Contents Preface..............................................17 Document conventions............................................17 Text formatting conventions........................................17 Command syntax conventions.........................................17 Notes, cautions, and warnings........................................18 Brocade resources..............................................18 Contacting Brocade Technical Support......................................19 Brocade customers............................................19 Brocade OEM customers.......................................... 19 Document feedback.............................................. 19 About This Document........................................21 Supported hardware and software........................................21 What’s new in this document..........................................
Page 4
Configuring IP load sharing........................................72 ECMP load sharing for IPv6........................................75 ICMP Router Discovery Protocol configuration................................77 IRDP parameters............................................77 Reverse Address Resolution Protocol configuration...............................78 Configuring UDP broadcast and IP helper parameters..............................80 BootP and DHCP relay parameter configuration................................82 DHCP server..............................................84 Displaying DHCP server information....................................93 Configuring IP parameters - Layer 2 switches...................................95 Configuring the management IP address and specifying the default gateway....................
Page 5
Enabling or disabling routing protocols...................................... 147 Enabling or disabling Layer 2 switching.....................................148 Configuration notes and feature limitations for Layer 2 switching.........................148 Command syntax for Layer 2 switching................................... 148 Configuring a Layer 3 Link Aggregration Group (LAG)............................... 149 IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches......................151 Full Layer 3 IPv6 feature support.........................................
Page 6
Enabling and disabling IPv6 router advertisements..............................174 IPv6 router advertisement preference support................................174 Configuring reachable time for remote IPv6 nodes..............................175 IPv6 MTU................................................175 Configuration notes and feature limitations for IPv6 MTU............................175 Changing the IPv6 MTU......................................... 176 Static neighbor entries configuration......................................176 Limiting the number of hops an IPv6 packet can traverse..............................177 IPv6 source routing security enhancements....................................
Page 7
Setting RIP timers............................................210 Displaying RIP Information..........................................210 Displaying CPU utilization statistics......................................212 RIPng..............................................215 RIPng Overview..............................................215 Configuring RIPng............................................... 215 Enabling RIPng............................................215 Configuring RIPng timers........................................216 Configuring route learning and advertising parameters............................. 217 Redistributing routes into RIPng......................................218 Controlling distribution of routes through RIPng................................219 Configuring poison reverse parameters....................................
Page 8
Disable or re-enable load sharing......................................251 Configure external route summarization................................... 253 Configure default route origination...................................... 254 Supported match and set conditions....................................255 OSPF non-stop routing............................................ 256 Synchronization of critical OSPF elements....................................256 Link state database synchronization....................................256 Neighbor router synchronization......................................257 Interface synchronization.........................................257 Standby module operations..........................................
Page 9
Clearing OSPF routes..........................................290 OSPFv3............................................291 OSPFv3 overview..............................................291 LSA types for OSPFv3............................................. 291 Configuring OSPFv3............................................292 Enabling OSPFv3............................................292 Assigning OSPFv3 areas........................................293 Assigning an area cost for OSPFv3 (optional parameter)............................297 Specifying a network type........................................298 Configuring virtual links..........................................298 Changing the reference bandwidth for the cost on OSPFv3 interfaces......................300 Redistributing routes into OSPFv3.....................................
Page 10
Configuring BGP4 (IPv4)......................................351 BGP4 overview..............................................351 Relationship between the BGP4 route table and the IP route table........................352 How BGP4 selects a path for a route (BGP best path selection algorithm)...................... 353 BGP4 message types..........................................354 Grouping of RIB-out peers........................................356 Implementation of BGP4..........................................356 BGP4 restart................................................356 BGP4 Peer notification during a management module switchover........................357 BGP4 neighbor local AS.........................................
United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it.
Preface • Document conventions....................................17 • Brocade resources......................................18 • Contacting Brocade Technical Support..............................19 • Document feedback......................................19 Document conventions The document conventions describe text formatting conventions, command syntax conventions, and important notice formats used in Brocade technical documentation. Text formatting conventions Text formatting conventions such as boldface, italic, or Courier font may be used in the flow of the text to highlight specific words or phrases.
Brocade resources Convention Description < > Nonprinting characters, for example, passwords, are enclosed in angle brackets. Repeat the previous element, for example, member[member...]. Indicates a “soft” line break in command examples. If a backslash separates two lines of a command input, enter the entire command at the prompt without the backslash.
Document feedback Contacting Brocade Technical Support As a Brocade customer, you can contact Brocade Technical Support 24x7 online, by telephone, or by e-mail. Brocade OEM customers contact their OEM/Solutions provider. Brocade customers For product support information and the latest information on contacting the Technical Assistance Center, go to http://www.brocade.com/ services-support/index.html.
How command information is presented in this guide........................22 Supported hardware and software This guide supports the following product families for FastIron release 08.0.30: • FastIron X Series devices (chassis models): – FastIron SX 800 – FastIron SX 1600 • Brocade FCX Series (FCX) Switch ™...
How command information is presented in this guide How command information is presented in this guide For all new content supported in FastIron Release 08.0.20 and later, command information is documented in a standalone command reference guide. In an effort to provide consistent command line interface (CLI) documentation for all products, Brocade is in the process of completing a standalone command reference for the FastIron platforms.
IP Configuration • Basic IP configuration......................................23 • IP configuration overview....................................23 • Basic IP parameters and defaults - Layer 3 switches........................30 • Basic IP parameters and defaults - Layer 2 switches........................35 • Configuring IP parameters - Layer 3 switches............................. 37 •...
IP configuration overview IP packet flow through a Layer 3 switch FIGURE 1 IP Packet flow through a Brocade Layer 3 switch When the Layer 3 switch receives an IP packet, the Layer 3 switch checks for filters on the receiving interface. If a deny filter on the interface denies the packet, the Layer 3 switch discards the packet and performs no further processing, except generating a Syslog entry and SNMP message, if logging is enabled for the filter.
Page 26
IP configuration overview If the packet is not denied at the incoming interface, the Layer 3 switch looks in the session table for an entry that has the same source IP address and TCP or UDP port as the packet. If the session table contains a matching entry, the Layer 3 switch immediately forwards the packet, by addressing it to the destination IP address and TCP or UDP port listed in the session table entry and sending the packet to a queue on the outgoing ports listed in the session table.
IP configuration overview Static ARP table In addition to the ARP cache, Layer 3 switches have a static ARP table. Entries in the static ARP table are user-configured. You can add entries to the static ARP table regardless of whether or not the device the entry is for is connected to the Layer 3 switch. NOTE Layer 3 switches have a static ARP table.
IP configuration overview IP forwarding cache The IP forwarding cache provides a fast-path mechanism for forwarding IP packets. The cache contains entries for IP destinations. When a Brocade Layer 3 switch has completed processing and addressing for a packet and is ready to forward the packet, the device checks the IP forwarding cache for an entry to the packet destination: •...
IP configuration overview All these protocols provide routes to the IP route table. You can use one or more of these protocols, in any combination. The protocols are disabled by default. IP multicast protocols Brocade Layer 3 switches also support the following Internet Group Membership Protocol (IGMP) based IP multicast protocols: •...
Basic IP parameters and defaults - Layer 3 switches Basic IP parameters and defaults - Layer 3 switches IP is enabled by default. The following IP-based protocols are all disabled by default: • Routing protocols: – Routing Information Protocol (RIP) –...
Page 31
Basic IP parameters and defaults - Layer 3 switches TABLE 2 IP global parameters - Layer 3 switches (continued) Parameter Description Default • Classless Interdomain Routing (CIDR) NOTE format; example: 192.168.1.1/24 Changing this parameter affects the display of IP addresses, but you can enter addresses in either format regardless of the display setting.
Page 32
Basic IP parameters and defaults - Layer 3 switches TABLE 2 IP global parameters - Layer 3 switches (continued) Parameter Description Default NOTE You also can enable or disable this parameter on an individual interface basis. Directed broadcast mode The packet format the router treats as a directed All ones broadcast.
Page 33
Basic IP parameters and defaults - Layer 3 switches TABLE 2 IP global parameters - Layer 3 switches (continued) Parameter Description Default IP address for certain operations such as IP pings, trace routes, and Telnet management connections to the router. DNS default gateway addresses A list of gateways attached to the router through None configured...
Basic IP parameters and defaults - Layer 3 switches IP interface parameters - Layer 3 switches TABLE 3 IP interface parameters - Layer 3 switches Parameter Description Default IP state The Internet Protocol, version 4 Enabled NOTE You cannot disable IP. IP address A Layer 3 network interface address None configured...
Basic IP parameters and defaults - Layer 2 switches TABLE 3 IP interface parameters - Layer 3 switches (continued) Parameter Description Default DHCP Client-Based Auto-Configuration Allows the switch to obtain IP addresses from a Enabled DHCP host automatically, for either a specified (leased) or infinite period of time.
Page 36
Basic IP parameters and defaults - Layer 2 switches TABLE 4 IP global parameters - Layer 2 switches (continued) Parameter Description Default NOTE NOTE Layer 2 switches have a single IP Some devices have a factory default, address used for management such as 10.157.22.154, used for access to the entire device.
Configuring IP parameters - Layer 3 switches TABLE 4 IP global parameters - Layer 2 switches (continued) Parameter Description Default addresses into the DHCP Discovery packets in a round robin fashion. DHCP Client-Based Auto-Configuration Allows the switch to obtain IP addresses from a Enabled DHCP host automatically, for either a specified (leased) or infinite period of time.
Page 38
Configuring IP parameters - Layer 3 switches By default, the CLI displays network masks in classical IP address format (for example, 255.255.255.0). You can change the display to prefix format. Assigning an IP address to an Ethernet port To assign an IP address to port 1/1/1, enter the following commands. device(config)# interface ethernet 1/1/1 device(config-if-1/1/1)# ip address 10.45.6.1 255.255.255.0 You also can enter the IP address and mask in CIDR format, as follows.
Page 39
Configuring IP parameters - Layer 3 switches NOTE If you configure the Brocade Layer 3 switch to use a loopback interface to communicate with a BGP4 neighbor, you also must configure a loopback interface on the neighbor and configure the neighbor to use that loopback interface to communicate with the Brocade Layer 3 switch.
Configuring IP parameters - Layer 3 switches Configuring IP follow on a virtual routing interface IP Follow allows multiple virtual routing interfaces to share the same IP address. With this feature, one virtual routing interface is configured with an IP address, while the other virtual routing interfaces are configured to use that IP address, thus, they "follow" the virtual routing interface that has the IP address.
Page 41
Configuring IP parameters - Layer 3 switches To conserve IPv4 address space, a 31-bit subnet mask can be assigned to point-to-point networks. Support for an IPv4 address with a 31-bit subnet mask is described in RFC 3021. With IPv4, four IP addresses with a 30-bit subnet mask are allocated on point-to-point networks. In contrast, a 31-bit subnet mask uses only two IP addresses: all zero bits and all one bits in the host portion of the IP address.
Configuring IP parameters - Layer 3 switches Configuration example FIGURE 2 Configured 31- bit and 24-bit subnet masks Router A is connected to Router B as a point-to-point link with 10.1.1.0/31 subnet. There are only two available addresses in this subnet, 10.1.1.0 on Router A and 10.1.1.1 on Router B, Routers B and C are connected by a regular 24-bit subnet.
Page 43
Configuring IP parameters - Layer 3 switches After you define a domain name, the Brocade device automatically appends the appropriate domain to a host and forwards it to the DNS servers for resolution. For example, if the domain "ds.company.com" is defined on a Layer 2 or Layer 3 switch and you want to initiate a ping to "mary", you must reference only the host name instead of the host name and its domain name.
Page 44
Configuring IP parameters - Layer 3 switches In this example, the first IP address entered becomes the primary DNS address and all others are secondary addresses. Because IP address 10.98.7.15 is the last address listed, it is also the last address consulted to resolve a query. Configuring DNS domain list on a Brocade device If you want to use more than one domain name to resolve host names, you can create a list of domain names.
Configuring IP parameters - Layer 3 switches Use the show ip dns-server server-address command to display the list of DNS server address configured on the device. device# show ip dns-server server-address IPV4 DNS server address: 1. 10.157.22.199 2. 10.96.7.15 3. 10.95.7.25 4.
Configuring IP parameters - Layer 3 switches • Ethernet SNAP (also called IEEE 802.3) The control portions of these packets differ slightly. All IP devices on an Ethernet network must use the same format. Brocade Layer 3 switches use Ethernet II by default. You can change the IP encapsulation to Ethernet SNAP on individual ports if needed. NOTE All devices connected to the Layer 3 switch port must use the same encapsulation type.
Page 47
Configuring IP parameters - Layer 3 switches Forwarding traffic to a port with a smaller MTU size NOTE Forwarding traffic to a port with a smaller MTU size is not supported on the FastIron X Series. In order to forward traffic from a port with 1500 MTU configured to a port that has a smaller MTU (for example, 750) size, you must apply the mtu-exceed forward global command.
Configuring IP parameters - Layer 3 switches NOTE If you set the MTU of a port to a value lower than the global MTU and from 576 through 1499, the port fragments the packets. However, if the port MTU is exactly 1500 and this is larger than the global MTU, the port drops the packets. For ICX 7250, ICX 7450, and ICX 7750 devices, the minimum IPv4 and IPv6 MTU values for both physical and virtual interfaces are 1280.
Configuring IP parameters - Layer 3 switches – Loopback interface 3, 10.1.1.1/24 • If the device does not have any loopback interfaces, the default router ID is the lowest numbered IP interface configured on the device. If you prefer, you can explicitly set the router ID to any valid IP address. The IP address cannot be in use on another device in the network.
Configuring IP parameters - Layer 3 switches The software contains separate CLI commands for specifying the source interface for specific packets. You can configure a source interface for one or more of these types of packets separately. The following sections show the syntax for specifying a single source IP address for specific packet types. Telnet packets To specify the lowest-numbered IP address configured on a virtual interface as the device source for all Telnet packets, enter commands such as the following.
Page 51
Configuring IP parameters - Layer 3 switches TFTP packets To specify the lowest-numbered IP address configured on a virtual interface as the device source for all TFTP packets, enter commands such as the following. device(config)# interface ve 1 device(config-vif-1)# ip address 10.0.0.3/24 device(config-vif-1)# exit device(config)# ip tftp source-interface ve 1 The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then designate the...
Configuring IP parameters - Layer 3 switches device(config-lbif-1)# exit device(config)# snmp-server trap-source loopback 1 The commands in this example configure loopback interface 1, assign IP address 10.00.1/24 to the loopback interface, then designate the interface as the SNMP trap source for this device. Regardless of the port the Brocade device uses to send traps to the receiver, the traps always arrive from the same source IP address.
Configuring IP parameters - Layer 3 switches ARP parameter configuration Address Resolution Protocol (ARP) is a standard IP protocol that enables an IP Layer 3 switch to obtain the MAC address of another device interface when the Layer 3 switch knows the IP address of the interface. ARP is enabled by default and cannot be disabled. NOTE Brocade Layer 2 switches also support ARP.
Configuring IP parameters - Layer 3 switches NOTE If the router receives an ARP request packet that it is unable to deliver to the final destination because of the ARP timeout and no ARP response is received (the Layer 3 switch knows of no route to the destination address), the router sends an ICMP Host Unreachable message to the source.
Configuring IP parameters - Layer 3 switches NOTE If you want to change a previously configured the ARP rate limiting policy, you must remove the previously configured policy using the no rate-limit-arp command before entering the new policy. Changing the ARP aging period When the Layer 3 switch places an entry in the ARP cache, the Layer 3 switch also starts an aging timer for the entry.
Configuring IP parameters - Layer 3 switches Enabling proxy ARP globally To enable IP proxy ARP on a global basis, enter the ip proxy-arp command. device(config)# ip proxy-arp To again disable IP proxy ARP on a global basis, enter the no ip proxy-arp command. device(config)# no ip proxy-arp Syntax: [no] ip proxy-arp Enabling IP ARP on an interface...
Page 57
Configuring IP parameters - Layer 3 switches Changing the maximum number of entries the static ARP table can hold NOTE The basic procedure for changing the static ARP table size is the same as the procedure for changing other configurable cache or table sizes.
Page 58
Configuring IP parameters - Layer 3 switches ARP Packet Validation Validates ARP packets to avoid traffic interruption or loss. To avoid traffic interruption or loss, ARP Packet Validation allows the user to detect and drop ARP packets that do not pass the ARP validation process.
Configuring IP parameters - Layer 3 switches The following example shows the priority of ingress ARP packets set to level 7. Brocade(config)# arp-internal-priority 7 Configuring forwarding parameters The following configurable parameters control the forwarding behavior of Brocade Layer 3 switches: •...
Page 60
Configuring IP parameters - Layer 3 switches To enable directed broadcasts on an individual interface instead of globally for all interfaces, enter the ip directed-broadcast command at the interface configuration level as shown in the following example. device # configure terminal device(config)# interface ethernet 1/1/1 device(config-if-1/1/1 # ip directed-broadcast Disabling forwarding of IP source-routed packets...
Configuring IP parameters - Layer 3 switches To enable the Layer 3 switch for zero-based IP subnet broadcasts in addition to ones-based IP subnet broadcasts, enter the following command. device(config)# ip broadcast-zero device(config)# write memory device(config)# end device# reload NOTE You must save the configuration and reload the software to place this configuration change into effect.
Configuring IP parameters - Layer 3 switches • Source-route-fail - The device received a source-routed packet but cannot locate the next-hop IP address indicated in the packet Source-Route option. You can disable the Brocade device from sending these types of ICMP messages on an individual basis. To do so, use the following CLI method.
Configuring IP parameters - Layer 3 switches Syntax: [no] ip icmp redirect To disable ICMP redirect messages on a specific virtual interface, enter the following command at the configuration level for the virtual interface: Brocade(config-vlan-10)# interface ve 10 Brocade(config-vif-10)# no ip redirect Syntax: [no] ip redirect Static routes configuration The IP route table can receive routes from the following sources:...
Configuring IP parameters - Layer 3 switches You also can specify the following optional parameters: • The metric for the route - The value the Layer 3 switch uses when comparing this route to other routes in the IP route table to the same destination.
Configuring IP parameters - Layer 3 switches Configuring a static IP route To configure an IP static route with a destination address of 10.0.0.0 255.0.0.0 and a next-hop router IP address of 10.1.1.1, enter a command such as the following. device(config)# ip route 10.0.0.0 255.0.0.0 10.1.1.1 To configure a static IP route with an Ethernet port instead of a next-hop address, enter a command such as the following.
Page 66
Configuring IP parameters - Layer 3 switches Configuring a "Null" route You can configure the Layer 3 switch to drop IP packets to a specific network or host address by configuring a "null" (sometimes called "null0") static route for the address. When the Layer 3 switch receives a packet destined for the address, the Layer 3 switch drops the packet instead of forwarding it.
Page 67
Configuring IP parameters - Layer 3 switches device(config)# ip route 10.22.22.22 255.255.255.255 10.1.1.1 name abc Syntax: [no] ip route dest-ip-addr dest-mask { next-hop-ip-addr | ethernet unit / slot / port | ve num } [ metric ] [ distance num ] [ name static-route-name ] [ tag tag-num ] Enter the static route name for name string.
Page 68
Configuring IP parameters - Layer 3 switches NOTE You also can bias the Layer 3 switch to select one of the routes by configuring them with different administrative distances. However, make sure you do not give a static route a higher administrative distance than other types of routes, unless you want those other types to be preferred over the static route.
Page 69
Configuring IP parameters - Layer 3 switches FIGURE 6 Standard and null static routes to the same destination network The next example shows another example of two static routes. In this example, a standard static route and an interface-based static route are configured for destination network 192.168.6.0/24.
Page 70
Configuring IP parameters - Layer 3 switches FIGURE 7 Standard and interface routes to the same destination network To configure a standard static IP route and a null route to the same network, enter commands such as the following. device(config)# ip route 192.168.7.0/24 192.168.6.157/24 1 device(config)# ip route 192.168.7.0/24 null0 3 The first command configures a standard static route, which includes specification of the next-hop gateway.
Configuring IP parameters - Layer 3 switches Configuring a default network route The Layer 3 switch enables you to specify a candidate default route without the need to specify the next hop gateway. If the IP route table does not contain an explicit default route (for example, 0.0.0.0/0) or propagate an explicit default route through routing protocols, the software can use the default network route as a default route instead.
Configuring IP parameters - Layer 3 switches Configuring IP load sharing The IP route table can contain more than one path to a given destination. When this occurs, the Layer 3 switch selects the path with the lowest cost as the path for forwarding traffic to the destination. If the IP route table contains more than one path to a destination and the paths each have the lowest cost, then the Layer 3 switch uses IP load sharing to select a path to the destination.
Page 73
Configuring IP parameters - Layer 3 switches • Exterior Border Gateway Protocol (EBGP) - 20 • OSPF - 110 • Interior Gateway Protocol (IBGP) - 200 • Local BGP - 200 • Unknown - 255 (the router will not use this route) Lower administrative distances are preferred over higher distances.
Page 74
Configuring IP parameters - Layer 3 switches TABLE 7 Default load sharing parameters for route sources Route source Default maximum number Maximum number of paths of paths FCX / ICX 6450 / ICX 6610 / ICX 7750 ICX 6650 / ICX 7450 / ICX 7250 Static IP route OSPF...
Configuring IP parameters - Layer 3 switches The configuration of the maximum number of IP load sharing paths to a value more than 8 is determined by the maximum number of ECMP paths defined at the system level using the system-max max-ecmp command. You cannot configure the maximum number of IP load sharing paths higher than the value defined at the system level.
Page 76
Configuring IP parameters - Layer 3 switches The num variable specifies the number of paths and can be from 2-8. The default is 4. On the ICX 7750 device, the value of the num variable can be from 2 through 32. The configuration of the maximum number of IP load sharing paths to a value more than 8 is determined by the maximum number of ECMP paths defined at the system level using the system-max max-ecmp command.
Configuring IP parameters - Layer 3 switches Syntax: show ipv6 ICMP Router Discovery Protocol configuration The ICMP Router Discovery Protocol (IRDP) is used by Brocade Layer 3 switches to advertise the IP addresses of its router interfaces to directly attached hosts. IRDP is disabled by default. You can enable the feature on a global basis or on an individual port basis: •...
Configuring IP parameters - Layer 3 switches Enabling IRDP globally To globally enable IRDP, enter the following command. device(config)# ip irdp This command enables IRDP on the IP interfaces on all ports. Each port uses the default values for the IRDP parameters. The parameters are not configurable when IRDP is globally enabled.
Page 79
Configuring IP parameters - Layer 3 switches RARP is enabled by default. However, you must create a RARP entry for each host that will use the Layer 3 switch for booting. A RARP entry consists of the following information: • The entry number - The entry sequence number in the RARP table.
Configuring IP parameters - Layer 3 switches To assign a static IP RARP entry for static routes on a Brocade router, enter a command such as the following. device(config)# rarp 1 0000.0054.2348 10.53.4.2 This command creates a RARP entry for a client with MAC address 0000.0054.2348. When the Layer 3 switch receives a RARP request from this client, the Layer 3 switch replies to the request by sending IP address 192.53.4.2 to the client.
