HPE 5800 Series Configuration Manual
  1. Manuals
  2. Brands
  3. HPE Manuals
  4. Switch
  5. 5800 Series
  6. Configuration manual
HPE 5800 Series Configuration Manual

HPE 5800 Series Configuration Manual

Layer 3 - ip routing
Hide thumbs Also See for 5800 Series:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Installation Manual
HPE 5820X & 5800 Switch Series
Layer 3 - IP Routing

Configuration Guide

Part number: 5998-7389R
Software version: Release 1810
Document version: 6W100-20160129

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 5800 Series and is the answer not in the manual?

Questions and answers

Related Manuals for HPE 5800 Series

Summary of Contents for HPE 5800 Series

  • Page 1: Configuration Guide

    HPE 5820X & 5800 Switch Series Layer 3 - IP Routing Configuration Guide Part number: 5998-7389R Software version: Release 1810 Document version: 6W100-20160129...
  • Page 2 © Copyright 2016 Hewlett Packard Enterprise Development LP The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

  • Page 3: Table Of Contents

    Contents IP routing basics ····························································································· 1 Overview ···························································································································································· 1 Routing table ·············································································································································· 1 Dynamic routing protocols ·························································································································· 2 Route preference ······································································································································· 2 Load sharing ·············································································································································· 3 Route backup ············································································································································· 3 Route recursion ·········································································································································· 3 Route redistribution ···································································································································· 3 Displaying and maintaining a routing table ········································································································ 3 Configuring static routing ················································································...
  • Page 4 Configuring RIPv2 message authentication ····························································································· 32 Specifying a RIP neighbor ························································································································ 32 Configuring RIP-to-MIB binding ··············································································································· 32 Configuring the RIP packet sending rate ································································································· 33 Configuring RIP FRR ······································································································································· 33 Configuring BFD for RIP ·································································································································· 34 Configuring single-hop echo detection mode ··························································································· 34 Configuring bidirectional control detection mode ·····················································································...
  • Page 5 Specifying the LSA arrival interval ··········································································································· 73 Specifying the LSA generation interval ···································································································· 73 Disabling interfaces from receiving and sending OSPF packets ····························································· 74 Configuring stub routers ··························································································································· 74 Configuring OSPF authentication ············································································································· 75 Adding the interface MTU into DD packets ······························································································ 75 Configuring the maximum number of external LSAs in LSDB ·································································...
  • Page 6 Configuring IS-IS route summarization ·································································································· 129 Advertising a default route ····················································································································· 130 Configuring IS-IS route redistribution ····································································································· 130 Configuring IS-IS route filtering ·············································································································· 131 Configuring IS-IS route leaking ·············································································································· 131 Tuning and optimizing IS-IS networks ··········································································································· 132 Configuration prerequisites ···················································································································· 132 Specifying intervals for sending IS-IS hello and CSNP packets ····························································...
  • Page 7 Controlling route distribution and reception ··································································································· 188 Configuring BGP route summarization ··································································································· 188 Advertising a default route to a peer or peer group ················································································ 189 Configuring BGP route distribution/reception filtering policies ······························································· 189 Enabling BGP and IGP route synchronization ······················································································· 192 Limiting prefixes received from a peer or peer group ·············································································...
  • Page 8 Understanding RIPng ····························································································································· 251 Packet format ········································································································································· 251 RIPng packet processing procedure ······································································································ 252 Protocols and standards ························································································································ 253 RIPng configuration task list ·························································································································· 253 Configuring RIPng basic functions ················································································································· 253 Configuration prerequisites ···················································································································· 254 Configuration procedure ························································································································· 254 Configuring RIPng route control ····················································································································· 254 Configuring an additional routing metric ·································································································...
  • Page 9 Configuring GR Restarter ······················································································································· 280 Configuring GR Helper ··························································································································· 280 Configuring BFD for OSPFv3 ························································································································· 281 Applying IPsec policies for OSPFv3 ·············································································································· 281 Displaying and maintaining OSPFv3 ············································································································· 283 OSPFv3 configuration examples ··················································································································· 284 OSPFv3 area configuration example ····································································································· 284 OSPFv3 DR election configuration example ··························································································...
  • Page 10 Enabling 4-byte AS number suppression ······························································································· 330 Setting the DSCP value for IPv6 BGP packets ······················································································ 330 Configuring the maximum number of ECMP routes ··············································································· 330 Enabling MD5 authentication for TCP connections ················································································ 331 Applying an IPsec policy to an IPv6 BGP peer or peer group ································································ 331 Configuring a large-scale IPv6 BGP network ·································································································...
  • Page 11 Interface PBR configuration example (based on packet type) ······························································· 372 IPv4 PBR configuration example (using a QoS policy) ·········································································· 374 IPv6 PBR configuration example (using a QoS policy) ·········································································· 375 Document conventions and icons ······························································· 377 Conventions ··················································································································································· 377 Network topology icons ·································································································································· 378 Support and other resources ······································································...

  • Page 12: Ip Routing Basics

    IP routing basics Overview The term "interface" in the routing features collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). IP routing directs IP packet forwarding on routers based on a routing table.

  • Page 13: Dynamic Routing Protocols

    • Pre—Preference of the route. Among routes to the same destination, the one with the highest preference is optimal. • Cost—If multiple routes to a destination have the same preference, the one with the smallest cost becomes the optimal route. •...

  • Page 14: Load Sharing

    Routing approach Preference IS-IS Static route OSPF ASE OSPF NSSA IBGP EBGP Unknown (route from an untrusted source) Load sharing A routing protocol may find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing. Static routing, IPv6 static routing, RIP/RIPng, OSPF/OSPFv3, BGP/IPv6 BGP, and IS-IS/IPv6 IS-IS support ECMP load sharing.
  • Page 15 Task Command Remarks display ip routing-table [ vpn-instance vpn-instance-name ] Display routing table information. Available in any view. [ verbose ] [ | { begin | exclude | include } regular-expression ] display ip routing-table Display routes matching an IPv4 [ vpn-instance vpn-instance-name ] acl Available in any view.
  • Page 16 Task Command Remarks display ipv6 routing-table [ vpn-instance vpn-instance-name ] Display IPv6 routes with ipv6-address1 prefix-length1 destination addresses in an IPv6 Available in any view. ipv6-address2 prefix-length2 [ verbose ] address range. [ | { begin | exclude | include } regular-expression ] display ipv6 routing-table [ vpn-instance vpn-instance-name ]...

  • Page 17: Configuring Static Routing

    Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work properly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.

  • Page 18: Configuring Bfd For Static Routes

    Step Command Remarks Optional. Delete all static To delete one static delete [ vpn-instance vpn-instance-name ] routes, including route, use the undo static-routes all the default route. ip route-static command. Configuring BFD for static routes BFD provides a general-purpose, standard, medium-, and protocol-independent fast failure detection mechanism.

  • Page 19: Bfd Echo Mode

    BFD echo mode With BFD echo packet mode enabled for a static route, the output interface sends BFD echo packets to the destination device, which loops the packets back to test the link reachability. IMPORTANT: • Enabling BFD for a flapping route could worsen the situation. •...

  • Page 20: Configuration Prerequisites

    As shown in Figure 1, upon a link failure, FRR designates a backup next hop by using a routing policy for routes matching the specified criteria. Packets are directed to the backup next hop to avoid traffic interruption. Configuration prerequisites Create a routing policy to be referenced by FRR and use the apply fast-reroute backup-interface command to specify a backup next hop in the routing policy.
  • Page 21 Figure 2 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure static routes: # Configure a default route on Switch A. <SwitchA> system-view [SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2 # Configure two static routes on Switch B. <SwitchB>...

  • Page 22: Bfd For Static Routes Configuration Example (Direct Next Hop)

    Destinations : 10 Routes : 10 Destination/Mask Proto Cost NextHop Interface 1.1.2.0/24 Static 60 1.1.4.1 Vlan500 1.1.3.0/24 Static 60 1.1.5.6 Vlan600 1.1.4.0/30 Direct 0 1.1.4.2 Vlan500 1.1.4.2/32 Direct 0 127.0.0.1 InLoop0 1.1.5.0/30 Direct 0 1.1.5.5 Vlan600 1.1.5.5/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0...
  • Page 23 Figure 3 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int10 12.1.1.1/24 Switch B Vlan-int10 12.1.1.2/24 Vlan-int11 10.1.1.102/24 Vlan-int13 13.1.1.1/24 Switch C Vlan-int11 10.1.1.100/24 Vlan-int13 13.1.1.2/24 Configuration procedure Configure IP addresses for the interfaces. (Details not shown.) Configure static routes and BFD: # Configure static routes on Switch A and enable BFD control mode for the static route that traverses the Layer 2 switch.

  • Page 24: Bfd For Static Routes Configuration Example (Indirect Next Hop)

    <SwitchA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr State Holdtime Interface 12.1.1.1 12.1.1.2 2000ms Vlan10 The output shows that the BFD session has been created. # Display static routes on Switch A. <SwitchA>...
  • Page 25 between Switch A and Switch B through Switch D fails, BFD can detect the failure immediately and Switch A and Switch B can communicate through Switch C. Figure 4 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int10 12.1.1.1/24 Switch B...
  • Page 26 [SwitchC] ip route-static 120.1.1.0 24 vlan-interface 13 13.1.1.1 [SwitchC] ip route-static 121.1.1.0 24 vlan-interface 11 10.1.1.102 # Configure static routes on Switch D. <SwitchD> system-view [SwitchD] ip route-static 120.1.1.0 24 vlan-interface 12 11.1.1.1 [SwitchD] ip route-static 121.1.1.0 24 vlan-interface 10 12.1.1.1 Verify the configuration.

  • Page 27: Static Route Frr Configuration Example

    Static route FRR configuration example Network requirements Figure 5 shows that Switch S, Switch A, and Switch D are interconnected through static routes. Configure static route FRR so that when Link A fails, traffic can be switched to Link B immediately. Figure 5 Network diagram Configuration procedure Configure IP addresses for the interfaces on each switch.
  • Page 28 [SwitchD-route-policy] quit [SwitchD] ip route-static fast-reroute route-policy frr Verify the configuration: # Display route 4.4.4.4/32 on Switch S to view the backup next hop information. [SwitchS] display ip routing-table 4.4.4.4 verbose Routing Table : Public Summary Count : 1 Destination: 4.4.4.4/32 Protocol: Static Process ID: 0 Preference: 60...

  • Page 29: Configuring A Default Route

    Configuring a default route A default route is used to forward packets that match no entry in the routing table. Without a default route, a packet that does not match any routing entries is discarded. Default route can be configured in either of the following ways: •...

  • Page 30: Configuring Rip

    Configuring RIP This chapter describes how to configure RIP. Overview RIP is a simple interior gateway protocol mainly used in small-sized networks, such as academic networks and simple LANs. It is not applicable to complex networks. RIP has been widely used because it is easy to implement, configure, and maintain. Understanding RIP RIP is a distance vector (D-V) routing protocol, using UDP packets for exchanging information through port 520.

  • Page 31: Versions

    Routing loops prevention RIP is a distance vector routing protocol. Because a RIP router advertises its own routing table to neighbors, routing loops may occur. RIP uses the following mechanisms to prevent routing loops: • Counting to infinity—Metric value of 16 is defined as unreachable. When a routing loop occurs, the metric value of the route increments to 16.
  • Page 32 RIPv1 message format Figure 6 RIPv1 message format • Command—Type of message. A value of 1 indicates request, which is used to request all or part of the routing information from the neighbor. A value of 2 indicates response, which contains all or part of the routing information.

  • Page 33: Supported Features

    Figure 8 RIPv2 authentication message Command Version Unused 0xFFFF Authentication type Authentication (16 octets) • Authentication type—A value of 2 represents simple authentication. A value of 3 represents MD5 authentication. RFC 1723 defines only plain text authentication. For MD5 authentication information, see RFC 2453.

  • Page 34: Rip Configuration Task List

    RIP configuration task list Task Remarks Configuring RIP basic functions Required Configuring an additional routing metric Optional Configuring RIPv2 route summarization Optional Disabling host route reception Optional Configuring RIP route Advertising a default route Optional control Configuring inbound or outbound route filtering Optional Configuring a priority for RIP Optional...

  • Page 35: Configuring The Interface Behavior

    • RIP configurations made in interface view before enabling RIP take effect after RIP is enabled. • To enable RIP on all interfaces, use the command network 0.0.0.0. • If a physical interface is attached to multiple networks, you cannot advertise these networks in different RIP processes.

  • Page 36: Setting The Dscp Value For Rip Packets

    version is configured, the interface sends RIPv1 broadcasts, and receives RIPv1 broadcasts and RIPv1 unicasts, and RIPv2 broadcasts, multicasts, and unicasts. To configure a RIP version: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Optional.

  • Page 37: Configuring An Additional Routing Metric

    • Configure RIP basic functions. Configuring an additional routing metric An additional routing metric (hop count) can be added to the metric of an inbound or outbound RIP route. If the outbound additional metric is added to the metric of a sent route, the route's metric in the routing table is not changed.

  • Page 38: Disabling Host Route Reception

    Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Disable RIPv2 automatic By default, the function is undo summary route summarization. enabled. Return to system view. quit interface interface-type Enter interface view. interface-number rip summary-address Advertise a summary route.

  • Page 39: Configuring Inbound Or Outbound Route Filtering

    Step Command Remarks Optional. Enable RIP to advertise a default-route { only | originate } default route. [ cost cost ] Not enabled by default. Return to system view. quit interface interface-type Enter interface view. interface-number Optional. rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] |...

  • Page 40: Configuring Rip Route Redistribution

    Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Optional. preference [ route-policy Configure a priority for RIP. route-policy-name ] value 100 by default. Configuring RIP route redistribution If a router runs RIP and other routing protocols, you can configure RIP to redistribute OSPF, IS-IS, BGP, static, or direct routes.

  • Page 41: Configuring Split Horizon And Poison Reverse

    Step Command Remarks Optional. timers { garbage-collect The default update timer, timeout garbage-collect-value | suppress timer, suppress timer, and Configure values for RIP suppress-value | timeout garbage-collect timer are 30 timers. timeout-value | update seconds, 180 seconds, 120 update-value } * seconds, and 120 seconds, respectively.

  • Page 42: Enabling Zero Field Check On Incoming Ripv1 Messages

    Step Command Remarks rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Optional. Configure the maximum maximum load-balancing By default, the maximum number number of ECMP routes. number of ECMP routes is 8. Enabling zero field check on incoming RIPv1 messages Some fields in the RIPv1 message must be zero.

  • Page 43: Configuring Ripv2 Message Authentication

    Configuring RIPv2 message authentication In a network requiring high security, you can configure this task to implement RIPv2 message validity check and authentication. This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can specify an authentication mode for RIPv1 in interface view, the configuration does not take effect.

  • Page 44: Configuring The Rip Packet Sending Rate

    Step Command Remarks Optional. Bind RIP to MIB. rip mib-binding process-id By default, MIB is bound to RIP process 1. Configuring the RIP packet sending rate RIP periodically sends routing information in RIP packets to RIP neighbors. To guarantee device performance and prevent excessive use of bandwidth, specify the maximum number of RIP packets that can be sent at a proper interval.

  • Page 45: Configuring Bfd For Rip

    • Do not use RIP FRR and BFD (for RIP) at the same time. Otherwise, RIP FRR may fail to take effect. • RIP FRR is available only when the state of primary link (with Layer 3 interfaces staying up) changes from bidirectional to unidirectional or down.

  • Page 46: Displaying And Maintaining Rip

    To configure BFD for RIP (bidirectional detection in BFD control packet mode): Step Command Remarks Enter system view. system-view Create a RIP process and rip [ process-id ] [ vpn-instance By default, RIP is disabled. enter RIP view. vpn-instance-name ] By default, RIP does not unicast Specify a RIP neighbor.

