6 address acl 2000 [RouterA-route-policy] apply cost 50 [RouterA-route-policy] quit [RouterA] route-policy apply_med_100 permit node 10...
Page 393 [RouterA-Ethernet1/2] bfd authentication-mode simple 1 ibgpbfd [RouterA-Ethernet1/2] quit # Configure Router C. [RouterC] bfd session init-mode active [RouterC] interface ethernet 1/1 Configure the minimum interval for transmitting BFD control packets as 500 milliseconds. [RouterC-Ethernet1/1] bfd min-transmit-interval 500 Configure the minimum interval for receiving BFD control packets as 500 milliseconds. [RouterC-Ethernet1/1] bfd min-receive-interval 500 Configure the detect multiplier as 7.
Page 394 2001::1 0 00:01:05 Established 3001::1 0 00:01:34 Established # Display route 1200::0/64 on Router C. The output shows that Router A and Router C communicate through Router B. <RouterC> display ipv6 routing-table 1200::0 64 verbose Routing Table : Summary Count : 2 Destination : 1200:: PrefixLength : 64...
Page 395: Troubleshooting Ipv6 Bgp Configuration
# Display route 1200::0/64 on Router C. The output shows that Router A and Router C communicate through Router D. <RouterC> display ipv6 routing-table 1200::0 64 verbose Routing Table : Summary Count : 1 Destination : 1200:: PrefixLength : 64 NextHop : 2001::1 Preference...
Page 396: Configuring Ipv6 Pbr
Configuring IPv6 PBR Introduction to IPv6 policy-based routing Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address, packet length, and other criteria. A policy can specify the output interface, next hop, default output interface, default next hop, and other parameters for packets that match specific criteria such as ACLs or have specific lengths.
Page 397: Ipv6 Pbr Configuration Task List
Clause Meaning Priority apply The apply output-interface clause takes precedence output-interface and Sets the output interface and over the apply ipv6-address next-hop clause. Only the apply ipv6-address sets the next hop. apply output-interface clause is executed when both next-hop are configured. The apply default output-interface clause takes precedence over the apply ipv6-address default next-hop clause.
Page 398: Configuring An Ipv6 Policy
Configuring an IPv6 policy Creating an IPv6 node Step Command Enter system view. system-view Create an IPv6 policy or policy node ipv6 policy-based-route policy-name [ deny | permit ] node and enter IPv6 policy node view. node-number Configuring match criteria for an IPv6 node An ACL match criterion uses the specified ACL to match packets if the match mode is configured as permit.
Page 399: Configuring Ipv6 Pbr
Step Command Remarks Optional. Set a default output interface apply default output-interface You can specify up to five output for permitted IPv6 packets. interface-type interface-number interfaces to achieve load sharing. Optional. Set a default next hop for apply ipv6-address default next-hop You can specify up to five output permitted IPv6 packets.
Page 400: Displaying And Maintaining Ipv6 Pbr
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Apply an IPv6 policy on the ipv6 policy-based-route Not applied by default. interface. policy-name Displaying and maintaining IPv6 PBR Task Command Remarks Display information about IPv6 local display ipv6 policy-based-route [ | { begin | Available in any PBR and IPv6 interface PBR.
Page 401: Configuring Ipv6 Interface Pbr Based On Packet Type
# Configure ACL 3001 to match TCP packets. <RouterA> system-view [RouterA] ipv6 [RouterA] acl ipv6 number 3001 [RouterA-acl6-adv-3001] rule permit tcp [RouterA-acl6-adv-3001] quit # Configure Node 5 of policy aaa, so that TCP packets are forwarded through Serial 2/0. [RouterA] ipv6 policy-based-route aaa permit node 5 [RouterA-pbr6-aaa-5] if-match acl6 3001 [RouterA-pbr6-aaa-5] apply output-interface serial 2/0 [RouterA-pbr6-aaa-5] quit...
Page 402 Figure 104 Network diagram Configuration procedure Configure Router A: # Configure RIPng. <RouterA> system-view [RouterA] ipv6 [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] ipv6 address 1::1 64 [RouterA-Serial2/0] ripng 1 enable [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ipv6 address 2::1 64 [RouterA-Serial2/1] ripng 1 enable [RouterA-Serial2/1] quit...
Page 403: Configuring Ipv6 Interface Pbr Based On Packet Length
[RouterA-Ethernet1/1] ipv6 address 10::2 64 [RouterA-Ethernet1/1] undo ipv6 nd ra halt [RouterA-Ethernet1/1] ripng 1 enable [RouterA-Ethernet1/1] ipv6 policy-based-route aaa Configure Router B: # Configure RIPng. <RouterB> system-view [RouterB] ipv6 [RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] ipv6 address 1::2 64 [RouterB-Serial2/0] ripng 1 enable Configure Router C: # Configure RIPng.
Page 404 Figure 105 Network diagram 64~100bytes S2/0 S2/0 Router B Router A 150::1/64 150::2/64 Eth1/1 S2/1 S2/1 192::1/64 151::1/64 151::2/64 101~1000bytes Loop0 Host A 10::1/128 192::3 Configuration procedure Configure Router A: # Configure RIPng. <RouterA> system-view [RouterA] ipv6 [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] ipv6 address 150::1 64...
Page 405 [RouterB] ipv6 [RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] ipv6 address 150::2 64 [RouterB-Serial2/0] ripng 1 enable [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] ipv6 address 151::2 64 [RouterB-Serial2/1] ripng 1 enable [RouterB-Serial2/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] ipv6 address 10::1 128 [RouterB-LoopBack0] ripng 1 enable Verify the configuration:...
Page 406 *Jun 7 16:03:30:949 2009 RouterA PBR6/7/IPv6-POLICY-ROUTING: IPv6 Policy routin g success : POLICY_ROUTEMAP_IPV6 : lab1, Node : 10, Packet sent with next-hop 0150::0002 *Jun 7 16:03:31:949 2009 RouterA PBR6/7/IPv6-POLICY-ROUTING: IPv6 Policy routin g success : POLICY_ROUTEMAP_IPV6 : lab1, Node : 10, Packet sent with next-hop 0150::0002 The preceding information shows that Router A sets the next hop for the received packets to 150::2 according to PBR.
Page 407: Support And Other Resources
Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...
Page 408: Conventions
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
Page 409 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Page 410: Index
Configuring RIPng route control,280 Configuring a large-scale IPv6 BGP network,358 Configuring static route FRR,9 Configuring a policy,262 Contacting HP,395 Configuring a routing policy,248 Controlling BGP path selection,192 Configuring a static route,6 Controlling route distribution and reception,348 Configuring an IPv6...
Page 411 Enabling OSPF,62 Overview,260 Enabling OSPFv3,297 Enabling trap,212 PBR configuration examples,265 Enhancing IS-IS network security,142 PBR configuration task list,262 Generating BGP routes,185 Related information,395 RIP configuration examples,35 Introduction to IPv6 policy-based routing,384 RIP configuration task list,22 IPv6 BGP configuration examples,366 RIPng configuration examples,286 IPv6 BGP configuration task list,343...