Page 1 CONFIGURATION GUIDE Brocade FastIron Layer 3 Routing Configuration Guide Supporting FastIron Software Release 8.0.40a 53-1003903-04 20 December 2016...
Page 2 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 3 Contents Preface..............................................17 Document conventions............................................17 Text formatting conventions........................................17 Command syntax conventions.........................................17 Notes, cautions, and warnings........................................18 Brocade resources..............................................18 Contacting Brocade Technical Support......................................19 Brocade customers............................................19 Brocade OEM customers.......................................... 19 Document feedback.............................................. 19 About This Document........................................21 Supported hardware and software........................................21 What’s new in this document..........................................
Page 4 ACLs and IP access policies........................................43 Basic IP parameters and defaults - Layer 3 switches................................44 When parameter changes take effect....................................44 IP global parameters - Layer 3 switches..................................... 44 IP interface parameters - Layer 3 switches..................................48 Basic IP parameters and defaults - Layer 2 switches................................49 IP global parameters - Layer 2 switches.....................................
Page 5 Displaying Layer 3 system parameter limits...................................104 Enabling or disabling routing protocols...................................... 105 Enabling or disabling Layer 2 switching.....................................106 Configuration notes and feature limitations for Layer 2 switching.........................106 Command syntax for Layer 2 switching................................... 106 Configuring a Layer 3 Link Aggregration Group (LAG)............................... 106 Disabling IP checksum check.........................................107 Displaying IP configuration information and statistics................................108 Changing the network mask display to prefix format..............................
Page 6 Disabling IPv6 on a Layer 2 switch....................................145 IPv6 ICMP feature configuration........................................145 Configuring ICMP rate limiting......................................146 Enabling IPv6 ICMP redirect messages................................... 146 IPv6 neighbor discovery configuration....................................... 147 IPv6 neighbor discovery configuration notes................................. 147 Neighbor solicitation and advertisement messages..............................147 Router advertisement and solicitation messages................................. 148 Neighbor redirect messages........................................148 Setting neighbor solicitation parameters for duplicate address detection......................
Page 7 Removing a name or a static route..................................... 179 Static route recursive lookup........................................180 Static route resolve by default route....................................180 Configuring a "Null" route........................................180 Configuring load balancing and redundancy using multiple static routes to the same destination............181 Configuring standard static IP routes and interface or null static routes to the same destination............182 IPv6 Static Routing........................................
Page 8 Algorithm for AS external LSA reduction....................................216 OSPFv2 areas...............................................216 Backbone area............................................. 216 Area types..............................................216 Area range..............................................217 Stub area and totally stubby area......................................217 Not-so-stubby area (NSSA)........................................217 Link state advertisements........................................218 Virtual links................................................219 Default route origination............................................220 External route summarization......................................... 220 SPF timers................................................
Page 9 Re-enabling OSPFv2 graceful restart....................................238 Disabling OSPFv2 graceful restart helper..................................239 Redistributing routes into OSPFv2..................................... 239 Configuring the OSPFv2 Max-Metric Router LSA..............................240 Enabling OSPFv2 in a non-default VRF..................................240 Changing default settings........................................241 Disabling and re-enabling OSPFv2 event logging..............................241 Disabling OSPFv2 on the device......................................241 OSPFv3............................................
Page 10 Disabling OSPFv3 graceful restart helper..................................264 Re-enabling OSPFv3 graceful restart helper................................. 265 Configuring IPsec on an OSPFv3 area.....................................265 Configuring IPsec on an OSPFv3 interface..................................266 Configuring IPsec on OSPFv3 virtual links..................................267 Specifying the key rollover timer......................................267 Clearing IPsec statistics........................................... 268 Displaying OSPFv3 results........................................
Page 11 Configuring route reflection parameters................................... 310 Configuring confederations........................................312 Aggregating routes advertised to BGP4 neighbors..............................315 Configuring BGP4 restart..........................................316 Configuring BGP4 Restart for the global routing instance............................316 Configuring BGP4 Restart for a VRF....................................316 Configuring timers for BGP4 Restart (optional)................................316 BGP4 null0 routing............................................317 Configuring BGP4 null0 routing......................................
Page 12 Displaying BGP4 information.........................................359 Displaying summary BGP4 information..................................359 Displaying the active BGP4 configuration..................................362 Displaying summary neighbor information..................................362 Displaying BGP4 neighbor information....................................364 Displaying peer group information......................................372 Displaying summary route information..................................... 372 Displaying VRF instance information....................................373 Displaying the BGP4 route table......................................373 Displaying BGP4 route-attribute entries..................................