  • Page 47: Rip Configuration Examples

    RIP configuration examples Configuring RIP version Network requirements As shown in Figure 10, enable RIPv2 on all interfaces on Switch A and Switch B. Figure 10 Network diagram Configuration procedure Configure IP address for interfaces. (Details not shown.) Configure basic RIP functions: # Configure Switch A.

  • Page 48: Configuring Rip Route Redistribution

    [SwitchB-rip-1] undo summary # Display the RIP routing table on Switch A. [SwitchA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------------------- Peer 192.168.1.2 on Vlan-interface100 Destination/Mask Nexthop...
  • Page 49 # Enable RIP 100 and RIP 200 and specify RIPv2 on Switch B. <SwitchB> system-view [SwitchB] rip 100 [SwitchB-rip-100] network 11.0.0.0 [SwitchB-rip-100] version 2 [SwitchB-rip-100] undo summary [SwitchB-rip-100] quit [SwitchB] rip 200 [SwitchB-rip-200] network 12.0.0.0 [SwitchB-rip-200] version 2 [SwitchB-rip-200] undo summary [SwitchB-rip-200] quit # Enable RIP 200 and specify RIPv2 on Switch C.

  • Page 50: Configuring An Additional Metric For A Rip Interface

    127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure a filtering policy to filter redistributed routes: # Define ACL 2000 and reference it to a filtering policy to filter routes redistributed from RIP 100 on Switch B, making the route not advertised to Switch C. [SwitchB] acl number 2000 [SwitchB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [SwitchB-acl-basic-2000] rule permit...
  • Page 51 [SwitchA] rip 1 [SwitchA-rip-1] network 1.0.0.0 [SwitchA-rip-1] version 2 [SwitchA-rip-1] undo summary [SwitchA-rip-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] rip 1 [SwitchB-rip-1] network 1.0.0.0 [SwitchB-rip-1] version 2 [SwitchB-rip-1] undo summary # Configure Switch C. <SwitchC> system-view [SwitchB] rip 1 [SwitchC-rip-1] network 1.0.0.0 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary...

  • Page 52: Configuring Rip To Advertise A Summary Route

    1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 The output shows that only one RIP route reaches network 1.1.5.0/24, with the next hop as Switch B (1.1.1.2) and a cost of 2. Configuring RIP to advertise a summary route Network requirements As shown in...
  • Page 53 <SwitchC> system-view [SwitchC] ospf [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit Configure RIP basic functions: # Configure Switch C. [SwitchC] rip 1 [SwitchC-rip-1] network 11.3.1.0 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary # Configure Switch D. <SwitchD>...

  • Page 54: Configuring Rip Frr

    Destinations : 7 Routes : 7 Destination/Mask Proto Cost NextHop Interface 10.0.0.0/8 11.3.1.1 Vlan300 11.3.1.0/24 Direct 0 11.3.1.2 Vlan300 11.3.1.2/32 Direct 0 127.0.0.1 InLoop0 11.4.1.0/24 Direct 0 11.4.1.2 Vlan400 11.4.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0...
  • Page 55 [SwitchD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [SwitchD] route-policy frr permit node 10 [SwitchD-route-policy] if-match ip-prefix abc [SwitchD-route-policy] apply fast-reroute backup-interface vlan-interface 101 backup-nexthop 24.24.24.2 [SwitchD-route-policy] quit [SwitchD] rip 1 [SwitchD-rip-1] fast-reroute route-policy frr [SwitchD-rip-1] quit Verify the configuration: # Display route 4.4.4.4/32 on Switch S to view the backup next hop information.

  • Page 56: Configuring Bfd For Rip (Single-Hop Echo Detection)

    Configuring BFD for RIP (single-hop echo detection) Network requirements Switch A and Switch C are interconnected through a Layer 2 switch, as shown in Figure VLAN-interface 100 of the two switches runs RIP process 1. BFD is enabled on VLAN-interface 100 of Switch A.
  • Page 57 [SwitchA-rip-2] quit # Configure Switch B. <SwitchB> system-view [SwitchB] rip 1 [SwitchB-rip-1] version 2 [SwitchB-rip-1] undo summary [SwitchB-rip-1] network 192.168.2.0 [SwitchB-rip-1] network 192.168.3.0 [SwitchB-rip-1] quit # Configure Switch C. <SwitchC> system-view [SwitchC] rip 1 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary [SwitchC-rip-1] network 192.168.1.0 [SwitchC-rip-1] network 192.168.3.0 [SwitchC-rip-1] import-route static...

  • Page 58: Configuring Bfd For Rip (Bidirectional Control Detection)

    BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h00m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.2.2 Interface: vlan-interface 200 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL...
  • Page 59 C on Switch A, and configure a static route to Switch A on Switch C. Enable BFD on VLAN-interface 100 of Switch A and VLAN-interface 200 of Switch C. Switch A is connected to Switch C through Switch D. VLAN-interface 300 on Switch A runs RIP process 2.

  • Page 60: Configure Static Routes

    [SwitchA-Vlan-interface100] rip bfd enable [SwitchA-Vlan-interface100] quit [SwitchA] rip 2 [SwitchA-rip-2] version 2 [SwitchA-rip-2] undo summary [SwitchA-rip-2] network 192.168.3.0 [SwitchA-rip-2] quit # Configure Switch C. <SwitchC> system-view [SwitchC] rip 1 [SwitchC-rip-1] version 2 [SwitchC-rip-1] undo summary [SwitchC-rip-1] network 192.168.2.0 [SwitchC-rip-1] network 192.168.4.0 [SwitchC-rip-1] network 100.1.1.0 [SwitchC-rip-1] peer 192.168.1.1 [SwitchC-rip-1] undo validate-source-address...
  • Page 61 # Configure a static route to Switch A on Switch C. [SwitchC] ip route-static 192.168.1.0 24 vlan-interface 200 192.168.2.1 Verify the configuration: # Display the BFD session information on Switch A. <SwitchA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: LD/RD SourceAddr...

  • Page 62: Troubleshooting Rip

    Routing Table : Public Summary Count : 1 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.3.2 Interface: vlan-interface 300 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h18m40s...

  • Page 63: Configuring Ospf

    Configuring OSPF This chapter describes how to configure OSPF. Overview Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. Unless otherwise stated, OSPF refers to OSPFv2 throughout this document.

  • Page 64: Ospf Area

    • Network LSA—Type-2 LSA, originated for broadcast and NBMA networks by the designated router, and flooded throughout a single area only. This LSA contains the list of routers connected to the network. • Network Summary LSA—Type-3 LSA, originated by ABRs (Area Border Routers), and flooded throughout the LSA's associated area.
  • Page 65 Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF requires the following: • All non-backbone areas must maintain connectivity to the backbone area. •...

  • Page 66: Router Types

    routes. It advertises a default route in a Type-3 LSA so that the routers in the area can reach external networks through the default route. NSSA area and totally NSSA area A Not-So-Stubby Area (NSSA) area does not import AS external LSAs (Type-5 LSAs) but it can import Type-7 LSAs generated by the NSSA ASBR.

  • Page 67: Route Types

    Figure 21 OSPF router types IS-IS ASBR Area 1 Area 4 Backbone router Internal router Area 0 Area 3 Area 2 Route types OSPF prioritizes routes into the following levels: • Intra-area route • Inter-area route • Type-1 external route •...

  • Page 68: Ospf Network Types

    • Each OSPF router collects LSAs from other routers to compose an LSDB. An LSA describes the network topology around a router, and the LSDB describes the entire network topology of the area. • Each router transforms the LSDB to a weighted directed graph that shows the topology of the area.

  • Page 69: Protocols And Standards

    Figure 22 DR and BDR in a network DR other DR other DR other Physical links Adjacencies NOTE: In OSPF, "neighbor" and "adjacency" are different concepts. After startup, OSPF sends a hello packet on each OSPF interface. A receiving router checks parameters in the packet. If the parameters match its own, the receiving router considers the sending router an OSPF neighbor.
  • Page 70 Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required Configuring a stub area Configuring OSPF areas Configuring an NSSA area Optional Configuring a virtual link Configuring the broadcast network type for an interface Optional Configuring the NBMA network type for an interface Optional Configuring OSPF network types...

  • Page 71: Enabling Ospf

    Task Remarks Enabling OSPF ISPF Optional Configuring OSPF FRR Optional Configuring the OSPF GR Restarter Optional Configuring OSPF Configuring the OSPF GR Helper Optional Graceful Restart Triggering OSPF Graceful Restart Optional Configuring BFD for OSPF Optional Enabling OSPF Enable OSPF before you perform other OSPF configuration tasks. Configuration prerequisites Configure the link layer protocol and IP addresses for interfaces so that neighboring nodes can communicate with each other.

  • Page 72: Configuring Ospf Areas

    Step Command Remarks Optional. Not configured by default. If no global router ID is configured, the Configure a global router highest loopback interface IP address, if router id router-id any, is used as the router ID. If no loopback interface IP address is available, the highest physical interface IP address is used, regardless of the interface status.

  • Page 73: Configuring An Nssa Area

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Enter area view. area area-id Not configured by default. You cannot configure the backbone area as a stub or totally stub area.

  • Page 74: Configuring A Virtual Link

    Step Command Remarks Optional. The default cost is 1. Specify a cost for the The default-cost command takes default route advertised to default-cost cost the NSSA area. effect only on the ABR/ASBR of an NSSA area and a totally NSSA area.

  • Page 75: Configuration Prerequisites

    • An NBMA network must be fully meshed. If it is partially meshed, change the network type to P2MP to simplify configuration and save costs. • If a router on an NBMA network has only one neighbor, change the network type to P2P to save costs.

  • Page 76: Configuring The P2Mp Network Type For An Interface

    Step Command Remarks Configure the OSPF By default, the network type of an network type for the interface depends on the link layer ospf network-type nbma interface as NBMA. protocol. Optional. Configure a router priority ospf dr-priority priority for the interface. The default router priority is 1.

  • Page 77: Configuring Ospf Route Control

    Step Command Remarks interface interface-type Enter interface view. interface-number Configure the OSPF By default, the network type of an network type for the interface depends on the link layer ospf network-type p2p interface as P2P. protocol. Configuring OSPF route control This section describes how to control the advertisement and reception of OSPF routing information, as well as route redistribution from other protocols.

  • Page 78: Configuring Ospf Inbound Route Filtering

    Configuring route summarization when redistributing routes into OSPF on an ASBR Without route summarization, an ASBR advertises each redistributed route in a separate ASE LSA. After a summary route is configured, the ASBR advertises only the summary route in an ASE LSA instead of more specific routes, reducing the number of LSAs in the LSDB.

  • Page 79: Configuring An Ospf Cost For An Interface

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Enter area view. area area-id Configure ABR Type-3 LSA filter { acl-number | ip-prefix Not configured by filtering. ip-prefix-name } { import | export } default.

  • Page 80: Configuring Ospf Preference

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Configure the maximum By default, the maximum maximum load-balancing maximum number of ECMP routes. number of ECMP routes is Configuring OSPF preference A router can run multiple routing protocols, and each protocol is assigned a preference.
  • Page 81 Step Command Remarks import-route protocol [ process-id | Configure OSPF to all-processes | allow-ibgp ] [ cost cost | By default, OSPF does redistribute routes from a type type | tag tag | route-policy not redistribute routes. different protocol. route-policy-name ] * Optional.

  • Page 82: Advertising A Host Route

    Step Command Remarks Optional. The default cost is 1, the Configure the default default maximum number parameters for default { cost cost | limit limit | tag tag | type of routes redistributed per redistributed routes type } * time is 1000, the default (cost, upper limit, tag, tag is 1, and default type and type).

  • Page 83: Specifying Lsa Transmission Delay

    interval setting that is too small can cause unnecessary LSA retransmissions. This interval is typically set bigger than the round-trip time of a packet between two neighbors. To configure timers for OSPF packets: Step Command Remarks Enter system system-view view. Enter interface interface interface-type view.

  • Page 84: Specifying The Lsa Arrival Interval

    • If network changes become frequent, the SPF calculation interval is incremented by incremental-interval × 2 (n is the number of calculation times) each time a calculation occurs until the maximum-interval is reached. To configure SPF calculation interval: Step Command Remarks Enter system view.

  • Page 85: Disabling Interfaces From Receiving And Sending Ospf Packets

    Step Command Remarks Optional. lsa-generation-interval By default, the maximum interval is 5 Configure the LSA maximum-interval [ initial-interval seconds, the minimum interval is 0 generation interval. [ incremental-interval ] ] milliseconds, and the incremental interval is 5000 milliseconds. Disabling interfaces from receiving and sending OSPF packets Follow these guidelines when you disable interfaces from receiving and sending OSPF packets: •...

  • Page 86: Configuring Ospf Authentication

    Configuring OSPF authentication Configure OSPF packet authentication to ensure the security of packet exchange. After authentication is configured, OSPF only receives packets that pass authentication. Failed packets cannot establish neighboring relationships. You must configure the same area authentication mode on all the routers in an area. In addition, the authentication mode and password for all interfaces attached to the same area must be identical.

  • Page 87: Enabling Compatibility With Rfc 1583

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Specify the maximum number of external LSAs in lsdb-overflow-limit number Not specified by the LSDB. default. Enabling compatibility with RFC 1583 RFC 1583 specifies a different method than RFC 2328 for selecting an external route from multiple LSAs.

  • Page 88: Enabling Message Logging

    • Level-5—Normal but important traps • Level-6—Notification traps The generated traps are sent to the information center of the device. The information center determines whether to output the traps and where to output. For more information about information center, see Network Management and Monitoring Configuration Guide. To configure OSPF network management: Step Command...

  • Page 89: Configuring Ospf To Give Priority To Receiving And Processing Hello Packets

    Configuring OSPF to give priority to receiving and processing hello packets To ensure OSPF runs properly, a router receives and processes hello packets and other protocol packets at the same time. When the router has established neighbor relationships with multiple routers, and the routing table size is big, the router must receive and process large numbers of packets.

  • Page 90: Enabling Ospf Ispf

    Enabling OSPF ISPF Upon topology changes, Incremental Shortest Path First (ISPF) computes only the affected part of the shortest path tree (SPT), instead of the entire SPT. To enable OSPF ISPF: Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view.

  • Page 91: Configuring Ospf Graceful Restart

    Step Command Remarks Enter system view. system-view Configure the source bfd echo-source-ip Not configured by default. address of echo packets. ip-address ospf [ process-id | router-id Enter OSPF view. router-id | vpn-instance vpn-instance-name ] * Not configured by default. Enable OSPF FRR to If abr-only is specified, the route to automatically calculate a fast-reroute auto [ abr-only ]...

  • Page 92: Configuring The Ospf Gr Helper

    Configuring the IETF standard OSPF GR Restarter Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enable OSPF and enter its router-id | vpn-instance view. vpn-instance-name ] * Enable opaque LSA Disabled by default. opaque-capability enable advertisement capability. Enable the IETF standard Disabled by default.

  • Page 93: Triggering Ospf Graceful Restart

    Step Command Remarks Optional. Configure the neighbors for graceful-restart help The router can serve as a GR which the router can serve { acl-number | prefix prefix-list } Helper for any OSPF neighbor by as a GR Helper. default. Configuring the non-IETF standard OSPF GR Helper Step Command Remarks...

  • Page 94: Configuring Single-Hop Echo Detection

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable BFD bidirectional control Not enabled by ospf bfd enable detection on the interface. default. Configuring single-hop echo detection Step Command Remarks Enter system view. system-view Configure the source address of echo Not configured by bfd echo-source-ip ip-address packets.