Page 81
Configuring IP parameters - Layer 3 switches NOTE The application names are the names for these applications that the Layer 3 switch software recognizes, and might not match the names for these applications on some third-party devices. The numbers listed in parentheses are the UDP port numbers for the applications.
Configuring IP parameters - Layer 3 switches In addition, you can specify any UDP application by using the application UDP port number. The udp-port-num parameter specifies the UDP application port number. If the application you want to enable is not listed above, enter the application port number.
Configuring IP parameters - Layer 3 switches You can configure the Layer 3 switch to forward BootP/DHCP requests. To do so, configure a helper address on the interface that receives the client requests, and specify the BootP/DHCP server IP address as the address you are helping the BootP/DHCP requests to reach.
Configuring IP parameters - Layer 3 switches To change the IP address used for stamping BootP/DHCP requests received on interface 1/1/1, enter commands such as the following. device(config)# interface ethernet 1/1/1 device(config-if-1/1/1)# ip bootp-gateway 10.157.22.26 These commands change the CLI to the configuration level for port 1/1/1, then change the BootP/DHCP stamp address for requests received on port 1/1/1 to 10.157.22.26.
Configuring IP parameters - Layer 3 switches In some environments, it may be necessary to reassign network addresses due to exhaustion of the available address pool. In this case, the allocation mechanism reuses addresses with expired leases. Configuration notes for DHCP servers •...
Page 86
Configuring IP parameters - Layer 3 switches A DHCP server assigns and manages IPv4 addresses from multiple address pools, using dynamic address allocation. The DHCP server also contains the relay agent to forward DHCP broadcast messages to network segments that do not support these types of messages. FIGURE 8 DHCP server configuration flow chart Configuring DHCP server on a device Perform the following steps to configure the DHCP server feature on your FastIron device:...
Page 87
Configuring IP parameters - Layer 3 switches Configure the DHCP server address pool by entering commands similar to the following. device(config-dhcp-cabo)# network 172.16.1.0/24 device(config-dhcp-cabo)# domain-name brocade.com device(config-dhcp-cabo)# dns-server 172.16.1.2 172.16.1.3 device(config-dhcp-cabo)# netbios-name-server 172.16.1.2 device(config-dhcp-cabo)# lease 0 0 5 To disable DHCP, enter a command similar to the following. device(config)# no ip dhcp-server enable The following sections describe the default DHCP settings, CLI commands and the options you can configure for the DHCP server feature.
Page 88
Configuring IP parameters - Layer 3 switches TABLE 11 DHCP server CLI commands Command Description dbexpire command Specifies how long, in seconds, the DHCP server should wait before aborting a database transfer. ip dhcp-server arp-ping-timeout Specifies the time (in seconds) the server will wait for a response to an arp-ping packet before deleting the client from the binding database.
Configuring IP parameters - Layer 3 switches Syntax: clear ip dhcp-server binding { address | * } • address - The IP address to be deleted • The wildcard ( *) clears all IP addresses. Enabling DHCP server The ip dhcp-server enable command enables DHCP server, which is disabled by default. Syntax: [no] ip dhcp-server enable The no version of this command disables DHCP server.
Page 90
Configuring IP parameters - Layer 3 switches Configuration notes for creating an address pool • If the DHCP server address is part of a configured DHCP address pool, you must exclude the DHCP server address from the network pool. Refer to Specifying addresses to exclude from the address pool on page 91.
Configuring IP parameters - Layer 3 switches Specifying DNS servers available to the client The dns-server command specifies DNS servers that are available to DHCP clients. device(config-dhcp-cabo)# dns-server 10.2.1.143, 10.2.2.142 Syntax: dns-server address [ address, address ] Configuring the domain name for the client The domain-name command configures the domain name for the client.
Configuring IP parameters - Layer 3 switches Configuring a next-bootstrap server The next-bootstrap-server command specifies the IP address of the next server the client should use for boot up. device(config-dhcp-cabo)# next-bootstrap-server 10.2.5.44 Syntax: next-bootstrap-server address Configuring the TFTP server The tftp-server command specifies the address or name of the TFTP server to be used by the DHCP clients. To configure a TFTP server by specifying its IP address, enter a command similar to the following.
Configuring IP parameters - Layer 3 switches The following example configures the IP addresses of systems running the X Window Display Manager in the DHCP configuration pool. device# configure terminal device# ip dhcp-server pool cabo device(config-dhcp-cabo)# xwindow-manager 10.38.12.1 10.38.12.3 10.38.12.5 Displaying DHCP server information The following DHCP show commands can be entered from any level of the CLI.
Page 94
Configuring IP parameters - Layer 3 switches Syntax: show ip dhcp-server [ address-pool name | address-pools ] • address-pools - If you enter address-pools, the display shows all address pools • address-pool name - Displays information about a specific address pool TABLE 13 show ip dhcp-server address-pools output descriptions Field Description...
Configuring IP parameters - Layer 2 switches Displaying summary DHCP server information The show ip dhcp-server summary command displays information about active leases, deployed address-pools, undeployed address- pools, and server uptime. device# show ip dhcp-server summary DHCP Server Summary: Total number of active leases: Total number of deployed address-pools: Total number of undeployed address-pools: Server uptime: 0d:0h:8m:27s...
Configuring IP parameters - Layer 2 switches Syntax: ip address ip-addr/mask-bits You also can enter the IP address and mask in CIDR format, as follows. device(config)# ip address 10.45.6.1/24 To specify the Layer 2 switch default gateway, enter a command such as the following. device(config)# ip default-gateway 10.45.6.1 Syntax: ip default-gateway ip-addr NOTE...
Page 97
Configuring IP parameters - Layer 2 switches The only required parameter is the IP address of the host at the other end of the route. After you enter the command, a message indicating that the DNS query is in process and the current gateway address (IP address of the domain name server) being queried appear on the screen.
Configuring IP parameters - Layer 2 switches Changing the TTL threshold The time to live (TTL) threshold prevents routing loops by specifying the maximum number of router hops an IP packet originated by the Layer 2 switch can travel through. Each device capable of forwarding IP that receives the packet decrements (decreases) the packet TTL by one.
Page 99
Configuring IP parameters - Layer 2 switches FIGURE 10 DHCP requests in a network without DHCP Assist on the Layer 2 switch In a network operating without DHCP Assist, hosts can be assigned IP addresses from the wrong subnet range because a router with multiple subnets configured on an interface cannot distinguish among DHCP discovery packets received from different subnets.
Page 100
Configuring IP parameters - Layer 2 switches FIGURE 11 DHCP requests in a network with DHCP Assist operating on a FastIron switch When the stamped DHCP discovery packet is then received at the router, it is forwarded to the DHCP server. The DHCP server then extracts the gateway address from each request and assigns an available IP address within the corresponding IP subnet.
Configuring IP parameters - Layer 2 switches FIGURE 12 DHCP offers are forwarded back toward the requestors NOTE When DHCP Assist is enabled on any port, Layer 2 broadcast packets are forwarded by the CPU. Unknown unicast and multicast packets are still forwarded in hardware, although selective packets such as IGMP are sent to the CPU for analysis. When DHCP Assist is not enabled, Layer 2 broadcast packets are forwarded in hardware.
IPv4 point-to-point GRE tunnels Up to eight addresses can be defined for each gateway list in support of ports that are multi-homed. When multiple IP addresses are configured for a gateway list, the Layer 2 switch inserts the addresses into the discovery packet in a round robin fashion. Up to 32 gateway lists can be defined for each Layer 2 switch.
IPv4 point-to-point GRE tunnels GRE packet structure and header format FIGURE 13 GRE encapsulated packet structure FIGURE 14 GRE header format The GRE header has the following fields: • Checksum - 1 bit. This field is assumed to be zero in this version. If set to 1, this means that the Checksum (optional) and Reserved (optional) fields are present and the Checksum (optional) field contains valid information.
IPv4 point-to-point GRE tunnels RFC 1191 describes a method for dynamically discovering the maximum transmission unit (MTU) of an arbitrary internet path. When a FastIron device receives an IP packet that has its Do not Fragment (DF) bit set, and the packet size is greater than the MTU value of the outbound interface, then the FastIron device returns an ICMP Destination Unreachable message to the source of the packet, with the code indicating "fragmentation needed and DF set".
IPv4 point-to-point GRE tunnels Tunnel loopback ports for GRE tunnels are supported on: • Untagged ports • Ports that are enabled by default • 10 Gbps and 1 Gbps copper and fiber ports Note the following hardware limitations for these port types: •...
IPv4 point-to-point GRE tunnels GRE support with other features This section describes how GRE tunnels may affect other features on FSX, FCX, and ICX6610 devices. Support for ECMP for routes through a GRE tunnel Equal-Cost Multi-Path (ECMP) load sharing allows for load distribution of traffic among available routes. When GRE is enabled, a mix of GRE tunnels and normal IP routes is supported.
Page 107
IPv4 point-to-point GRE tunnels • When a GRE tunnel is configured, you cannot configure the same routing protocol on the tunnel through which you learn the route to the tunnel destination. For example, if the FastIron learns the tunnel destination route through the OSPF protocol, you cannot configure the OSPF protocol on the same tunnel and vice-versa.
IPv4 point-to-point GRE tunnels Configuration tasks for GRE tunnels Perform the configuration tasks in the order listed. TABLE 16 Configuration tasks for GRE tunnels Configuration tasks Default behavior Required tasks Create a tunnel interface. Not assigned Configure the source address or source interface for the tunnel interface. Not assigned Configure the destination address of the tunnel interface.
Page 109
IPv4 point-to-point GRE tunnels NOTE You can also use the port-name command to name the tunnel. To do so, follow the configuration instructions in "Assigning a port name" section in the FastIron Ethernet Switch Administration Guide . Assigning a VRF routing instance to a GRE tunnel interface A GRE tunnel interface can be assigned to an existing user defined VRF.
Page 110
IPv4 point-to-point GRE tunnels Deleting an IP address from an interface configured as a tunnel source To delete an IP address from an interface that is configured as a tunnel source, first remove the tunnel source from the tunnel interface then delete the IP address, as shown in the following example.
Page 111
IPv4 point-to-point GRE tunnels Configuring a tunnel loopback port for a tunnel interface NOTE Configuring a tunnel loopback port for a tunnel interface is not applicable on ICX6610, FCX devices, and SX-FI-24GPP, SX- FI48GPP, SX-FI-24HF, SX-FI-2XG, and SX-FI-8XG modules. For details and important configuration considerations regarding tunnel loopback ports for GRE tunnels, refer to Tunnel loopback ports for GRE tunnels on page 104 and...
Page 112
IPv4 point-to-point GRE tunnels Applying an ACL policy to a tunnel interface device(config)# interface tunnel 1 device(config-tnif-1)# tunnel mode gre ip device(config-tnif-1)# ip access-group 10 in Configuring an IP address for a tunnel interface An IP address sets a tunnel interface as an IP port and allows the configuration of Layer 3 protocols, such as OSPF, BGP, and Multicast (PIM-DM and PIM-SM) on the port.
Page 113
IPv4 point-to-point GRE tunnels NOTE To prevent packet loss after the 24 byte GRE header is added, make sure that any physical interface that is carrying GRE tunnel traffic has an IP MTU setting at least 24 bytes greater than the tunnel MTU setting. This configuration is only allowed on the system if the tunnel mode is set to GRE.
Page 114
IPv4 point-to-point GRE tunnels The retries variable specifies the number of times that a packet is sent before the system places the tunnel in the DOWN state. Possible values are from 1 through 255. The default number of retries is 3. Use the show interface tunnel and show ip tunnel traffic commands to view the GRE link keepalive configuration.
IPv4 point-to-point GRE tunnels Viewing PMTUD configuration details Use the show interface tunnel command to view the PMTUD configuration and to determine whether PMTUD has reduced the size of the MTU. Enabling IPv4 multicast routing over a GRE tunnel This section describes how to enable IPv4 multicast protocols, PIM Sparse (PIM-SM) and PIM Dense (PIM-DM), on a GRE tunnel. Perform the procedures in this section after completing the required tasks in Enabling IPv4 multicast routing over a GRE tunnel.
Page 116
IPv4 point-to-point GRE tunnels FIGURE 15 Point-to-point GRE tunnel configuration example The following shows the configuration commands for this example. NOTE The configuration examples for FastIron A and FastIron B applies only to FastIron SX devices. Configuring point-to-point GRE tunnel for FastIron A device (config)# interface ethernet 3/1 device (config-if-e1000-3/1)# ip address 10.0.8.108/24 device (config)# exit...
IPv4 point-to-point GRE tunnels device(config-tnif-1)# tunnel mode gre ip device(config-tnif-1)# tunnel loopback 1/1 device(config-tnif-1)# ip address 10.10.3.2/24 device(config-tnif-1)# exit device(config)# ip route 10.0.8.0/24 131.108.5.1 device(config)# ip route 10.10.1.0/24 tunnel Displaying GRE tunneling information This section describes the show commands that display the GRE tunnels configuration, the link status of the GRE tunnels, and the routes that use GRE tunnels.
Page 118
IPv4 point-to-point GRE tunnels No inbound ip access-list is set No outgoing ip access-list is set Syntax: show ip interface tunnel [ tunnel-ID ] The tunnel-ID variable is a valid tunnel number between 1 and 72. The show interface tunnel command displays the GRE tunnel configuration and the pmtd aging timer information. device# show interface tunnel 10 Tunnel10 is up, line protocol is up Hardware is Tunnel...
Page 119
IPv4 point-to-point GRE tunnels The show statistics tunnel command displays GRE tunnel statistics for a specific tunnel ID number. The following shows an example output for tunnel ID 1. device(config-tnif-10)#show statistics tunnel 1 IP GRE Tunnels Tunnel Status Packet Received Packet Sent KA recv KA sent...
Page 120
IPv4 point-to-point GRE tunnels The following shows an example output of the show ip pim interface command. device# show ip pim interface Interface e1 PIM Dense: V2 TTL Threshold: 1, Enabled, DR: itself Local Address: 10.10.10.10 Interface tn1 PIM Dense: V2 TTL Threshold: 1, Enabled, DR: 10.1.1.20 on tn1:e2 Local Address: 10.1.1.10 Neighbor:...
Bandwidth for IP interfaces The show ip mtu command can be used to see if there is space available for the ip_default_mtu_24 value in the system, or if the MTU value is already configured in the IP table. The following shows an example output of the show ip mtu command. device(config-tnif-10)#show ip mtu size usage...
Bandwidth for IP interfaces The bandwidth for IP interfaces feature can be used to: • Query the bandwidth for an interface. • Help OSPF avoid generating numerous LSAs while updating the cost value for a VE interface due to changes in associated physical interfaces.
Bandwidth for IP interfaces In the above formula, the cost is calculated in megabits per second (Mbps). The auto-cost is configured using the auto-cost reference- bandwidth command in OSPF router configuration mode or OSPFv3 router configuration mode. For more information on changing the OSPF auto-cost reference-bandwidth, refer to the Changing the reference bandwidth on page 247 section.
Bandwidth for IP interfaces Enter the bandwidth command and specify a value to set the bandwidth value on the interface. device(config-vif-10)# bandwidth 2000 This example sets the bandwidth to 2000 kbps on a specific VE interface . device# configure terminal device(config)# vlan 10 device(config-vlan-10)# tagged ethernet 1/1/1 device(config-vlan-10)# router-interface ve 10...
Displaying IP configuration information and statistics This example sets the bandwidth to 2000 kbps on a specific tunnel interface . device# configure terminal device(config)# interface tunnel 2 device(config-tnif-2)# tunnel mode gre ip device(config-tnif-2)# tunnel source 10.0.0.1 device(config-tnif-2)# tunnel destination 10.10.0.1 device(config-tnif-2)# ip address 10.0.0.1/24 device(config-tnif-2)# bandwidth 2000 The bandwidth specified in this example results in the following OSPF interface costs, assuming the auto-cost is 100:...
Page 126
Displaying IP configuration information and statistics Displaying global IP configuration information To display IP configuration information, enter the following command at any CLI level. device# show ip Global Settings ttl: 64, arp-age: 10, bootp-relay-max-hops: 4 router-id : 10.95.11.128 enabled : UDP-Broadcast-Forwarding Source-Route Load-Sharing RARP...
Displaying IP configuration information and statistics TABLE 19 CLI display of global IP configuration information - Layer 3 switch (continued) Field Description Index The policy number. This is the number you assigned the policy when you configured it. Action The action the router takes if a packet matches the comparison values in the policy.
Page 128
Displaying IP configuration information and statistics TABLE 20 CLI display of interface IP configuration information (continued) Field Description NOTE If an "s" is listed following the address, this is a secondary address. When the address was configured, the interface already had an IP address in the same subnet, so the software required the "secondary"...
Page 129
Displaying IP configuration information and statistics IP Address MAC Address Type Age Port Status 10.63.61.2 000c.000c.000c Dynamic 1/1/16-1/1/17 Valid 10.63.53.2 000c.000c.000c Dynamic 1/1/16-1/1/17 Valid 10.63.45.2 000c.000c.000c Dynamic 1/1/16-1/1/17 Valid 10.63.37.2 000c.000c.000c Dynamic 1/1/16-1/1/17 Valid 10.63.29.2 000c.000c.000c Dynamic 1/1/16-1/1/17 Valid 10.63.21.2 000c.000c.000c Dynamic 1/1/16-1/1/17 Valid 10.63.13.2...
Page 130
Displaying IP configuration information and statistics TABLE 21 CLI display of ARP cache (continued) Field Description • Static - The Layer 3 switch loaded the entry from the static ARP table when the device for the entry was connected to the Layer 3 switch.
Displaying IP configuration information and statistics The num-entries-to-skip parameter lets you display the table beginning with a specific entry number. TABLE 22 CLI display of static ARP table Field Description Static ARP table size The maximum number of static entries that can be configured on the device using the current memory allocation.
Displaying IP configuration information and statistics TABLE 23 CLI display of IP forwarding cache - Layer 3 switch (continued) Field Description • C - Complex Filter • W - Wait ARP • I - ICMP Deny • K - Drop •...
Page 133
Displaying IP configuration information and statistics Here is an example of how to use the direct option. To display only the IP routes that go to devices directly attached to the Layer 3 switch, enter the following command. device# show ip route direct Start index: 1 B:BGP D:Connected R:RIP...
Displaying IP configuration information and statistics TABLE 24 CLI display of IP route table (continued) Field Description Cost The route's cost. Type The route type, which can be one of the following: • B - The route was learned from BGP. •...
Page 135
Displaying IP configuration information and statistics TCP Statistics 0 active opens, 0 passive opens, 0 failed attempts 0 active resets, 0 passive resets, 0 input errors 138 in segments, 141 out segments, 4 retransmission RIP Statistics 0 requests sent, 0 requests received 0 responses sent, 0 responses received 0 unrecognized, 0 bad version, 0 bad addr family, 0 bad req format 0 bad metrics, 0 bad resp format, 0 resp not from rip port...
Page 136
Displaying IP configuration information and statistics TABLE 25 CLI display of IP traffic statistics - Layer 3 switch (continued) Field Description addr mask The number of Address Mask Request messages sent or received by the device. addr mask reply The number of Address Mask Replies messages sent or received by the device.
Displaying IP configuration information and statistics TABLE 25 CLI display of IP traffic statistics - Layer 3 switch (continued) Field Description bad req format The number of RIP request packets this router dropped because the format was bad. bad metrics This information is used by Brocade customer support.
Page 138
Displaying IP configuration information and statistics Displaying ARP entries To display the entries the Layer 2 switch has placed in its ARP cache, enter the show arp command from any level of the CLI. This command shows the total number of ARPs for the default VRF instance. NOTE To display the ARP maximum capacity for your device, enter the show default values command.
Page 139
Displaying IP configuration information and statistics TCP Statistics 1 current active tcbs, 4 tcbs allocated, 0 tcbs freed 0 tcbs protected 0 active opens, 0 passive opens, 0 failed attempts 0 active resets, 0 passive resets, 0 input errors 27 in segments, 24 out segments, 0 retransmission Syntax: show ip traffic The show ip traffic command displays the following information.
Disabling IP checksum check TABLE 28 CLI display of IP traffic statistics - Layer 2 switch (continued) Field Description irdp solicitation The number of IRDP Solicitation messages sent or received by the device. UDP statistics received The number of UDP packets received by the device. sent The number of UDP packets sent by the device.
Page 141
Disabling IP checksum check To set disable hardware ip checksum check on for example, port range 0-12, enter the following command. device# disable-hw-ip-checksum-check ethernet 2 disable-ip-header-check set for ports ethe 1 to 12 To set disable hardware ip checksum check on, for example, port range 13-24, enter the following command. device# disable-hw-ip-checksum-check ethernet 22 disable-ip-header-check set for ports ethe 13 to 24 To clear disable hardware ip checksum check on, for example, port range 13-24, enter the following command.
Adding a static IP route The metric parameter specifies the cost of the route and can be a number from 1 - 16. The default is 1. NOTE If you specify 16, RIP considers the metric to be infinite and thus also considers the route to be unreachable.
Adding a static IP route Static route next hop resolution This feature enables the Brocade device to use routes from a specified protocol to resolve a configured static route. By default this is disabled. To configure static route next hop resolution with OSPF routes, use the following command. device(config)# ip route next-hop ospf Syntax: [no] ip route next-hop [ bgp | ospf | rip ] NOTE...
Adding a static ARP entry Adding a static ARP entry NOTE Adding a static ARP entry is supported on FastIron X Series, Brocade FCX Series, ICX 6610 and ICX 6450 devices. Static entries are useful in cases where you want to pre-configure an entry for a device that is not connected to the Brocade device, or you want to prevent a particular entry from aging out.
Enabling or disabling routing protocols FastIron third generation modules The default value of next hop entries on FastIron X Series devices with the following third generation modules installed is 16384. This value is predefined and not editable. • SX-FI48GPP • SX-FI-2XG •...
Enabling or disabling Layer 2 switching • • IP multicast (PIM-SM, PIM-DM) • OSPF • • RIPV1 and V2 • VRRP • VRRP-E • VSRP • IPv6 Routing • IPv6 Multicast IP routing is enabled by default on devices running Layer 3 code. All other protocols are disabled, so you must enable them to configure and use them.
Configuring a Layer 3 Link Aggregration Group (LAG) device#write memory device#reload Syntax: [no] route-only To disable Layer 2 switching only on a specific interface, go to the interface configuration level for that interface, and then disable the feature. The following commands show how to disable Layer 2 switching on port 2. device(config)#interface ethernet 2 device(config-if-e1000-2)#route-only Configuring a Layer 3 Link Aggregration Group (LAG)
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches • Full Layer 3 IPv6 feature support................................151 • IPv6 addressing overview...................................152 • IPv6 CLI command support ..................................155 • IPv6 host address on a Layer 2 switch..............................157 • Configuring the management port for an IPv6 automatic address configuration...............158 •...
IPv6 addressing overview IPv6 addressing overview IPv6 was designed to replace IPv4, the Internet protocol that is most commonly used currently throughout the world. IPv6 increases the number of network address bits from 32 (IPv4) to 128 bits, which provides more than enough unique IP addresses to support all of the network devices on the planet into the future.