Page 13 Aggregating routes advertised to BGP neighbors................................411 Enabling load-balancing across different paths................................411 Configuring a route map for BGP4+ prefixes................................. 412 Redistributing prefixes into BGP4+.....................................413 Configuring BGP4+ outbound route filtering..................................414 Configuring BGP4+ confederations....................................415 Defining a community ACL........................................415 Applying a BGP extended community filter..................................416 Disabling BGP4+ graceful restart......................................
Page 14 Enabling an IPv4 VRRPv3 owner device....................................456 Enabling an IPv4 VRRPv3 backup device....................................457 Tracked ports and track priority with VRRP and VRRP-E..............................458 Tracking ports and setting VRRP priority using VRRPv3............................459 Accept mode for backup VRRP devices....................................459 Enabling accept mode on a backup VRRP device...............................460 Alternate VRRPv2 checksum for VRRPv3 IPv4 sessions..............................
Page 15: Copyright Statement
United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it.
Page 16 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 17: Preface
Preface • Document conventions....................................17 • Brocade resources......................................18 • Contacting Brocade Technical Support..............................19 • Document feedback......................................19 Document conventions The document conventions describe text formatting conventions, command syntax conventions, and important notice formats used in Brocade technical documentation. Text formatting conventions Text formatting conventions such as boldface, italic, or Courier font may be used in the flow of the text to highlight specific words or phrases.
Page 18: Notes, Cautions, And Warnings
Brocade resources Convention Description < > Nonprinting characters, for example, passwords, are enclosed in angle brackets. Repeat the previous element, for example, member[member...]. Indicates a “soft” line break in command examples. If a backslash separates two lines of a command input, enter the entire command at the prompt without the backslash.
Page 19: Contacting Brocade Technical Support
Document feedback Contacting Brocade Technical Support As a Brocade customer, you can contact Brocade Technical Support 24x7 online, by telephone, or by e-mail. Brocade OEM customers contact their OEM/Solutions provider. Brocade customers For product support information and the latest information on contacting the Technical Assistance Center, go to http://www.brocade.com/ services-support/index.html.
Page 20 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 21: About This Document
How command information is presented in this guide........................22 Supported hardware and software This guide supports the following product families for FastIron release 8.0.40: • Brocade ICX 7250 Series (ICX 7250) • Brocade ICX 7450 Series (ICX 7450) • Brocade ICX 7750 Series (ICX 7750) For information about the specific models and modules supported in a product family, refer to the hardware installation guide for that product family.
Page 22: How Command Information Is Presented In This Guide
How command information is presented in this guide How command information is presented in this guide For all new content supported in FastIron Release 8.0.20 and later, command information is documented in a standalone command reference guide. To provide consistent CLI documentation for all products, there is now a standalone command reference for the FastIron platforms. In the Brocade FastIron Command Reference, the command pages are in alphabetical order and follow a standard format to present syntax, parameters, mode, usage guidelines, examples, and command history.
Page 23: Arp - Address Resolution Protocol
ARP - Address Resolution Protocol • ARP parameter configuration..................................23 • Displaying the ARP table ....................................29 • Reverse Address Resolution Protocol configuration...........................29 • Dynamic ARP inspection ....................................31 ARP parameter configuration Address Resolution Protocol (ARP) is a standard IP protocol that enables an IP Layer 3 switch to obtain the MAC address of another device interface when the Layer 3 switch knows the IP address of the interface.
Page 24: Rate Limiting Arp Packets
ARP parameter configuration ARP requests contain the IP address and MAC address of the sender, so all devices that receive the request learn the MAC address and IP address of the sender and can update their own ARP caches accordingly. NOTE The ARP request broadcast is a MAC broadcast, which means the broadcast goes only to devices that are directly attached to the Layer 3 switch.
Page 25: Changing The Arp Aging Period
ARP parameter configuration To limit the number of ARP packets the device will accept each second, enter the rate-limit-arp command at the global CONFIG level of the CLI. device(config)# rate-limit-arp 100 This command configures the device to accept up to 100 ARP packets each second. If the device receives more than 100 ARP packets during a one-second interval, the device drops the additional ARP packets during the remainder of that one-second interval.