  • Page 95: Ospf Configuration Examples

    Task Command Remarks display ospf [ process-id ] request-queue Display OSPF request queue [ interface-type interface-number ] [ neighbor-id ] Available in any information. [ | { begin | exclude | include } view. regular-expression ] display ospf [ process-id ] retrans-queue Display OSPF retransmission [ interface-type interface-number ] [ neighbor-id ] Available in any...
  • Page 96 Figure 24 Network diagram Switch A Area 0 Switch B Vlan-int100 10.1.1.1/24 Vlan-int100 Vlan-int200 10.1.1.2/24 Vlan-int200 10.3.1.1/24 10.2.1.1/24 Vlan-int200 Area 1 Vlan-int200 Area 2 10.3.1.2/24 10.2.1.2/24 Vlan-int300 Vlan-int300 10.4.1.1/24 10.5.1.1/24 Switch C Switch D Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A.
  • Page 97 [SwitchD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.2] quit [SwitchD-ospf-1] quit Verify the configuration: # Display information about neighbors on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 10.2.1.1 Neighbors Area 0.0.0.0 interface 10.1.1.1(Vlan-interface100)'s neighbors Router ID: 10.3.1.1 Address: 10.1.1.2 GR State: Normal...
  • Page 98 OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Sequence Metric Router 10.2.1.1 10.2.1.1 1069 80000012 Router 10.3.1.1 10.3.1.1 80000011 Network 10.1.1.1 10.2.1.1 1069 80000010 Sum-Net 10.5.1.0 10.3.1.1 80000003 Sum-Net 10.2.1.0 10.2.1.1 1069 8000000F Sum-Net 10.3.1.0...

  • Page 99: Configuring Ospf Route Redistribution

    5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms Configuring OSPF route redistribution Network requirements • Enable OSPF on all switches, and split the AS into three areas. • Configure Switch A and Switch B as ABRs. •...

  • Page 100: Configuring Ospf To Advertise A Summary Route

    OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 Stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2...
  • Page 101 Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C.

  • Page 102: Configuring An Ospf Stub Area

    [SwitchC-bgp] import-route ospf [SwitchC-bgp] import-route direct [SwitchC-bgp] quit Configure Switch B and Switch C to redistribute BGP routes into OSPF: # Configure OSPF to redistribute routes from BGP on Switch B. [SwitchB] ospf [SwitchB-ospf-1] import-route bgp # Configure OSPF to redistribute routes from BGP on Switch C. [SwitchC] ospf [SwitchC-ospf-1] import-route bgp # Display the OSPF routing table of Switch A.
  • Page 103 • Configure Switch D as the ASBR to redistribute static routes. • Configure Area 1 as a stub area to reduce advertised LSAs without influencing reachability. Figure 27 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions (see "Configuring OSPF basic functions").
  • Page 104 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Because Switch C resides in a normal OSPF area, its routing table contains an external route. Configure Area 1 as a stub area: # Configure Switch A.

  • Page 105: Configuring An Ospf Nssa Area

    OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 The output shows that routing entries on the stub router are further reduced, containing only...
  • Page 106 [SwitchC] ospf [SwitchC-ospf-1] area 1 [SwitchC-ospf-1-area-0.0.0.1] nssa [SwitchC-ospf-1-area-0.0.0.1] quit [SwitchC-ospf-1] quit NOTE: • If Switch C in the NSSA area wants to obtain routes to other areas within the AS, configure the nssa command with keyword default-route-advertise on Switch A (an ABR) so that Switch C can obtain a default route.

  • Page 107: Configuring Ospf Dr Election

    3.1.3.0/24 Type2 10.3.1.1 10.2.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 The output shows an external route imported from the NSSA area on Switch D. Configuring OSPF DR election Network requirements • Enable OSPF on Switches A, B, C, and D on the same network. •...
  • Page 108 [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit # Configure Switch D. <SwitchD> system-view [SwitchD] router id 4.4.4.4 [SwitchD] ospf [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] return # Display OSPF neighbor information on Switch A. [SwitchA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors...
  • Page 109 [SwitchB-Vlan-interface1] quit # Configure Switch C. [SwitchC] interface vlan-interface 1 [SwitchC-Vlan-interface1] ospf dr-priority 2 [SwitchC-Vlan-interface1] quit # Display neighbor information on Switch D. <SwitchD> display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Vlan-interface1)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal...

  • Page 110: Configuring Ospf Virtual Links

    Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 0 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 Neighbor is up for 00:01:44 Authentication Sequence: [ 0 ] Router ID: 3.3.3.3...
  • Page 111 Figure 30 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit # Configure Switch B. <SwitchB>...

  • Page 112: Configuring Ospf Graceful Restart

    OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 2 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Area 0 has no direct connection to Area 2, so the routing table of Switch B has no route to Area Configure a virtual link: # Configure Switch B.
  • Page 113 Figure 31 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] router id 1.1.1.1 [SwitchA] ospf 100 [SwitchA-ospf-100] area 0 [SwitchA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [SwitchA-ospf-100-area-0.0.0.0] quit # Configure Switch B.

  • Page 114: Configuring Route Filtering

    [SwitchB-ospf-100] enable out-of-band-resynchronization # Configure Switch C as the GR Helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [SwitchC-ospf-100] enable link-local-signaling [SwitchC-ospf-100] enable out-of-band-resynchronization Verify the configuration: # After the configurations on Switch A, Switch B, and Switch C are complete and the switches are running steadily, enable OSPF Graceful Restart event debugging and then restart the OSPF process using GR on Switch A.
  • Page 115 • Configure Switch C as an ASBR to redistribute external routes (static routes), and configure a filter policy on Switch C to filter out redistributed route 3.1.3.0/24. • Configure a routing policy on Switch A to filter route 10.5.1.0/24. Figure 32 Network diagram Area 0 Switch A Switch B...
  • Page 116 10.5.1.0/24 OSPF 10.1.1.2 Vlan100 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 On Switch C, filter out route 3.1.3.0/24: # Configure the IPv4 prefix list. [SwitchC] ip ip-prefix prefix1 index 1 deny 3.1.3.0 24 [SwitchC] ip ip-prefix prefix1 index 2 permit 3.1.1.0 24 [SwitchC] ip ip-prefix prefix1 index 3 permit 3.1.2.0 24 # Reference the prefix list to filter out route 3.1.3.0/24.

  • Page 117: Configuring Ospf Frr

    3.1.1.0/24 O_ASE 10.2.1.2 Vlan200 3.1.2.0/24 O_ASE 10.2.1.2 Vlan200 10.1.1.0/24 Direct 0 10.1.1.1 Vlan100 10.1.1.1/32 Direct 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 10.2.1.1 Vlan200 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 Vlan100 10.4.1.0/24 OSPF 10.2.1.2 Vlan200 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0...
  • Page 118 [SwitchD-ospf-1] fast-reroute auto [SwitchD-ospf-1] quit (Method II.) Enable OSPF FRR to designate a backup next hop by using a routing policy. # Configure Switch S. <SwitchS> system-view [SwitchS] bfd echo-source-ip 1.1.1.1 [SwitchS] ip ip-prefix abc index 10 permit 4.4.4.4 32 [SwitchS] route-policy frr permit node 10 [SwitchS-route-policy] if-match ip-prefix abc [SwitchS-route-policy] apply fast-reroute backup-interface vlan-interface 100...

  • Page 119: Configuring Bfd For Ospf

    Destination: 1.1.1.1/32 Protocol: OSPF Process ID: 1 Preference: 10 Cost: 1 IpPrecedence: QosLcId: NextHop: 13.13.13.1 Interface: Vlan-interface200 BkNextHop: 24.24.24.2 BkInterface: Vlan-interface101 RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h01m27s Tag: 0 Configuring BFD for OSPF Network requirements...
  • Page 120 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit [SwitchA] interface vlan 11 [SwitchA-Vlan-interface11] ospf cost 2 [SwitchA-Vlan-interface11] quit # Configure Switch B. <SwitchB> system-view [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] network 120.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit...
  • Page 121 Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr State Holdtime Interface 10.1.0.102 10.1.0.100 1700ms vlan10 # Display routes destined for 120.1.1.0/24 on Switch A. <SwitchA> display ip routing-table 120.1.1.0 verbose Routing Table : Public Summary Count : 1 Destination: 120.1.1.0/24 Protocol: OSPF Process ID: 0 Preference: 0...

  • Page 122: Troubleshooting Ospf Configuration

    Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower layer protocols work well, verify OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment, and mask (a P2P or virtual link may have different network segments and masks).

  • Page 123: Configuring Is-Is

    Configuring IS-IS This chapter describes how to configure IS-IS for an IPv4 network. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, and the new one is called "Integrated IS-IS"...

  • Page 124: Net

    Figure 35 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address. Typically, a router only needs one area address, and all nodes in the same area must have the same area address.

  • Page 125: Is-Is Area

    Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning. When you configure multiple NETs, make sure their system IDs are the same. IS-IS area IS-IS has a two-level hierarchy to support large-scale networks. A large-scale routing domain is divided into multiple areas.

  • Page 126: Network Types

    Figure 37 shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas.

  • Page 127: Pdus

    IS-IS DIS election differs from OSPF DIS election in the following ways: • A router with priority 0 can also participate in the DIS election. • When a router with a higher priority is added to the network, an LSP flooding process is performed to elect the router as the new DIS.
  • Page 128 Common header format Figure 40 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Major fields of the PDU common header are: • Intradomain routing protocol discriminator—Set to 0x83. •...
  • Page 129 Figure 41 L1/L2 LAN IIH format Major fields of the L1/L2 LAN IIH are: • Reserved/Circuit type—The first six bits are reserved with a value of 0. The last two bits indicate the router type—00 means reserved, 01 indicates L1, 10 indicates L2, and 11 indicates L1/2.
  • Page 130 Figure 42 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. The Link State PDUs (LSPs) carry link state information. LSPs include Level-1 LSPs and Level-2 LSP.
  • Page 131 Major fields of the L1/L2 LSP are: • PDU length—Total length of the PDU in bytes. • Remaining lifetime—LSP remaining lifetime in seconds. • LSP ID—Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte). •...
  • Page 132 Figure 45 L1/L2 CSNP format A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor. Figure 46 L1/L2 PSNP format No.

  • Page 133: Supported Features

    Table 5 shows that different PDUs contain different CLVs. Code 1 through 10 of are defined in ISO 10589 (code 3 and 5 are not shown in the table), and others are defined in RFC 1195. Table 5 CLV codes and PDU types CLV Code Name PDU Type...
  • Page 134 • Obtain IS-IS neighbor information without changing adjacencies. • Obtain the LSDB. To complete these tasks, the GR Restarter sends an OSPF GR signal to GR Helpers so that the GR Helpers keep their adjacencies with the GR Restarter, and restores the neighbor table after receiving responses from neighbors.

  • Page 135: Protocols And Standards

    • Operation modes: The LSP fragment extension feature operates in the following modes: Mode-1—Applicable to a network where some routers do not support LSP fragment extension. In this mode, adjacencies are formed between the originating system and virtual systems, with the link cost from the originating system to each virtual system as 0. Each virtual system acts as a router connected to the originating system in the network, but the virtual systems are reachable through the originating system only.

  • Page 136: Is-Is Configuration Task List

    • RFC 3784, IS-IS extensions for Traffic Engineering • RFC 3847, Restart signaling for IS-IS IS-IS configuration task list Task Remarks Enabling IS-IS Configuring IS-IS Configuring the IS level and circuit level Required basic functions Configuring the network type of an interface as P2P Configuring IS-IS link cost Optional Specifying a priority for IS-IS...

  • Page 137: Configuring Is-Is Basic Functions

    Configuring IS-IS basic functions This section describes the basic settings required for an IS-IS network to run. Configuration prerequisites Before the configuration, complete the following tasks: • Configure the link layer protocol. • Configure IP addresses for interfaces, and make sure that all neighboring nodes are reachable to each other at the network layer.

  • Page 138: Configuring The Network Type Of An Interface As P2P

    Step Command Remarks interface interface-type Enter interface view. interface-number Optional. isis circuit-level [ level-1 | An interface can establish either the Specify the circuit level. level-1-2 | level-2 ] Level-1 or Level-2 adjacency by default. Configuring the network type of an interface as P2P Perform this task only for a broadcast network that has up to two attached routers.
  • Page 139 IS-IS cost specified in system view. The cost is applied to the interfaces associated with the IS-IS process. Automatically calculated cost. If the cost style is wide or wide-compatible, IS-IS automatically calculates the cost using the formula: interface cost = (bandwidth reference value/interface bandwidth) ×10, which is in the range of 1 to 16777214.

  • Page 140: Specifying A Priority For Is-Is

    Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] Specify an IS-IS cost cost-style { wide | wide-compatible } narrow by default. style. Enable automatic IS-IS Disabled by default. auto-cost enable cost calculation.

  • Page 141: Advertising A Default Route

    The router summarizes only the routes in the locally generated LSPs. The cost of the summary route is the lowest one among the costs of summarized routes. To configure route summarization: Step Command Remarks Enter system system-view view. Enter IS-IS isis [ process-id ] [ vpn-instance view.

  • Page 142: Configuring Is-Is Route Filtering

    Optional. Configure the maximum number The default setting is 16384 for of redistributed import-route limit number the HPE 5800 Switch Series and Level 1/Level 2 IPv4 is 12288 for the HPE 5820X routes. Switch Series. Configuring IS-IS route filtering You can reference a configured ACL, IP prefix list, or routing policy to filter routes calculated from the received LSPs and the routes redistributed from other routing protocols.

  • Page 143: Tuning And Optimizing Is-Is Networks

    If a filter policy is specified, only routes passing it can be advertised into Level-1 area. You can specify a routing policy in the import-route isis level-2 into level-1 command to filter routes from Level-2 to Level-1. Other routing policies specified for route reception and redistribution does not affect the route leaking.

  • Page 144: Configuring A Dis Priority For An Interface

    On a broadcast link, Level-1 and Level-2 hello packets are advertised separately. You must set a hello multiplier for each level. On a P2P link, Level-1 and Level-2 hello packets are advertised in P2P hello packets. You do not need to specify Level-1 or Level-2. To specify the IS-IS hello multiplier: Step Command...

  • Page 145: Enabling An Interface To Send Small Hello Packets

    Enabling an interface to send small hello packets IS-IS messages cannot be fragmented at the IP layer because they are directly encapsulated into frames. Any two IS-IS neighboring routers must negotiate a common MTU. To avoid sending big hellos for saving bandwidth, enable the interface to send small hello packets without CLVs. To enable an interface to send small hello packets: Step Command...
  • Page 146 Step Command Remarks Optional. timer lsp-generation maximum-interval Specify the LSP [ initial-interval [ second-wait-interval ] ] [ level-1 | The default interval is generation interval. level-2 ] 2 seconds. Specify LSP sending intervals If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs.

  • Page 147: Configuring Spf Parameters

    Enabling LSP flash flooding Changed LSPs can trigger SPF recalculation. To advertise the changed LSPs before the router recalculates routes for faster network convergence, enable LSP flash flooding. To enable LSP flash flooding: Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view.

  • Page 148: Assigning A High Priority To Is-Is Routes

    Assigning a high priority to IS-IS routes An IS-IS topology change causes network convergence. By assigning a high priority to specific IS-IS routes, you can achieve faster network convergence. To assign a high priority to IS-IS routes: Step Command Remarks Enter system view.

  • Page 149: Enabling The Logging Of Neighbor State Changes

    Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] Configure a system ID to A system ID can only correspond is-name map sys-id host name mapping for a to a host name. map-sys-name remote IS.

  • Page 150: Enhancing Is-Is Network Security

    Step Command Remarks Enable the logging of Enabled by default. log-peer-change neighbor state changes. Enhancing IS-IS network security To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication, and routing domain authentication.

  • Page 151: Configuring Routing Domain Authentication

    Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] Specify the area area-authentication-mode { md5 | By default, no area authentication authentication mode and simple } [ cipher ] password [ ip | is configured.

  • Page 152: Configuring Is-Is Nsr

    Step Command Remarks Optional. By default, the SA bit is not suppressed. By enabling the GR Restarter to suppress Suppress the SA bit graceful-restart suppress-sa during restart the Suppress-Advertisement (SA) bit in the hello PDUs, the neighbors will still advertise their adjacency with the GR Restarter.

