Configuring Bfd For Ospfv3; Applying Ipsec Policies For Ospfv3 - HPE 5800 Series Configuration Manual
Layer 3 - ip routing
Hide thumbs
Also See for 5800 Series:
- Installation manual (126 pages) ,
- Configuration manual (412 pages) ,
- Configuration manuals (259 pages)
Table of Contents
Advertisement
Step
Enter system view.
1.
Enter OSPFv3 view.
2.
Enable the GR
3.
Helper capability.
Enable strict LSA
4.
checking.
Configuring BFD for OSPFv3
Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of
links between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.
After discovering neighbors by sending hello packets, OSPFv3 notifies BFD of the neighbor
addresses, and BFD uses these addresses to establish sessions. Before a BFD session is
established, it is in the down state. In this state, BFD control packets are sent at an interval of no less
than one second to reduce BFD control packet traffic. After the BFD session is established, BFD
control packets are sent at the negotiated interval, thereby implementing fast fault detection.
To configure BFD for OSPFv3, configure OSPFv3 first. For more information about BFD, see High
Availability Configuration Guide.
To configure BFD for OSPFv3:
Step
Enter system view.
1.
Enter OSPFv3 view.
2.
Specify a router ID.
3.
Quit the OSPFv3 view.
4.
Enter interface view.
5.
Enable an OSPFv3 process
6.
on the interface.
Enable BFD on the interface.
7.
Applying IPsec policies for OSPFv3
To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by
using an IPsec policy.
Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec
policy. A device uses the SPI carried in a received packet to match against the configured IPsec
policy. If they match, the device accepts the packet. Otherwise, it discards the packet and will not
establish a neighbor relationship with the sending device.
You can configure an IPsec policy for an area, an interface, or a virtual link.
•
To implement area-based IPsec protection, configure the same IPsec policy on the routers in
the target area.
Command
system-view
ospfv3 [ process-id ]
graceful-restart helper enable
graceful-restart helper
strict-lsa-checking
Command
system-view
ospfv3 [ process-id ]
router-id router-id
quit
interface interface-type
interface-number
ospfv3 process-id area area-id
[ instance instance-id ]
ospfv3 bfd enable [ instance
instance-id ]
281
Remarks
N/A
N/A
Optional.
Enabled by default.
Optional.
Disabled by default.
Remarks
N/A
N/A
N/A
N/A
N/A
Not enabled by default.
Not enabled by default.
Advertisement
Table of Contents
Troubleshooting