Page 26: Creating Static Arp Entries
ARP parameter configuration NOTE An ARP request from one subnet can reach another subnet when both subnets are on the same physical segment (Ethernet cable), because MAC-layer broadcasts reach all the devices on the segment. Proxy ARP is disabled by default on Brocade Layer 3 switches. This feature is not supported on Brocade Layer 2 switches. You can enable proxy ARP at the Interface level, as well as at the Global CONFIG level, of the CLI.
Page 27 ARP parameter configuration The maximum number of static ARP entries you can configure depends on the software version running on the device. To create a static ARP entry, enter a command such as the following. device(config)# arp 1 10.53.4.2 0000.0054.2348 ethernet 1/1/2 Syntax: arp num ip-addr mac-addr ethernet port The num variable specifies the entry number.
Page 28: Arp Packet Validation
ARP parameter configuration Use the show run command to see whether ARP is enabled or disabled. Use the show arp command to see the newly learned ARP entries. Use the clear arp command to clear learned ARP entries. Static ARP entries are not removed. ARP Packet Validation Validates ARP packets to avoid traffic interruption or loss.
Page 29: Displaying The Arp Table
Reverse Address Resolution Protocol configuration Configuring the priority of ingress ARP packets To configure the priority of ingress ARP packets, use the arp-internal-priority priority-value command in global configuration mode. The following example shows the priority of ingress ARP packets set to level 7. Brocade(config)# arp-internal-priority 7 Displaying the ARP table To display the ARP table, enter the show arp command.
Page 30: Disabling Rarp
Reverse Address Resolution Protocol configuration – The Layer 3 device forwards BootP and DHCP requests to a third-party BootP/DHCP server that contains the IP addresses and other host configuration information. • Connection of host to boot source (Layer 3 device or BootP/DHCP server) –...
Page 31: Dynamic Arp Inspection
Dynamic ARP inspection NOTE You must save the configuration to the startup-config file and reload the software after changing the RARP cache size to place the change into effect. Dynamic ARP inspection For enhanced network security, you can configure the Brocade device to inspect and keep track of Dynamic Host Configuration Protocol (DHCP) assignments.
Page 32: Configuration Notes And Feature Limitations For Dai
Dynamic ARP inspection address and source MAC address against the ARP table. For an ARP reply packet, DAI checks the source IP, source MAC, destination IP, and destination MAC addresses. DAI forwards the valid packets and discards those with invalid IP-to-MAC address bindings. When ARP packets reach a trusted port, DAI lets them through, as shown in the following figure.
Page 33: Dynamic Arp Inspection Configuration
Dynamic ARP inspection NOTE You must save the configuration and reload the software to place the change into effect. • There is a limit on the number of static ARP inspection entries that can be configured. This is determined by the system-max parameter max-static-inspect-arp-entries.
Page 34: Multi-Vrf Support For Dai
Dynamic ARP inspection Enabling trust on a port The default trust setting for a port is untrusted. For ports that are connected to host ports, leave their trust settings as untrusted. If the port is part of a LAG, enable ARP inspection trust on the primary port of the LAG. To enable trust on a port, enter commands such as the following.
Page 35: Displaying Arp Inspection Status And Ports
Dynamic ARP inspection To enable trust on a port for a specific VRF, enter commands such as the following. Brocade(config)# interface ethernet 1/1/4 Brocade(config-if-e10000-1/1/4)# arp inspection trust vrf vrf2 The commands change the CLI to the interface configuration level of port 1/1/4 and set the trust setting of port 1/1/4 on VRF 2 to trusted.
Page 36 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 37: Ip Addressing
IP Addressing • IP addressing overview....................................37 • IP configuration overview....................................37 • Basic IP parameters and defaults - Layer 3 switches........................44 • Basic IP parameters and defaults - Layer 2 switches........................49 • Basic IP configuration......................................51 • Configuring IP parameters - Layer 3 switches............................. 51 •...
Page 38: Ip Interfaces
IP configuration overview – Virtual Router Redundancy Protocol (VRRP) IP interfaces NOTE This section describes IPv4 addresses. For information about IPv6 addresses, refer to the IPv6 addressing chapter. Brocade Layer 3 switches and Layer 2 switches allow you to configure IP addresses. On Layer 3 switches, IP addresses are associated with individual interfaces.
Page 39: Ip Packet Flow Through A Layer 3 Switch
IP configuration overview IP packet flow through a Layer 3 switch FIGURE 3 IP Packet flow through a Brocade Layer 3 switch When the Layer 3 switch receives an IP packet, the Layer 3 switch checks for filters on the receiving interface. If a deny filter on the interface denies the packet, the Layer 3 switch discards the packet and performs no further processing, except generating a Syslog entry and SNMP message, if logging is enabled for the filter.