  • Page 153: Enabling Is-Is Snmp Trap

    You can either enable IS-IS FRR to calculate a backup next hop automatically, or designate a backup next hop with a routing policy for routes matching specific criteria. Configuration prerequisites Before you configure IS-IS FRR, complete the following tasks: • Configure network layer addresses for interfaces to make the neighboring nodes reachable at the network layer.

  • Page 154: Binding An Is-Is Process With Mibs

    Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] Enable SNMP trap. Enabled by default. is-snmp-traps enable Binding an IS-IS process with MIBs This task allows you to bind MIB with an IS-IS process to send and collect information. For more information about MIB, see Network Management and Monitoring Configuration Guide.

  • Page 155: Is-Is Configuration Examples

    Task Command Remarks display isis graceful-restart status [ level-1 | level-2 ] [ process-id | vpn-instance Available in any Display the IS-IS GR state. vpn-instance-name ] [ | { begin | exclude | view. include } regular-expression ] display isis interface [ statistics | [ interface-type interface-number ] [ verbose ] ] Display information about IS-IS Available in any...
  • Page 156 Figure 49 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure IS-IS: # Configure Switch A. <SwitchA> system-view [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
  • Page 157 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] network-entity 20.0000.0000.0004.00 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100 [SwitchD-Vlan-interface100] isis enable 1 [SwitchD-Vlan-interface100] quit [SwitchD] interface vlan-interface 300 [SwitchD-Vlan-interface300] isis enable 1 [SwitchD-Vlan-interface300] quit Verify the configuration: # Display the IS-IS LSDB on each switch to check the LSPs.
  • Page 158 [SwitchC] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x00000006 0xdb60 0/0/0 0000.0000.0002.00-00 0x00000008 0xe651 1053 0/0/0 0000.0000.0002.01-00 0x00000005 0xd2b3 1052 0/0/0 0000.0000.0003.00-00* 0x00000014 0x194a 1051 1/0/0 0000.0000.0003.01-00* 0x00000002 0xabdb 0/0/0...
  • Page 159 ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL Vlan100 Direct D/L/- 10.1.2.0/24 NULL Vlan100 10.1.1.1 R/-/- 192.168.0.0/24 NULL Vlan100 10.1.1.1 R/-/- 0.0.0.0/0 NULL Vlan100 10.1.1.1 R/-/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set [SwitchC] display isis route Route information for ISIS(1) -----------------------------...

  • Page 160: Dis Election Configuration Example

    -------------------------------------------------------------------------- 192.168.0.0/24 NULL Vlan300 Direct D/L/- 10.1.1.0/24 NULL Vlan300 192.168.0.1 R/-/- 10.1.2.0/24 NULL Vlan300 192.168.0.1 R/-/- 172.16.0.0/16 NULL Vlan100 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set DIS election configuration example Network requirements As shown in Figure 50, Switch A, B, C, and D reside in IS-IS area 10 on a broadcast network (Ethernet).
  • Page 161 [SwitchB-Vlan-interface100] quit # Configure Switch C. <SwitchC> system-view [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] is-level level-1 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] network-entity 10.0000.0000.0004.00 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 100...
  • Page 162 # Display information about IS-IS interfaces of Switch C. [SwitchC] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 Yes/No # Display information about IS-IS interfaces of Switch D. [SwitchD] display isis interface Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100...
  • Page 163 Interface information for ISIS(1) --------------------------------- Interface: Vlan-interface100 IPV4.State IPV6.State Type Down 1497 L1/L2 Yes/Yes After the DIS priority configuration, Switch A becomes the Level-1-2 DIS, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Switch C. [SwitchC] display isis peer Peer information for ISIS(1) ----------------------------...

  • Page 164: Is-Is Route Redistribution Configuration Example

    IS-IS route redistribution configuration example Network requirements As shown in Figure 51, Switch A, Switch B, Switch C, and Switch D reside in the same AS. They use IS-IS to interconnect. Switch A and Switch B are Level-1 routers, Switch D is a Level-2 router, and Switch C is a Level-1-2 router.
  • Page 165 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] isis enable 1 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] isis 1 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] network-entity 20.0000.0000.0004.00 [SwitchD-isis-1] quit...
  • Page 166 10.1.2.0/24 NULL VLAN200 Direct D/L/- 192.168.0.0/24 NULL VLAN300 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100 Direct D/L/- 10.1.2.0/24 NULL VLAN200...

  • Page 167: Is-Is Graceful Restart Configuration Example

    # Display IS-IS routing information on Switch C. [SwitchC] display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 10.1.1.0/24 NULL VLAN100 Direct D/L/- 10.1.2.0/24 NULL VLAN200 Direct D/L/- 192.168.0.0/24 NULL...
  • Page 168 Configuration procedure Configure IP addresses and subnet masks for interfaces. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch B, and Switch C can communicate with each other at layer 3 and dynamic route update can be implemented among them with IS-IS.

  • Page 169: Is-Is Nsr Configuration Example

    IS-IS NSR configuration example Network requirements As shown in Figure 53, Switch S, Switch A, and Switch B belong to the same IS-IS routing domain. Switch S is an IRF fabric, which is connected to Switch A and Switch B over aggregated links. Enable IS-IS NSR on Switch S to ensure correct routing when a master/slave switchover occurs on Switch Figure 53 Network diagram Configuration procedure...
  • Page 170 ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 12.12.12.0/24 NULL vlan100 Direct D/L/- 22.22.22.22/32 NULL Loop0 Direct D/-/- 14.14.14.0/32 NULL vlan100 12.12.12.2 R/L/- 44.44.44.44/32 NULL vlan100 12.12.12.2 R/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination...

  • Page 171: Is-Is Frr Configuration Example

    Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv4 Level-2 Forwarding Table ------------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------- 14.14.14.0/24 NULL vlan200 Direct D/L/- 44.44.44.44/32 NULL Loop0 Direct D/-/- 12.12.12.0/32 NULL 22.22.22.22/32 NULL Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set The output shows that the neighbor relationships and routing information on Switch A and Switch B have not changed, which means the neighbors cannot sense the switchover on Switch S.
  • Page 172 # Configure Switch D. <SwitchD> system-view [SwitchD] bfd echo-source-ip 4.4.4.4 [SwitchD] isis 1 [SwitchD-isis-1] fast-reroute auto [SwitchD-isis-1] quit (Method II.) Enable IS-IS FRR to designate a backup next hop by using a referenced routing policy: # Configure Switch S. <SwitchS> system-view [SwitchS] bfd echo-source-ip 1.1.1.1 [SwitchS] ip ip-prefix abc index 10 permit 4.4.4.4 32 [SwitchS] route-policy frr permit node 10...

  • Page 173: Is-Is Authentication Configuration Example

    Tag: 0 # Display route 1.1.1.1/32 on Switch D to view the backup next hop information. [SwitchD] display ip routing-table 1.1.1.1 verbose Routing Table : Public Summary Count : 1 Destination: 1.1.1.1/32 Protocol: ISIS Process ID: 1 Preference: 10 Cost: 10 IpPrecedence: QosLcId: NextHop: 13.13.13.1...
  • Page 174 [SwitchA] isis 1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B. <SwitchB> system-view [SwitchB] isis 1 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] isis enable 1 [SwitchB-Vlan-interface200] quit # Configure Switch C.

  • Page 175: Bfd For Is-Is Configuration Example

    [SwitchB-Vlan-interface200] isis authentication-mode md5 t5Hr [SwitchB-Vlan-interface200] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis authentication-mode md5 t5Hr [SwitchC-Vlan-interface200] quit # Specify the MD5 authentication mode and password hSec on VLAN-interface 300 of Switch D and on VLAN-interface 300 of Switch C. [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis authentication-mode md5 hSec [SwitchC-Vlan-interface300] quit...
  • Page 176 Figure 56 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int10 10.1.0.102/24 Switch B Vlan-int10 10.1.0.100/24 Vlan-int11 11.1.1.1/24 Vlan-int13 13.1.1.1/24 Switch C Vlan-int11 11.1.1.2/24 Vlan-int13 13.1.1.2/24 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure IS-IS basic functions: # Configure Switch A.
  • Page 177 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 11 [SwitchC-Vlan-interface11] isis enable [SwitchC-Vlan-interface11] quit [SwitchC] interface vlan-interface 13 [SwitchC-Vlan-interface13] isis enable [SwitchC-Vlan-interface13] quit Configure BFD parameters. # Enable BFD on Switch A and configure BFD parameters. [SwitchA] bfd session init-mode active [SwitchA] interface vlan-interface 10 [SwitchA-Vlan-interface10] isis bfd enable [SwitchA-Vlan-interface10] bfd min-receive-interval 500 [SwitchA-Vlan-interface10] bfd min-transmit-interval 500...
  • Page 178 # Display the BFD information on Switch A. <SwitchA> display bfd session Switch A has deleted the BFD session on VLAN-interface 10 to Switch B and displays no output. # Display routes destined for 120.1.1.0/24 on Switch A. <SwitchA> display ip routing-table 120.1.1.0 verbose Routing Table : Public Summary Count : 1 Destination: 120.1.1.0/24...

  • Page 179: Configuring Bgp

    Configuring BGP This chapter describes how to configure BGP. Overview Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP). It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271).

  • Page 180: Path Attributes

    Path attributes BGP path attributes are a group of parameters carried in update messages. They give detailed route attributes information that can be used for route filtering and selection. • ORIGIN The ORIGIN attribute identifies the origin of routing information (how a route became a BGP route).
  • Page 181 Implements route filtering—By configuring an AS path filtering list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about routing policies and AS path filtering lists, see "Configuring routing policies." • NEXT_HOP The NEXT_HOP attribute is not necessarily the IP address of a directly connected router. It involves the following types of values, as shown in Figure When advertising a self-originated route to all BGP peers, a BGP speaker sets the...
  • Page 182 Figure 59 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 EBGP IBGP MED = 0 9.0.0.0 IBGP Router A Router D D = 9.0.0.0 EBGP IBGP Next_hop = 3.1.1.1 MED = 100 AS 10 3.1.1.1 Router C AS 20...
  • Page 183 Figure 60 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a four-byte integer).

  • Page 184: Bgp Route Selection

    The device supports the Route-Target for VPN and Source of Origin (SOO) attributes. For more information, see MPLS Configuration Guide. BGP route selection BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the best route in the following sequence: Highest Preferred_value Highest LOCAL_PREF Summary route...

  • Page 185: Settlements For Problems In Large-Scale Bgp Networks

    generates the same number of next hops to forward packets. BGP load balancing based on route recursion is always enabled by the system rather than configured by using commands. • BGP load balancing through route selection BGP differs from IGP in the implementation of load balancing in the following ways: IGP routing protocols, such as RIP and OSPF, compute metrics of routes, and then implement load balancing over routes with the same metric and to the same destination.
  • Page 186 • Route dampening BGP route dampening solves the issue of route instability such as route flaps—a route comes up and disappears in the routing table frequently. When a route flap occurs, the routing protocol sends an update to its neighbor, and then the neighbor recalculates routes and modifies the routing table.
  • Page 187 Using route reflectors can solve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards the routing information received from a client to other clients. In this way, all clients can receive routing information from one another without establishing BGP sessions.

  • Page 188: Mp-Bgp

    Figure 65 Confederation network diagram A non-confederation BGP speaker is not required to know sub-ASs in the confederation. It considers the confederation as one AS, and the confederation ID as the AS number. In the above figure, AS 200 is the confederation ID. Confederation has a deficiency.

  • Page 189: Bgp Configuration Views

    The system supports multiple MP-BGP extensions, including VPN extension (see MPLS Configuration Guide), IPv6 extension (see "Configuring IPv6 BGP"), and multicast extension (see IP Multicast Configuration Guide). Address family MP-BGP uses address families and subsequent address families to differentiate network layer protocols of routes contained in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes.

  • Page 190: Protocols And Standards

    View names Ways to enter the views Remarks <Sysname> system-view [Sysname] bgp 100 BGP-VPNv6 sub-address Configurations in this view are effective family view [Sysname-bgp] only for VPNv6 routes. ipv6-family vpnv6 [Sysname-bgp-af-vpnv6] <Sysname> system-view [Sysname] bgp 100 Configurations in this view are effective MBGP address family view [Sysname-bgp] only for IPv4 multicast routes.

  • Page 191: Bgp Configuration Task List

    BGP configuration task list In a basic BGP network, you only need to perform the following configurations: • Enable BGP. • Configure BGP peers or peer groups. • Control BGP route generation. To control BGP route distribution and path selection, you must perform other configurations. Complete the following tasks to configure BGP: Task Remarks...

  • Page 192: Configuring Bgp Basic Functions

    Task Remarks Configuring the interval for sending the same Optional. update Allowing establishment of EBGP session to an Optional. indirectly connected peer or peer group Enabling the BGP ORF capability Optional. Enabling 4-byte AS number suppression Optional. Setting the DSCP value for BGP packets Optional.

  • Page 193: Configuring A Bgp Peer

    Step Command Remarks Enter system view. system-view Optional. By default, no global router ID is configured. BGP uses the highest loopback interface IP address as the router ID. If no loopback Configure a global router ID. router id router-id interface IP address is available, BGP uses the highest physical interface IP address as the router ID regardless of the interface...

  • Page 194: Configuring A Bgp Peer Group

    Configuring a BGP peer group In a large-scale network, grouping peers that use the same route selection policy simplifies overall configuration. When you modify the policy of the group, the modification applies to all peers in the group. However, if a peer group already contains peers, you cannot remove or change its AS number.
  • Page 195 Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name By default, no EBGP peer group Create an EBGP peer group.

  • Page 196: Specifying The Source Interface For Tcp Connections

    Step Command Remarks To use the as-number as-number option, you must peer ip-address group Add a peer into the EBGP specify the AS number configured group-name [ as-number peer group. by the peer ip-address as-number ] as-number as-number command. Enable the default use of Optional.

  • Page 197: Controlling Route Generation

    peer or peer group. The primary IP address of the output interface is used for establishing TCP connections. You can specify the source interface (primary IP address) for TCP connections in the following scenarios: • If the peer's IP address belongs to an interface indirectly connected to the local router, you must specify that interface as the source interface for TCP connections on the peer.

  • Page 198: Injecting A Local Network

    Injecting a local network This task allows you to inject a network in the local routing table to the BGP routing table, so that BGP can advertise the network to BGP peers. The ORIGIN attribute of routes advertised in this way is IGP.

  • Page 199: Controlling Route Distribution And Reception

    Step Command Remarks import-route protocol Not enabled by default. [ { process-id | all-processes } Enable route redistribution The allow-direct keyword is [ allow-direct | med med-value | from IGP into BGP. available only when the specified route-policy route-policy-name ] routing protocol is OSPF.

  • Page 200: Advertising A Default Route To A Peer Or Peer Group

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name aggregate ip-address { mask | mask-length } [ as-set | attribute-policy Configure manual route route-policy-name |...
  • Page 201 For how to configure an IP prefix list, routing policy, and AS path list, see "Configuring routing policies." Configuring BGP route distribution filtering policies You can use the following methods to configure BGP route distribution filtering policies: • Use ACL or IP prefix list to filter routing information advertised to all peers. •...
  • Page 202 Step Command Remarks • Configure the filtering of redistributed routes advertised to all peers: filter-policy { acl-number | ip-prefix ip-prefix-name } export [ direct | isis process-id | ospf process-id | rip process-id | | static ] • Reference a routing policy to filter advertisements to a peer or peer group: peer { group-name | ip-address }...

  • Page 203: Enabling Bgp And Igp Route Synchronization

    Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name • Filter incoming routes from all peers with an ACL or IP prefix list: filter-policy { acl-number | ip-prefix ip-prefix-name } import...

  • Page 204: Limiting Prefixes Received From A Peer Or Peer Group

    Figure 66 BGP and IGP synchronization in an AS For this example, if synchronization is enabled, and the route 8.0.0.0/24 received from Router B is available in its IGP routing table, Router D advertises the IBGP route when the following conditions are satisfied: •...

  • Page 205: Configuring Bgp Route Dampening

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Specify the maximum By default, the number of routes route-limit prefix-number number of routes that a...