Page 153
IPv6 addressing overview Unicast and multicast addresses support scoping as follows: • Unicast addresses support two types of scope: global scope and local scope. In turn, local scope supports site-local addresses and link-local addresses. IPv6 address types describes global, site-local, and link-local addresses and the topologies in which they are used.
IPv6 addressing overview TABLE 29 IPv6 address types (continued) Address type Description Address structure interface assigned an anycast address must be configured to recognize the address as an anycast address. An anycast address can be assigned to a switch only. An anycast address must not be used as the source address of an IPv6 packet.
IPv6 host address on a Layer 2 switch IPv6 host address on a Layer 2 switch In a Layer 3 (router) configuration, each port can be configured separately with an IPv6 address. This is accomplished using the interface configuration process that is described in IPv6 configuration on each router interface on page 158.
Configuring the management port for an IPv6 automatic address configuration The link-local keyword indicates that the router interface should use the manually configured link-local address instead of the automatically computed link-local address. Configuring the management port for an IPv6 automatic address configuration You can have the management port configured to automatically obtain an IPv6 address.
Page 159
Configuring basic IPv6 connectivity on a Layer 3 switch • Automatically or manually configuring a link-local address for an interface. • Configuring IPv6 anycast addresses Configuring a global or site-local IPv6 address on an interface Configuring a global or site-local IPv6 address on an interface does the following: •...
Page 160
Configuring basic IPv6 connectivity on a Layer 3 switch Configuring a global IPv6 address with an automatically computed EUI-64 interface ID To configure a global IPv6 address with an automatically computed EUI-64 interface ID in the low-order 64-bits, enter commands such as the following.
Configuring basic IPv6 connectivity on a Layer 3 switch An anycast address looks similar to a unicast address, because it is allocated from the unicast address space. If you assign an IPv6 unicast address to multiple interfaces, it is an anycast address. On the Brocade device, you configure an interface assigned an anycast address to recognize the address as an anycast address.
IPv6 management (IPv6 host support) IPv6 management (IPv6 host support) You can configure a FastIron X Series, FCX, or ICX switch to serve as an IPv6 host in an IPv6 network. An IPv6 host has IPv6 addresses on its interfaces, but does not have full IPv6 routing enabled on it. This section describes the IPv6 host features supported on FastIron X Series devices.
IPv6 management (IPv6 host support) Secure Shell, SCP, and IPv6 Secure Shell (SSH) is a mechanism that allows secure remote access to management functions on the Brocade device. SSH provides a function similar to Telnet. You can log in to and configure the Brocade device using a publicly or commercially available SSH client program, just as you can with Telnet.
IPv6 management (IPv6 host support) For example, to trace the path from the Brocade device to a host with an IPv6 address of 2001:DB8:349e:a384::34, enter the following command: device#traceroute ipv6 2001:DB8:349e:a384::34 Syntax: traceroute ipv6 ipv6-address The ipv6-address parameter specifies the address of a host. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
IPv6 management (IPv6 host support) Restricting Web management access to an IPv6 host You can restrict Web management access to the device to the IPv6 host whose IP address you specify. No other device except the one with the specified IPv6 address can access the Web Management Interface. Example Brocade(config)#web client ipv6 3000:2383:e0bb::2/128 Syntax: web client ipv6 ipv6-address...
IPv6 management (IPv6 host support) For example, to ping a device with the IPv6 address of 2001:DB8:847f:a385:34dd::45 from the Brocade device, enter the following command. device#ping ipv6 2001:DB8:847f:a385:34dd::45 Syntax: ping ipv6 ipv6-address [ outgoing-interface [ port | venumber ]] [ source ipv6-address ] [ count number ] [ timeout milliseconds ] [ ttl number ] [ size bytes ] [ quiet ] [ numeric ] [ no-fragment ] [ verify ] [ data 1-to-4-byte-hex ] [ brief ] •...
IPv6 management (IPv6 host support) The ipv6-address must be in hexadecimal using 16-bit values between colons as documented in RFC 2373. The udp-port-num optional parameter specifies the UDP application port used for the Syslog facility. Viewing IPv6 SNMP server addresses Some of the show commands display IPv6 addresses for IPv6 SNMP servers.
IPv6 ICMP feature configuration Syntax: no ipv6 enable To re-enable IPv6 after it has been disabled, enter ipv6 enable . NOTE IPv6 is disabled by default in the router code and must be configured on each interface that will support IPv6.
IPv6 neighbor discovery configuration Enabling IPv6 ICMP redirect messages You can enable a Layer 3 switch to send an IPv6 ICMP redirect message to a neighboring host to inform it of a better first-hop router on a path to a destination. By default, the sending of IPv6 ICMP redirect messages by a Layer 3 switch is disabled. (For more information about how ICMP redirect messages are implemented for IPv6, refer to IPv6 neighbor discovery configuration on page 169.)
IPv6 neighbor discovery configuration IPv6 neighbor discovery configuration notes NOTE For all solicitation and advertisement messages, Brocade uses seconds as the unit of measure instead of milliseconds. • If you add a port to a port-based VLAN, and the port has IPv6 neighbor discovery configuration, the system will clean up the neighbor discovery configuration from the port and display the following message on the console.
IPv6 neighbor discovery configuration Because a host at system startup typically does not have a unicast IPv6 address, the source address in the router solicitation message is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a unicast IPv6 address, the source address is the unicast IPv6 address of the host interface sending the router solicitation message.
IPv6 neighbor discovery configuration For the interval between neighbor solicitation messages and the value for the retrans timer in router advertisements, specify a number from 0 - 4294967295 milliseconds. The default value for the interval between neighbor solicitation messages is 1000 milliseconds. The default value for the retrans timer is 0.
IPv6 neighbor discovery configuration The max-range-value parameter specifies the maximum number of seconds allowed between sending unsolicited multicast router advertisements from the interface. This number can be between 4 - 1800 seconds and must be greater than the min-range-value x 1.33.
IPv6 neighbor discovery configuration Setting flags in IPv6 router advertisement messages An IPv6 router advertisement message can include the following flags: • Managed Address Configuration--This flag indicates to hosts on a local link if they should use the stateful autoconfiguration feature to get IPv6 addresses for their interfaces.
IPv6 MTU Configuring IPv6 RA preference Configuring IPv6 RA preference If IPv6 unicast routing is enabled on an Ethernet interface, by default, this interface sends IPv6 router advertisement messages. The IPv6 router sets the preference field based on the configured value on IPv6 RA and sends it periodically to the IPv6 host or as a response to the router solicitations.
Static neighbor entries configuration • For ICX 7250, ICX 7450, and ICX 7750 devices, the minimum IPv4 and IPv6 MTU values for both physical and virtual interfaces are 1280. • You cannot use IPv6 MTU to set Layer 2 maximum frame sizes per interface. Enabling global jumbo mode causes all interfaces to accept Layer 2 frames.
TCAM space on FCX device configuration Limiting the number of hops an IPv6 packet can traverse By default, the maximum number of hops an IPv6 packet can traverse is 64. You can change this value to between 0 - 255 hops. For example, to change the maximum number of hops to 70, enter the following command.
Clearing global IPv6 information Allocating TCAM space for IPv4 routing information For example, to allocate 13,512 IPv4 route entries, enter the following command: device(config)# system-max ip-route 13512 Syntax: system-max ip-route routes The routes parameter specifies how many IPv4 route entries get allocated. The command output shows the new space allocations for IPv4 and IPv6.
Clearing global IPv6 information You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix- length parameter.
Displaying global IPv6 information Clearing IPv6 traffic statistics To clear all IPv6 traffic statistics (reset all fields to zero), enter the following command at the Privileged EXEC level or any of the Config levels of the CLI. device(config)#clear ipv6 traffic Syntax: clear ipv6 traffic Displaying global IPv6 information You can display output for the following global IPv6 parameters:...
Displaying global IPv6 information If you specify an Ethernet interface, also specify the unit / slot / port number associated with the interface. If you specify a VE interface, also specify the VE number. If you specify a tunnel interface, also specify the tunnel number. This display shows the following information.
Displaying global IPv6 information Global unicast address(es): Joined group address(es): ff02::9 ff02::1:ff99:9700 ff02::2 ff02::1 MTU is 1500 bytes ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 3 ND reachable time is 30 seconds ND advertised reachable time is 0 seconds ND retransmit interval is 1 seconds ND advertised retransmit interval is 0 seconds ND router advertisements are sent every 200 seconds...
Displaying global IPv6 information The ipv6-prefix / prefix-length parameters restrict the display to the entries for the specified IPv6 prefix. You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value.
Page 184
Displaying global IPv6 information 2001:DB8::1/128 loopback 2 2001:DB8::2/128 fe80::2e0:52ff:fe91:bb37 ethe 1/3/2 110/1 2001:DB8::/64 tunnel 2 Syntax: show ipv6 route [ ipv6-address | ipv6-prefix/prefix-length | bgp | connect | ospf | rip | static | summary ] The ipv6-address parameter restricts the display to the entries for the specified IPv6 address. You must specify the ipv6-address parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Displaying global IPv6 information TABLE 37 IPv6 route table summary fields (continued) Field Description Number of prefixes A summary of prefixes in the IPv6 route table, sorted by prefix length. Displaying local IPv6 routers The Brocade device can function as an IPv6 host, instead of an IPv6 router, if you configure IPv6 addresses on its interfaces but do not enable IPv6 routing using the ipv6 unicast-routing command.
Displaying global IPv6 information Displaying IPv6 TCP information You can display the following IPv6 TCP information: • General information about each TCP connection on the router, including the percentage of free memory for each of the internal TCP buffers. • Detailed information about a specified TCP connection.
Page 187
Displaying global IPv6 information TABLE 39 General IPv6 TCP connection fields (continued) Field Description • TIME-WAIT - Waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request. • CLOSED - There is no connection state. FREE TCP = percentage The percentage of free TCP control block (TCP) space.
Displaying global IPv6 information TABLE 40 Specific IPv6 TCP connection fields (continued) Field Description Send: remote received window = number The size of the remote received window. Send: total unacknowledged sequence number = number The total number of unacknowledged sequence numbers sent by the local router.
Page 189
Displaying global IPv6 information Field Description forwarded The total number of IPv6 packets received by the router and forwarded to other routers. delivered The total number of IPv6 packets delivered to the upper layer protocol. rawout This information is used by Brocade Technical Support. bad vers The number of IPv6 packets dropped by the router because the version number is not 6.
Page 190
Displaying global IPv6 information Field Description mem query The number of Group Membership Query messages sent or received by the router. mem report The number of Membership Report messages sent or received by the router. mem red The number of Membership Reduction messages sent or received by the router.
DHCP relay agent for IPv6 Field Description sent The number of UDP packets sent by the router. no port The number of UDP packets dropped because the packet did not contain a valid UDP port number. input errors This information is used by Brocade Technical Support. TCP statistics active opens The number of TCP connections opened by the router by sending a TCP...
DHCP relay agent for IPv6 Use the no version of the command to remove a DHCPv6 relay agent from the interface. Enabling the interface-ID on the DHCPv6 relay agent messages The interface-id parameter on the DHCPv6 relay forward message is used to identify the interface on which the client message is received.
DHCPv6 Relay Agent Prefix Delegation Notification Displaying the DHCPv6 Relay information for an interface Enter the show ipv6 dhcp-relay interface command to display the DHCPv6 relay information for a specific interface. device#show ipv6 dhcp-relay interface ethernet 1/2/3 DHCPv6 Relay Information for interface e 1/2/3: Destinations: Destination OutgoingInterface...
DHCPv6 Relay Agent Prefix Delegation Notification FIGURE 17 DHCPv6 Relay Agent Prefix Delegation Notification A route is added to the IPv6 route table on the provider edge router (PE) for the delegated prefix to be delegated to requesting routers. The DHCP server chooses a prefix for delegation and responds with it to the CPEx. to the external network and to enable the correct forwarding of the IPv6 packets for the delegated IPv6 prefix.
DHCPv6 Relay Agent Prefix Delegation Notification NTP synchronization is needed for the correct updation of prefix age. If the NTP is not configured, then the DHCP prefix delegation will still read the flash, but the prefix age may not be correct. Upgrade and downgrade considerations •...
DHCPv6 Relay Agent Prefix Delegation Notification Assigning the administrative distance to DHCPv6 static routes To assign the administrative distance to DHCPv6 static routes installed in IPv6 route table for the delegated prefixes on the interface, use the ipv6 dhcp-relay distance command at the interface level. The administrative distance value has to be set so that it does not replace the same IPv6 static route configured by the user.
Page 197
DHCPv6 Relay Agent Prefix Delegation Notification Destination OutgoingInterface 2001:db8:1::39 Syntax: show ipv6 dhcp-relay destinations Table 44 describes the fields from the output of show ipv6 dhcp-relay destinations command. TABLE 44 Output from the show ipv6 dhcp-relay destinations command Field Description Destination The configured destination IPv6 address.
Page 198
DHCPv6 Relay Agent Prefix Delegation Notification TABLE 46 Output from the show ipv6 dhcp-relay prefix-delegation-information command (continued) Field Description Current The number of delegated prefixes currently learned on the interface. Maximum The maximum number of delegated prefixes that can be learned on the interface. AdminDistance The current administrative distance used for prefixes learned on this interface when added to the IPv6 static route table.
Page 199
DHCPv6 Relay Agent Prefix Delegation Notification Syntax: clear ipv6 dhcp-relay delegated-prefixes { vrf vrf-name } { X:X::X:X/M | all | interface interface-id } The vrfvrf-name parameter is used to clear the DHCPv6 delegated prefixes for a specific VRF. If this parameter is not provided, then the information for the default VRF is cleared.
• RIP overview........................................201 • RIP parameters and defaults..................................201 • Configuring RIP parameters..................................203 • Displaying RIP Information..................................210 • Displaying CPU utilization statistics................................212 RIP overview Routing Information Protocol (RIP) is an IP route exchange protocol that uses a distance vector (a number representing distance) to measure the cost of a given route.
Page 202
RIP parameters and defaults TABLE 48 RIP global parameters (continued) Parameter Description Default NOTE You also must enable the protocol on individual interfaces. Globally enabling the protocol does not allow interfaces to send and receive RIP information. Administrative distance The administrative distance is a numeric value assigned to each type of route on the device.
Configuring RIP parameters RIP interface parameters TABLE 49 RIP interface parameters Parameter Description Default RIP state and version The state of the protocol and the version that is Disabled supported on the interface. The version can be one of the following: •...
Configuring RIP parameters After globally enabling the protocol, you must enable it on individual interfaces. You can enable the protocol on physical interfaces as well as virtual routing interfaces. To enable RIP on an interface, enter commands such as the following. device(config)# interface ethernet 1/1/1 device(config-if-e1000-1/1/1)# ip rip v1-only Syntax: [no] ip rip {v1-only | v1-compatible-v2 | v2-only}...
Page 205
Configuring RIP parameters To configure redistribution, perform the following tasks. Configure redistribution filters (optional). You can configure filters to permit or deny redistribution for a route based on its origin (OSPF, BGP4, and so on), the destination network address, and the route’s metric. You also can configure a filter to set the metric based on these criteria.
Configuring RIP parameters The static keyword applies redistribution to IP static routes. The metric value parameter sets the RIP metric value from 1 through 15 that will be applied to the routes imported into RIP. The route-map name parameter indicates the route map’s name. Matching based on RIP protocol type The match option has been added to the route-map command that allows statically configured routes or the routes learned from the IGP protocol RIP.
Configuring RIP parameters Enabling learning of RIP default routes By default, the Brocade device does not learn default RIP routes. You can enable learning of RIP default routes on a global or interface basis. To enable learning of default RIP routes on a global basis, enter the following command. device(config-rip-router)# learn-default Syntax: [no] learn-default To enable learning of default RIP routes on an interface, enter the ip rip learn-default command.
Configuring RIP parameters Syntax: [no] poison-reverse To disable poison reverse and enable split horizon on an interface, enter commands such as the following. device(config)#interface ethernet 1/1/1 device(config-if-e10000-1/1/1)# no ip rip poison-reverse Syntax: [no] ip rip poison-reverse To disable split horizon and enable poison reverse on an interface, enter commands such as the following. device(config)#interface ethernet 1/1/1 device(config-if-e10000-1/1/1)# ip rip poison-reverse You can configure the Brocade device to avoid routing loops by advertising local RIP routes with a cost of 16 ("infinite"...
Page 209
Configuring RIP parameters NOTE By default, routes that do not match a prefix list are learned or advertised. To prevent a route from being learned or advertised, you must configure a prefix list to deny the route. To configure a prefix list, enter commands such as the following. device(config)# ip prefix-list list1 permit 10.53.4.1 255.255.255.0 device(config)# ip prefix-list list2...
Displaying RIP Information Setting RIP timers You can set basic update timers for the RIP protocol. The protocol must be enabled in order to set the timers. The timers command specifies how often RIP update messages are sent. To set the timers, enter the following commands. device(config) router rip device(config-rip-router)# timer 30 180 180 120 Syntax: [no] timers update-timer timeout-timer hold-down-timer garbage-collection-timer...
Page 211
Displaying RIP Information TABLE 50 CLI display of neighbor filter information (continued) Field. Defiinition Action The action the Brocade device takes for RIP route packets to or from the specified neighbor: • deny - If the filter is applied to an interface’s outbound filter group, the filter prevents the Brocade device from advertising RIP routes to the specified neighbor on that interface.
Displaying CPU utilization statistics To display current running configuration for interface 1/1/1, enter the following command. device# show running-config interface ethernet 1/1/1 interface ethernet 1/1/1 enable ip ospf area 0 ip ospf priority 0 ip rip v2-only ip address 10.1.1.2/24 ipv6 address 2000::1/32 ipv6 enable To display current running configuration for ve 10, enter the following command.
Page 213
Displaying CPU utilization statistics Syntax: show cpu-utilization tasks The command lists the usage statistics for the previous five-second, one-minute, five-minute, and fifteen-minute intervals. FastIron Ethernet Switch Layer 3 Routing 53-1003627-04...
RIPng • RIPng Overview......................................215 • Configuring RIPng......................................215 • Clearing RIPng routes from IPv6 route table............................220 • Displaying RIPng information..................................220 RIPng Overview Routing Information Protocol (RIP) is an IP route exchange protocol that uses a distance vector (a number representing a distance) to measure the cost of a given route.
Configuring RIPng To enable RIPng globally, enter the following command. device(config-rip-router)#ipv6 router rip device(config-ripng-router)# After you enter this command, the device enters the RIPng configuration level, where you can access several commands that allow you to configure RIPng. Syntax: [no] ipv6 router rip To disable RIPng globally, use the no form of this command.
Configuring RIPng • Hold-down timer: 9 through 65535 seconds. • Garbage-collection timer: 9 through 65535 seconds. NOTE You must enter a value for each timer, even if you want to retain the current setting of a particular timer. To return to the default values of the RIPng timers, use the no form of this command. Configuring route learning and advertising parameters You can configure the following learning and advertising parameters: •...
Configuring RIPng For example, to advertise the summarized prefix 2001:db8::/36 instead of the IPv6 address 2001:db8:0:adff:8935:e838:78:e0ff with a prefix length of 64 bits from Ethernet interface 1/3/1, enter the following commands. device(config)# interface ethernet 1/3/1 device(config-if-e100-1/3/1)# ipv6 address 2001:db8:0:adff:8935:e838:78: e0ff /64 device(config-if-e100-1/3/1)# ipv6 rip summary-address 2001:db8::/36 Syntax: [no] ipv6 rip summary-address ipv6-prefix/prefix-length You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Configuring RIPng For example, to redistribute OSPFv3 routes into RIPng, enter the following command. device(config)# ipv6 router rip device(config-ripng-router)# redistribute ospf Syntax: [no] redistribute{ bgp | connected | ospf | static [ metric number ] } For the metric, specify a numerical value that is consistent with RIPng. Controlling distribution of routes through RIPng You can create a prefix list and then apply it to RIPng routing updates that are received or sent on a device interface.
Clearing RIPng routes from IPv6 route table To better handle this situation, you can configure a RIPng Brocade device to send a triggered update containing the local routes of the disabled interface with an unreachable metric of 16 to the other RIPng routers in the routing domain. You can enable the sending of a triggered update by entering the following commands.
Displaying RIPng information TABLE 52 show ipv6 rip output descriptions (continued) Field Description Split horizon/poison reverse The status of the RIPng split horizon and poison reverse features. Possible status is "on" or "off." Default routes The status of RIPng default routes. Periodic updates/trigger updates The number of periodic updates and triggered updates sent by the RIPng Brocade device.
Page 222
Displaying RIPng information TABLE 53 show ipv6 rip route output descriptions (continued) Field Description • STATIC - IPv6 static routes are redistributed into RIPng. • BGP - BGP4+ routes are redistributed into RIPng. • OSPF - OSPFv3 routes are redistributed into RIPng. Metric number The cost of the route.
OSPFv2 • OSPF overview....................................... 223 • OSPF point-to-point links..................................225 • Designated routers in multi-access networks.............................225 • Designated router election in multi-access networks........................225 • OSPF RFC 1583 and 2328 compliance............................227 • Reduction of equivalent AS external LSAs............................227 • Support for OSPF RFC 2328 Appendix E............................229 •...
Page 224
OSPF overview An OSPF router can be a member of multiple areas. Routers with membership in multiple areas are known as Area Border Routers (ABRs) . Each ABR maintains a separate topological database for each area the router is in. Each topological database contains all of the LSA databases for each router within a given area.
Designated router election in multi-access networks OSPF point-to-point links In an OSPF point-to-point network, where a direct Layer 3 connection exists between a single pair of OSPF routers, there is no need for Designated and Backup Designated Routers, as is the case in OSPF multi-access networks. Without the need for Designated and Backup Designated routers, a point-to-point network establishes adjacency and converges faster.
Page 226
Designated router election in multi-access networks If the DR goes off-line, the BDR automatically becomes the DR. The router with the next highest priority becomes the new BDR. NOTE Priority is a configurable option at the interface level. You can use this parameter to help bias one router as the FIGURE 20 Backup designated router becomes designated router If two neighbors share the same priority, the router with the highest router ID is designated as the DR.
Reduction of equivalent AS external LSAs • an interface is in a waiting state and a hello packet is received that addresses the BDR • a change in the neighbor state occurs, such as: – a neighbor state transitions from ATTEMPT state to a higher state –...
Page 228
Reduction of equivalent AS external LSAs FIGURE 21 AS external LSA reduction Notice that both Router D and Router E have a route to the other routing domain through Router F. OSPF eliminates the duplicate AS External LSAs. When two or more devices are configured as ASBRs have equal-cost routes to the same next-hop router in an external routing domain, the ASBR with the highest router ID floods the AS External LSAs for the external domain into the OSPF AS, while the other ASBRs flush the equivalent AS External LSAs from their databases.
Support for OSPF RFC 2328 Appendix E Algorithm for AS external LSA reduction The AS external LSA reduction example shows the normal AS External LSA reduction feature. The behavior changes under the following conditions: • There is one ASBR advertising (originating) a route to the external destination, but one of the following happens: –...