Page 40 IP configuration overview If the packet is not denied at the incoming interface, the Layer 3 switch looks in the session table for an entry that has the same source IP address and TCP or UDP port as the packet. If the session table contains a matching entry, the Layer 3 switch immediately forwards the packet, by addressing it to the destination IP address and TCP or UDP port listed in the session table entry and sending the packet to a queue on the outgoing ports listed in the session table.
Page 41: Ip Route Table
IP configuration overview Static ARP table In addition to the ARP cache, Layer 3 switches have a static ARP table. Entries in the static ARP table are user-configured. You can add entries to the static ARP table regardless of whether or not the device the entry is for is connected to the Layer 3 switch. NOTE Layer 3 switches have a static ARP table.
Page 42: Ip Route Exchange Protocols
IP configuration overview IP forwarding cache The IP forwarding cache provides a fast-path mechanism for forwarding IP packets. The cache contains entries for IP destinations. When a Brocade Layer 3 switch has completed processing and addressing for a packet and is ready to forward the packet, the device checks the IP forwarding cache for an entry to the packet destination: •...
Page 43: Ip Multicast Protocols
IP configuration overview All these protocols provide routes to the IP route table. You can use one or more of these protocols, in any combination. The protocols are disabled by default. IP multicast protocols Brocade Layer 3 switches also support the following Internet Group Membership Protocol (IGMP) based IP multicast protocols: •...
Page 44: Basic Ip Parameters And Defaults - Layer 3 Switches
Basic IP parameters and defaults - Layer 3 switches Basic IP parameters and defaults - Layer 3 switches IP is enabled by default. The following IP-based protocols are all disabled by default: • Routing protocols: – Routing Information Protocol (RIP) –...
Page 45 Basic IP parameters and defaults - Layer 3 switches TABLE 4 IP global parameters - Layer 3 switches (continued) Parameter Description Default • Classless Interdomain Routing (CIDR) NOTE format; example: 192.168.1.1/24 Changing this parameter affects the display of IP addresses, but you can enter addresses in either format regardless of the display setting.
Page 46 Basic IP parameters and defaults - Layer 3 switches TABLE 4 IP global parameters - Layer 3 switches (continued) Parameter Description Default NOTE You also can enable or disable this parameter on an individual interface basis. Directed broadcast mode The packet format the router treats as a directed All ones broadcast.
Page 47 Basic IP parameters and defaults - Layer 3 switches TABLE 4 IP global parameters - Layer 3 switches (continued) Parameter Description Default IP address for certain operations such as IP pings, trace routes, and Telnet management connections to the router. DNS default gateway addresses A list of gateways attached to the router through None configured...
Page 48: Ip Interface Parameters - Layer 3 Switches
Basic IP parameters and defaults - Layer 3 switches IP interface parameters - Layer 3 switches TABLE 5 IP interface parameters - Layer 3 switches Parameter Description Default IP state The Internet Protocol, version 4 Enabled NOTE You cannot disable IP. IP address A Layer 3 network interface address None configured...
Page 49: Basic Ip Parameters And Defaults - Layer 2 Switches
Basic IP parameters and defaults - Layer 2 switches TABLE 5 IP interface parameters - Layer 3 switches (continued) Parameter Description Default DHCP Client-Based Auto-Configuration Allows the switch to obtain IP addresses from a Enabled DHCP host automatically, for either a specified (leased) or infinite period of time.
Page 50 Basic IP parameters and defaults - Layer 2 switches TABLE 6 IP global parameters - Layer 2 switches (continued) Parameter Description Default NOTE NOTE Layer 2 switches have a single IP Some devices have a factory default, address used for management such as 10.157.22.154, used for access to the entire device.
Page 51: Interface Ip Parameters - Layer 2 Switches
Configuring IP parameters - Layer 3 switches TABLE 6 IP global parameters - Layer 2 switches (continued) Parameter Description Default addresses into the DHCP Discovery packets in a round robin fashion. DHCP Client-Based Auto-Configuration Allows the switch to obtain IP addresses from a Enabled DHCP host automatically, for either a specified (leased) or infinite period of time.
Page 52 Configuring IP parameters - Layer 3 switches By default, you can configure up to 24 IP addresses on each interface. You can increase this amount to up to 128 IP subnet addresses per port by increasing the size of the ip-subnet-port table. Refer to the section "Displaying system parameter default values"...