  • Page 206: Configuring Preferences For Bgp Routes

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Optional. Specify a preferred value for peer { group-name | ip-address } routes received from a peer By default, the preferred value is preferred-value value...

  • Page 207: Configuring The Med Attribute

    This task allows you to specify the default local preference for routes sent to IBGP peers. To specify the default local preference: Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach.
  • Page 208 Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Enable the comparison of MED of routes from different Not enabled by default.
  • Page 209 To resolve this issue, configure the bestroute compare-med command on Router D. After that, Router D puts routes received from the same AS into a group. Router D then selects the route with the lowest MED from the same group, and compares routes from different groups. The following output is the BGP routing table on Router D after the comparison of MED of routes from each AS is enabled.

  • Page 210: Configuring The Next_Hop Attribute

    Configuring the NEXT_HOP attribute By default, when advertising routes to an IBGP peer or peer group, a BGP router does not set itself as the next hop. However, to ensure a BGP peer can find the correct next hop in some cases, you need to configure the router as the next hop for routes sent to the peer.

  • Page 211: Configuring The As_Path Attribute

    Step Command Remarks Optional. By default, the router sets it as the Specify the router as the next hop for routes sent to an peer { group-name | ip-address } next hop of routes sent to a EBGP peer or peer group, but next-hop-local peer or peer group.
  • Page 212 Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Optional. Disable BGP from By default, BGP considers considering AS_PATH bestroute as-path-neglect AS_PATH during best route during best route selection.
  • Page 213 As shown in the above figure, CE 1 and CE 2 use the same AS number of 800. If AS number substitution for CE 2 is configured on PE 2, and PE 2 receives a BGP update sent from CE 1, PE 2 replaces AS number 800 as its own AS number 100.

  • Page 214: Tuning And Optimizing Bgp Networks

    For some network applications, a BGP router does not add its own AS number to the AS_PATH attribute. In this case, you must configure the ignore-first-as command on the EBGP peer to ignore the first AS number of EBGP route updates. To ignore the first AS number of EBGP route updates: Step Command...

  • Page 215: Configuring The Interval For Sending The Same Update

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or BGP-VPN Use either approach. a. bgp as-number instance view. b. ipv4-family vpn-instance vpn-instance-name • Configure the global Optional. keepalive interval and By default, the keepalive holdtime: interval is 60 seconds, and timer keepalive keepalive...

  • Page 216: Allowing Establishment Of Ebgp Session To An Indirectly Connected Peer Or Peer Group

    Allowing establishment of EBGP session to an indirectly connected peer or peer group Direct physical links must be available between EBGP peers. If not, use the peer ebgp-max-hop command to establish an EBGP session over multiple hops between two peers. To allow establishment of EBGP session to an indirectly connected peer or peer group: Step Command...

  • Page 217: Enabling 4-Byte As Number Suppression

    Step Command Remarks Optional. By default, standard BGP ORF Enable the non-standard peer { group-name | ip-address } capability defined in RFC 5291 ORF capability for a BGP and RFC 5292 is supported. capability-advertise orf peer or peer group. non-standard If the peer supports only non-standard ORF, you need to configure this command.

  • Page 218: Setting The Dscp Value For Bgp Packets

    Step Command Remarks peer { group-name | ip-address } Enable 4-byte AS number Disabled by default. capability-advertise suppression. suppress-4-byte-as Setting the DSCP value for BGP packets Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach.

  • Page 219: Configuring Bgp Load Balancing

    • Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections. • Perform MD5 calculation on TCP packets to avoid modification to the encapsulated BGP packets. To enable MD5 authentication for BGP peers: Step Command Remarks...

  • Page 220: Configuring Bgp Soft-Reset

    Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Forbid session peer { group-name | ip-address } establishment with a peer or Not forbidden by default.

  • Page 221: Configuring A Large Scale Bgp Network

    Configuring manual soft-reset If a BGP peer does not support route-refresh, you must save updates from the peer on the local router by using the peer keep-all-routes command, and use the refresh bgp command to refresh the BGP routing table. If the BGP peer does not support route-refresh and the peer keep-all-routes command is not configured on the local end, you must decide whether to manually disconnect the session with the peer to learn routes again according to the impact of the new policy.

  • Page 222: Configuring Bgp Community

    Configuring BGP community By default, a router does not send the community or extended community attribute to its peers or peer groups. When the router receives a route carrying the community or extended community attribute, it removes the attribute before advertising the route to its peers or peer groups. This task allows you to enable a router to advertise the community or extended community attribute to its peers, so that you can implement route filtering and control.

  • Page 223: Configuring A Bgp Confederation

    Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either approach. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Not configured by default. The peer reflect-client command can be configured in both BGP view and BGP-VPNv4 subaddress family view.

  • Page 224: Configuring Bgp Gr

    A confederation contains a maximum of 32 sub-ASs. The AS number of a sub-AS is effective only in the confederation. To configure a BGP confederation: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Configure a confederation Not configured by default.

  • Page 225: Enabling Trap

    with the BGP routes already learned to complete BGP routing convergence. The GR Helper then removes the state routes. When you configure BGP GR, follow these guidelines: • GR Restarter sends the maximum time allowed for the peer to reestablish a BGP session to the GR Helper in an Open message.

  • Page 226: Configuring Bfd For Bgp

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enable the logging of Optional. session state changes log-peer-change Enabled by default. globally. Enter BGP-VPN instance ipv4-family vpn-instance Optional. view. vpn-instance-name Enable the logging of Optional. peer { group-name | ip-address } session state changes for a log-change Enabled by default.
  • Page 227 Task Command Remarks display bgp group [ group-name ] [ | { begin | Available in Display peer group information. exclude | include } regular-expression ] any view. Display advertised BGP routing display bgp network [ | { begin | exclude | Available in information.

  • Page 228: Resetting Bgp Session

    Task Command Remarks display router id [ | { begin | exclude | include } Available in Display the global router ID. regular-expression ] any view. Resetting BGP session Task Command Remarks reset bgp { as-number | ip-address | Reset the specified BGP all | external | group group-name | Available in user view.

  • Page 229: Loopback Interfaces

    Configure IBGP: To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections. Because loopback interfaces are virtual interfaces, use the peer connect-interface command to specify the loopback interface as the source interface for establishing BGP connections.
  • Page 230 To enable Switch C to access the network 8.1.1.0/24 connected directly to Switch A, inject network 8.1.1.0/24 to the BGP routing table of Switch A. # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 3.1.1.1 as-number 65009 [SwitchA-bgp] network 8.1.1.1 24 [SwitchA-bgp] quit # Configure Switch B.
  • Page 231 Network NextHop LocPrf PrefVal Path/Ogn *> 8.1.1.0/24 3.1.1.2 65008i # Display the BGP routing table on Switch C. [SwitchC] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...

  • Page 232: Bgp And Igp Synchronization Configuration Example

    Total Number of Routes: 4 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
  • Page 233 Enable OSPF in AS 65009, so Switch B can obtain the route to 9.1.2.0/24. # Configure Switch B. <SwitchB> system-view [SwitchB] ospf 1 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit # Configure Switch C. <SwitchC>...
  • Page 234 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf PrefVal Path/Ogn *>...

  • Page 235: Bgp Load Balancing Configuration Example

    --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms BGP load balancing configuration example Network requirements As shown in Figure 73, all switches run BGP. Switch A resides in AS 65008, Switch B and Switch C in AS 65009.
  • Page 236 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 3.1.1.2 as-number 65008 [SwitchB-bgp] peer 3.3.3.3 as-number 65009 [SwitchB-bgp] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp] network 9.1.1.0 255.255.255.0 [SwitchB-bgp] quit [SwitchB] ip route-static 3.3.3.3 32 9.1.1.2 # Configure Switch C.

  • Page 237: Bgp Route Summarization Configuration Example

    # Display the BGP routing table on Switch A. [SwitchA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network...

  • Page 238: Ospf Routes

    <SwitchA> system-view [SwitchA] ip route-static 0.0.0.0 0 192.168.212.1 # Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Switch B. <SwitchB> system-view [SwitchB] ip route-static 192.168.64.0 24 192.168.212.161 [SwitchB] ip route-static 192.168.74.0 24 192.168.212.161 [SwitchB] ip route-static 192.168.99.0 24 192.168.212.161 Configure OSPF between Switch B and Switch C and configure OSPF on Switch B to redistribute static routes:...
  • Page 239 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] peer 10.220.2.217 as-number 64631 [SwitchC-bgp] import-route ospf # Enable BGP, and configure Switch C as an EBGP peer on Switch D. [SwitchD] bgp 64631 [SwitchD-bgp] router-id 4.4.4.4 [SwitchD-bgp] peer 10.220.2.16 as-number 65106 [SwitchD-bgp] quit # Display IP routing table on Switch D. [SwitchD] display ip routing-table Routing Tables: Public Destinations : 8...

  • Page 240: Bgp Community Configuration Example

    192.168.64.0/24 O_ASE 172.17.100.1 Vlan100 192.168.74.0/24 O_ASE 172.17.100.1 Vlan100 192.168.99.0/24 O_ASE 172.17.100.1 Vlan100 The output shows that Switch C has a summary route 192.168.64.0/18 with the output interface Null0. # Display IP routing table on Switch D. [SwitchD] display ip routing-table Routing Tables: Public Destinations : 6 Routes : 6...
  • Page 241 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 200.1.2.2 as-number 20 [SwitchA-bgp] network 9.1.1.0 255.255.255.0 [SwitchA-bgp] quit # Configure Switch B. <SwitchB> system-view [SwitchB] bgp 20 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] peer 200.1.2.1 as-number 10 [SwitchB-bgp] peer 200.1.3.2 as-number 30 [SwitchB-bgp] quit # Configure Switch C. <SwitchC>...

  • Page 242: Bgp Route Reflector Configuration Example

    # Configure a routing policy. [SwitchA] route-policy comm_policy permit node 0 [SwitchA-route-policy] apply community no-export [SwitchA-route-policy] quit # Apply the routing policy. [SwitchA] bgp 10 [SwitchA-bgp] peer 200.1.2.2 route-policy comm_policy export [SwitchA-bgp] peer 200.1.2.2 advertise-community # Display the routing table on Switch B. [SwitchB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 20...
  • Page 243 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure BGP connections: # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] peer 192.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table. [SwitchA-bgp] network 1.0.0.0 [SwitchA-bgp] quit # Configure Switch B.

  • Page 244: Bgp Confederation Configuration Example

    Network NextHop LocPrf PrefVal Path/Ogn *> 1.0.0.0 192.1.1.1 100i # Display the BGP routing table on Switch D. [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
  • Page 245 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure BGP confederation: # Configure Switch A. <SwitchA> system-view [SwitchA] bgp 65001 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] confederation id 200 [SwitchA-bgp] confederation peer-as 65002 65003 [SwitchA-bgp] peer 10.1.1.2 as-number 65002 [SwitchA-bgp] peer 10.1.1.2 next-hop-local [SwitchA-bgp] peer 10.1.2.2 as-number 65003 [SwitchA-bgp] peer 10.1.2.2 next-hop-local [SwitchA-bgp] quit...
  • Page 246 <SwitchE> system-view [SwitchE] bgp 65001 [SwitchE-bgp] router-id 5.5.5.5 [SwitchE-bgp] confederation id 200 [SwitchE-bgp] peer 10.1.4.1 as-number 65001 [SwitchE-bgp] peer 10.1.5.1 as-number 65001 [SwitchE-bgp] quit Configure the EBGP connection between AS 100 and AS 200: # Configure Switch A. [SwitchA] bgp 65001 [SwitchA-bgp] peer 200.1.1.2 as-number 100 [SwitchA-bgp] quit # Configure Switch F.

  • Page 247: Bgp Path Selection Configuration Example

    [SwitchD] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 4.4.4.4 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop...
  • Page 248 Figure 78 Network diagram Device Interface IP address Device Interface IP address Switch A Vlan-int101 1.0.0.0/8 Switch D Vlan-int400 195.1.1.1/24 Vlan-int100 192.1.1.1/24 Vlan-int300 194.1.1.1/24 Vlan-int200 193.1.1.1/24 Switch C Vlan-int400 195.1.1.2/24 Switch B Vlan-int100 192.1.1.2/24 Vlan-int200 193.1.1.2/24 Vlan-int300 194.1.1.2/24 Configuration procedure Configure IP addresses for interfaces.
  • Page 249 <SwitchA> system-view [SwitchA] bgp 100 [SwitchA-bgp] peer 192.1.1.2 as-number 200 [SwitchA-bgp] peer 193.1.1.2 as-number 200 # Inject network 1.0.0.0/8 to the BGP routing table on Switch A. [SwitchA-bgp] network 1.0.0.0 8 [SwitchA-bgp] quit # Configure Switch B. [SwitchB] bgp 200 [SwitchB-bgp] peer 192.1.1.1 as-number 100 [SwitchB-bgp] peer 194.1.1.1 as-number 200 [SwitchB-bgp] quit...

  • Page 250: Bgp Gr Configuration Example

    Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
  • Page 251 Switch C over aggregated links. Enable GR for BGP so that the communication between Switch A and Switch C is not affected when a master/slave switchover occurs on Switch B. Figure 79 Network diagram Configuration procedure Configure Switch A: # Configure IP addresses for interfaces. (Details not shown.) # Configure the EBGP connection.

  • Page 252: Bfd For Bgp Configuration Example

    Ping Switch C on Switch A. Meanwhile, perform a master/slave switchover on Switch B. The ping operation is successful during the whole switchover process. BFD for BGP configuration example Network requirements As shown in Figure • Configure OSPF as the IGP in AS 200. •...
  • Page 253 [SwitchA-bgp] peer 2.0.2.2 next-hop-local # Configure Switch A to redistribute OSPF routes. [SwitchA-bgp] import-route ospf [SwitchA-bgp] quit # When the two links between Switch A and Switch C are both up, Switch C adopts the link Switch A<—>Switch B<—>Switch C to exchange packets with network 1.1.1.0/24. (Set a higher MED value for route 1.1.1.0/24 sent to peer 2.0.2.2 on Switch A.) Create ACL 2000 to permit 1.1.1.0/24 to pass.
  • Page 254 <SwitchE> system-view [SwitchE] bgp 100 [SwitchE-bgp] peer 30.1.1.1 as-number 200 # Configure Switch E to advertise route 1.1.1.0/24 through BGP. [SwitchE-bgp] network 1.1.1.0 24 [SwitchE-bgp] quit Configure BFD parameters (you can use default BFD parameters instead): # Configure Switch A. Configure active-mode on VLAN-interface 100.
  • Page 255 BGP local router ID : 1.1.1.1 Local AS number : 200 Total number of peers : 2 Peers in established state : 2 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 2.0.1.1 0 00:01:05 Established 3.0.1.1 0 00:01:34 Established The output shows that Switch C has established two BGP neighborships with Switch A. # Display route 1.1.1.0/24 on Switch C.

  • Page 256: Troubleshooting Bgp

    Preference: 150 Cost: 1 IpPrecedence: QosLcId: NextHop: 2.0.2.1 Interface: Vlan-interface201 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Inactive Adv Age: 00h14m10s Tag: 1 The output shows that Switch A and Switch C communicate through Switch B, and Switch C has two routes to reach network 1.1.1.0/24: Switch C<—>Switch B<—>Switch A, which is the active route;...
  • Page 257 If the peer is a non-direct EBGP peer, verify that the peer ebgp-max-hop command is configured. Verify that a valid route to the peer is available. Use the ping command to verify the connectivity to the peer. Use the display tcp status command to verify the TCP connection. Verify whether an ACL disabling TCP port 179 is configured.

  • Page 258: Configuring Ipv6 Static Routing

    Configuring IPv6 static routing Static routes are manually configured. If a network topology is simple, you only need to configure static routes for the network to work properly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator has to modify the static routes manually.