OSPF graceful restart Compare the networks that have the same network address, to determine which network is more specific. The more specific network is the one that has more contiguous one bits in its network mask. For example, network 10.0.0.0 255.255.0.0 is more specific than network 10.0.0.0 255.0.0.0, because the first network has 16 ones bits (255.255.0.0) whereas the second network has only 8 ones bits (255.0.0.0).
OSPF graceful restart The feature is also useful during router startup because it gives the router enough time to build up its routing table before forwarding traffic. This can be useful where BGP is enabled on the router because it takes time for the BGP routing table to converge. You can also configure and set a metric value for the following LSA types: •...
Configuring OSPF You can configure and save the following OSPF changes without resetting the system: • All OSPF interface-related parameters (for example: area, hello timer, router dead time cost, priority, re-transmission time, transit delay) • All area parameters • All area range parameters •...
Configuring OSPF • Define the area virtual link. • Set global default metric for OSPF. • Change the reference bandwidth for the default cost of OSPF interfaces. • Disable or re-enable load sharing. • Enable or disable default-information-originate. • Modify Shortest Path First (SPF) timers •...
Configuring OSPF Note regarding disabling OSPF If you disable OSPF, the device removes all the configuration information for the disabled protocol from the running configuration. Moreover, when you save the configuration to the startup configuration file after disabling one of these protocols, all the configuration information for the disabled protocol is removed from the startup configuration file.
Configuring OSPF Assign a totally stubby area By default, the device sends summary LSAs (LSA type 3) into stub areas. You can further reduce the number of link state advertisements (LSA) sent into a stub area by configuring the device to stop sending summary LSAs (type 3 LSAs) into the area. You can disable the summary LSAs when you are configuring the stub area or later after you have configured the area.
Page 236
Configuring OSPF FIGURE 22 OSPF network containing an NSSA This example shows two routing domains, a RIP domain and an OSPF domain. The ASBR inside the NSSA imports external routes from RIP into the NSSA as Type-7 LSAs, which the ASBR floods throughout the NSSA. The ABR translates the Type-7 LSAs into Type-5 LSAs.
Page 237
Configuring OSPF Syntax: [no] area { num | ip-addr nssa cost [ no-summary ] | default-information-originate } The num and ip-addr parameters specify the area number, which can be a number or in IP address format. If you specify a number, the number can be from 0 - 2,147,483,647.
Configuring OSPF Assigning an area range (optional) You can assign a range for an area, but it is not required. Ranges allow a specific IP address and mask to represent a range of IP addresses within an area, so that only that reference range address is advertised to the network, instead of all the addresses within that range.
Configuring OSPF Removes the cost from the area range. The area range will be advertised with computed cost which is the max/min(based on RFC 1583 compatibility) of all individual intra-area routes falling under this range. device(config)# router ospf device(config-ospf-router)# no area 10 range 10.1.1.1 255.255.255.0 cost 5 Removes the area range.
Configuring OSPF Modify interface defaults OSPF has interface parameters that you can configure. For simplicity, each of these parameters has a default value. No change to these default values is required except as needed for specific network configurations. Port default values can be modified using the following CLI commands at the interface configuration level of the CLI: •...
Page 241
Configuring OSPF the cost is 10. The cost for 100 Mbps, 1 Gbps, and 10 Gbps links is 1, because the speed of 100 Mbps and 10 Gbps was not in use at the time the OSPF cost formula was devised. •...
Configuring OSPF Rules for OSPF dead interval and hello interval timers The following rules apply regarding these timers: • If both the hello-interval and dead-interval parameters are configured, they will each be set to the values that you have configured. •...
Configuring OSPF Block flooding of outbound LSAs on specific OSPF interfaces By default, the device floods all outbound LSAs on all the OSPF interfaces within an area. You can configure a filter to block outbound LSAs on an OSPF interface. This feature is particularly useful when you want to block LSAs from some, but not all, of the interfaces attached to the area.
Page 244
Configuring OSPF The path for a virtual link is through an area shared by the neighbor ABR (router with a physical backbone connection), and the ABR requiring a logical connection to the backbone. Two parameters fields must be defined for all virtual links--transit area ID and neighbor router: •...
Configuring OSPF The example shows an OSPF area border router, Device A, that is cut off from the backbone area (area 0). To provide backbone access to Device A, you can add a virtual link between Device A and Device C using area 1 as a transit area. To configure the virtual link, you define the link on the router that is at each end of the link.
Configuring OSPF The simple encryption and base 64 encryption methods requires you to configure an alphanumeric password on an interface. The password can be up to eight characters long. All OSPF packets transmitted on the interface contain this password. All OSPF packets received on the interface are checked for this password. If the password is not present, then the packet is dropped.
Page 247
Configuring OSPF The software uses the following formula to calculate the cost: Cost = reference-bandwidth/interface-speed If the resulting cost is less than 1, the software rounds the cost up to 1. The default reference bandwidth results in the following costs: •...
Configuring OSPF Determining cost calculation for active ports only on LAG and VE interfaces The default operation is for cost calculation of OSPF interfaces to be based upon all configured ports. There is also an option for the auto-cost reference-bandwidth command for the calculation of OSPF costs on active ports of LAG and VE interfaces. This option allows you to calculate cost based on the ports that are currently active.
Page 249
Configuring OSPF FIGURE 24 Redistributing OSPF and static routes to RIP routes You also have the option of specifying import of just RIP, OSPF, BGP4, or static routes, as well as specifying that only routes for a specific network or with a specific cost (metric) be imported, as shown in the command syntax below. Syntax: [no] redistribute { bgp | connected | rip | static [ route-map map-name ] } NOTE Prior to software release 04.1.00, the redistribution command is used instead of redistribute .
Configuring OSPF Modify default metric for redistribution The default metric is a global parameter that specifies the cost applied to all OSPF routes by default. The default value is 10. You can assign a cost from 1 - 65535. NOTE You also can define the cost on individual interfaces.
Configuring OSPF The redistribute static command enables redistribution of static IP routes into OSPF, and uses route map "abc" to control the routes that are redistributed. In this example, the route map allows a static IP route to be redistributed into OSPF only if the route has a metric of 5, and changes the metric to 8 before placing the route into the OSPF route table.
Page 252
Configuring OSPF FIGURE 25 Example OSPF network with four equal-cost paths The device has four paths to R1: • Router ->R3 • Router ->R4 • Router ->R5 • Router ->R6 Normally, the device will choose the path to the R1 with the lower metric. For example, if the metric for R3 is 1400 and the metric for R4 is 600, the device will always choose R4.
Configuring OSPF Configure external route summarization When the device is an OSPF Autonomous System Boundary Router (ASBR), you can configure it to advertise one external route as an aggregate for all redistributed routes that are covered by a specified address range. When you configure an address range, the range takes effect immediately.
Configuring OSPF NOTE The ABR (device) will not inject the default route into an NSSA by default and the command described in this section will not cause the device to inject the default route into the NSSA. To inject the default route into an NSSA, use the area nssa default- information-originate command.
OSPF non-stop routing interface interfaceName metric metricValue routeTagValue protocol-type protocol route type and (or) sub-type value route-type route type (IS-IS sub-type values) Set Conditions: metric metricValue metric-type type1/type2 routeTagValue OSPF non-stop routing The graceful restart feature supported by open shortest path first (OSPF) maintains area topology and dataflow. Though the network requires neighboring routers to support graceful restart and perform hitless failover, the graceful restart feature may not be supported by all routers in the network.
Standby module operations reason, the NSR-capable router waits for LSA synchronization of the standby module to complete (Sync-Ack) and then acknowledges the neighbor that sent the LSA. LSA syncing and packing When the LSA processing is completed on the active management module and the decision is made to install the LSA in its link state database (LSDB), OSPF synchronizes that LSA to the standby module.
Enabling and disabling NSR Neighbor database Neighbor information is updated in the standby module based on updates from the active module. Certain neighbor state and interface transitions are synchronized to the standby module. By default, the neighbor timers on the standby module are disabled. LSA database The standby module processes LSA synchronization events from the active module and unpacks the LSA synchronization information to directly install it in its LSDB as the LSA has already been processed on the active module.
Disabling configuration • Changes in the neighbor state or interface state before or during a switchover do not take effect. • Traffic counters are not synchronized because the neighbor and LSA database counters are recalculated on the standby module during synchronization. •...
OSPF distribute list NOTE If you specify a metric and metric type, the values you specify are used even if you do not use the always option. The route-map parameter overrides other options. If set commands for metric and metric-type are specified in the route-map, the command-line values of metric and metric-type if specified, are ignored for clarification.
OSPF distribute list 10.31.39.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPF database. device(config)# ip access-list extended DenyNet39 device(config-ext-nacl)# deny ip 10.31.39.0 0.0.0.255 any device(config-ext-nacl)# permit ip any any device(config)# router ospf device(config-ospf-router) # area 0 device(config-ospf-router) # distribute-list DenyNet39 in...
OSPF distribute list Once this configuration is implemented, the routes identified by the ip prefix-list command and matched in the route map will have their OSPF administrative distance to 200. This is displayed in the output from the show ip route command, as shown in the following. device# show ip route Total number of IP routes: 4 Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static;...
OSPF distribute list To set the timers back to their default values, enter a command such as the following. device(config-ospf-router)# no timers spf 10 20 Syntax: [no] timers spf delay hold-time The delay parameter specifies the SPF delay. The hold-time parameter specifies the SPF hold time. NOTE OSPF incrementally updates the OSPF routing table when new Type-3 or Type-4 Summary, Type-5 External, or Type-7 External NSSA LSAs are received.
OSPF distribute list NOTE This feature does not influence the choice of routes within OSPF. For example, an OSPF intra-area route is always preferred over an OSPF inter-area route, even if the intra-area route’s distance is greater than the inter-area route’s distance. To change the default administrative distances for inter-area routes, intra-area routes, and external routes, enter the following command.
OSPF distribute list Modify OSPF traps generated OSPF traps as defined by RFC 1850 are supported on device. You can disable all or specific OSPF trap generation by entering the following CLI command. device(config)# no snmp-server trap ospf To later re-enable the trap feature, enter snmp-server trap ospf . To disable a specific OSPF trap, enter the command as no snmp-server trap ospf ospf-trap.
OSPF distribute list To modify the exit overflow interval to 60 seconds, enter the following command. device(config-ospf-router)# database-overflow-interval 60 Syntax: [no] database-overflow-interval value The value can be from 0 - 86400 seconds. The default is 0 seconds. Specify types of OSPF Syslog messages to log You can specify which kinds of OSPF-related Syslog messages are logged.
OSPF distribute list NOTE Brocade devices support numbered point-to-point networks, meaning the OSPF router must have an IP interface address which uniquely identifies the router over the network. Brocade devices do not support unnumbered point-to-point networks. The broadcast option configures the network type as a broadcast connection. This is the default option for Ethernet, VE and Loopback interfaces.
Page 268
OSPF distribute list Configuring OSPF Graceful Restart time for the global instance Use the following command to specify the maximum amount of time advertised to a neighbor router to maintain routes from and forward traffic to a restarting router. device(config)# router ospf device(config-ospf-router)# graceful-restart restart-time 120 Syntax: [no] graceful-restart restart-time seconds The seconds variable sets the maximum restart wait time advertised to neighbors.
OSPF distribute list Disabling OSPF Graceful Restart helper mode per VRF You can prevent your router from participating in OSPF Graceful Restart with VRF neighbors by using the following command. device(config)# router ospf vrf blue device(config-ospf-router)# graceful-restart helper-disable Syntax: [no] graceful-restart helper-disable This command disables OSPF Graceful Restart helper mode.
OSPF distribute list Examples The following examples of the command max-metric router-lsa command demonstrate how it can be used: The following command indicates that OSPF is being shutdown and that all links in the router LSA should be advertised with the value 0xFFFF and the metric value for all external and summary LSAs is set to 0xFF0000 until OSPF is restarted.
Displaying OSPF information Displaying OSPF Router Advertisement Using the show ip ospf command you can display the current OSPF Router Advertisement configuration. device# show ip ospf OSPF Version Version 2 Router Id 192.168.98.213 ASBR Status ABR Status Redistribute Ext Routes from Connected RIP Initial SPF schedule delay (msecs)
Displaying OSPF information TABLE 56 show ip ospf config output descriptions (continued) Field Description OSPF Redistribution Metric Shows the OSPF redistribution metric type, which can be one of the following: • Type1 • Type2 OSPF External LSA Limit Shows the external LSA limit value. OSPF Database Overflow Interval Shows the database overflow interval value.
Displaying OSPF information The area-id parameter shows information for the specified area. The num parameter identifies the position of the entry number in the area table. TABLE 57 show ip ospf area output descriptions This field Displays Index The row number of the entry in the router’s OSPF area table. Area The area number.
Page 275
Displaying OSPF information TABLE 58 show ip ospf neighbor output descriptions (continued) Field Description • 1 = point-to-point link • 3 = point-to-point link with assigned subnet State The state of the conversation between the device and the neighbor. This field can have one of the following values: •...
Displaying OSPF information TABLE 58 show ip ospf neighbor output descriptions (continued) Field Description The number of LSAs that were retransmitted. Displaying OSPF interface information To display OSPF interface information, enter the following command at any CLI level. The details of interface options are highlighted in the output.
Page 277
Displaying OSPF information TABLE 59 show ip ospf interface output descriptions (continued) This field Displays State The state of the interface. Possible states include the following: • DR - The interface is functioning as the Designated Router for OSPFv2. • BDR - The interface is functioning as the Backup Designated Router for OSPFv2.
Displaying OSPF information TABLE 59 show ip ospf interface output descriptions (continued) This field Displays The router ID (IPv4 address) of the DR. The router ID (IPv4 address) of the BDR. Neighbor Count The number of neighbors to which the interface is connected. Adjacent Neighbor Count The number of adjacent neighbor routers.
Displaying OSPF information TABLE 60 show ip ospf interface brief output descriptions (continued) This field Displays or greater are used by the flooding procedure. In fact, these adjacencies are fully capable of transmitting and receiving all types of OSPF routing protocol packets. •...
Page 280
Displaying OSPF information TABLE 61 show ip ospf routes output descriptions This field Displays Destination The IP address of the route's destination. Mask The network mask for the route. Path_Cost The cost of this route path. (A route can have multiple paths. Each path represents a different exit port for the device.) Type2_Cost The type 2 cost of this path.
Displaying OSPF information Syntax: show ip ospf redistribute route [ ip-addr ip-mask ] The ip-addr ip-mask parameter specifies a network prefix and network mask. Here is an example. Brocade# show ip ospf redistribute route 192.213.1.0 255.255.255.254 192.213.1.0 255.255.255.254 fwd 0.0.0.0 (0) metric 10 connected Displaying OSPF database information The following command displays the OSPF database.
Displaying OSPF information Syntax:show ip ospf [vrf vrf-name] database external-link-state [ advertise num | extensive | link-state-id A.B.C.D | router-id A.B.C.D | sequence-number num(Hex)] The vrf vrf-name parameter displays information for a VRF, or a specific vrf-name. The advertise num parameter displays the decoded data in the specified LSA packet. The num parameter identifies the LSA packet by its position in the router’s External LSA table.
Displaying OSPF information TABLE 64 show ip ospf database database-summary output descriptions (continued) This field Displays NSSA-Ext The number of not-so-stubby Opq-area the number of Type-10 (area-scope) Opaque LSA.s Displaying OSPF database link state information To display database link state information, enter the following command at any CLI level. device# show ip ospf database link-state Index Area ID Type LS ID Adv Rtr...
Displaying OSPF information The self-originate option shows self-originated LSAs. TABLE 65 show ip ospf database link-state output descriptions This field Displays Index ID of the entry Area ID ID of the OSPF area Type LS ID Type and ID of the link state advertisement. Adv Rtr ID of the advertising router.
Displaying OSPF information To display the state of each OSPF trap, enter the following command at any CLI level. device# show ip ospf trap Interface State Change Trap: Enabled Virtual Interface State Change Trap: Enabled Neighbor State Change Trap: Enabled Virtual Neighbor State Change Trap: Enabled Interface Configuration Error Trap:...
Displaying OSPF information TABLE 67 show ip ospf interfaceoutput descriptions (continued) This field Displays Type The area type, which can be one of the following: • Broadcast = 0x01 • NBMA = 0x02 • Point to Point = 0x03 • Virtual Link = 0x04 •...
Page 287
Displaying OSPF information FIGURE 26 OSPF virtual neighbor and virtual link example Displaying OSPF virtual neighbor Use the show ip ospf virtual neighbor command to display OSPF virtual neighbor information. device# show ip ospf virtual neighbor Indx Transit Area Router ID Neighbor address options 131.1.1.10 135.14.1.10...
Displaying OSPF information Displaying OSPF virtual link information Use the show ip ospf virtual link command to display OSPF virtual link information. device# show ip ospf virtual link Indx Transit Area Router ID Transit(sec) Retrans(sec) Hello(sec) 131.1.1.10 Dead(sec) events state Authentication-Key ptr2ptr None...
Clearing OSPF information TABLE 68 show ip ospf database grace-link-state output descriptions (continued) This field Displays time period began when grace-LSA's LS age was equal to 0, the grace period terminates when either: • the LS age of the grace-LSA exceeds the value of a Grace Period •...
Clearing OSPF information Clearing OSPF neighbors You can use the following command to delete and relearn all OSPF neighbors, all OSPF neighbors for a specified interface or a specified OSPF neighbor. device# clear ip ospf neighbor all Syntax: clear ip ospf [ vrf vrf-name ] neighbor all [ interface ] | interface | ip-address [ interface ] Selecting the all option without specifying an interface clears all of the OSPF neighbors on the router.
OSPFv3 • OSPFv3 overview......................................291 • LSA types for OSPFv3....................................291 • Configuring OSPFv3....................................292 • Displaying OSPFv3 information................................319 • OSPFv3 clear commands ..................................347 OSPFv3 overview IPv6 supports OSPF Version 3 (OSPFv3). OSPFv3 functions similarly to OSPF Version 2 (OSPFv2), with several enhancements. Open Shortest Path First (OSPF) is a link-state routing protocol.
Configuring OSPFv3 • Autonomous system External LSAs (Type 5) • Group Membership LSA (Type 6) • NSSA External LSAs (Type 7) • Link LSAs (Type 8) • Intra-area-prefix LSAs (Type 9) For more information about these LSAs, refer to RFC 5340. Configuring OSPFv3 To configure OSPFv3, you must perform the following steps.
Configuring OSPFv3 Enabling OSPFv3 in a VRF To enable OSPFv3 for a default Virtual Routing and Forwarding (VRF), enter a command such as the following. device(config-ospf6-router)# ipv6 router ospf vrf red Syntax: [no] ipv6 router ospf vrf vrf-name The vrf-name parameter specifies the name of the VRF in which OSPFv3 is being initiated. Disabling OSPFv3 in a VRF To disable OSPFv3 for a default Virtual Routing and Forwarding (VRF), enter a command such as the following.
Page 294
Configuring OSPFv3 – ABRs translate type 7 LSAs into type 5 External LSAs, which can then be flooded throughout the AS. You can configure address ranges on the ABR of an NSSA so that the ABR converts multiple type-7 External LSAs received from the NSSA into a single type-5 External LSA.
Page 295
Configuring OSPFv3 Assign a Not-So-Stubby Area (NSSA) The OSPF Not So Stubby Area (NSSA) feature enables you to configure OSPF areas that provide the benefits of stub areas, but that also are capable of importing external route information. OSPF does not flood external routes from other areas into an NSSA, but does translate and flood route information from the NSSA into other areas such as the backbone.
Page 296
Configuring OSPFv3 The area-id parameter specifies the area number, which can be a number or in IP address format. If you specify a number, the number can be from 0 to 2,147,483,647. The nssa stub-metric parameter configures an area as a not-so-stubby-area (NSSA). The stub-metric will be the metric used for generating default LSA in a NSSA.
Configuring OSPFv3 Assigning an area cost for OSPFv3 (optional parameter) You can assign a cost for an area, but it is not required. To consolidate and summarize routes at an area boundary, use the area range cost command in router configuration mode. If the cost parameter is specified, it will be used (overriding the computed cost) to generate the summary LSA.
Configuring OSPFv3 The ipv6-subnet-mask parameter specifies the portions of the IPv6 address that a route must contain to be summarized in the summary route. In the example above, all networks that begin with 193.45 are summarized into a single route. The advertise parameter sets the address range status to advertise and generates a Type 3 summary link-state advertisement (LSA).
Configuring OSPFv3 The path for a virtual link is through an area shared by the neighbor ABR (router with a physical backbone connection) and the ABR requiring a logical connection to the backbone. Two parameters must be defined for all virtual links -- transit area ID and neighbor router: •...
Configuring OSPFv3 For example, to change the dead-interval parameter to 60 seconds on the virtual links defined on ABR1 and ABR2, enter the following command on ABR1. device(config-ospf6-router)# area 1 virtual-link 10.157.22.1 dead-interval 60 Enter the following command on ABR2. device(config-ospf6-router)# area 1 virtual-link 10.0.0.1 dead-interval 60 Syntax: [no] area {number | ipv4-address} virtual-link router-id [dead-interval seconds | hello-interval seconds | retransmit-interval seconds | transmit-delay seconds]...
Configuring OSPFv3 Some interface types are not affected by the reference bandwidth and always have the same cost regardless of the reference bandwidth in use: • The cost of a loopback interface is always 1. • The cost of a virtual link is calculated using the Shortest Path First (SPF) algorithm and is not affected by the auto-cost feature. •...
Page 302
Configuring OSPFv3 For example, to configure the redistribution of all IPv6 static and RIPng, enter the following commands. device(config-ospf6-router)# redistribute static device(config-ospf6-router)# redistribute rip Syntax: [no] redistribute {bgp | connected | rip | static [metric number | metric-type type]} The bgp, connected, rip, and static keywords specify the route source. The metric number parameter specifies the metric used for the redistributed route.
Page 303
Configuring OSPFv3 • set metric-type type-1 | type-2 • set tag tag-value NOTE You must configure the route map before you configure a redistribution filter that uses the route map. NOTE When you use a route map for route redistribution, the software disregards the permit or deny action of the route map. NOTE For an external route that is redistributed into OSPFv3 through a route map, the metric value of the route remains the same unless the metric is set by a set metric command inside the route map or the default-metric command.
Configuring OSPFv3 Configuring external route summarization When the Brocade device is an OSPF Autonomous System Boundary Router (ASBR), you can configure it to advertise one external route as an aggregate for all redistributed routes that are covered by a specified IPv6 address range. When you configure an address range, the range takes effect immediately.
Page 305
Configuring OSPFv3 However, unlike OSPFv2 distribution lists, which filter routes based on criteria specified in an Access Control List (ACL), OSPFv3 distribution lists can filter routes using information specified in an IPv6 prefix list or a route map. Configuration examples The following sections show examples of filtering OSPFv3 routes using prefix lists globally and for a specific interface, as well as filtering OSPFv3 routes using a route map.