Page 53 Configuring IP parameters - Layer 3 switches NOTE All physical IP interfaces on Brocade FastIron Layer 3 devices share the same MAC address. For this reason, if more than one connection is made between two devices, one of which is a Brocade FastIron Layer 3 device, Brocade recommends the use of virtual interfaces.
Page 54: Deleting An Ip Address
Configuring IP parameters - Layer 3 switches The first two commands in this example create a Layer 3 protocol-based VLAN name "IP-Subnet_10.1.2.0/24" and add a range of untagged ports to the VLAN. The router-interface command creates virtual interface 1 as the routing interface for the VLAN. Syntax: router-interface ve num The num variable specifies the virtual interface number.
Page 55: Configuring 31-Bit Subnet Masks On Point-To-Point Networks
Configuring IP parameters - Layer 3 switches This command deletes IP address 10.1.2.1. You do not need to enter the subnet mask. To delete all IP addresses from an interface, enter the no ip address * command. device(config-if-e1000-1)# no ip address * Syntax: [no] ip address ip-addr | * Configuring 31-bit subnet masks on point-to-point networks NOTE...
Page 56: Configuring Dns Resolver
Configuring IP parameters - Layer 3 switches Configuration example FIGURE 4 Configured 31- bit and 24-bit subnet masks Router A is connected to Router B as a point-to-point link with 10.1.1.0/31 subnet. There are only two available addresses in this subnet, 10.1.1.0 on Router A and 10.1.1.1 on Router B, Routers B and C are connected by a regular 24-bit subnet.
Page 57 Configuring IP parameters - Layer 3 switches After you define a domain name, the Brocade device automatically appends the appropriate domain to a host and forwards it to the DNS servers for resolution. For example, if the domain "ds.company.com" is defined on a Layer 2 or Layer 3 switch and you want to initiate a ping to "mary", you must reference only the host name instead of the host name and its domain name.
Page 58 Configuring IP parameters - Layer 3 switches To define DNS servers, enter the ip dns server-address command. device(config)# ip dns server-address 10.157.22.199 10.96.7.15 10.95.7.25 10.98.7.15 Syntax: [no] ip dns server-address ip-addr [ ip-addr ] [ ip-addr ] [ ip-addr ] In this example, the first IP address entered becomes the primary DNS address and all others are secondary addresses.
Page 59: Configuring Packet Parameters
Configuring IP parameters - Layer 3 switches Configuring packet parameters You can configure the following packet parameters on Layer 3 switches. These parameters control how the Layer 3 switch sends IP packets to other devices on an Ethernet network. The Layer 3 switch always places IP packets into Ethernet packets to forward them on an Ethernet port.
Page 60 Configuring IP parameters - Layer 3 switches MTU enhancements Brocade devices contain the following enhancements to jumbo packet support: • Hardware forwarding of Layer 3 jumbo packets - Layer 3 IP unicast jumbo packets received on a port that supports the frame MTU size and forwarded to another port that also supports the frame MTU size are forwarded in hardware.
Page 61 Configuring IP parameters - Layer 3 switches device(config)# end device# reload Syntax: [no] jumbo NOTE You must save the configuration change and then reload the software to enable jumbo support. Changing the MTU on an individual port By default, the maximum Ethernet MTU sizes are as follows: •...
Page 62: Changing The Router Id
Configuring IP parameters - Layer 3 switches Changing the router ID In most configurations, a Layer 3 switch has multiple IP addresses, usually configured on different interfaces. As a result, a Layer 3 switch identity to other devices varies depending on the interface to which the other device is attached. Some routing protocols, including Open Shortest Path First (OSPF) and Border Gateway Protocol version 4 (BGP4), identify a Layer 3 switch by just one of the IP addresses configured on the Layer 3 switch, regardless of the interfaces that connect the Layer 3 switches.
Page 63 Configuring IP parameters - Layer 3 switches • TFTP • RADIUS • Syslog • SNTP • SNMP traps You can configure the Layer 3 switch to always use the lowest-numbered IP address on a specific Ethernet, loopback, or virtual interface as the source addresses for these packets.
Page 64 Configuring IP parameters - Layer 3 switches The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then designate the interface as the source for all TACACS/TACACS+ packets from the Layer 3 switch. Syntax: [no] ip tacacs source-interface { ethernet unit / slot / port | loopback num | management num |venum } RADIUS packets To specify the lowest-numbered IP address configured on a virtual interface as the device source for all RADIUS packets, enter commands such as the following.