  • Page 259: Ipv6 Static Routing Configuration Example

    Task Command Remarks display ipv6 routing-table Display IPv6 static route protocol static [ inactive | Available in any view. information. verbose ] [ | { begin | exclude | include } regular-expression ] IPv6 static routing configuration example Network requirements As shown in Figure 81, configure IPv6 static routes so that hosts can reach one another.
  • Page 260 Destinations : 5 Routes : 5 Destination: :: Protocol : Static NextHop : 4::2 Preference: 60 Interface : Vlan-interface200 Cost Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : Direct NextHop : 1::1 Preference: 0 Interface...

  • Page 261: Configuring An Ipv6 Default Route

    Configuring an IPv6 default route An IPv6 default route is used to forward packets that match no entry in the routing table. An IPv6 default route can be configured in either of the following ways: • The network administrator can configure a default route with a destination prefix of ::/0. For more information, see "Configuring an IPv6 static route."...

  • Page 262: Configuring Ripng

    Configuring RIPng This chapter describes how to configure RIPng. Overview RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: • UDP port number—RIPng uses UDP port 521 for sending and receiving routing information. •...

  • Page 263: Ripng Packet Processing Procedure

    Figure 82 RIPng basic packet format Packet header description: • Command—Type of message. A value of 0x01 indicates Request, and a value of 0x02 indicates Response. • Version—Version of RIPng. It can only be 0x01. • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: •...

  • Page 264: Protocols And Standards

    The receiving RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix length both being 0 and with a metric value of 16, the RIPng router responds with the entire routing table information in response messages. If multiple RTEs exist in the request message, the RIPng router examines each RTE, update its metric, and send the requested routing information to the requesting router in the response packet.

  • Page 265: Configuration Prerequisites

    Configuration prerequisites Before you configure RIPng basic functions, complete the following tasks: • Enable IPv6 packet forwarding. • Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration procedure To configure the basic RIPng functions: Step Command Remarks...

  • Page 266: Configuring Ripng Route Summarization

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Specify an inbound ripng metricin value routing additional metric. 0 by default. Optional. Specify an outbound ripng metricout value routing additional metric. 1 by default. Configuring RIPng route summarization Step Command Enter system view.

  • Page 267: Configuring A Priority For Ripng

    Step Command Remarks filter-policy { acl6-number | Configure a filter policy By default, RIPng does not filter ipv6-prefix ipv6-prefix-name } export to filter outgoing routes. outgoing routing information. [ protocol [ process-id ] ] Configuring a priority for RIPng Routing protocols have their own protocol priorities used for optimal route selection. You can set a priority for RIPng manually.

  • Page 268: Configuring Ripng Timers

    Configuring RIPng timers You can adjust RIPng timers to optimize the performance of the RIPng network. When you adjust RIPng timers, consider the network performance, and perform unified configurations on routers running RIPng to avoid unnecessary network traffic or route oscillation. To configure RIPng timers: Step Command...

  • Page 269: Configuring Zero Field Check On Ripng Packets

    Step Command Remarks Enable the poison reverse Disabled by default. ripng poison-reverse function. Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called "zero fields." With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded.

  • Page 270: Displaying And Maintaining Ripng

    • Create an IPsec proposal. • Create an IPsec policy. For more information about IPsec policy configuration, see Security Configuration Guide. Configuration procedure To apply an IPsec policy in a process: Step Command Remarks Enter system view. system-view ripng [ process-id ] [ vpn-instance Enter RIPng view.

  • Page 271: Ripng Configuration Examples

    RIPng configuration examples Configure RIPng basic functions Network requirements As shown in Figure 85, all switches run RIPng. Configure Switch B to filter the route (3::/64) learned from Switch C, which means the route is not added to the routing table of Switch B, and Switch B does not forward it to Switch A.
  • Page 272 [SwitchC-Vlan-interface500] ripng 1 enable [SwitchC-Vlan-interface500] quit [SwitchC] interface vlan-interface 600 [SwitchC-Vlan-interface600] ripng 1 enable [SwitchC-Vlan-interface600] quit # Display the routing table of Switch B. [SwitchB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100...

  • Page 273: Configuring Ripng Route Redistribution

    Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Vlan-interface100 Dest 1::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Dest 2::/64, via FE80::20F:E2FF:FE23:82F5, cost 1, tag 0, A, 2 Sec Peer FE80::20F:E2FF:FE00:100 on Vlan-interface200 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost...
  • Page 274 [SwitchA-ripng-100] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 100 enable [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ripng 100 enable [SwitchA-Vlan-interface200] quit # Enable RIP 100 and RIP 200 on Switch B. <SwitchB> system-view [SwitchB] ripng 100 [SwitchB-ripng-100] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ripng 100 enable [SwitchB-Vlan-interface100] quit [SwitchB] ripng 200...
  • Page 275 Destination: 2::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Configure RIPng route redistribution: # Configure route redistribution between the two RIPng processes on Switch B. [SwitchB] ripng 100 [SwitchB-ripng-100] default cost 3 [SwitchB-ripng-100] import-route ripng 200...

  • Page 276: Configuring Ripng Ipsec Policies

    Interface : NULL0 Cost : 0d Configuring RIPng IPsec policies Network requirements As shown in the following figure, • Configure RIPng on the switches. • Configure IPsec policies on the switches to authenticate and encrypt protocol packets. Figure 87 Network diagram Vlan-int100 Vlan-int200 1::1/64...
  • Page 277 [SwitchA] ipsec transform-set tran1 [SwitchA-ipsec-transform-set-tran1] encapsulation-mode transport [SwitchA-ipsec-transform-set-tran1] transform esp [SwitchA-ipsec-transform-set-tran1] esp encryption-algorithm des [SwitchA-ipsec-transform-set-tran1] esp authentication-algorithm sha1 [SwitchA-ipsec-transform-set-tran1] quit [SwitchA] ipsec policy policy001 10 manual [SwitchA-ipsec-policy-manual-policy001-10] transform-set tran1 [SwitchA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [SwitchA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [SwitchA-ipsec-policy-manual-policy001-10] quit...
  • Page 278 # Configure Switch A. [SwitchA] ripng 1 [SwitchA-ripng-1] enable ipsec-policy policy001 [SwitchA-ripng-1] quit # Configure Switch B. [SwitchB] ripng 1 [SwitchB-ripng-1] enable ipsec-policy policy001 [SwitchB-ripng-1] quit # Configure Switch C. [SwitchC] ripng 1 [SwitchC-ripng-1] enable ipsec-policy policy001 [SwitchC-ripng-1] quit Verify the configuration: RIPng packets between Switches A, B and C are protected by IPsec.

  • Page 279: Configuring Ospfv3

    Configuring OSPFv3 This chapter describes how to configure OSPFv3. Overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6). OSPFv3 and OSPFv2 have the following similarities: • 32-bit router ID and area ID •...

  • Page 280: Timers

    • Router-LSA—Originated by all routers. This LSA describes the collected states of the router's interfaces to an area, and is flooded throughout a single area only. • Network-LSA—Originated for broadcast and NBMA networks by the Designated Router. This LSA contains the list of routers connected to the network, and is flooded throughout a single area only.

  • Page 281: Supported Features

    SPF timer Whenever the LSDB changes, an SPF calculation happens. If recalculations become frequent, a large amount of resources are occupied. You can adjust the SPF calculation interval and delay time to protect networks from being overloaded due to frequent changes. GR timer If a failure to establish adjacencies occurs during a GR, the device is in the GR process for a long time.

  • Page 282: Enabling Ospfv3

    Task Remarks Disabling interfaces from receiving and sending OSPFv3 Optional packets Enabling the logging of neighbor state changes Optional Configuring GR Restarter Optional Configuring OSPFv3 GR Configuring GR Helper Optional Configuring BFD for OSPFv3 Optional Applying IPsec policies for OSPFv3 Optional Enabling OSPFv3 Configuration prerequisites...

  • Page 283: Configuring Ospfv3 Area Parameters

    Configuring OSPFv3 area parameters The stub area and virtual link features of OSPFv3 are the same as OSPFv2. Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications. For those non-backbone areas residing on the AS boundary, configure them as stub areas to further reduce the size of routing tables and the number of LSAs.

  • Page 284: Configuring Ospfv3 Network Types

    IMPORTANT: • Both ends of a virtual link are ABRs that must be configured with the vlink-peer command. • Do not configure virtual links in the areas of a GR-capable process. To configure a virtual link: Step Command Enter system view. system-view Enter OSPFv3 view.

  • Page 285: Configuring An Nbma Or P2Mp Neighbor

    Configuring an NBMA or P2MP neighbor NBMA and P2MP interfaces (only when in unicast mode) cannot find neighbors through broadcasting hello packets. To resolve this, specify the link-local IP addresses of their neighbors. You can also specify DR priorities for neighbors. To configure an NBMA or P2MP (unicast) neighbor and its DR priority: Step Command...

  • Page 286: Configuring Ospfv3 Inbound Route Filtering

    Configuring route summarization on an ASBR Perform this task to enable an ASBR to summarize external routes within the specified address range into a single route. An ASBR can summarize routes in the following LSAs: • Type-5 LSAs. • Type-7 LSAs in an NSSA area. •...

  • Page 287: Configuring The Maximum Number Of Ospfv3 Ecmp Routes

    To configure an OSPFv3 cost for an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. The default cost depends on the interface Configure an OSPFv3 ospfv3 cost value type: 1 for a VLAN interface; 0 for a loopback cost for the interface.

  • Page 288: Configuring Ospfv3 Route Redistribution

    Configuring OSPFv3 route redistribution When you configure OSPFv3 route redistribution, follow these guidelines: • Executing the import-route or default-route-advertise command on a router makes it become an ASBR. • You can only inject and advertise a default route by using the default-route-advertise command.

  • Page 289: Configuration Prerequisites

    Configuration prerequisites Before you tune and optimize OSPFv3 networks, complete the following tasks: • Enable IPv6 packet forwarding. • Configure OSPFv3 basic functions. Configuring OSPFv3 timers Make sure that the dead interval set on neighboring interfaces is not too short; otherwise, a neighbor is easily considered down.

  • Page 290: Configuring A Dr Priority For An Interface

    Configuring a DR priority for an interface The DR priority of an interface determines the interface’s qualification in DR election. Interfaces having the priority 0 cannot become a DR or BDR. To configure a DR priority for an interface: Step Command Remarks Enter system view.

  • Page 291: Enabling The Logging Of Neighbor State Changes

    Enabling the logging of neighbor state changes Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Enable the logging of Enabled by default. log-peer-change neighbor state changes. Configuring OSPFv3 GR Graceful Restart ensures the continuity of packet forwarding when a routing protocol restarts or an active/standby switchover occurs: •...

  • Page 292: Configuring Bfd For Ospfv3

    Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Optional. Enable the GR graceful-restart helper enable Helper capability. Enabled by default. Optional. Enable strict LSA graceful-restart helper checking. strict-lsa-checking Disabled by default. Configuring BFD for OSPFv3 Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.
  • Page 293 • To implement interface-based IPsec protection, configure the same IPsec policy on the interfaces between two neighboring routers. • To implement virtual link-based IPsec protection, configure the same IPsec policy on the two routers connected over the virtual link. If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.

  • Page 294: Displaying And Maintaining Ospfv3

    Displaying and maintaining OSPFv3 Task Command Remarks Display OSPFv3 process brief display ospfv3 [ process-id ] [ | { begin | exclude | Available in information. include } regular-expression ] any view. Display summary route display ospfv3 [ process-id ] asbr-summary Available in information on the OSPFv3 ASBR.

  • Page 295: Ospfv3 Configuration Examples

    OSPFv3 configuration examples OSPFv3 area configuration example Network requirements Figure 89, all switches run OSPFv3. The AS is split into three areas, in which, Switch B and Switch C act as ABRs to forward routing information between areas. You are required to configure Area 2 as a stub area in order to reduce LSAs in the area without affecting route reachability.
  • Page 296 [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 1 [SwitchB-Vlan-interface200] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] ospfv3 [SwitchC-ospfv3-1] router-id 3.3.3.3 [SwitchC-ospfv3-1] quit [SwitchC] interface vlan-interface 100 [SwitchC-Vlan-interface100] ospfv3 1 area 0 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 400 [SwitchC-Vlan-interface400] ospfv3 1 area 2 [SwitchC-Vlan-interface400] quit # Configure Switch D.
  • Page 297 [SwitchD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, - Intra area route E2 - Type 2 external route, - Selected route OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1...

  • Page 298: Ospfv3 Dr Election Configuration Example

    *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 *Destination: 2001:2::/64 Type Cost NextHop : directly-connected Interface: Vlan400 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: Vlan400 Configure Area 2 as a totally stub area: # Configure Area 2 as a totally stub area on Switch C. [SwitchC-ospfv3-1-area-0.0.0.2] stub no-summary # Display OSPFv3 routing table information on Switch D.
  • Page 299 Figure 90 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 0 [SwitchA-Vlan-interface100] quit # Configure Switch B.
  • Page 300 [SwitchD-ospfv3-1] router-id 4.4.4.4 [SwitchD-ospfv3-1] quit [SwitchD] interface vlan-interface 200 [SwitchD-Vlan-interface200] ospfv3 1 area 0 [SwitchD-Vlan-interface200] quit # Display neighbor information on Switch A. The switches have the same default DR priority 1, so Switch D (the switch with the highest Router ID) is elected as the DR, and Switch C is the BDR.

  • Page 301: Ospfv3 Route Redistribution Configuration Example

    ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 1.1.1.1 Full/DROther 00:00:33 Vlan100 2.2.2.2 Full/DROther 00:00:36 Vlan200 3.3.3.3 Full/Backup 00:00:40 Vlan100 Restart DR and BDR election: # Use the shutdown and undo shutdown commands on interfaces to restart DR and BDR election.
  • Page 302 Configure OSPFv3 basic functions: # Enable OSPFv3 process 1 on Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 1 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ospfv3 1 area 2 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ospfv3 1 area 2 [SwitchA-Vlan-interface200] quit # Enable OSPFv3 process 1 and OSPFv3 process 2 on Switch B.
  • Page 303 Destination: 3::/64 Protocol : Direct NextHop : 3::2 Preference: 0 Interface : Vlan300 Cost Destination: 3::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 4::/64 Protocol : Direct NextHop : 4::1 Preference: 0 Interface : Vlan400 Cost Destination: 4::1/128 Protocol...

  • Page 304: Ospfv3 Gr Configuration Example

    Destination: 3::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 4::/64 Protocol : Direct NextHop : 4::1 Preference: 0 Interface : Vlan400 Cost Destination: 4::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: FE80::/10 Protocol...

  • Page 305: Bfd For Ospfv3 Configuration Example

    [SwitchA-Vlan-interface100] quit # Enable OSPFv3 on Switch B and set the router ID to 2.2.2.2. (By default, GR helper is enabled on Switch B.) <SwitchB> system-view [SwitchB] ipv6 [SwitchB] ospfv3 1 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ospfv3 1 area 1 [SwitchB-Vlan-interface100] quit # Enable OSPFv3 on Switch C and set the router ID to 3.3.3.3.
  • Page 306 Vlan-int11 2001:2::1/64 Vlan-int13 2001:3::2/64 Switch C Vlan-int11 2001:2::2/64 Vlan-int13 2001:3::1/64 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Switch A. Enable OSPFv3 and configure the router ID as 1.1.1.1. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] ospfv3 [SwitchA-ospfv3-1] router-id 1.1.1.1 [SwitchA-ospfv3-1] quit...
  • Page 307 [SwitchA-Vlan-interface10] ospfv3 bfd enable [SwitchA-Vlan-interface10] bfd min-transmit-interval 500 [SwitchA-Vlan-interface10] bfd min-receive-interval 500 [SwitchA-Vlan-interface10] bfd detect-multiplier 7 [SwitchA-Vlan-interface10] return # Enable BFD on Switch B and configure BFD parameters. [SwitchB] bfd session init-mode active [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ospfv3 bfd enable [SwitchB-Vlan-interface10] bfd min-transmit-interval 500 [SwitchB-Vlan-interface10] bfd min-receive-interval 500 [SwitchB-Vlan-interface10] bfd detect-multiplier 6...