Page 306
Configuring OSPFv3 The following commands specify an IPv6 prefix list called filterOspfRoutesVe that denies route 2001:db8:3::/64. device(config)# ipv6 prefix-list filterOspfRoutesVe seq 5 deny 2001:db8:3::/64 device(config)# ipv6 prefix-list filterOspfRoutesVe seq 10 permit ::/0 ge 1 le 128 The following commands configure a distribution list that applies the filterOspfRoutesVe prefix list to routes pointing to virtual interface device(config)# ipv6 router ospf device(config-ospf6-router)# distribute-list prefix-list filterOspfRoutesVe in ve 10 After this distribution list is configured, route 2001:db8:3::/64, pointing to virtual interface 10, would be omitted from the OSPFv3 route...
Configuring OSPFv3 Configuring an OSPFv3 distribution list using a route map that uses a prefix list When you configure route redistribution into OSPFv3 using a route map that uses a prefix list, the device supports both permit and deny statements in the route map and permit statements only in the prefix list. Therefore, the action to permit or deny is determined by the route map, and the conditions for the action are contained in the prefix list.
Configuring OSPFv3 The always keyword originates a default route regardless of whether the device has learned a default route. This option is disabled by default. The metric value parameter specifies a metric for the default route. If this option is not used, the value of the default-metric command is used for the route.
Configuring OSPFv3 Modifying administrative distance The Brocade device can learn about networks from various protocols, including BGP4+, RIPng, and OSPFv3. Consequently, the routes to a network may differ depending on the protocol from which the routes were learned. By default, the administrative distance for OSPFv3 routes is 110.
Configuring OSPFv3 The pacing interval is inversely proportional to the number of LSAs the Brocade device is refreshing and aging. For example, if you have approximately 10,000 LSAs, decreasing the pacing interval enhances performance. If you have a very small database (40 - 100 LSAs), increasing the pacing interval to 10 - 20 minutes might enhance performance only slightly.
Configuring OSPFv3 Syntax: [no] default-passive-interface Modifying OSPFv3 interface defaults OSPFv3 has interface parameters that you can configure. For simplicity, each of these parameters has a default value. No change to these default values is required except as needed for specific network configurations. You can modify the default values for the following OSPF interface parameters: •...
Configuring OSPFv3 To disable the logging of events, enter the following command. device(config-ospf6-router)# no log-status-change Syntax: [no] log-status-change To re-enable the logging of events, enter the following command. device(config-ospf6-router)# log-status-change IPsec for OSPFv3 IPSec secures OSPFv3 communications by authenticating and encrypting each IP packet of a communication session. IPsec is available for OSPFv3 traffic only and only for packets that are “for-us”.
Configuring OSPFv3 Configuring IPsec for OSPFv3 This section describes how to configure IPsec for an interface, area, and virtual link. It also describes how to change the key rollover timer if necessary and how to disable IPsec on a particular interface for special purposes. By default, OSPFv3 IPsec authentication is disabled.
Page 314
Configuring OSPFv3 Interface and area IPsec considerations This section describes the precedence of interface and area IPsec configurations. If you configure an interface IPsec by using the ipv6 ospf authentication command in the context of a specific interface, that interface’s IPsec configuration overrides the area configuration of IPsec.
Page 315
Configuring OSPFv3 The no form of this command sets the key-add-remove-interval back to a default of 300 seconds. The ipv6 command is available in the configuration interface context for a specific interface. The ospf keyword identifies OSPFv3 as the protocol to receive IPsec security. The authentication keyword enables authentication.
Page 316
Configuring OSPFv3 The key variable must be 40 hexadecimal characters. To change an existing key, you must also specify a different SPI value. You cannot just change the key without also specifying a different SPI, too. For example, in an interface context where you intend to change a key, you must type a different SPI value -- which occurs before the key parameter on the command line -- before you type the new key.
Page 317
Configuring OSPFv3 area 2 area 2 auth ipsec spi 400 esp sha1 abcef12345678901234fedcba098765432109876 Configuring IPsec for a virtual link IPsec on a virtual link has a global configuration. To configure IPsec on a virtual link, enter the IPv6 router OSPF context of the CLI and proceed as the following example illustrates. (Note the no-encrypt option in this example.) device(config-ospf6-router)# area 1 vir 10.2.2.2 auth ipsec spi 360 esp sha1 no-encrypt 1234567890098765432112345678990987654321...
Configuring OSPFv3 The no form of this command restores the area and interface-specific IPsec operation. Changing the key rollover timer Configuration changes for authentication takes effect in a controlled manner through the key rollover procedure as specified in RFC 4552, Section 10.1. The key rollover timer controls the timing of the configuration changeover. The key rollover timer can be configured in the IPv6 router OSPF context, as the following example illustrates.
Displaying OSPFv3 information TABLE 69 OSPFv3 area information fields Task Configuration example Disabling graceful-restart-helper on a device device(config-ospf6-router)#graceful-restart helper disable NOTE Graceful restart for OSPFv3 helper mode is enabled by default. Enabling graceful-restart-helper on a device device(config-ospf6-router)#no graceful-restart helper disable Enabling LSA checking option on the helper device(config-ospf6-router)#graceful-restart helper strict-lsa-checking...
Displaying OSPFv3 information • Virtual neighbors • IPsec • key-add-remove interval General OSPFv3 configuration information To indicate whether the Brocade device is operating as ASBR or not, enter the following command at any CLI level. device# show ipv6 ospf OSPFv3 Process number 0 with Router ID 0xc0a862d5(192.168.98.213) Running 0 days 2 hours 55 minutes 36 seconds Number of AS scoped LSAs is 4 Sum of AS scoped LSAs Checksum is 18565...
Displaying OSPFv3 information TABLE 70 show ipv6 ospf area output descriptions (continued) This field Displays Number of Area scoped LSAs is N Number of LSAs (N ) with a scope of the specified area. SPF algorithm executed is N The number of times (N ) the OSPF Shortest Path First (SPF) algorithm is executed within the area.
Page 322
Displaying OSPFv3 information The scope area-id parameter displays detailed information about the LSAs for a specified area, AS, or link. TABLE 71 show ipv6 ospf database output descriptions This field Displays Area ID The OSPF area in which the device resides. Type Type of LSA.
Page 323
Displaying OSPFv3 information Prefix Options: Referenced LSType: 0 Prefix: ::/0 LSA Key - Rtr:Router Net:Network Inap:InterPrefix Inar:InterRouter Extn:ASExternal Grp:GroupMembership Typ7:Type7 Link:Link Iap:IntraPrefix Grc:Grace Area ID Type LSID Adv Rtr Seq(Hex) Age Cksum Len Sync Extn 2 192.168.98.71 80000258 132 a3ff Bits: E-T Metric: 1 Prefix Options:...
Page 324
Displaying OSPFv3 information TABLE 72 OSPFv3 detailed database information fields (continued) This field Displays R - The originator is an active router. DC -The device handles demand circuits. Type The type of interface. Possible types can be the following: Point-to-point - A point-to-point connection to another router. Transit - A connection to a transit network.
Displaying OSPFv3 information TABLE 72 OSPFv3 detailed database information fields (continued) This field Displays Bits The bit can be set to one of the following: • E - If bit E is set, a Type 2 external metric. If bit E is zero, a Type 1 external metric. •...
Displaying OSPFv3 information TABLE 73 show ipv6 interface output descriptions Field Description Type Codes Shows the routing protocol enabled on the interface. The routing protocol can be one of the following: • R - RIP • O - OSPF Interface Shows the type, unit, slot, and port number of the interface.
Page 327
Displaying OSPFv3 information TABLE 74 show ipv6 ospf interface brief output descriptions (continued) This field Displays Cost The overhead required to send a packet across an interface. State The state of the interface. Possible states include the following: • DR - The interface is functioning as the Designated Router for OSPFv3.
Page 328
Displaying OSPFv3 information Hello 29556 29520 DbDesc 2536 LSReq 1444 LSUpdate 344 71464 23256 LSAck 6780 11396 OSPF messages dropped,no authentication: 0 ve 17 admin up, oper up, IPv6 enabled IPv6 Address: fe80::214:ff:fe77:96ff 5100::192:213:111:213/112 5100::192:213:111:0/112 Instance ID 0, Router ID 192.168.98.213 Area ID 0.0.0.200, Cost 1, Type BROADCAST MTU: 10178 State BDR, Transmit Delay 1 sec, Priority 1, Link-LSA Tx not suppressed...
Page 329
Displaying OSPFv3 information TABLE 75 show ipv6 ospf interface output descriptions (continued) This field Displays State The state of the interface. Possible states include the following: • DR - The interface is functioning as the Designated Router for OSPFv3. • BDR - The interface is functioning as the Backup Designated Router for OSPFv3.
Displaying OSPFv3 information TABLE 75 show ipv6 ospf interface output descriptions (continued) This field Displays • LSUpdate - The number of link-state updates transmitted and received by the interface. Also, the total number of bytes associated with transmitted and received link-state requests. •...
Displaying OSPFv3 information Displaying OSPFv3 neighbor information You can display a summary of OSPFv3 neighbor information for the device or detailed information about a specified neighbor. To display a summary of OSPFv3 neighbor information for the device, enter the following command at any CLI level. device# show ipv6 ospf neighbor Total number of neighbors in all states: 2 Number of neighbors in state Full...
Page 332
Displaying OSPFv3 information For example, to display detailed information about a neighbor with the router ID of 10.1.1.1, enter the show ipv6 ospf neighbor router- id command at any CLI level. device# show ipv6 ospf neighbor router-id 1192.168.98.111 RouterID Pri State Interface [State] 192.168.98.111...
Page 333
Displaying OSPFv3 information TABLE 78 show ipv6 ospf neighbor router-id output descriptions (continued) Field Description Interface [State] The interface through which the router is connected to the neighbor. The state of the interface can be one of the following: • DR - The interface is functioning as the Designated Router for OSPFv3.
Displaying OSPFv3 information TABLE 78 show ipv6 ospf neighbor router-id output descriptions (continued) Field Description LS Update Received The number of times the neighbor received link-state updates from the device. Displaying routes redistributed into OSPFv3 You can display all IPv6 routes or a specified IPv6 route that the device has redistributed into OSPFv3. To display all IPv6 routes that the device has redistributed into OSPFv3, enter the following command at any level of the CLI.
Page 335
Displaying OSPFv3 information fe80::768e:f8ff:fe3e:1800 e 4/3/1 192.168.98.111 fe80::768e:f8ff:fe3e:1800 ve 17 192.168.98.111 Destination Cost E2Cost Flags IA 5100::192:61:1001:0/112 00000007 110 Next_Hop_Router Outgoing_Interface Adv_Router fe80::768e:f8ff:fe3e:1800 e 4/3/1 192.168.98.111 fe80::768e:f8ff:fe3e:1800 ve 17 192.168.98.111 Destination Cost E2Cost Flags IA 5100::192:111:2:111/128 00000007 110 Next_Hop_Router Outgoing_Interface Adv_Router fe80::768e:f8ff:fe3e:1800 e 4/3/1 192.168.98.111...
Displaying OSPFv3 information Displaying OSPFv3 SPF information You can display the following OSPFv3 SPF information: • SPF node information • SPF node information for a specified area. • SPF table for a specified area. • SPF tree for a specified area. Enter the command at any level of the CLI to display SPF information in a node.
Page 337
Displaying OSPFv3 information parent nodes: 10.223.223.223:88 child nodes: Syntax: show ipv6 ospf spf node area [area-id] The node keyword displays SPF node information. The area area-id parameter specifies a particular area. You can specify the area-id in the following formats: •...
Page 338
Displaying OSPFv3 information TABLE 82 show ipv6 ospf spf table area output descriptions This field Displays Destination The destination of a route, which is identified by the following: • "R", which indicates the destination is a router. "N", which indicates the destination is a network. •...
Displaying OSPFv3 information Displaying OSPFv3 GR Helper mode information Run the show ipv6 ospf command to display information about the graceful restart helper mode device# (config-ospf6-router)#show ipv6 ospf OSPFv3 Process number 0 with Router ID 0xa19e0eb(10.25.224.235) Running 0 days 0 hours 0 minutes 26 seconds Number of AS scoped LSAs is 0 Sum of AS scoped LSAs Checksum is 0 External LSA Limit is 250000...
Displaying OSPFv3 information TABLE 83 show ipv6 ospf virtual-link output descriptions This field Displays Index An index number associated with the virtual link. Transit Area ID The ID of the shared area of two ABRs that serves as a connection point between the two routers.
Displaying OSPFv3 information IPsec examples This section contains examples of IPsec configuration and the output from the IPsec-specific show commands. In addition, IPsec-related information appears in general show command output for interfaces and areas. The show commands that are specific to IPsec are: •...
Page 342
Displaying OSPFv3 information OSPF FE80::/10:any ::/0:any SA: 1:e1/1/1 in ESP FE80:: out OSPF FE80::/10:any ::/0:any SA: 1:e1/1/1 out ESP OSPF 2001:db8:1:1::1/128:any 2001:db8:1:1::2/128:any SA: 1:ALL 2001:db8:1:1::2 out OSPF 2001:db8:1:1::2/128:any 2001:db8:1:1::1/128:any SA: 1:e1/1/1 out ESP 2001:db8:1:1::1 OSPF 35:1:1::1/128:any 10:1:1::2/128:any SA: 2:ALL 10:1:1::2 Syntax: show ipsec policy TABLE 85 show ipsec policy output descriptions This field...
Page 343
Displaying OSPFv3 information TABLE 86 SA used by the policy (continued) This field Displays For a virtual link, both the inbound and outbound destination addresses are relevant. Showing IPsec statistics The show ipsec statistics command displays the error and other counters for IPsec, as this example shows. device# show ipsec statistics IPSecurity Statistics secEspCurrentInboundSAs 1...
Page 344
Displaying OSPFv3 information TABLE 87 show ipv6 ospf area output descriptions This field Displays Authentication This field shows whether or not authentication is configured. If this field says "Not Configured," the IPsec-related fields (bold in example screen output) are not displayed at all. KeyRolloverTime The number of seconds between each initiation of a key rollover.
Page 345
Displaying OSPFv3 information TABLE 88 show ipv6 ospf interface output descriptions This field Displays Authentication This field shows whether or not authentication is configured. If this field says "Not Configured," the IPsec-related fields (bold in example screen output) are not displayed at all. KeyRolloverTime The number of seconds between each initiation of a key rollover.
Page 346
Displaying OSPFv3 information Changing a key In this example, the key is changed. Note that the SPI value is changed from 300 to 310 to comply with the requirement that the SPI is changed when the key is changed. Initial configuration command. device(config-if-e10000-1/1/3)# ipv6 ospf auth ipsec spi 300 esp sha1 no-encrypt 12345678900987655431234567890aabbccddef Command for changing the key.
OSPFv3 clear commands Maximum of Hop count to nodes: 0 Area 1: Authentication: Not Configured Interface attached to this area: eth 1/1/1 Number of Area scoped LSAs is 6 Sum of Area LSAs Checksum is 00046630 Statistics of Area 1: SPF algorithm executed 3 times SPF last updated: 302 sec ago Current SPF node count: 3...
OSPFv3 clear commands Syntax: clear ipv6 ospf vrf vrfname Clearing all OSPFv3 packet counters You can use the clear ipv6 ospf traffic command to clear all OSPFv3 packet counters as shown in the following. device# clear ipv6 ospf traffic Syntax: clear ipv6 ospf traffic Scheduling Shortest Path First (SPF) calculation You can use the clear ipv6 ospf force-spf command to perform the SPF calculation without clearing the OSPF database, as shown in the following.
Page 349
OSPFv3 clear commands ve port-no - clears OSPF neighbors on the specified virtual interface. tunnel tunnel-port - clears OSPF neighbors on the specified tunnel interface. Specifying the nbr-id variable limits the clear ipv6 ospf neighbor command to an individual OSPF neighbor attached to the interface. Clearing OSPFv3 counters You can use the ospf counts command to clear OSPF neighbor’s counters as described in the following: •...
BGP4 overview FIGURE 27 Example BGP4 autonomous systems Relationship between the BGP4 route table and the IP route table The device BGP4 route table can have multiple routes or paths to the same destination, which are learned from different BGP4 neighbors.
BGP4 overview After a device successfully negotiates a BGP4 session with a neighbor (a BGP4 peer), the device exchanges complete BGP4 route tables with the neighbor. After this initial exchange, the device and all other RFC 1771-compliant BGP4 devices send UPDATE messages to inform neighbors of new, changed, or no longer feasible routes.
BGP4 overview If all the comparisons above are equal, prefer the route with the lowest IGP metric to the BGP4 next hop. This is the closest internal path inside the AS to reach the destination. 10. If the internal paths also are the same and BGP4 load sharing is enabled, load share among the paths. Otherwise prefer the route that comes from the BGP4 device with the lowest device ID.
Page 355
BGP4 overview numbered loopback interface configured on the device. If the device does not have a loopback interface, the default device ID is the lowest numbered IP address configured on the device. • Parameter list - An optional list of additional parameters used in peer negotiation with BGP4 neighbors. UPDATE message After BGP4 neighbors establish a BGP4 connection over TCP and exchange their BGP4 routing tables, they do not send periodic routing updates.
Implementation of BGP4 Grouping of RIB-out peers To improve efficiency in the calculation of outbound route filters, the device groups BGP4 peers together based on their outbound policies. To reduce RIB-out memory usage, the device then groups the peers within an outbound policy group according to their RIB-out routes.
BGP4 restart marker that indicates it has received all of the BGP4 route updates, it recomputes the new routes and replaces the stale routes in the route map with the newly computed routes. If the device does not come back up within the time configured for the purge timer, the stale routes are removed.
BGP4 restart FIGURE 28 Management module switchover behavior for BGP4 peer notification If the active management module fails due to a fault, the management module does not have the opportunity to reset BGP4 sessions with neighbors as described for intentional failovers. In this situation the management module will reboot, or the standby management module becomes the new active management module.
Page 359
BGP4 restart FIGURE 29 Example of customer connected to two ISPs In the next example, ISP-A has purchased ISP-B. The AS associated with ISP-B changes to AS 100. If Customer C cannot or does not want to change their configuration or peering relationship with ISP-B, a peer with Local-AS configured with the value 200 can be established on ISP-B.
Basic configuration and activation for BGP4 FIGURE 30 Example of Local AS configured on ISP-B A Local AS is configured using the BGP4 neighbor command. To confirm that a Local AS has been configured, use the show ip bgp neighbors command. Basic configuration and activation for BGP4 BGP4 is disabled by default.
BGP4 parameters Save the BGP4 configuration information to the system configuration file. For example, enter commands such as the following. device> enable device# configure terminal device(config)# router bgp BGP4: Please configure 'local-as' parameter in order to enable BGP4. device(config-bgp)# local-as 10 device(config-bgp-router)#neighbor 10.157.23.99 remote-as 100 device(config-bgp)# write memory Syntax: router bgp...
Page 362
BGP4 parameters • Required - Specify the local AS number. • Optional - Add a loopback interface for use with neighbors. • Required - Identify BGP4 neighbors. • Optional - Change the Keep Alive Time and Hold Time. • Optional - Change the update timer for route changes. •...
BGP4 parameters Parameter changes that take effect immediately The following parameter changes take effect immediately: • Enable or disable BGP4. • Set or change the local AS. • Add neighbors. • Change the update timer for route changes. • Disable or enable fast external failover. •...
Memory considerations Parameter changes that take effect after disabling and re-enabling redistribution The following parameter change takes effect only after you disable and then re-enable redistribution: • Change the default MED (metric). Memory considerations BGP4 can handle a very large number of routes and therefore requires a lot of memory. For example, in a typical configuration with a single BGP4 neighbor, receiving a full internet route table, a BGP4 device may need to hold over a million routes.
Basic configuration tasks required for BGP4 Enabling BGP4 on the device When you enable BGP4 on the device, BGP4 is automatically activated. To enable BGP4 on the device, enter the following commands. device# configure terminal device(config)# router bgp BGP4: Please configure 'local-as' parameter in order to enable BGP4. device(config-bgp-router)# local-as 10 device(config-bgp-router)# neighbor 10.157.23.99 remote-as 100 device(config-bgp-router)# write memory...
Basic configuration tasks required for BGP4 The num parameter specifies a local AS number in the range 1 through 4294967295. It has no default. AS numbers 64512 - 65535 are the well-known private BGP4 AS numbers and are not advertised to the Internet community. Setting the local AS number for VRF instances The local autonomous system (AS) number identifies the AS in which the BGP4 device resides.
Basic configuration tasks required for BGP4 NOTE If you configure the Brocade device to use a loopback interface to communicate with a BGP4 neighbor, the peer IP address on the remote device pointing to your loopback address must be configured. To add a loopback interface, enter commands such as the following.
Page 368
Basic configuration tasks required for BGP4 NOTE The device applies the advertisement interval only under certain conditions. The device does not apply the advertisement interval when sending initial updates to a BGP4 neighbor. As a result, the device sends the updates one immediately after another, without waiting for the advertisement interval.
Page 369
Basic configuration tasks required for BGP4 list of AS-path filters. The device applies the filters in the order in which you list them and stops applying the filters in the AS-path filter list when a match is found. weight num specifies a weight that the device applies to routes received from the neighbor. You can specify a number from 0 through 65535.
Page 370
Basic configuration tasks required for BGP4 The system creates an MD5 hash of the password and uses it for securing sessions between the device and its neighbors. To display the configuration, the system uses a 2-way encoding scheme to be able to retrieve the original password that was entered. By default, the password is encrypted.
Page 371
Basic configuration tasks required for BGP4 allowed). If you set the Hold Time to 0, the device waits indefinitely for messages from a neighbor without concluding that the neighbor is non-operational. The defaults for these parameters are the currently configured global Keep Alive Time and Hold Time. unsuppress-map map-name removes route suppression from neighbor routes when those routes have been dampened due to aggregation.
Page 372
Basic configuration tasks required for BGP4 The show ip bgp route command verifies that the route has been unsuppressed. device(config-bgp)# show ip bgp route 10.1.44.0/24 Number of BGP Routes matching display condition : 1 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED F:FILTERED Prefix Next Hop...
Basic configuration tasks required for BGP4 Since the default behavior does not affect the BGP4 configuration itself but does encrypt display of the authentication string, the CLI does not list the encryption options. Syntax: [no] neighbor { ip-addr | peer-group-name } password string The ip-addr | peer-group-name parameter indicates whether you are configuring an individual neighbor or a peer group.
Basic configuration tasks required for BGP4 To display IPv6 unicast device information with respect to the IPv4 neighbor, enter the show ip bgp ipv6 neighbors command: device(config-bgp)# show ip bgp ipv6 neighbors Total number of BGP Neighbors: 1 1 IP Address: 192.168.1.2, AS: 2 (EBGP), RouterID: 10.1.1.2, VRF: default-vrf State: ESTABLISHED, Time: 0h8m33s, KeepAliveTime: 60, HoldTime: 180 KeepAliveTimer Expire in 17 seconds, HoldTimer Expire in 135 seconds UpdateSource: Loopback 1...
Basic configuration tasks required for BGP4 • Perform soft-outbound resets (the device updates outgoing route information to neighbors but does not entirely reset the sessions with those neighbors) • Clear BGP4 message statistics • Clear error buffers Peer group parameters You can set all neighbor parameters in a peer group.
Page 376
Basic configuration tasks required for BGP4 The software applies these parameters to each neighbor you add to the peer group. You can override the description parameter for individual neighbors. If you set the description parameter for an individual neighbor, the description overrides the description configured for the peer group.