Page 65: Configuring Delay Time For Notifying Ve Down Event
Configuring IP parameters - Layer 3 switches SNTP packets To specify the lowest-numbered IP address configured on a virtual interface as the device source for all SNTP packets, enter commands such as the following. device(config)# interface ve 1 device(config-vif-1)# ip address 10.0.0.5/24 device(config-vif-1)# exit device(config)# ip sntp source-interface ve 1 The commands in this example configure virtual interface 1, assign IP address 10.0.0.5/24 to the interface, then designate the...
Page 66: Configuring Forwarding Parameters
Configuring IP parameters - Layer 3 switches Configuring VE down time notification Perform the following steps to configure the delay time for notifying the Layer 3 protocols of the VE down event. From global configuration mode, enter VE interface configuration mode. device(config)# interface ve 50 Configure the delay notifications time value.
Page 67 Configuring IP parameters - Layer 3 switches To enable forwarding of IP directed broadcasts, enter the ip directed-broadcast command in device configuration mode. device # configure terminal device(config)# ip directed-broadcast Syntax: [no] ip directed-broadcast Brocade software makes the forwarding decision based on the router's knowledge of the destination network prefix. Routers cannot determine that a message is unicast or directed broadcast apart from the destination network prefix.
Page 68: Disabling Icmp Messages
Configuring IP parameters - Layer 3 switches Most IP hosts are configured to receive IP subnet broadcast packets with all ones in the host portion of the address. However, some older IP hosts instead expect IP subnet broadcast packets that have all zeros instead of all ones in the host portion of the address. To accommodate this type of host, you can enable the Layer 3 switch to treat IP packets with all zeros in the host portion of the destination IP address as broadcast packets.
Page 69 Configuring IP parameters - Layer 3 switches Disabling ICMP destination unreachable messages By default, when a Brocade device receives an IP packet that the device cannot deliver, the device sends an ICMP Unreachable message back to the host that sent the packet. You can selectively disable a Brocade device response to the following types of ICMP Unreachable messages: •...
Page 70: Enabling Icmp Redirect Messages
Configuring IP parameters - Layer 3 switches Enabling ICMP redirect messages You can enable and disable IPv4 ICMP redirect messages globally or on individual Virtual Ethernet (VE) interfaces but not on individual physical interfaces. NOTE The device forwards misdirected traffic to the appropriate router, even if you disable the redirect messages.
Page 71: Configuring Ip Load Sharing
Configuring IP parameters - Layer 3 switches If the administrative distances are equal: • Are the routes from different routing protocols (RIP, OSPF, or BGP4)? If so, use the route with the lowest IP address. • If the routes are from the same routing protocol, use the route with the best metric. The meaning of "best" metric depends on the routing protocol: •...
Page 72 Configuring IP parameters - Layer 3 switches NOTE The term "path" refers to the next-hop router to a destination, not to the entire route to a destination. Thus, when the software compares multiple equal-cost paths, the software is comparing paths that use different next-hop routers, with equal costs, to the same destination.In many contexts, the terms "route"...
Page 73 Configuring IP parameters - Layer 3 switches Since the software selects only the path with the lowest administrative distance, and the administrative distance is determined by the path source. IP load sharing applies only when the IP route table contains multiple paths to the same destination, from the same IP route source.
Page 74 Configuring IP parameters - Layer 3 switches How IP load sharing works When ECMP is enabled, multiple equal-cost paths for the destination IP is installed in the hardware Layer 3 routing table. When an ingress Layer 3 IP traffic matches with the entry in the hardware for Layer 3 routing, one of the paths is selected based on the internal Hardware hashing logic and the packet gets forwarded on that path.
Page 75: Ecmp Load Sharing For Ipv6
Configuring IP parameters - Layer 3 switches ECMP load sharing for IPv6 The IPv6 route table selects the best route to a given destination from among the routes in the tables maintained by the configured routing protocols (BGP4, OSPF, static, and so on). The IPv6 route table can contain more than one path to a given destination. When this occurs, the Brocade device selects the path with the lowest cost for insertion into the routing table.
Page 76: Icmp Router Discovery Protocol Configuration
Configuring IP parameters - Layer 3 switches Changing the maximum load sharing paths for IPv6 By default, IPv6 ECMP load sharing allows traffic to be balanced across up to four equal paths. To change the number of ECMP load sharing paths for IPv6, enter a command such as the following. device(config)#ipv6 load-sharing 6 Syntax: [no] ipv6 load-sharing [ num ] The num variable specifies the number of paths and can be from 2 through 8, depending on the device you are configuring.