  • Page 308: Ospfv3 Ipsec Policies Configuration Example

    Routing Table : Summary Count : 1 Destination : 2001:4:: PrefixLength : 64 NextHop : 2001:2::2 Preference : 10 IpPrecedence : QosLcId RelayNextHop : :: : 0H Neighbor : :: ProcessID Interface : Vlan-interface11 Protocol : OSPFv3 State : Active Adv Cost Tunnel ID : 0x0...
  • Page 309 [SwitchB] ipv6 [SwitchB] ospfv3 1 [SwitchB-ospfv3-1] router-id 2.2.2.2 [SwitchB-ospfv3-1] quit [SwitchB] interface vlan-interface 100 [SwitchB-Vlan-interface100] ospfv3 1 area 0 [SwitchB-Vlan-interface100] quit [SwitchB] interface vlan-interface 200 [SwitchB-Vlan-interface200] ospfv3 1 area 1 [SwitchB-Vlan-interface200] quit # Configure Switch C: enable OSPFv3 and configure the router ID as 3.3.3.3. <SwitchC>...
  • Page 310 [SwitchB-ipsec-transform-set-tran1] transform esp [SwitchB-ipsec-transform-set-tran1] esp encryption-algorithm des [SwitchB-ipsec-transform-set-tran1] esp authentication-algorithm sha1 [SwitchB-ipsec-transform-set-tran1] quit [SwitchB] ipsec policy policy001 10 manual [SwitchB-ipsec-policy-manual-policy001-10] transform-set tran1 [SwitchB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [SwitchB-ipsec-policy-manual-policy001-10] quit [SwitchB] ipsec transform-set tran2...

  • Page 311: Troubleshooting Ospfv3 Configuration

    # Configure Switch B. [SwitchB] ospfv3 1 [SwitchB-ospfv3-1] area 0 [SwitchB-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002 [SwitchB-ospfv3-1-area-0.0.0.0] quit [SwitchB-ospfv3-1] area 1 [SwitchB-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001 [SwitchB-ospfv3-1-area-0.0.0.1] quit [SwitchB-ospfv3-1] quit # Configure Switch C. [SwitchC] ospfv3 1 [SwitchC-ospfv3-1] area 0 [SwitchC-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002 [SwitchC-ospfv3-1-area-0.0.0.0] quit [SwitchC-ospfv3-1] quit Verify the configuration:...
  • Page 312 In a stub area, all routers cannot receive external routes, and interfaces connected to the stub area must be associated with the stub area. Solution Use the display ospfv3 peer command to display OSPFv3 neighbors. Use the display ospfv3 interface command to display OSPFv3 interface information. Use the display ospfv3 lsdb command to display LSDB information to check integrity.

  • Page 313: Configuring Ipv6 Is-Is

    Configuring IPv6 IS-IS This chapter describes how to configure IPv6 IS-IS, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information. For information about IS-IS, see "Configuring IS-IS." Overview Intermediate System-to-Intermediate System (IS-IS) supports multiple network protocols, including IPv6.

  • Page 314: Configuring Ipv6 Is-Is Route Control

    Optional. Configure the maximum The default setting is 8192 number of redistributed ipv6 import-route limit number for the HPE 5800 Switch Level 1/Level 2 IPv6 Series and is 6144 for the routes. HPE 5820X Switch Series. ipv6 filter-policy { acl6-number | Configure the filtering of Optional.

  • Page 315: Configuring Bfd For Ipv6 Is-Is

    NOTE: The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement.

  • Page 316: Displaying And Maintaining Ipv6 Is-Is

    Figure 95 Network diagram Router A Router B IPv6 IPv6 IPv6 IPv4 IPv6 IPv4 IPv4 IPv4 Router C Router D Figure 95, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6. Router C supports only IPv4 and cannot forward IPv6 packets. Enable IPv6 IS-IS MTR on Router A, Router B, Router C, and Router D to make them perform route calculation separately in IPv4 and IPv6 topologies.

  • Page 317: Ipv6 Is-Is Configuration Examples

    Task Command Remarks display isis interface [ statistics | [ interface-type interface-number ] Display IS-IS enabled interface [ verbose ] ] [ process-id | vpn-instance Available in any view. information. vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ [ lsp-id lsp-id | lsp-name lspname | local ] | verbose ] * ] *...
  • Page 318 Figure 96 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure IPv6 IS-IS: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] isis 1 [SwitchA-isis-1] is-level level-1 [SwitchA-isis-1] network-entity 10.0000.0000.0001.00 [SwitchA-isis-1] ipv6 enable [SwitchA-isis-1] quit [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] isis ipv6 enable 1 [SwitchA-Vlan-interface100] quit # Configure Switch B.
  • Page 319 [SwitchC-Vlan-interface100] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis ipv6 enable 1 [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 300 [SwitchC-Vlan-interface300] isis ipv6 enable 1 [SwitchC-Vlan-interface300] quit # Configure Switch D. <SwitchD> system-view [SwitchD] ipv6 [SwitchD] isis 1 [SwitchD-isis-1] is-level level-2 [SwitchD-isis-1] network-entity 20.0000.0000.0004.00 [SwitchD-isis-1] ipv6 enable [SwitchD-isis-1] quit [SwitchD] interface vlan-interface 300...
  • Page 320 [SwitchB] display isis route ipv6 Route information for ISIS(1) ----------------------------- ISIS(1) IPv6 Level-1 Forwarding Table ------------------------------------- Destination: :: PrefixLen: 0 Flag : R/-/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4 Interface: Vlan200 Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4...
  • Page 321 ------------------------------------- Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan100 Destination: 2001:2:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: Vlan200 Destination: 2001:3:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop...

  • Page 322: Bfd For Ipv6 Is-Is Configuration Example

    BFD for IPv6 IS-IS configuration example Network requirements • As shown in Figure 97, configure IPv6 IS-IS on Switch A, Switch B, and Switch C and configure BFD over the link Switch A<—>L2 Switch<—>Switch B. • When the link between Switch B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure.
  • Page 323 [SwitchB-isis-1] network-entity 10.0000.0000.0002.00 [SwitchB-isis-1] ipv6 enable [SwitchB-isis-1] quit [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] isis ipv6 enable 1 [SwitchB-Vlan-interface10] quit [SwitchB] interface vlan-interface 13 [SwitchB-Vlan-interface13] isis ipv6 enable 1 [SwitchB-Vlan-interface13] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] isis 1 [SwitchC-isis-1] network-entity 10.0000.0000.0003.00 [SwitchC-isis-1] ipv6 enable [SwitchC-isis-1] quit...

  • Page 324: Ipv6 Is-Is Mtr Configuration Example

    Destination IP: FE80::20F:FF:FE00:1200 (link-local address of VLAN-interface 10 on Switch B) Session State: Up Interface: Vlan10 Hold Time: # Display routes destined for 2001:4::0/64 on Switch A. <SwitchA> display ipv6 routing-table 2001:4::0 64 verbose Routing Table : Summary Count : 1 Destination : 2001:4::0 PrefixLength : 64...
  • Page 325 Figure 98 Network diagram Configuration procedure Configure IPv4 and IPv6 addresses and subnet masks for each interface on the switches. (Details not shown.) Configure IS-IS on the switches to make sure Switch A, Switch B, Switch C, and Switch D can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS.
  • Page 326 Destination: 44::1 PrefixLen: 128 Flag : R/L/- Cost : 36 Next Hop : FE80::200:5EFF:FE00:F11 Interface: Vlan14 Destination: 14:: PrefixLen: 64 Flag : D/L/- Cost : 36 Next Hop : Direct Interface: Vlan14 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 12::...

  • Page 327: Configuring Ipv6 Bgp

    Configuring IPv6 BGP This chapter describes only configuration for IPv6 BGP. For BGP-related information, see "Configuring BGP." Overview BGP-4 can only carry IPv4 routing information. To support multiple network layer protocols, IETF extended BGP-4 by introducing Multiprotocol Extensions for BGP-4 (MP-BGP). BGP extensions that focus on IPv6 address families are called IPv6 BGP.

  • Page 328: Configuring Ipv6 Bgp Basic Functions

    Task Remarks Configuring inbound route filtering Optional Configuring IPv6 BGP and IGP route Optional synchronization Configuring route dampening Optional Configuring IPv6 BGP preference and default Optional LOCAL_PREF and NEXT_HOP attributes Configuring IPv6 BGP route attributes Configuring the MED attribute Optional Configuring the AS_PATH attribute Optional Configuring IPv6 BGP timers...

  • Page 329: Injecting A Local Ipv6 Route

    Step Command Remarks Optional. Specify a router ID. router-id router-id Required, if no IP addresses are configured for any interfaces. Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ] instance view. peer ipv6-address as-number Specify an IPv6 peer. as-number Injecting a local IPv6 route Step...

  • Page 330: Specifying The Source Interface For Establishing Tcp Connections

    Specifying the source interface for establishing TCP connections IPv6 BGP uses TCP as the transport layer protocol. By default, IPv6 BGP uses the output interface of the optimal route to a peer or peer group as the source interface for establishing TCP connections to the peer or peer group.

  • Page 331: Configuring A Description For An Ipv6 Peer Or Peer Group

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family view. ipv6-family Allow the establishment of EBGP peer { ipv6-group-name | Not configured by connection to an indirectly connected ipv6-address } ebgp-max-hop default. peer or peer group. [ hop-count ] Configuring a description for an IPv6 peer or peer group Create the peer group before configuring a description for it.

  • Page 332: Controlling Route Distribution And Reception

    Step Command Remarks Optional. Enabled by default. Enable logging of peer log-peer-change For information about this changes globally. command, see Layer 3—IP Routing Command Reference. Enter IPv6 address family ipv6-family view. Enable the state change Optional. peer { ipv6-group-name | logging for an IPv6 peer or ipv6-address } log-change Enabled by default.

  • Page 333: Advertising A Default Route To An Ipv6 Peer Or Peer Group

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address ipv6-family family view. aggregate ipv6-address prefix-length [ as-set | attribute-policy route-policy-name | Configure manual Not configured by detail-suppressed | origin-policy route summarization. default. route-policy-name | suppress-policy route-policy-name ] * Advertising a default route to an IPv6 peer or peer group Step...

  • Page 334: Configuring Inbound Route Filtering

    Step Command Remarks Not specified by default. Specify an IPv6 ACL to filter peer { ipv6-group-name | ipv6-address } The IPv6 BGP-VPN routes advertised to an IPv6 filter-policy acl6-number export instance view does not peer or peer group. support this command. Not specified by default.

  • Page 335: Configuring Ipv6 Bgp And Igp Route Synchronization

    Step Command Remarks Optional. Specify the upper limit of peer { ipv6-group-name | prefixes allowed to receive Unlimited by default. ipv6-address } route-limit limit from an IPv6 peer or peer The IPv6 BGP-VPN instance view [ percentage ] group. does not support this command. Configuring IPv6 BGP and IGP route synchronization By default, upon receiving an IBGP route, an IPv6 BGP router checks the route's next hop.

  • Page 336: Configuration Prerequisites

    Configuration prerequisites Before you configure IPv6 BGP route attributes, complete the following tasks: • Enable IPv6 function. • Configure IPv6 BGP basic functions. Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes To ensure an IBGP peer can find the correct next hop, you can configure routes advertised to the IPv6 IBGP peer or peer group to use the local router as the next hop.

  • Page 337: Configuring The As_Path Attribute

    Step Command Remarks Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ] instance view. Optional. Configure a default MED default med med-value value. Defaults to 0. Optional. Enable the comparison of Not enabled by default. MED for routes from different compare-different-as-med EBGP peers.

  • Page 338: Tuning And Optimizing Ipv6 Bgp Networks

    Tuning and optimizing IPv6 BGP networks This section describes configurations of IPv6 BGP timers, IPv6 BGP connection soft reset, and the maximum number of load balanced routes. • IPv6 BGP timers After establishing an IPv6 BGP connection, two routers send keepalive messages periodically to each other to maintain the connection.

  • Page 339: Configuring Ipv6 Bgp Soft Reset

    Step Command Remarks Optional. Configure the interval for The interval for sending the sending the same update peer { ipv6-group-name | ipv6-address } same update to an IBGP to an IPv6 peer or peer route-update-interval interval peer or an EBGP peer group.

  • Page 340: Enabling The Ipv6 Bgp Orf Capability

    Enabling the IPv6 BGP ORF capability The BGP Outbound Route Filter (ORF) feature allows a BGP speaker to send its BGP peer a set of ORFs through route-refresh messages. The peer then applies the ORFs, in addition to its local routing policies (if any), to filter updates to the BGP speaker, reducing the number of exchanged update messages and saving network resources.

  • Page 341: Enabling 4-Byte As Number Suppression

    Enabling 4-byte AS number suppression When a device that supports 4-byte AS numbers sends an Open message for peer relationship establishment, the Optional parameters field of the message indicates that the AS number occupies four bytes—in the range of 1 to 4294967295. If the peer device does not support 4-byte AS numbers (for example, it supports only 2-byte AS numbers), the peer relationship cannot be established.

  • Page 342: Enabling Md5 Authentication For Tcp Connections

    Step Command Remarks Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ] instance view. Configure the maximum By default, no load balancing is balance number number of ECMP routes. enabled. Enabling MD5 authentication for TCP connections IPv6 BGP employs TCP as the transport protocol.

  • Page 343: Configuring A Large-Scale Ipv6 Bgp Network

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address ipv6-family family view. Apply an IPsec policy peer { group-name | ip-address } Not configured by default. to a peer or peer group. ipsec-policy policy-name Configuring a large-scale IPv6 BGP network In a large-scale IPv6 BGP network, configuration and maintenance become inconvenient because of too many peers.

  • Page 344: Configuring Ipv6 Bgp Community

    If a peer was added into an EBGP peer group, you cannot specify any AS number for the peer group. To configure a pure EBGP group: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view.

  • Page 345: Configuring An Ipv6 Bgp Route Reflector

    Step Command Remarks Advertise the COMMUNITY peer { ipv6-group-name | By default, no COMMUNITY attribute to an IPv6 peer or ipv6-address } attribute is advertised to any IPv6 peer group. peer or peer group. advertise-community Advertise the extended peer { ipv6-group-name | By default, no extended community attribute to an ipv6-address }...

  • Page 346: Configuring Bfd For Ipv6 Bgp

    Step Command Remarks Optional. Enable route reflection reflect between-clients between clients. Enabled by default. Optional. Configure the cluster ID of reflector cluster-id cluster-id By default, a route reflector uses the route reflector. its router ID as the cluster ID. Configuring BFD for IPv6 BGP IPv6 BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds.

  • Page 347: Resetting Ipv6 Bgp Connections

    Task Command Remarks display bgp ipv6 peer [ group-name log-info | Display IPv6 BGP peer or peer ipv4-address verbose | ipv6-address { log-info | Available in group information. verbose } | verbose ] [ | { begin | exclude | include } any view.

  • Page 348: Clearing Ipv6 Bgp Information

    Task Command Remarks Perform soft reset refresh bgp ipv6 { ipv4-address | ipv6-address | all | on IPv6 BGP external | group ipv6-group-name | internal } { export | Available in user view. connections. import } Reset IPv6 BGP reset bgp ipv6 { as-number | ipv4-address | ipv6-address Available in user view.
  • Page 349 [SwitchB] bgp 65009 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 9:1::2 as-number 65009 [SwitchB-bgp-af-ipv6] peer 9:3::2 as-number 65009 [SwitchB-bgp-af-ipv6] quit [SwitchB-bgp] quit # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] bgp 65009 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family [SwitchC-bgp-af-ipv6] peer 9:3::1 as-number 65009 [SwitchC-bgp-af-ipv6] peer 9:2::2 as-number 65009 [SwitchC-bgp-af-ipv6] quit [SwitchC-bgp] quit...