Optional BGP4 configuration tasks The software also contains an option to end the session with a BGP4 neighbor and clear the routes learned from the neighbor. Unlike this clear option, the option for shutting down the neighbor can be saved in the startup configuration file and can prevent the device from establishing a BGP4 session with the neighbor even after reloading the software.
Optional BGP4 configuration tasks To change the BGP4 update timer value to 15 seconds, for example, enter the update-time command at the BGP configuration level of the CLI. device(config-bgp-router)# update-time 15 Syntax: [no] update-time secs The secs parameter specifies the number of seconds and can be from 0 through 30. The default is 5. The value of 0 permits fast BGP4 convergence for situations such as link-failure or IGP route changes.
Optional BGP4 configuration tasks How Multipath load sharing affects route selection During evaluation of multiple paths to select the best path to a given destination (for installment in the IP route table), the device performs a final comparison of the internal paths. The following events occur when load sharing is enabled or disabled: •...
Optional BGP4 configuration tasks Customizing BGP4 Multipath load sharing By default, when BGP4 Multipath load sharing is enabled, both IBGP and EBGP paths are eligible for load sharing, while paths from different neighboring autonomous systems are not eligible. You can change load sharing to apply only to IBGP or EBGP paths, or to support load sharing among paths from different neighboring autonomous systems.
Optional BGP4 configuration tasks NOTE The exact route must exist in the IP route table before the device can create a local BGP4 route. To configure the device to advertise network 10.157.22.0/24, enter the following command. device(config-bgp-router)# network 10.157.22.0 255.255.255.0 Syntax: [no] network ip-addr ip-mask [route-map map-name] | [weight num] | [backdoor] The ip-addr is the network number and the ip-mask specifies the network mask.
Optional BGP4 configuration tasks NOTE To set the local preference for individual routes, use route maps. To change the default local preference to 200, enter the following command. device(config-bgp)# default-local-preference 200 Syntax: [no] default-local-preference num The num parameter indicates the preference and can be a value from 0 - 4294967295. Using the IP default route as a valid next-hop for a BGP4 route By default, the device does not use a default route to resolve a BGP4 next-hop route.
Page 383
Optional BGP4 configuration tasks The BGP4 route table can contain a route with a next-hop IP address that is not reachable through an IGP route, even though the device can reach a hop farther away through an IGP route. This can occur when the IGPs do not learn a complete set of IGP routes, so the device learns about an internal route through IBGP instead of through an IGP.
Page 384
Optional BGP4 configuration tasks Since the route to the next-hop gateway is a BGP4 route, and not an IGP route, it cannot be used to reach 10.0.0.0/24. In this case, the device tries to use the default route, if present, to reach the subnet that contains the BGP4 route next-hop gateway. device# show ip route 10.0.0.0/24 Total number of IP routes: 37 Network Address...
Optional BGP4 configuration tasks This lookup results in an IGP route that is a directly-connected route. As a result, the BGP4 route destination is now reachable through IGP, which means the BGP4 route can be added to the IP route table. The IP route table with the BGP4 route is shown here. device# show ip route 10.0.0.0/24 Total number of IP routes: 38 Network Address...
Optional BGP4 configuration tasks The external-distance sets the EBGP distance and can be a value from 1 through 255. The internal-distance sets the IBGP distance and can be a value from 1 through 255. The local-distance sets the Local BGP4 distance and can be a value from 1 through 255. Requiring the first AS to be the neighbor AS By default, the Brocade device does not require the first AS listed in the AS_SEQUENCE field of an AS path update message from EBGP neighbors to be the AS of the neighbor that sent the update.
Optional BGP4 configuration tasks device(config-bgp)# neighbor abc remote-as 2 device(config-bgp)# neighbor abc enforce-first-as disable device(config-bgp)# neighbor 192.168.1.2 peer-group abc device(config-bgp)# neighbor 192.168.1.2 enforce-first-as enable Disabling or re-enabling comparison of the AS-Path length AS-Path comparison is Step 5 in the algorithm that BGP4 uses to select the next path for a route. Comparison of the AS-Path length is enabled by default.
Optional BGP4 configuration tasks To enable this comparison, enter the always-compare-med command at the BGP4 configuration level of the CLI. This option is disabled by default. NOTE By default, value 0 (most favorable) is used in MED comparison when the MED attribute is not present. The default MED comparison results in the device favoring route paths that do not have their MEDs.
Page 389
Optional BGP4 configuration tasks for route reflection takes place on the route reflectors. Clients are unaware that they are members of a route reflection cluster. All members of the cluster must be in the same AS. The cluster ID can be any number from 1 - 4294967295, or an IP address. The default is the device ID expressed as a 32-bit number.
Page 390
Optional BGP4 configuration tasks FIGURE 31 A route reflector configuration Support for RFC 4456 Route reflection on Brocade devices is based on RFC 4456. This updated RFC helps eliminate routing loops that are possible in some implementations of the older specification, RFC 1966. These instances include: •...
Optional BGP4 configuration tasks NOTE All configuration for route reflection takes place on the route reflectors, not on the clients. Enter the following commands to configure a Brocade device as route reflector 1. To configure route reflector 2, enter the same commands on the device that will be route reflector 2.
Page 392
Optional BGP4 configuration tasks NOTE Another way to reduce the complexity of an IBGP mesh is to use route reflection. However, if you want to run different Interior Gateway Protocols (IGPs) within an AS, you must configure a confederation. You can run a separate IGP within each sub-AS. To configure a confederation, configure groups of BGP4 devices into sub-autonomous systems.
Page 393
Optional BGP4 configuration tasks devices in the confederation. Thus, devices in other autonomous systems see traffic as coming from AS 10 and are unaware that the devices in AS 10 are subdivided into sub-autonomous systems within a confederation. Configuring a BGP4 confederation To configure a BGP4 configuration, perform these configuration tasks on each BGP4 device within the confederation: •...
Configuring BGP4 restart Configuring BGP4 restart BGP4 restart can be configured for a global routing instance or for a specified Virtual Routing and Forwarding (VRF) instance. The following sections describe how to enable the BGP4 restart feature. BGP4 restart is enabled by default. Configuring BGP4 Restart for the global routing instance Use the following command to enable the BGP4 Restart feature globally on a device.
Configuring BGP4 restart Configuring BGP4 Restart stale routes timer Use the following command to specify the maximum amount of time a helper device will wait for an end-of-RIB message from a peer before deleting routes from that peer. device(config-bgp)# graceful-restart stale-routes-time 120 Syntax: [no] graceful-restart stale-routes-time seconds The seconds variable sets the maximum time before a helper device cleans up stale routes.
Configuring BGP4 restart FIGURE 33 SAMPLE null0 routing application Configuring BGP4 null0 routing The following example configures a null0 routing application to stop denial of service attacks from remote hosts on the Internet. Select a device, for example, device 6, to distribute null0 routes throughout the BGP4 network. To configure a route-map perform the following step.
Page 398
Configuring BGP4 restart Repeat step 3 for all devices interfacing with the Internet (edge corporate devices). In this case, device 2 has the same null0 route as device 1. On device 6, configure the network prefixes associated with the traffic you want to drop. The static route IP address references a destination address.
Page 399
Configuring BGP4 restart The following configuration defines a null0 route to the specific next hop address. The next hop address 10.199.1.1 points to the null0 route, which gets blocked. device(config)# ip route 10.199.1.1/32 null0 device(config)# router bgp device(config-bgp-router)# local-as 100 device(config-bgp-router)# neighbor router1_int_ip address remote-as 100 device(config-bgp-router)# neighbor router3_int_ip address remote-as 100 device(config-bgp-router)# neighbor router4_int_ip address remote-as 100...
Modifying redistribution parameters Device 1 and 2 The show ip route output for device 1 and device 2 shows "drop" under the Port column for the network prefixes you configured with null0 routing device# show ip route Total number of IP routes: 133 Type Codes - B:BGP D:Connected S:Static...
Modifying redistribution parameters Redistributing connected routes To configure BGP4 to redistribute directly connected routes, enter the following command. device(config-bgp-router)# redistribute connected Syntax: [no] redistribute connected [metric num] [route-map map-name] The connected parameter indicates that you are redistributing routes to directly attached devices into BGP4. The metric num parameter changes the metric.
Filtering NOTE The route map you specify must already be configured on the device. NOTE If you use both the redistribute ospf route-map command and the redistribute ospf match internal command, the software uses only the route map for filtering. Redistributing static routes To configure the device to redistribute static routes, enter the following command.
Filtering AS-path filtering You can filter updates received from BGP4 neighbors based on the contents of the AS-path list accompanying the updates. For example, to deny routes that have the AS 10.3.2.1 in the AS-path from entering the BGP4 route table, you can define a filter. The device provides the following methods for filtering on AS-path information: •...
Page 404
Filtering To filter on a specific single-character value, enter the character for the as-path parameter. For example, to filter on AS-paths that contain the letter "z", enter the following command: device(config-bgp-router)# ip as-path access-list acl1 permit z To filter on a string of multiple characters, enter the characters in brackets. For example, to filter on AS-paths that contain "x", "y", or "z", enter the following command.
Filtering TABLE 90 BGP4 special characters for regular expressions (continued) Character Operation For example, the following regular expression matches on "100" but not on "1002", "2100", and so on. _100_ Square brackets enclose a range of single-character patterns. For example, the following regular expression matches on an AS-path that contains "1", "2", "3", "4", or "5": [1-5] You can use the following expression symbols within the brackets.
Page 406
Filtering This format allows you to easily classify community names. For example, a common convention used in community naming is to configure the first string as the local AS and the second string as the unique community within that AS. Using this convention, communities 1:10, 1:20, and 1:30 can be easily identified as member communities of AS 1.
Filtering Defining and applying IP prefix lists An IP prefix list specifies a list of networks. When you apply an IP prefix list to a neighbor, the device sends or receives only a route whose destination is in the IP prefix list. The software interprets the prefix lists in order, beginning with the lowest sequence number. To configure an IP prefix list and apply it to a neighbor, enter commands such as the following.
Filtering Defining neighbor distribute lists A neighbor distribute list is a list of BGP4 address filters or ACLs that filter the traffic to or from a neighbor. To configure a distribute list that uses ACL 1, enter a command such as the following. device(config-bgp)# neighbor 10.10.10.1 distribute-list 1 in This command configures the device to use ACL 1 to select the routes that the device will accept from neighbor 10.10.10.1.
Page 409
Filtering • An IP prefix list • An IP ACL For routes that match all of the match statements, the route map set clauses can perform one or more of the following modifications to the route attributes: • Prepend AS numbers to the front of the route AS-path. By adding AS numbers to the AS-path, you can cause the route to be less preferred when compared to other routes based on the length of the AS-path.
Page 410
Filtering Specifying the match conditions Use the following command to define the match conditions for instance 1 of the route map GET_ONE. This instance compares the route updates against BGP4 address filter 11. device(config-routemap GET_ONE)# match address-filters 11 Syntax: [no] match [ as-path name ] [ community acl exact-match ] | [ ip address acl | prfix-list string ] | [ ip route-source acl | prefix name ] [ metric num ] | [ next-hop address-filter-list ] | [ route-type internal | external-type1 | external-type2 ] [ tag tag-value ] | interface interface interface interface ..
Page 411
Filtering Matching based on community ACL To construct a route map that matches based on community ACL 1, enter the following commands. device(config)# ip community-list 1 permit 123:2 device(config)# route-map CommMap permit 1 device(config-routemap CommMap)# match community 1 Syntax: [no] match community string The string parameter specifies a community list ACL.
Page 412
Filtering Syntax: [no] match ip route-source ACL | prefix-list name The acl and prefix-list name parameters specify the name or ID of an IP ACL, or an IP prefix list. Matching on routes containing a specific set of communities The device can match routes based on the presence of a community name or number in a route. To match based on a set of communities, configure a community ACL that lists the communities, then compare routes against the ACL.
Page 413
Filtering Matching based on interface The match option has been added to the route-map command that distributes any routes that have their next hop out one of the interfaces specified. This feature operates with the following conditions: • The match interface option can only use the interface name (for example ethernet 1/1/2) and not the IP address as an argument.
Page 414
Filtering how high a route penalty can become before the device suppresses the route. The max-suppress-time parameter specifies the maximum number of minutes that a route can be suppressed regardless of how unstable it is. The ip next hop ip-addr parameter sets the next-hop IP address for route that matches a match statement in the route map. The ip next-hop peer-address parameter sets the BGP4 next hop for a route to the neighbor address.
Filtering Setting the next-hop of a BGP4 route To set the next-hop address of a BGP4 route to a neighbor address, enter commands such as the following. device(config)# route-map bgp5 permit 1 device(config-routemap bgp5)# match ip address 1 device(config-routemap bgp5)# set ip next-hop peer-address These commands configure a route map that matches on routes whose destination network is specified in ACL 1, and sets the next hop in the routes to the neighbor address (inbound filtering) or the local IP address of the BGP4 session (outbound filtering).
Filtering To create a route map and identify it as a table map, enter commands such as following. These commands create a route map that uses an address filter. For routes that match the IP prefix list filter, the route map changes the tag value to 100 and is then considered as a table map.
Page 417
Filtering The first two commands configure statements for the IP prefix list Routesfrom1234. The first command configures a statement that denies routes to 10.20.20./24. The second command configures a statement that permits all other routes. Once you configure an IP prefix list statement, all routes not explicitly permitted by statements in the prefix list are denied.
Four-byte Autonomous System Numbers (AS4) NOTE If the device or the neighbor is not configured for cooperative filtering, the command sends a normal route refresh message. Displaying cooperative filtering information You can display the following cooperative filtering information: • The cooperative filtering configuration on the device. •...
Four-byte Autonomous System Numbers (AS4) The system uses a hierarchy to prioritize the utilization of the AS4 capability. The prioritization depends on the CLI configuration commands. AS4s can be enabled and configured at the level of a neighbor, a peer group, or globally for the entire device, according to the following bottom-up hierarchy: •...
Page 420
Four-byte Autonomous System Numbers (AS4) The consequences of choosing between the enable or disable keyword are reflected in the output of the show running configuration command. Peer group configuration of AS4s To enable AS4s for a peer group, use the capability keyword with the neighbor command in the BGP4 configuration context, as the following example for the Peergroup_1 peer group illustrates.
Page 421
Four-byte Autonomous System Numbers (AS4) Route-map set commands and AS4s You can prepend an AS4 number to an autonomous system path or make the autonomous system number a tag attribute for a route map as shown here. device(config-routemap test)# set as-path prepend 7701000 Syntax: [no] set as-path prepend num,num , ...
Page 422
Four-byte Autonomous System Numbers (AS4) NOTE Use soft-outbound only if the outbound policy is changed. The soft-outbound parameter updates all outbound routes by applying the new or changed filters. However, the device sends to the neighbor only the existing routes that are affected by the new or changed filters.The soft out parameter updates all outbound routes and then sends the entire BGP4 route table on the device to the neighbor after the device changes or excludes the routes affected by the filters.
BGP4 AS4 attribute errors To activate asdot+ notation, enter as-format asdot+ in the CLI. device(config)# as-format asdot+ device(config)# show ip bgp Total number of BGP Routes: 1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, S stale Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop...
Configuring route flap dampening Configuring route flap dampening A route flap is a change in the state of a route, from up to down or down to up. A route state change causes changes in the route tables of the devices that support the route. Frequent route state changes can cause Internet instability and add processing overhead to the devices that support the route.
Configuring route flap dampening The half-life parameter specifies the number of minutes after which the penalty for a route becomes half its value. The route penalty allows routes that have remained stable for a period despite earlier instability to eventually become eligible for use again. The decay rate of the penalty is proportional to the value of the penalty.
Configuring route flap dampening In this example, the first command globally enables route flap dampening. This route map does not contain any match or set clauses. At the BGP4 configuration level, the dampening route-map command refers to the DAMPENING_MAP_ENABLE route map created by the first command, thus enabling dampening globally.
Configuring route flap dampening The regular-expression regular-expression parameter is a regular expression. Regular expressions are the same ones supported for BGP4 AS-path filters. The address mask parameters specify a particular route. If you also use the optional longer-prefixes parameter, all statistics for routes that match the specified route or have a longer prefix than the specified route are displayed.
Generating traps for BGP4 Generating traps for BGP4 You can enable and disable SNMP traps for BGP4. BGP4 traps are enabled by default. To enable BGP4 traps after they have been disabled, enter the following command. device(config)# snmp-server enable traps bgp Syntax: [no] snmp-server enable traps bgp Use the no form of the command to disable BGP4 traps.
Entering and exiting the address family configuration level TABLE 92 IPv4 BGP4 commands for different configuration levels (continued) Command Global (iPv4 and IPv6) IPv4 address family unicast log-dampening-debug maxas-limit maximum-paths med-missing-as-worst multipath neighbor network next-hop-enable-default next-hop-recursion redistribute rib-route-limit show static-network table-map timers update-time...
BGP route reflector BGP route reflector A BGP device selects a preferred BGP4 route for a specific prefix learned from multiple peers by using the BGP best path selection algorithm, and installs the BGP4 route in the Routing Table Manager (RTM). The BGP device marks the preferred BGP4 route as the best route, and advertises the route to other BGP4 neighbors.
Page 431
BGP route reflector Enter the rib-route-limit command to set the maximum number of BGP4 rib routes that can be installed in the RTM. device(config-bgp)# rib-route-limit 500 Syntax: rib-route-limit decimal The decimal variable specifies the maximum number of BGP4 rib routes that can be installed in the RTM. The user may enter any number for the decimal variable for the rib-route-limit command.
Specifying a maximum AS path length not enabled, the status field displays only the default letter "E", as displayed for BGP4 route 10.12.0.0/24. The letter "B" or "b" is missing from the Status field. NOTE The description of the status "b: NOT-INSTALLED-BEST" has changed. The status description for "b: NOT-INSTALLED- BEST"...
Specifying a maximum AS path length When you configure maxas-limit in , the behavior of the device changes to first check the length of the AS paths in the UPDATE messages and then to apply the inbound policy. If the AS path exceeds the configured length, then the device performs the following actions: •...
BGP4 max-as error messages By default, neighbors or peer groups have no configured maximum values. The range is 0 - 300. The disable keyword is used to stop a neighbor from inheriting the configuration from the peer-group or global and to the use system default value. To configure a peer group named "PeerGroup1"...
Configuring a static BGP4 network NOTE It is recommended that you change the default to IGP cost only in mixed-vendor environments, and that you change it on all Brocade devices in the environment. To change the route cost default from BGP MED to IGP cost, enter a command such as the following: device(config-bgp)# install-igp-cost Syntax: [no] install-igp-cost Use the no form of the command to revert to the default of BGP MED.
Configuring a static BGP4 network Limiting advertisement of a static BGP4 network to selected neighbors You can control the advertisement of a static BGP4 network to BGP4 neighbors that are configured as Service Edge Devices. When this feature is configured for a BGP4 neighbor, static BGP4 network routes that are installed in the routing table as DROP routes are not advertised to that neighbor.
Page 437
Configuring a static BGP4 network When a route filter is changed (created, modified or deleted) by a user, the filter change notification will be sent to all relevant protocols, so that protocols can take appropriate actions. For example if BGP4 is using a route-map (say MapX) to control the routes advertised to a particular peer, the change of route-map (MapX) will cause BGP4 to re-evaluate the advertised routes, and make the appropriate advertisements or withdrawals according to the new route-map policy.
Generalized TTL Security Mechanism support Generalized TTL Security Mechanism support The device supports the Generalized TTL Security Mechanism (GTSM) as defined in RFC 3682. GTSM protects the device from attacks of invalid BGP4 control traffic that is sent to overload the CPU or hijack the BGP4 session. GTSM protection applies to EBGP neighbors only.
Page 439
Displaying BGP4 information The show ip bgp summary command output has the following limitations: • If a BGP4 peer is not configured for an address-family, the peer information is not displayed. • If a BGP4 peer is configured for an address-family but not negotiated for an address-family after the BGP4 peer is in the established state, the show ip bgp summary command output shows (NoNeg ) at the end of the line for this peer.
Page 440
Displaying BGP4 information TABLE 94 show ip bgp summary output descriptions (continued) This field Displays BGP4 process. A minus sign (-) indicates that the session has gone down and the software is clearing or removing routes. • ADMND - The neighbor has been administratively shut down. •...
Displaying BGP4 information TABLE 94 show ip bgp summary output descriptions (continued) This field Displays • If soft reconfiguration is not enabled, this field shows the number of BGP4 routes that have been filtered out. Sent The number of BGP4 routes the device has sent to the neighbor. ToSend The number of routes the device has queued to advertise and withdraw to a neighbor.
Page 442
Displaying BGP4 information If BGP4 peer is configured for an address-family, it will display the same as in previous releases. To display summary neighbor information, enter a command such as the following at any level of the CLI. device# show ip bgp neighbor 192.168.4.211 routes-summary IP Address: 192.168.4.211 Routes Accepted/Installed:1, Filtered/Kept:11,...
Displaying BGP4 information TABLE 95 show ip bgp neighbors route-summary output descriptions (continued) This field Displays • AS Loop - An AS loop occurred. An AS loop occurs when the BGP4 AS-path attribute contains the local AS number. • maxas-limit aspath - The number of route entries discarded because the AS path exceeded the configured maximum length or exceeded the internal memory limits.
Page 445
Displaying BGP4 information • not-installed-best - Displays the routes received from the neighbor that are the best BGP4 routes to their destinations, but were not installed in the IP route table because the device received better routes from other sources (such as OSPF, RIP, or static IP routes).
Page 446
Displaying BGP4 information TABLE 96 show ip bgp neighbor output descriptions (continued) Field Information displayed NOTE If the state frequently changes between CONNECT and ACTIVE, there may be a problem with the TCP connection. • OPEN SENT - BGP4 is waiting for an Open message from the neighbor.
Page 447
Displaying BGP4 information TABLE 96 show ip bgp neighbor output descriptions (continued) Field Information displayed Messages Received The number of messages this device has received from the neighbor. The message types are the same as for the Message Sent field. Last Update Time Lists the last time updates were sent and received for the following: •...
Page 448
Displaying BGP4 information TABLE 96 show ip bgp neighbor output descriptions (continued) Field Information displayed Notification Sent If the device receives a NOTIFICATION message from the neighbor, the message contains an error code corresponding to one of the following errors. Some errors have subcodes that clarify the reason for the error. Where applicable, the subcode messages are listed underneath the error code messages.
Page 449
Displaying BGP4 information TABLE 96 show ip bgp neighbor output descriptions (continued) Field Information displayed • CLOSING - Waiting for a connection termination request acknowledgment from the remote TCP. • LAST-ACK - Waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
Page 450
Displaying BGP4 information • The Routing Information Base (RIB) for a specific network advertised to the neighbor. You can display the RIB regardless of whether the device has already sent it to the neighbor. Displaying advertised routes To display the routes the device has advertised to a specific neighbor for a specific network, enter a command such as the following at any level of the CLI.