Page 77: Irdp Parameters
Configuring IP parameters - Layer 3 switches When IRDP is enabled, the Layer 3 switch periodically sends Router Advertisement messages out the IP interfaces on which the feature is enabled. The messages advertise the Layer 3 switch IP addresses to directly attached hosts who listen for the messages. In addition, hosts can be configured to query the Layer 3 switch for the information by sending Router Solicitation messages.
Page 78: Configuring Udp Broadcast And Ip Helper Parameters
Configuring IP parameters - Layer 3 switches Syntax: [no] ip irdp { broadcast | multicast } [ holdtime seconds ] [ maxadvertinterval seconds ] [ minadvertinterval seconds ] [ preference number ] The broadcast and multicast parameters specify the packet type the Layer 3 switch uses to send Router Advertisement: •...
Page 79 Configuring IP parameters - Layer 3 switches NOTE Forwarding support for BootP/DHCP is enabled by default. You can enable forwarding for other applications by specifying the application port number. You also can disable forwarding for an application. NOTE If you disable forwarding for a UDP application, forwarding of client requests received as broadcasts to helper addresses is disabled.
Page 80: Configuring Ip Parameters - Layer 2 Switches
Configuring IP parameters - Layer 2 switches To disable forwarding for an application, enter a command such as the following. device(config)# no ip forward-protocol udp ntp This command disables forwarding of SNMP requests to the helper addresses configured on Layer 3 switch interfaces. Configuring an IP helper address To forward a client broadcast request for a UDP application when the client and server are on different networks, you must configure a helper address on the interface connected to the client.
Page 81: Configuring Domain Name System Resolver
Configuring IP parameters - Layer 2 switches Brocade devices support both classical IP network masks (Class A, B, and C subnet masks, and so on) and Classless Interdomain Routing (CIDR) network prefix masks: • To enter a classical network mask, enter the mask in IP address format. For example, enter "10.157.22.99 255.255.255.0" for an IP address with a Class-C subnet mask.
Page 82 Configuring IP parameters - Layer 2 switches Defining a DNS entry You can define up to four DNS servers for each DNS entry. The first entry serves as the primary default address. If a query to the primary address fails to be resolved after three attempts, the next gateway address is queried (also up to three times). This process continues for each defined gateway address until the query is resolved.
Page 83: Changing The Ttl Threshold
Configuring IP parameters - Layer 2 switches FIGURE 6 Querying a host on the newyork.com domain Changing the TTL threshold The time to live (TTL) threshold prevents routing loops by specifying the maximum number of router hops an IP packet originated by the Layer 2 switch can travel through.
Page 84: Ipv4 Point-To-Point Gre Tunnels
IPv4 point-to-point GRE tunnels IPv4 point-to-point GRE tunnels This section describes support for point-to-point Generic Routing Encapsulation (GRE) tunnels and how to configure them on a Brocade device. GRE tunnels support includes the following: • IPv4 over GRE tunnels. IPv6 over GRE tunnels is not supported. •...
Page 85: Path Mtu Discovery Support
IPv4 point-to-point GRE tunnels FIGURE 8 GRE header format The GRE header has the following fields: • Checksum - 1 bit. This field is assumed to be zero in this version. If set to 1, this means that the Checksum (optional) and Reserved (optional) fields are present and the Checksum (optional) field contains valid information.
Page 86: Support For Ipv4 Multicast Routing Over Gre Tunnels
IPv4 point-to-point GRE tunnels Support for IPv4 multicast routing over GRE tunnels PIM-DM and PIM-SM Layer 3 multicast protocols and multicast data traffic are supported over GRE tunnels. When a multicast protocol is enabled on both ends of a GRE tunnel, multicast packets can be sent from one tunnel endpoint to another. To accomplish this, the packets are encapsulated using the GRE unicast tunneling mechanism and forwarded like any other IPv4 unicast packet to the destination endpoint of the tunnel.
Page 87: Configuration Tasks For Gre Tunnels
IPv4 point-to-point GRE tunnels NOTE The fragmentation behavior depends on the mtu-exceed setting on the router. Configuration tasks for GRE tunnels Perform the configuration tasks in the order listed. TABLE 10 Configuration tasks for GRE tunnels Configuration tasks Default behavior Required tasks Create a tunnel interface.