  • Page 350: Ipv6 Bgp Route Reflector Configuration Example

    Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 10::2 65008 0 00:01:16 Established 9:3::2 65009 0 00:00:40 Established 9:1::2 65009 0 00:00:19 Established # Display IPv6 peer information on Switch C. [SwitchC] display bgp ipv6 peer BGP local router ID : 3.3.3.3 Local AS number : 65009 Total number of peers : 2 Peers in established state : 2...

  • Page 351: Ipv6 Bgp Ipsec Policy Configuration Example

    [SwitchA-bgp-af-ipv6] network 1:: 64 #Configure Switch B. <SwitchB> system-view [SwitchB] ipv6 [SwitchB] bgp 200 [SwitchB-bgp] router-id 2.2.2.2 [SwitchB-bgp] ipv6-family [SwitchB-bgp-af-ipv6] peer 100::1 as-number 100 [SwitchB-bgp-af-ipv6] peer 101::1 as-number 200 [SwitchB-bgp-af-ipv6] peer 101::1 next-hop-local # Configure Switch C. <SwitchC> system-view [SwitchC] ipv6 [SwitchC] bgp 200 [SwitchC-bgp] router-id 3.3.3.3 [SwitchC-bgp] ipv6-family...
  • Page 352 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure the IBGP connection: # Configure Switch A. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] bgp 65008 [SwitchA-bgp] router-id 1.1.1.1 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] group ibgp internal [SwitchA-bgp-af-ipv6] peer 1::2 group ibgp [SwitchA-bgp-af-ipv6] quit [SwitchA-bgp] quit # Configure Switch B.
  • Page 353 [SwitchA] ipsec proposal tran1 [SwitchA-ipsec-proposal-tran1] encapsulation-mode transport [SwitchA-ipsec-proposal-tran1] transform esp [SwitchA-ipsec-proposal-tran1] esp encryption-algorithm des [SwitchA-ipsec-proposal-tran1] esp authentication-algorithm sha1 [SwitchA-ipsec-proposal-tran1] quit [SwitchA] ipsec policy policy001 10 manual [SwitchA-ipsec-policy-manual-policy001-10] proposal tran1 [SwitchA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [SwitchA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [SwitchA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [SwitchA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [SwitchA-ipsec-policy-manual-policy001-10] quit...
  • Page 354 # On Switch C, create an IPsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1. Create an IPsec policy named policy002, specify the manual mode for it, reference IPsec proposal tran2, set the SPIs of the inbound and outbound SAs to 54321, and the keys for the inbound and outbound SAs using ESP to gfedcba.
  • Page 355 Type: IBGP link BGP version 4, remote router ID 1.1.1.1 BGP current state: Established, Up for 00h01m51s BGP current event: RecvKeepalive BGP last state: OpenConfirm Port: Local – 1029 Remote - 179 Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec Received : Active Hold Time: 180 sec...

  • Page 356: Bfd For Ipv6 Bgp Configuration Example

    ORF advertise capability based on prefix (type 64): Local: both Negotiated: send Peer Preferred Value: 0 IPsec policy name: policy002, SPI :54321 Routing policy configured: No routing policy is configured The output shows that both IBGP and EBGP neighbor relationships have been established and all protocol packets are protected by IPsec.
  • Page 357 <SwitchA> system-view [SwitchA] bgp 200 [SwitchA-bgp] ipv6-family [SwitchA-bgp-af-ipv6] peer 3001::3 as-number 200 [SwitchA-bgp-af-ipv6] peer 2001::3 as-number 200 [SwitchA-bgp-af-ipv6] quit # When the two links between Switch A and Switch C are both up, Switch C adopts the link Switch A<—>Switch B<—>Switch C to exchange packets with network 1200::0/64. (Set a higher MED value for route 1200::0/64 sent to peer 2001::3 on Switch A.) Create IPv6 ACL 2000 to permit 1200::0/64 to pass.
  • Page 358 Configure the minimum interval for transmitting BFD control packets as 500 milliseconds. [SwitchA-Vlan-interface100] bfd min-transmit-interval 500 Configure the minimum interval for receiving BFD control packets as 500 milliseconds. [SwitchA-Vlan-interface100] bfd min-receive-interval 500 Configure the detect multiplier as 7. [SwitchA-Vlan-interface100] bfd detect-multiplier 7 [SwitchA-Vlan-interface100] quit # Configure Switch C.
  • Page 359 # Display route 1200::0/64 on Switch C. <SwitchC> display ipv6 routing-table 1200::0 64 verbose Routing Table : Summary Count : 2 Destination : 1200:: PrefixLength : 64 NextHop : 3000::1 Preference : 255 RelayNextHop : 3001::2 : 0H Neighbor : 3000::1 ProcessID Interface : Vlan-interface101...

  • Page 360: Troubleshooting Ipv6 Bgp Configuration

    Troubleshooting IPv6 BGP configuration IPv6 BGP peer relationship not established Symptom Display BGP peer information by using the display bgp ipv6 peer command. The state of the connection to the peer cannot become established. Analysis To become IPv6 BGP peers, any two routers must establish a TCP session using port 179 and exchange open messages successfully.

  • Page 361: Configuring Routing Policies

    Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: Configure filters based on route attributes, such as destination address and the advertising router's address.

  • Page 362: Configuring Filters

    Routing policy A routing policy can comprise multiple nodes, which are in a logical OR relationship. A node with a smaller number is matched first. A route that matches one node matches the routing policy. A node can comprise a set of if-match, apply, and continue clauses. •...

  • Page 363: Configuring An As Path List

    Step Command Remarks Enter system view. system-view ip ipv6-prefix ipv6-prefix-name [ index Configure an IPv6 index-number ] { deny | permit } ipv6-address Not configured by prefix list. prefix-length [ greater-equal min-prefix-length ] default. [ less-equal max-prefix-length ] If all items are set to deny mode, no routes can pass the IPv6 prefix list. Configure the permit :: 0 less-equal 128 item following multiple deny items to allow other IPv6 routing information to pass.

  • Page 364: Configuring An Extended Community List

    Configuring an extended community list You can configure multiple items for an extended community list that is identified by number. The relationship between items is logic OR. A route that matches one item matches the extended community list. To configure an extended community list: Step Command Remarks...
  • Page 365 • You can specify no or multiple if-match clauses for a routing policy node. If no if-match clause is specified for a permit-mode node, all routing information can pass the node. If no if-match clause is specified for a deny-mode node, no routing information can pass the node. •...

  • Page 366: Configuring Apply Clauses

    Step Command Remarks if-match route-type { external-type1 | external-type1or2 | external-type2 | Optional. 11. Match routing information having the internal | is-is-level-1 | is-is-level-2 | Not configured by specified route type. nssa-external-type1 | default. nssa-external-type1or2 | nssa-external-type2 } * Optional. 12.

  • Page 367: Configuring A Continue Clause

    Step Command Remarks • Set the next hop for IPv4 Optional. routes: Not set by default. apply ip-address next-hop The apply ip-address ip-address Set the next hop. next-hop and apply ipv6 • Set the next hop for IPv6 next-hop commands do not routes: apply to redistributed IPv4 and apply ipv6 next-hop...

  • Page 368: Displaying And Maintaining The Routing Policy

    Step Command Remarks Optional. Not configured by default. Specify the next node to be continue [ node-number ] matched. The specified next node must have a larger number than the current node. Displaying and maintaining the routing policy Task Command Remarks Display BGP AS path list display ip as-path [ as-path-number ] [ | { begin |...
  • Page 369 Figure 103 Network diagram Configuration procedure Specify IP addresses for interfaces. (Details not shown.) Configure IS-IS: # Configure Switch C. <SwitchC> system-view [SwitchC] isis [SwitchC-isis-1] is-level level-2 [SwitchC-isis-1] network-entity 10.0000.0000.0001.00 [SwitchC-isis-1] quit [SwitchC] interface vlan-interface 200 [SwitchC-Vlan-interface200] isis enable [SwitchC-Vlan-interface200] quit [SwitchC] interface vlan-interface 201 [SwitchC-Vlan-interface201] isis enable [SwitchC-Vlan-interface201] quit...
  • Page 370 [SwitchA] ospf [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit # On Switch B, configure OSPF and enable route redistribution from IS-IS. [SwitchB] ospf [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] import-route isis 1 [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A to view redistributed routes.

  • Page 371: Applying A Routing Policy To Ipv6 Route Redistribution

    [SwitchB-route-policy] quit Apply the routing policy to route redistribution: # On Switch B, apply the routing policy when redistributing routes. [SwitchB] ospf [SwitchB-ospf-1] import-route isis 1 route-policy isis2ospf [SwitchB-ospf-1] quit # Display the OSPF routing table on Switch A. The cost of route 172.17.1.0/24 is 100, and the tag of route 172.17.1.0/24 is 20.
  • Page 372 [SwitchA-Vlan-interface100] ipv6 address 10::1 32 [SwitchA-Vlan-interface100] quit [SwitchA] interface vlan-interface 200 [SwitchA-Vlan-interface200] ipv6 address 11::1 32 [SwitchA-Vlan-interface200] quit # Enable RIPng on VLAN-interface 100. [SwitchA] interface vlan-interface 100 [SwitchA-Vlan-interface100] ripng 1 enable [SwitchA-Vlan-interface100] quit # Configure three static routes with next hop 11::2, and make sure that the static routes are active.

  • Page 373: Applying A Routing Policy To Filter Received Bgp Routes

    Applying a routing policy to filter received BGP routes Network requirements All switches in Figure 105 run BGP. Switch C establishes EBGP connections with other switches. Configure a routing policy on Switch D to reject routes from AS 200. Figure 105 Network diagram Configuration procedure Configure IP addresses for the interfaces.
  • Page 374 [SwitchD-bgp] quit # On Switch A, inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 to BGP. [SwitchA-bgp] network 4.4.4.4 24 [SwitchA-bgp] network 5.5.5.5 24 [SwitchA-bgp] network 6.6.6.6 24 # On Switch B, inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 to BGP. [SwitchB-bgp] network 7.7.7.7 24 [SwitchB-bgp] network 8.8.8.8 24 [SwitchB-bgp] network 9.9.9.9 24 # Display the BGP routing table information of Switch D.

  • Page 375: Troubleshooting Routing Policy Configuration

    BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...

  • Page 376: Configuring Policy-Based Routing

    Configuring policy-based routing Overview Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address and other criteria. A device uses PBR to forward matching packets and uses the routing table to forward other packets. If PBR is not configured, a device uses the routing table to forward packets.

  • Page 377: Qos Mode

    A policy matches nodes in priority order against packets. If a packet satisfies the match criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.

  • Page 378: Configuring A Policy

    Task Remarks Configuring actions for a node Configuring local PBR Required. Configuring PBR Perform one of the tasks. Configuring interface PBR Configuring track-PBR collaboration Optional. Configuring a policy Creating a node Step Command Enter system view. system-view Create a node for a policy and enter policy policy-based-route policy-name [ deny | permit ] node node view.

  • Page 379: Configuring Pbr

    Step Command Remarks apply ip-address next-hop [ vpn-instance Optional. vpn-instance-name ] ip-address Set next hops. [ direct ] [ track You can specify up to two next track-entry-number ] [ ip-address hops to achieve load sharing. [ direct ] [ track track-entry-number ] ] apply ip-address default Optional.

  • Page 380: Configuring Pbr (Using A Qos Policy)

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Apply a policy on the ip policy-based-route Not applied by default. interface. policy-name Configuring track-PBR collaboration Associated with a Track object, PBR can sense topology changes faster. You can associate PBR with a track entry when configuring the next hop and default next hop to dynamically determine link reachability.

  • Page 381: Applying The Qos Policy

    Applying the QoS policy When configuring PBR, you can apply a QoS policy to the following occasions: • Applied globally—Affects the traffic sent or received on all ports. • Applied to an interface—Affects the traffic sent or received on the interface. •...

  • Page 382: Pbr Configuration (Using A Qos Policy)

    Task Command Remarks display policy-based-route Display PBR configuration for a [ policy-name ] [ | { begin | exclude | Available in any view. policy. include } regular-expression ] Display information about local display ip policy-based-route [ | { begin Available in any view.

  • Page 383: Interface Pbr Configuration Example (Based On Packet Type)

    Configuration procedure Configure Switch A: # Configure ACL 3101 to match TCP packets. <SwitchA> system-view [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule permit tcp [SwitchA-acl-adv-3101] quit # Configure Node 5 for policy aaa to forward TCP packets via Vlan-int 10. [SwitchA] policy-based-route aaa permit node 5 [SwitchA-pbr-aaa-5] if-match acl 3101 [SwitchA-pbr-aaa-5] apply ip-address next-hop 1.1.2.2 [SwitchA-pbr-aaa-5] quit...
  • Page 384 Figure 107 Network diagram Configuration procedure Configure Switch A: # Configure ACL 3101 to match TCP packets. <SwitchA> system-view [SwitchA] acl number 3101 [SwitchA-acl-adv-3101] rule permit tcp [SwitchA-acl-adv-3101] quit # Configure Node 5 for policy aaa to forward TCP packets via VLAN-interface 10. [SwitchA] policy-based-route aaa permit node 5 [SwitchA-pbr-aaa-5] if-match acl 3101 [SwitchA-pbr-aaa-5] apply ip-address next-hop 1.1.2.2...

  • Page 385: Ipv4 Pbr Configuration Example (Using A Qos Policy)

    # Configure the IP address of VLAN-interface 10. [SwitchB] interface vlan-interface 10 [SwitchB-Vlan-interface10] ip address 1.1.2.2 255.255.255.0 Configure Switch C: # Configure a static route to subnet 10.110.0.0/24. <SwitchC> system-view [SwitchC] ip route-static 10.110.0.0 24 1.1.3.1 # Configure the IP address of VLAN-interface 20. [SwitchC] interface vlan-interface 20 [SwitchC-Vlan-interface20] ip address 1.1.3.2 255.255.255.0 Verify the configuration:...

  • Page 386: Ipv6 Pbr Configuration Example (Using A Qos Policy)

    # Configure the action of redirecting traffic to the next hop 202.1.1.2 for behavior a. [SwitchA] traffic behavior a [SwitchA-behavior-a] redirect next-hop 202.1.1.2 [SwitchA-behavior-a] quit # Associate class a with behavior a in QoS policy a. [SwitchA] qos policy a [SwitchA-qospolicy-a] classifier a behavior a [SwitchA-qospolicy-a] quit # Apply QoS policy a to the inbound direction of GigabitEthernet 1/0/1.

  • Page 387: Verifying The Configuration

    # Associate class a with behavior a in QoS policy a. [SwitchA] qos policy a [SwitchA-qospolicy-a] classifier a behavior a [SwitchA-qospolicy-a] quit # Apply QoS policy a to the inbound direction of GigabitEthernet 1/0/1. [SwitchA] interface GigabitEthernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] qos apply policy a inbound Verifying the configuration After completing the configuration, verify that when Switch A receives packets with destination IP address 201::2, it forwards the packets to Switch C instead of Switch B.

  • Page 388: Document Conventions And Icons

    Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.

  • Page 389: Network Topology Icons

    Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 390: Support And Other Resources

    Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...

  • Page 391: Websites

    For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
  • Page 392 part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.

  • Page 393: Index

    Index A B C D E I N O P R S T Configuring OSPFv3 network types,273 Configuring OSPFv3 routing information control,274 Accessing Hewlett Packard Enterprise Support,379 Configuring PBR (using a PBR policy),366 Accessing updates,379 Configuring PBR (using a QoS policy),369 Applying IPsec policies for OSPFv3,281...
  • Page 394 RIP configuration examples,36 RIP configuration task list,23 Network topology icons,378 RIPng configuration examples,260 RIPng configuration task list,253 OSPF configuration examples,84 Routing policy configuration examples,357 OSPF configuration task list,58 OSPFv3 configuration examples,284 Static route configuration examples,9 OSPFv3 configuration task list,270 Overview,1 Overview,350 Troubleshooting BGP,245...

This manual is also suitable for:

5820x series

Table of Contents