Displaying BGP4 information Displaying the Adj-RIB-Out for a neighbor To display the current BGP4 Routing Information Base (Adj-RIB-Out) for a specific neighbor and a specific destination network, enter a command such as the following at any level of the CLI. device# show ip bgp neighbor 192.168.4.211 rib-out-routes 192.168.1.0/24 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH...
Displaying BGP4 information TABLE 97 show ip bgp routes output descriptions This field Displays Total number of BGP4 routes (NLRIs) Installed Number of BGP4 routes the device has installed in the BGP4 route table. Distinct BGP4 destination networks Number of destination networks the installed routes represent. The BGP4 route table can have multiple routes to the same network.
Page 453
Displaying BGP4 information Syntax: show ip bgp routes [ [ network ] ip-addr ] | num | [ age secs ] | [ as-path-access-list num ] | [ best ] | [ cidr-only ] | [ community num | no-export | no-advertise | internet | local-as ] | [ community-access-list num ] | [ community-list num | [ detail option ] | [ filter- list num,num,..
Page 454
Displaying BGP4 information Displaying the best BGP4 routes To display all the BGP4 routes in the device’s BGP4 route table that are the best routes to their destinations, enter a command such as the following at any level of the CLI device# show ip bgp routes best Searching for matching routes, use ^C to quit...
Page 455
Displaying BGP4 information S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop Metric LocPrf Weight Status 10.8.8.0/24 192.168.5.1 AS_PATH: 65001 4355 1 Syntax: show ip bgp routes unreachable Displaying information for a specific route To display BGP4 network information by specifying an IP address within the network, enter a command such as the following at any level of the CLI.
Page 456
Displaying BGP4 information TABLE 98 show ip bgp route output descriptions (continued) This field Displays Weight The value that this device associates with routes from a specific neighbor. For example, if the device receives routes to the same destination from two BGP4 neighbors, the device prefers the route from the neighbor with the larger weight.
Page 457
Displaying BGP4 information Displaying route details This example shows the information displayed when you use the detail option. In this example, the information for one route is shown. device# show ip bgp routes detail 2 Number of BGP Routes matching display condition : 1 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE...
Page 458
Displaying BGP4 information TABLE 99 show ip bgp routes detail output descriptions (continued) This field Displays NOTE If the "m" is lowercase, the software was not able to install the route in the IP route table. • S - SUPPRESSED. This route was suppressed during aggregation and thus is not advertised to neighbors.
Displaying BGP4 information Displaying BGP4 route-attribute entries The route-attribute entries table lists the sets of BGP4 attributes stored in device memory. Each set of attributes is unique and can be associated with one or more routes. In fact, the device typically has fewer route attribute entries than routes. To display the IP route table, enter the following command.
Displaying BGP4 information TABLE 100 show ip bgp attribute-entries output descriptions (continued) This field Displays NOTE Information loss under these circumstances is a normal part of BGP4 and does not indicate an error. Local Pref The degree of preference for routes that use these attributes relative to other routes in the local AS.
Displaying BGP4 information The regular-expressionregular-expression parameter is a regular expression. The regular expressions are the same ones supported for BGP4 AS-path filters. The address mask parameters specify a particular route. If you also use the optional longer-prefixes parameter, all statistics for routes that match the specified route or have a longer prefix than the specified route are displayed.
Displaying BGP4 information This example shows that the running configuration contains six route maps. Notice that the match and set statements within each route map are listed beneath the command for the route map itself. In this simplified example, each route map contains only one match or set statement.
Page 463
Displaying BGP4 information 65536 65537 65538 65539 75000 Syntax: show ip bgp Current AS numbers To display current AS numbers, use the show ip bgp neighbors command at any level of the CLI. device# show ip bgp neighbors neighbors Details on TCP and BGP neighbor connections Total number of BGP Neighbors: 1 IP Address: 192.168.1.1, AS: 7701000 (IBGP), RouterID: 192.168.1.1, VRF: default-vrf State: ESTABLISHED, Time: 0h3m33s, KeepAliveTime: 60, HoldTime: 180...
Page 464
Displaying BGP4 information TABLE 102 show ip bgp neighbors output descriptions (continued) Field Description State Shows the state of the device session with the neighbor. The states are from the device’s perspective of the session, not the neighbor’s perspective. The state can be one of the following values: •...
Page 465
Displaying BGP4 information TABLE 102 show ip bgp neighbors output descriptions (continued) Field Description Last Update Time Shows the list of last time updates were sent and received for the following: • NLRIs • Withdraws Last Connection Reset Reason Shows the reason for ending the previous session with this neighbor. The reason can be one of the following: •...
Page 466
Displaying BGP4 information TABLE 102 show ip bgp neighbors output descriptions (continued) Field Description • Open Message Error – Unsupported Version – Bad Peer AS – Bad BGP Identifier – Unsupported Optional Parameter – Authentication Failure – Unacceptable Hold Time –...
Page 467
Displaying BGP4 information TABLE 102 show ip bgp neighbors output descriptions (continued) Field Description • FIN-WAIT-1 - Waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent. • FIN-WAIT-2 - Waiting for a connection termination request from the remote TCP.
Page 468
Displaying BGP4 information Attribute entries Use the show ip bgp attribute-entries command to see AS4 path values, as the following example illustrates. device# show ip bgp attribute-entries Total number of BGP Attribute Entries: 18 (0) Next Hop :192.168.1.6 MED :1 Origin:INCOMP Originator:0.0.0.0 Cluster List:None...
Displaying BGP4 information Syntax: as-format asdot device# as-format asdot+ device# show ip bgp Total number of BGP Routes: 1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, S stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path...
Page 470
Displaying BGP4 information This command enables soft reconfiguration for updates received from 10.10.200.102. The software dynamically resets the session with the neighbor, then retains all route updates from the neighbor following the reset. Syntax: [no] neighbor ip-addr | peer-group-name soft-reconfiguration inbound NOTE The syntax related to soft reconfiguration is shown.
Displaying BGP4 information If you also use the optional longer-prefixes parameter, then all statistics for routes that match the specified route or have a longer prefix than the specified route are displayed. For example, if you specify 10.157.0.0 longer, then all routes with the prefix 10.157 or that have a longer prefix (such as 10.157.22) are displayed.
Page 472
Displaying BGP4 information • RFC 2918, which describes the dynamic route refresh capability The dynamic route refresh capability is enabled by default and cannot be disabled. When the device sends a BGP4 OPEN message to a neighbor, the device includes a Capability Advertisement to inform the neighbor that the device supports dynamic route refresh. NOTE The option for dynamically refreshing routes received from a neighbor requires the neighbor to support dynamic route refresh.
Displaying BGP4 information NOTE The Brocade device does not automatically update outbound routes using a new or changed outbound policy or filter when a session with the neighbor goes up or down. Instead, the device applies a new or changed policy or filter when a route is placed in the outbound queue (Adj-RIB-Out).To place a new or changed outbound policy or filter into effect, you must enter a clear ip bgp neighbor command regardless of whether the neighbor session is up or down.
Clearing traffic counters If you make changes to filters or route maps and the neighbor does not support dynamic route refresh, use the following methods to ensure that neighbors contain only the routes you want them to contain: • If you close a neighbor session, the device and the neighbor clear all the routes they learned from each other. When the device and neighbor establish a new BGP4 session, they exchange route tables again.
Clearing diagnostic buffers The all , ip-addr , peer-group-name , and as-num parameters specify the neighbor. The ip-addr parameter specifies a neighbor by its IP interface with the device. The peer-group-name specifies all neighbors in a specific peer group. The as-num parameter specifies all neighbors within the specified AS.
IPv6 unicast address family client-to-client-reflection Configure client to client route reflection cluster-id Configure Route-Reflector Cluster-ID community-filter Configure community list filters compare-routerid Compare router-id for identical BGP paths confederation Configure AS confederation parameters dampening Enable route-flap dampening default-information-originate default-local-preference Configure default local preference value default-metric Set metric of redistributed routes distance...
BGP4+ peer groups network Specify a network to announce via BGP next-hop-enable-default Enable default route for BGP next-hop lookup next-hop-recursion Perform next-hop recursive lookup for BGP route redistribute Redistribute information from another routing protocol table-map Map external entry attributes into routing table update-time Configure igp route update interval...
BGP4+ next hop recursion BGP4+ next hop recursion A device can find the IGP route to the next-hop gateway for a BGP4+ route. For each BGP4+ route learned, the device performs a route lookup to obtain the IPv6 address of the next hop for the route. A BGP4+ route is eligible for addition in the IPv6 route table only if the following conditions are true: •...
BGP4+ multipath BGP4+ route reflection A BGP device can act as a route-reflector client or as a route reflector. You can configure a BGP peer as a route-reflector client from the device that is going to reflect the routes and act as the route reflector using the neighbor route-reflector-client command. When there is more than one route reflector, they should all belong to the same cluster.
Route maps • IGP metric to BGP next hop Route maps Route maps must be applied to IPv6 unicast address prefixes in IPv6 address family configuration mode. By default, route maps that are applied under IPv4 address family configuration mode using the neighbor route-map command are applied to only IPv4 unicast address prefixes.
Configuring BGP4+ BGP4+ extended community The BGP4+ extended community feature filters routes based on a regular expression specified when a route has multiple community values in it. A BGP community is a group of destinations that share a common property. Community information identifying community members is included as a path attribute in BGP UPDATE messages.
Configuring BGP4+ Configuring BGP4+ neighbors using global IPv6 addresses BGP4+ neighbors can be configured using global IPv6 addresses. Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the router bgp command to enable BGP routing. device(config)# router bgp Enter the local-as command to configure the autonomous system number (ASN) in which your device resides.
Configuring BGP4+ Enter the neighbor ipv6-address update-source command to specify an interface. device(config-bgp-router)# neighbor fe80:4398:ab30:45de::1 update-source ethernet 1/3/1 Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode. device(config-bgp-router)# address-family ipv6 unicast Enter the neighbor ipv6-address activate command to enable the exchange of information with the neighbor.
Configuring BGP4+ Enter the neighbor peer-group-name peer-group command to create a peer group. device(config-bgp-router)# neighbor mypeergroup1 peer-group Enter the neighbor peer-group-name remote-as command to specify the ASN of the peer group. device(config-bgp-router)# neighbor mypeergroup1 remote-as 11 Enter the neighbor ipv6-address peer-group command to associate a neighbor with the peer group. device(config-bgp-router)# neighbor 2001:2018:8192::125 peer-group mypeergroup1 Enter the neighbor ipv6-address peer-group command to associate a neighbor with the peer group.
Configuring BGP4+ Enter the neighbor ipv6-address peer-group command to associate a neighbor with the peer group. device(config-bgp-router)# neighbor 2001:2018:8192::124 peer-group p1 Enter the neighbor ip address peer-group command to associate a neighbor with the peer group. device(config-bgp-router)# neighbor 10.0.0.1 peer-group p1 Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode.
Configuring BGP4+ Advertising the default BGP4+ route A BGP device can be configured to advertise the default IPv6 route to all BGP4+ neighbors and to install that route in the local BGP4+ route table. The default route must be present in the local IPv6 route table. Enter the configure terminal command to access global configuration mode.
Configuring BGP4+ The following example enables a BGP4+ device to advertise the default IPv6 route to a specific neighbor. device# configure terminal device(config)# router bgp device(config-bgp-router)# local-as 1000 device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# neighbor 2001:db8:93e8:cc00::1 default-originate Using the IPv6 default route as a valid next hop for a BGP4+ route In certain cases, such as when a device is acting as an edge device, it can be configured to use the default route as a valid next hop.
Configuring BGP4+ Enter the next-hop-recursion command to enable recursive next hop lookups. device(config-bgp-ipv6u)# next-hop-recursion The following example enables recursive next hop lookups. device# configure terminal device(config)# router bgp device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# next-hop-recursion Configuring a cluster ID for a route reflector The cluster ID can be changed if there is more than one route reflector, so that all route reflectors belong to the same cluster.
Configuring BGP4+ Enter the neighbor ipv6-address route-reflector-client command to configure a specified neighbor to be a route reflector client. device(config-bgp-ipv6u)# neighbor 2001:db8:e0ff:783a::4 route-reflector-client The following example configures a neighbor with the IPv6 address 2001:db8:e0ff:783a::4 to be a route reflector client. device# configure terminal device(config)# router bgp device(config-bgp-router)# local-as 1000...
Configuring BGP4+ Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode. device(config-bgp-router)# address-family ipv6 unicast Do one of the following: • Enter the maximum-paths command and specify a value to set the maximum number of BGP4+ shared paths. •...
Configuring BGP4+ Enter the router bgp command to enable BGP routing. device(config)# router bgp Enter the local-as command to configure the autonomous system number (ASN) in which your device resides. device(config-bgp-router)# local-as 1000 Enter the neighbor ipv6-address remote-as command to specify the ASN in which the remote neighbor resides. device(config-bgp-router)# neighbor fe80:4398:ab30:45de::1 remote-as 1001 Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode.
Configuring BGP4+ The following example redistributes RIPng prefixes into BGP4+. device# configure terminal device(config)# router bgp device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# redistribute rip Configuring BGP4+ outbound route filtering The BGP4+ Outbound Route Filtering (ORF) prefix list capability can be configured in receive mode, send mode, or both send and receive modes, minimizing the number of BGP updates exchanged between BGP peers.
Configuring BGP4+ Enter the ip community-list extended command using the permit keyword to configure a BGP community ACL. device(config)# ip community-list extended 1 permit ^[1-2]23 Enter the route-map name command to create and define a route map and enter route map configuration mode. device(config)# route-map ComRmap permit 10 Enter the match community command and specify a community list name.
Configuring BGP4+ Enter the set local-preference command and specify a value to set a BGP local-preference path attribute. device(config-route-map-ComRmap)# set local-preference 200 Enter the router bgp command to enable BGP routing. device(config)# router bgp Enter the local-as command to configure the autonomous system number (ASN) in which your device resides. device(config-bgp-router)# local-as 1000 Enter the neighbor ipv6-address remote-as command to specify the ASN in which the remote neighbor resides.
Configuring BGP4+ Enter the router bgp command to enable BGP routing. device(config)# router bgp (Optional) Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode. device(config-bgp-router)# address-family ipv6 unicast Enter the no graceful restart command to disable graceful restart at the IPv6 address family configuration level. device(config-bgp-ipv6u))# no graceful-restart In the following example, the graceful restart feature is disabled at the IPv6 address family configuration level.
Page 499
Configuring BGP4+ Do any of the following: • Enter the graceful-restart command using the purge-time keyword to overwrite the default purge-time value. device(config-bgp-ipv6u)# graceful-restart purge-time 300 • Enter the graceful-restart command using the restart-time keyword to overwrite the default restart-time advertised to graceful restart-capable neighbors.
Configuring BGP4+ Disabling the BGP AS_PATH check function A device can be configured so that the AS_PATH check function for routes learned from a specific location is disabled, and routes that contain the recipient BGP speaker's AS number are not rejected. Enter the configure terminal command to access global configuration mode.
Page 501
Configuring BGP4+ Enter the show ipv6 bgp attribute-entries command. device# show ipv6 bgp attribute-entries Total number of BGP Attribute Entries: 2 Next Hop : 2001::1 Origin:IGP Originator:0.0.0.0 Cluster List:None Aggregator:AS Number :0 Router-ID:0.0.0.0 Atomic:None Local Pref:1 Communities:Internet AS Path : (length 0) Address: 0x1205c75c Hash:268 (0x01000000) Links: 0x00000000, 0x00000000...
Page 502
Configuring BGP4+ Enter the show ipv6 bgp routes command. device# show ipv6 bgp routes Total number of BGP Routes: 6 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop LocPrf Weight Status 57:7000:3:22:abc:1::/128 2001:700:122:57::57 AS_PATH: 7000 322...
Configuring BGP4+ Enter the show ipv6 bgp routes command, using the local keyword. device# show ipv6 bgp routes local Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop LocPrf Weight Status 131::1/128 32768 AS_PATH:...
Page 504
Configuring BGP4+ Enter the show ipv6 bgp neighbors advertised-routes command. device# show ipv6 bgp neighbor 2001:db8::10 advertised-routes There are 7 routes advertised to neighbor 2001:db8::10 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST E:EBGP I:IBGP L:LOCAL Prefix Next Hop LocPrf Weight Status fd80:122:122:122:101:101:0:122/128 2001:122:122::122 AS_PATH: fd80:122:122:122:103:103:0:122/128 2001:122:122::122...
Configuring BGP4+ Enter the show ipv6 bgp neighbors rib-out-routes command. device# show ipv6 bgp neighbors 2001:db8::10 rib-out-routes There are 150 RIB_out routes for neighbor 2001:db8::10 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST E:EBGP I:IBGP L:LOCAL Prefix Next Hop LocPrf Weight Status fd80:122:122:122:101:101:0:122/128 AS_PATH: fd80:122:122:122:103:103:0:122/128 AS_PATH: fd80:122:122:122:105:105:0:122/128...
Page 506
Configuring BGP4+ The following example reactivates all suppressed BGP4+ routes and verifies that there are no suppressed routes. device(config-bgp-router)# exit device(config)# exit device# show ipv6 bgp dampened-paths device# clear ipv6 bgp dampening device# show ipv6 bgp dampened-paths FastIron Ethernet Switch Layer 3 Routing 53-1003627-04...
VRRP and VRRP-E • Overview..........................................507 • VRRP and VRRP-E overview..................................507 • Comparison of VRRP and VRRP-E............................... 513 • VRRP and VRRP-E parameters................................514 • Basic VRRP parameter configuration..............................518 • Basic VRRP-E parameter configuration...............................526 • Additional VRRP and VRRP-E parameter configuration.......................528 •...
Page 508
VRRP and VRRP-E overview FIGURE 34 Router 1 is the Host1 default gateway but is a single point of failure Router 1 is the host default gateway out of the subnet. If this interface goes down, Host1 is cut off from the rest of the network. Router 1 is thus a single point of failure for Host1’s access to other networks.
VRRP and VRRP-E overview FIGURE 35 Router 1 and Router 2 configured as VRRP virtual routers for redundant network access for Host1 The dashed box represents a VRRP virtual router. When you configure a virtual router, one of the configuration parameters is the virtual router ID (VRID), which can be a number from 1 through 255.
Page 510
VRRP and VRRP-E overview When you configure a VRID, the software automatically assigns its MAC address. When a VRID becomes active, the Master router broadcasts a gratuitous ARP request containing the virtual router MAC address for each IP address associated with the virtual router. In VRRP overview on page 507, Switch 1 sends a gratuitous ARP request with MAC address 00-00-5E-00-01-01 and IP address 192.53.5.1.
Page 511
VRRP and VRRP-E overview The Backup routers wait for a period of time called the dead interval for a Hello message from the Master. If a Backup router does not receive a Hello message by the time the dead interval expires, the Backup router assumes that the Master router is dead and negotiates with the other Backup routers to select a new Master router.
VRRP and VRRP-E overview Suppression of RIP advertisements for backed-up interfaces The Brocade implementation also enhances VRRP by allowing you to configure the protocol to suppress RIP advertisements for the backed-up paths from Backup routers. Normally, a VRRP Backup router includes route information for the interface it is backing up in RIP advertisements.
Comparison of VRRP and VRRP-E • VRID's MAC address – VRRP uses the source MAC address as a virtual MAC address defined as 00-00-5E-00-01--vrid , where vrid is the VRID. The Master owns the virtual MAC address. – VRRP-E uses the MAC address of the interface as the source MAC address. The MAC address is hash-value-vrid , where hash-value is a two-octet hashed value for the IP address and vrid is the VRID.
VRRP and VRRP-E parameters VRRP-E VRRP-E is a Brocade protocol that provides the benefits of VRRP without the limitations. VRRP-E is unlike VRRP in the following ways: • There is no "Owner" router. You do not need to use an IP address configured on one of the Layer 3 switches as the virtual router ID (VRID), which is the address you are backing up for redundancy.
Page 515
VRRP and VRRP-E parameters TABLE 103 VRRP and VRRP-E parameters (continued) Parameter Description Default protocol does not activate the Layer 3 switch for VRRP or VRRP-E. You must activate the switch as a VRRP or VRRP-E router after you configure the VRRP or VRRP-E parameters.
Page 516
VRRP and VRRP-E parameters TABLE 103 VRRP and VRRP-E parameters (continued) Parameter Description Default NOTE Authentication is not supported for VRRP v3. Router type Whether the router is an Owner or a Backup. VRRP - The Owner is always the router that has the real IP address used by the VRID.
Page 517
VRRP and VRRP-E parameters TABLE 103 VRRP and VRRP-E parameters (continued) Parameter Description Default The message interval can be from 60 through 3600 seconds. You must enable the Advertise backup to send the messages. The messages are disabled by default on Backups. The current Master (whether the VRRP Owner or a Backup) sends Hello messages by default.
Basic VRRP parameter configuration TABLE 103 VRRP and VRRP-E parameters (continued) Parameter Description Default directly forward packets to their destinations through interfaces on the Backup router if it is the shortest path to the destination. Note regarding disabling VRRP or VRRP-E NOTE Disabling VRRP or VRRP-E is supported by IPv4 VRRP v2, and IPv6 VRRP and IPv6 VRRP-E v3.
Basic VRRP parameter configuration Enabling an owner VRRP device This task is performed on the device that is designated as the owner VRRP device because the IP address of one of its physical interfaces is assigned as the IP address of the virtual router. For example, Router 1 is the owner VRRP device In the diagram below. For each VRRP session there are master and backup routers, the owner router is elected, by default, as the master router.
Basic VRRP parameter configuration Assign Router 1 to the virtual router ID (VRID) 1. device(conf-if-e1000-1/1/6)# ip vrrp vrid 1 NOTE You can assign a VRID number in the range of 1 through 255. Designate this router as the VRRP owner device. device(conf-if-e1000-1/1/6-vrid-1)# owner Configure the VRRP version.
Basic VRRP parameter configuration Configure the ethernet interface link for the owner device. device(config)# interface ethernet 1/1/5 Configure the IPv6 address of the interface. device(config-if-e1000-1/1/5)# ipv6 address 3013::2/64 Assign the owner device to the virtual router ID (VRID) 2. device(conf-if-e1000-1/1/5)# ipv6 vrrp vrid 2 NOTE You can assign a VRID number in the range of 1 through 255.
Page 522
Basic VRRP parameter configuration Globally enable the VRRP protocol. device(config)# router vrrp Configure the ethernet interface link. device(config)# interface ethernet 1/1/5 Configure the IP address of the interface for Router 2. All devices configured for the same virtual router ID (VRID) must be on the same subnet.
Basic VRRP parameter configuration By default, backup VRRP devices do not send hello messages to advertise themselves to the master. Use the following command to enable a backup router to send hello messages to the master VRRP device. device(conf-if-e1000-1/1/4-vrid-1)# advertise backup Assign the IPv6 link-local address to the VRID for use in the local network.
Basic VRRP parameter configuration Enabling the v2 checksum computation method in a VRRPv3 IPv4 session Configuring an alternate VRRPv2-style checksum in a VRRPv3 IPv4 session for compatibility with third-party network devices. VRRPv3 uses the v3 checksum computation method by default for both IPv4 and IPv6 sessions on Brocade devices. Third-party devices may only have a VRRPv2-style checksum computation available for a VRRPv3 IPv4 session.
Basic VRRP-E parameter configuration The following example shows the configuration of accept mode on an IPv6 Backup router. Brocade(config)# interface ve 3 Brocade(config-vif-3)# ipv6 vrrp vrid 2 Brocade(config-vif-3-vrid-2)# backup Brocade(config-vif-3-vrid-2)# advertise backup Brocade(config-vif-3-vrid-2)# ipv6-address 2001:DB8::1 Brocade(config-vif-3-vrid-2)# accept-mode Brocade(config-vif-3-vrid-2)# activate Configuration considerations for IPv6 VRRP and IPv6 VRRP-E support on Brocade devices Consider the following when enabling IPv6 VRRP mode and IPv6 VRRP-E mode on Brocade devices: •...
Basic VRRP-E parameter configuration Configuring IPv4 VRRP-E VRRP-E is configured at the interface level. To implement a simple IPv4 VRRP-E configuration using all the default values, enter commands such as the following on each Layer 3 switch. Brocade(config)#router vrrp-extended Brocade(config)#interface ethernet 1/1/5 Brocade(config-if-1/1/5)#ip-address 192.53.5.3 Brocade(config-if-1/1/5)#ip vrrp-extended vrid 1 Brocade(config-if-1/1/5-vrid-1)#backup...
Additional VRRP and VRRP-E parameter configuration VRRP and VRRP-E authentication types This section describes VRRP and VRRP-E authentication parameters. Configuring authentication type The Brocade implementation of VRRP and VRRP-E supports the following authentication types for authenticating VRRP and VRRP-E traffic: •...
Additional VRRP and VRRP-E parameter configuration The key variable is the MD5 encryption key, which can be up to 64 characters long. The optional 0 or1 parameters configure whether the MD5 password is encrypted, as follows: • If you do not enter this parameter and enter the key as clear text, the key appears encrypted in the device configuration and command outputs.
Additional VRRP and VRRP-E parameter configuration Configuring Router 1 as VRRP VRID Owner To configure Router1 as a VRRP VRID Owner, enter the following commands. Router1(config)# interface ethernet 1/1/6 Router1(config)# ip address 10.1.1.1/24 Router1(config-if-1/1/6)# ip vrrp vrid 1 Router1(config-if-1/1/6-vrid-1)# owner Router1(config-if-1/1/6-vrid-1)# ip-address 10.1.1.1 Router1(config-if-1/1/6-vrid-1)# activate Configuring Router 2 as VRRP Backup...
Additional VRRP and VRRP-E parameter configuration Suppressing RIP advertisements for the backed-up interface in Router 2 To suppress RIP advertisements for the backed-up interface in Router 2, enter the following commands. device Router2(config)#router rip device Router2(config-rip-router)#use-vrrp-path Syntax: use-vrrp-path The syntax is the same for VRRP and VRRP-E. Hello interval configuration The Master periodically sends Hello messages to the Backup routers.
Additional VRRP and VRRP-E parameter configuration Dead interval configuration The dead interval is the number of seconds a Backup router waits for a Hello message from the Master before determining that the Master is dead. When Backup routers determine that the Master is dead, the Backup with the highest priority becomes the new Master. If the value for the dead interval is not configured, then the current dead interval is equal to three times the Hello interval plus the Skew time (where Skew time is equal to (256 - priority) divided by 256).
Additional VRRP and VRRP-E parameter configuration To configure interface 1/1/6 on Router 1 to track interface 1/2/4, enter the following commands. Router1(config)# interface ethernet 1/1/6 Router1(config-if-1/1/6)# ip vrrp vrid 1 Router1(config-if-1/1/6-vrid-1)# track-port ethernet 1/2/4 Syntax: track-port ethernet [ unitnum/slotnum/portnum | ve num ] The syntax is the same for VRRP and VRRP-E.
Additional VRRP and VRRP-E parameter configuration To disable preemption on a Backup, enter commands such as the following. device Router1(config)#interface ethernet 1/1/6 device Router1(config-if-1/1/6)#ip vrrp vrid 1 device Router1(config-if-1/1/6-vrid-1)#non-preempt-mode Syntax: [no] non-preempt-mode The syntax is the same for VRRP and VRRP-E. Changing the timer scale NOTE Changing the timer scale is supported for IPv4 VRRP v2, IPv4 VRRP-E v2, and IPv6 VRRP-E v3.
Additional VRRP and VRRP-E parameter configuration VRRP-E slow start timer In a VRRP-E configuration, if a Master router goes down, the Backup router with the highest priority takes over after expiration of the dead interval. When the original Master router comes back up again, it takes over from the Backup router (which became the Master router when the original Master router went down).
Page 537
Additional VRRP and VRRP-E parameter configuration • Although it is not required, it is recommended that interfaces on different routers with the same VRID have the same SPF configuration. This ensures that the SPF behavior is retained after a failover. Different VRIDs, however, can have different SPF configurations.
Page 538
Additional VRRP and VRRP-E parameter configuration device (config-vif-10-vrid-10)# ip-address 10.10.10.254 device (config-vif-10-vrid-10)# short-path-forwarding device (config-vif-10-vrid-10)# activate Syntax: no short-path-forwarding [ revert-priority value ] The revert-priority value parameter uses the priority value as the threshold to determine whether the short-path forwarding (SPF) behavior is effective.
Forcing a Master router to abdicate to a Backup router Suppressing default interface-level RA messages on an IPv6 VRRP or VRRP-E interface You should have a valid IPv6 VRRP or VRRP-E configured on the interface. By default, all IPv6-enabled interfaces send IPv6 Router Advertisement (RA) messages. If you configure an IPv6 VRRP/VRRP-E instance on an interface, the VRRP or VRRP-E instance also sends its IPv6 RA messages for the virtual IPv6 address on the same interface with the same source address.
Accept mode for backup VRRP devices To verify the change, enter the following command from any level of the CLI. device# show ip vrrp Total number of VRRP routers defined: 1 Interface ethernet 1/1/6 auth-type simple text password VRID 3 state backup administrative-status enabled version v3...
Page 541
Accept mode for backup VRRP devices NOTE The accept mode functionality does not support ssh packets. On the device designated as a backup VRRP device, from privileged EXEC mode, enter configuration mode by issuing the configure terminal command. device# configure terminal Globally enable the VRRP protocol.
Displaying VRRP and VRRP-E information Verify that accept mode is enabled. device# show ip vrrp vrid 1 Interface 1/1/5 ---------------- auth-type no authentication VRID 1 (index 1) interface 1/1/5 state master administrative-status enabled version v2 mode non-owner (backup) virtual mac aaaa.bbbb.cccc (configured) priority 110 current priority 110 track-priority 2...
Displaying VRRP and VRRP-E information The vrid num option specifies the virtual router ID. Enter a value from 1 through 255. Displaying summary information To display summary information for a Layer 3 switch for VRRP, enter the show ip vrrp brief command at any level of the CLI. device# show ip vrrp brief Total number of VRRP routers defined: 1 Interface VRID CurPri P State Master addr...
Displaying VRRP and VRRP-E information TABLE 105 Output description for VRRP or VRRP-E summary information (continued) Field Description configured on the other routers and that the routers can communicate with each other. NOTE If the state is Init and the mode is incomplete, make sure you have specified the IP address for the VRID.
Page 545
Displaying VRRP and VRRP-E information The following example is for an IPv6 VRRP Backup. device# show ipv6 vrrp Total number of VRRP routers defined: 26 Interface ethernet ve52 auth-type no authentication VRID 52 state backup administrative-status enabled version v3 mode non-owner(backup) priority 101 current priority 20 track-priority 20...
Page 546
Displaying VRRP and VRRP-E information The table shows a description of the output for the show ip vrrp and show ip vrrp-extended commands. TABLE 106 Output description for VRRP-E detailed information Field Description Total number of VRRP (or VRRP-Extended) routers defined The total number of VRIDs configured on this Layer 3 switch.
Page 547
Displaying VRRP and VRRP-E information TABLE 106 Output description for VRRP-E detailed information (continued) Field Description current priority The current VRRP, VRRP v3, VRRP-E, or IPv6 VRRP-E priority of this Layer 3 switch for the VRID. The current priority can differ from the configured priority (refer to the priority field) for the following reason: The current priority can differ from the configured priority in the VRID if the VRID is configured with track ports and the link on a tracked interface...
Page 548
Displaying VRRP and VRRP-E information TABLE 106 Output description for VRRP-E detailed information (continued) Field Description NOTE Hello messages from Backups are disabled by default. You must enable the Hello messages on the Backup for the Backup to advertise itself to the current Master. backup router ip-addr expires in time The IP addresses of Backups that have advertised themselves to this Master by sending Hello messages.
Page 549
Displaying VRRP and VRRP-E information mode non-owner(backup) priority 100 current priority 100 hello-interval 1000 msec dead-interval 0 msec current dead-interval 3600 msec preempt-mode true ip-address 10.1.1.5 virtual mac address 0000.0000.0102 advertise backup: disabled next hello sent in 00:00:01.0 To display information about the settings configured for a specified IPv6 VRRP VRID, enter the show ipv6 vrrp vrid command. device#show ipv6 vrrp vrid 1 VRID 1 Interface ethernet 5...
Displaying VRRP and VRRP-E information TABLE 107 show ip vrrp vrid output description (continued) Field Description current dead interval The current value of the dead interval. This value is equal to the value configured for the dead interval. If the value for the dead interval is not configured, then the current dead interval is equal to three times the Hello interval plus Skew time (where Skew time is equal to 256 minus priority divided by 256).
Page 551
Displaying VRRP and VRRP-E information The following example displays the output of the show ipv6 vrrp-extended stat ve command: device# show ipv6 vrrp-extended stat ve 30 Interface ethernet v30 rxed vrrp header error count = 0 rxed vrrp auth error count = 0 rxed vrrp auth passwd mismatch error count = 0 rxed vrrp vrid not found error count = 0 VRID 11...
Page 552
Displaying VRRP and VRRP-E information TABLE 108 Output field descriptions (continued) Field Description backup advertisements received The number of VRRP backup advertisement packets received for a VRID on a specific interface. total number of vrrp packets sent The number of VRRP or VRRP-E advertisement packets sent by this router for a VRID on a specific interface.
Displaying VRRP and VRRP-E information To display a summary of the IPv6 VRRP-E v3 statistics on a device, enter the following command at any level of the CLI: device# show ipv6 vrrp-extended statistics Total number of ipv6 VRRP-Extended routers defined: 2 RX master adv TX master adv RX backup adv...
Configuration examples Configuration examples The following sections contain the CLI commands for implementing VRRP and VRRP-E configurations. VRRP example To implement the VRRP configuration shown in "VRRP Overview," use the following method. Configuring Switch 1 To configure VRRP Switch 1, enter the following commands. Switch1(config)# router vrrp Switch1(config)# interface ethernet 1/1/6 Switch1(config-if-1/1/6)# ip address 192.53.5.1...
Configuration examples Syntax: ip vrrp vridvrid Syntax: owner [ track-priorityvalue] Syntax: backup [ priorityvalue][track-priorityvalue] Syntax: track-port ethernet [ unitnum/slotnum/portnum | ve num ] Syntax: ip-address ip-addr Syntax: activate VRRP-E example To implement the VRRP-E configuration shown in "VRRP-E Overview," use the following CLI method. Configuring Switch 1 To configure VRRP Switch 1 in "VRRP-E Overview,"...
Page 556
Configuration examples The backup command specifies that this router is a VRRP-E Backup for virtual router VRID1. The IP address entered with the ip- address command is the same IP address as the one entered when configuring Switch 1. In this case, the IP address cannot also exist on Switch 2, but the interface on which you are configuring the VRID Backup must have an IP address in the same subnet.
Multi-VRF • Multi-VRF overview....................................... 557 • Configuring Multi-VRF....................................563 Multi-VRF overview Virtual Routing and Forwarding (VRF) allows routers to maintain multiple routing tables and forwarding tables on the same router. A Multi-VRF router can run multiple instances of routing protocols with a neighboring router with overlapping address spaces configured on different VRF instances.
Page 558
Multi-VRF overview FIGURE 38 Example high-level Multi-VRF topology A Multi-VRF instance can be configured on any of the following: • Platforms that support untagged physical ports - Applies only to FastIron SX series chassis-based systems, the Brocade ICX 7750, and the Brocade ICX 7450; untagged physical ports are not supported on the Brocade ICX 6610, ICX 6650, and FCX series.
Multi-VRF overview • Configure a Route Distinguisher (RD) for new VRF instances. • Configure an IPv4 or IPv6 Address Family (AF) for new VRF instances. • Configure routing protocols for new Multi-VRF instances. • Assign VRF instances to Layer 3 interfaces. FastIron considerations for Multi-VRF When a VRF is configured, a warning message specifies that any configuration existing on the interface is deleted.
Page 560
Multi-VRF overview TABLE 111 Default and maximum system-max values related to Multi-VRF (continued) System Parameter Default Maximum ip6-route 2884 ip-vrf ip-route-default-vrf 12000 15168 ip6-route-default-vrf 2884 ip-route-vrf 1024 15168 ip6-route-vrf 2884 The following table lists the configuration limits for the system-max command. TABLE 112 Configuration limits for system-max Configuration FCX / ICX...
Multi-VRF overview Reload required. Please write memory and then reload or power cycle. device# • To modify the IPv4 partition after modifying the ip-route-default-vrf value: device(config)# system-max ip-route 10000 ip-route and ip6-route values changed. ip-route: 10000 ip6-route: 1408 Warning: Please reconfigure system-max for ip-route-default-vrf and ip-route-vrf (if required). Reload required.
Multi-VRF overview associated with an ARP entry determines which VRF the ARP entry belongs to. However, the additional management involved in adding and maintaining static ARP cache entries must also be taken into account. An ARP entry is defined by the following parameters: •...
Configuring Multi-VRF IP Source Guard You can use IP Source Guard (IPSG) together with DAI on untrusted ports. The Brocade implementation of the IP Source Guard feature supports configuration on a port, on specific VLAN memberships on a port (for Layer 2 devices only), and on specific ports on a virtual Ethernet (VE) interface (for Layer 3 devices only).
Configuring Multi-VRF Change the maximum number of routes, save the configuration, and reload the device. device(config)# system-max ip-route-default-vrf 10000 Total max configured ipv4 routes are 12000 - Max ipv4 routes configured for default VRF are 10000 - Max ipv4 routes available for all non-default VRFs are 2000 Warning: Please revalidate these values to be valid for your configuration.
Configuring Multi-VRF Repeat the previous step on the corresponding interface on the peer device. Configuring a VRF instance Do the following to configure a VRF instance. A device can be configured with more than one VRF instance. You should define each VRF instance before assigning the VRF to a Layer 3 interface.
Configuring Multi-VRF (Optional) Configure the VRF to ensure that essential OSPF neighbor state changes are logged, especially in the case of errors. device(config-ospf-router-vrf-corporate)# log adjacency Assigning a Layer 3 interface to a VRF The following example illustrates how a virtual Ethernet (VE) interface is assigned to a VRF, and how IP addresses and the OSPF protocol are configured.
Configuring Multi-VRF Assigning a loopback interface to a VRF Do the following to assign a loopback interface to a nondefault VRF. Because a loopback interface is always available as long as the device is available, it allows routing protocol sessions to stay up even if the outbound interface is down.
Configuring Multi-VRF To verify all configured VRFs in detail mode, enter the show vrf detail command, as in the following example. device# show vrf detail Total number of VRFs configured: 2 VRF green, default RD 1:1, Table ID 1 IP Router-Id: 1.1.1.1 Interfaces: Use "show vrf green"...
Configuring Multi-VRF Configuring static ARP for Multi-VRF The interface associated with an ARP entry determines to which VRF the ARP entry belongs. An ARP entry is defined by the following parameters: • IP address • MAC address • Type • Interface The following example illustrates how to configure static ARP on default VRFs on an Ethernet interface.
Page 570
Configuring Multi-VRF To configure proxy ARP on a Layer 3 Ethernet interface: device(config)# int e1000 1/7/1 device(config-if-e1000-1/7/1)# local-proxy-arp To configure ARP rate limiting globally: device(config)# rate-limit-arp To configure ARP rate limiting on a Layer 3 Ethernet interface for an aging timeout of 20 minutes: device(config)# int e1000 1/7/1 device(config-if-e1000-1/7/1)# ip arp-age 20 FastIron Ethernet Switch Layer 3 Routing...
Multi-Chassis Trunking • Layer 3 behavior with MCT..................................571 Layer 3 behavior with MCT The following table lists the type of Layer 3 support available with MCT. TABLE 114 Layer 3 Feature Support with MCT Feature Sub-feature Session VLAN VE Member VLAN VE Design Philosophy access-group Only features that are relevant...
Layer 3 behavior with MCT TABLE 114 Layer 3 Feature Support with MCT (continued) Feature Sub-feature Session VLAN VE Member VLAN VE Design Philosophy IPv6 is not supported on member VLAN VE. a.) *ICL: The ICL port is added as default whenever a CCEP is in OIF. The data traffic received from the ICL port is filtered out by a dynamically programmed egress filter on the CCEPs.
Layer 3 behavior with MCT FIGURE 39 Configuration for Layer 3 unicast Layer 3 traffic forwarding towards MCT clients Traffic destined to the MCT clients follows normal IP routing. By default, the best route should not involve the ICL link. Only when the local CCEP is down is traffic rerouted to pass over the ICL.
Layer 3 behavior with MCT VRRP/VRRP-E and VRRP-E2 SPF should be enabled, if required. If VRRP is deployed or VRRP-E is deployed without the short path forwarding feature on the VRRP-E backup, it is likely that almost fifty percent of CCEP to CEP traffic (and as much as a hundred percent of traffic in the worst case) can pass through the ICL from the backup to the master device.
Layer 3 behavior with MCT In such a deployment, the MCT clients and the devices behind them form separate protocol adjacencies with each MCT cluster device. These multiple L3 next hops can be utilized by deploying ECMP on the MCT client device. NOTE The MCT failover will not be a hitless one for layer 3 traffic since each MCT cluster device forms an independent adjacency.
Layer 3 behavior with MCT • IP addresses on the MCT management interface should not be used for static configurations on neighboring devices. • For MCT devices configured with VRRP or VRRP-E, track-port features can be enabled to track the link status to the core devices on the VRRP master, so the VRRP or VRRP-E failover can be triggered and on the VRRP backup, so as to disable short path forwarding when it loses its relevance •...
Page 577
Layer 3 behavior with MCT router-interface ve 1000 vlan 1001 name MCT-Keep-Alive by port tagged ethernet 1/1/3 interface ve 1000 ip address 10.0.0.254 255.255.255.252 cluster FI-MCT 1750 rbridge-id 801 session-vlan 1000 keep-alive-vlan 1001 icl FI_SWR-MCT ethernet 1/1/1 peer 10.0.0.253 rbridge-id 800 icl FI_SWR-MCT deploy client S1-SW rbridge-id 777...
Page 578
Layer 3 behavior with MCT S1-SW configuration This example presents the configuration for the S1-SW device. lag lag_s1_sw static id 60 ports ethe 1/1/1 to 1/1/2 primary-port 1/1/1 deploy vlan 110 by port tagged ethe 1/1/1 to 1/1/2 router-interface ve 110 interface ve 110 ip address 10.110.0.1 255.255.255.0 MCT configuration with VRRP-E...
Page 579
Layer 3 behavior with MCT Router B - VRRP-E configuration This example presents the VRRP-E configuration for the RouterB cluster device. router vrrp-extended interface ve 110 port-name S1-SW ip address 10.110.0.252 255.255.255.0 ip vrrp-extended vrid 110 backup ip-address 10.110.0.254 short-path-forwarding enable MCT Configuration with OSPF The following examples describe sample MCT configurations with OSPF.
Page 580
Layer 3 behavior with MCT S1-SW configuration This example presents the configuration for the S1-SW device. lag lag_s1_sw static id 60 ports ethernet 1/1/1 to 1/1/2 primary-port 1/1/1 deploy vlan 110 by port tagged ethernet 1/1/1 to 1/1/2 router-interface ve 110 router ospf area 0 interface ve 110...
Layer 3 behavior with MCT SWRB - BGP configuration This example presents the BGP configuration for the SWRB cluster device. interface ve 110 ip address 10.110.0.252 255.255.255.0 router bgp local-as 100 neighbor 10.110.0.253 remote-as 100 neighbor 10.110.0.1 remote-as 100 S1-SW configuration This example presents the configuration for the S1-SW device.
Page 582
Layer 3 behavior with MCT • If it is not, the packet ingress port will be an ICL port. In the following figures, P1 and P2 are MCT peers and R1 is the MCT client. P1, P2 and R1 are configured with PIM on the MCT VE interface.
Page 583
Layer 3 behavior with MCT Join or prune exchange and mcache state: • As receivers are connected to R1, R1 creates *,G state and sends a join state towards RP and sends it on the MCT LAG. This join, like any other packet, is received by only one of the MCT peers. •...
Page 584
Layer 3 behavior with MCT • P2 due to its *,G state originates a join towards RP. This join is flooded on the MCT VLAN and R1 creates *,G state. • P1 on receiving this join natively via ICL creates *,G state and adds ICL as OIF. Note that as a special case P1 will not include the *,G in the join it generates towards RP as in this case the IIF is CCEP and ICL is the only OIF and the remote CCEP is up.
Page 585
Layer 3 behavior with MCT Limitations These are the limitations for MCT peers to support intermediate router functionality. These limitations are due to load-sharing and fast convergence trade-offs. • PIM-DM is not supported. • Few packets may be lost during convergence interval or forwarding duplication may happen. •...
Page 586
Layer 3 behavior with MCT This example shows the configuration of an MCT cluster, MCT member VLAN with router interface (VE), PIM configuration over MCT member VE on MCT Peer 1. cluster cs 10 rbridge-id 1000 session-vlan 4 keep-alive-vlan 5 icl MCT ethernet 1/1/1 peer 5.5.5.100 rbridge-id 4000 icl MCT deploy...
Page 587
Layer 3 behavior with MCT This example shows the configuration of an MCT cluster, MCT member VLAN with router interface (VE), PIM configuration over MCT member VE on MCT Peer 2. cluster cs 10 rbridge-id 4000 session-vlan 4 keep-alive-vlan 5 icl MCT ethernet 2/1/1 peer 5.5.5.10 rbridge-id 1000 icl MCT deploy...
Unicast Reverse Path Forwarding feasibility • uRPF should not be configured on devices where group-VE, tunnel keep-alive packets, or OpenFlow is configured. • Counters or logging information is unavailable for uRPF hits. • After enabling reverse path check, you must reload the device for uRPF to be programmed. •...
System-max changes and uRPF TABLE 115 unicast Reverse Path Forwarding Feasibility (continued) ECMP route Default route lookup Device Configurable mode Non-Tunneled Tunneled supported control (Interface configuration) Loose mode (Interface configuration) NOTE For the Strict mode (interface configuration), if the number of ECMP paths for a route is more than 8, then the hardware will apply loose mode check for the SIP check, even if the interface is configured as strict mode.
Need help?
Do you have a question about the FastIron SX 800 and is the answer not in the manual?
Questions and answers