Page 88 IPv4 point-to-point GRE tunnels The tunnel-number is a numerical value that identifies the tunnel being configured. NOTE You can also use the port-name command to name the tunnel. To do so, follow the configuration instructions in "Assigning a port name" section in the Brocade FastIron Management Configuration Guide. Assigning a VRF routing instance to a GRE tunnel interface A GRE tunnel interface can be assigned to an existing user defined VRF.
Page 89 IPv4 point-to-point GRE tunnels Deleting an IP address from an interface configured as a tunnel source To delete an IP address from an interface that is configured as a tunnel source, first remove the tunnel source from the tunnel interface then delete the IP address, as shown in the following example.
Page 90 IPv4 point-to-point GRE tunnels To configure a tunnel loopback port, enter commands such as the following: device(config)# interface tunnel 1 device(config-tnif-1)# tunnel loopback 1/3/1 Syntax: [no] tunnel loopback unit / slot / port The unit / slot / port parameter identifies the tunnel loopback port for the specified tunnel interface, for example, 1/3/1. Configuring an IP address for a tunnel interface An IP address sets a tunnel interface as an IP port and allows the configuration of Layer 3 protocols, such as OSPF, BGP, and Multicast (PIM-DM and PIM-SM) on the port.
Page 91 IPv4 point-to-point GRE tunnels NOTE To prevent packet loss after the 24 byte GRE header is added, make sure that any physical interface that is carrying GRE tunnel traffic has an IP MTU setting at least 24 bytes greater than the tunnel MTU setting. This configuration is only allowed on the system if the tunnel mode is set to GRE.
Page 92 IPv4 point-to-point GRE tunnels These commands configure the device to wait for 4 consecutive lost keepalive packets before bringing the tunnel down. There will be a 12 second interval between each packet. Note that when the tunnel comes up, it would immediately (within one second) send the first keepalive packet.
Page 93: Example Point-To-Point Gre Tunnel Configuration
IPv4 point-to-point GRE tunnels Viewing PMTUD configuration details Use the show interface tunnel command to view the PMTUD configuration and to determine whether PMTUD has reduced the size of the MTU. Enabling IPv4 multicast routing over a GRE tunnel This section describes how to enable IPv4 multicast protocols, PIM Sparse (PIM-SM) and PIM Dense (PIM-DM), on a GRE tunnel. Perform the procedures in this section after completing the required tasks in Enabling IPv4 multicast routing over a GRE tunnel.
Page 94: Displaying Gre Tunneling Information
IPv4 point-to-point GRE tunnels FIGURE 9 Point-to-point GRE tunnel configuration example The following shows the configuration commands for this example. Configuring point-to-point GRE tunnel for Router A device (config)# interface ethernet 1/3/1 device (config-if-e1000-1/3/1)# ip address 10.0.8.108/24 device (config)# exit device (config)# interface tunnel 1 device(config-tnif-1)# tunnel source 10.0.8.108 device(config-tnif-1)# tunnel destination 131.108.5.2...
Page 95 IPv4 point-to-point GRE tunnels To display GRE tunneling Information, use the following commands: • show ip interface • show ip route • show ip interface tunnel • show ip tunnel traffic • show interface tunnel • show statistics tunnel The following shows an example output of the show ip interface command, which includes information about GRE tunnels. device# show ip interface Interface IP-Address...
Page 96 IPv4 point-to-point GRE tunnels Path MTU Discovery: Enabled, MTU is 1428 bytes, age-timer: 10 minutes Path MTU will expire in 0 minutes 50 secs Syntax: show interface tunnel [ tunnel-ID ] TABLE 11 show interface tunnel output descriptions Field Definition Hardware is Tunnel The interface is a tunnel interface.
Page 97 IPv4 point-to-point GRE tunnels TABLE 12 show ip tunnel traffic output descriptions Field Description Tunnel Status Indicates whether the tunnel is up or down. Possible values are: • Up/Up - The tunnel and line protocol are up. • Up/Down - The tunnel is up and the line protocol is down. •...
Page 98: Clearing Gre Statistics
IPv4 point-to-point GRE tunnels The following shows an example output of the show ip pim mcache command. device# show ip pim mcache 230.1.1.1 (10.10.10.1 230.1.1.1) in e1 (e1), cnt=629 Source is directly connected L3 (HW) 1: tn1:e2(VL1) fast=1 slow=0 pru=1 graft age=120s up-time=8m HW=1 L2-vidx=8191 has mll Syntax:show ip pim mcache ip-address The following shows an example output of the show ip pim flow command.
Page 99: Bandwidth For Ip Interfaces
Bandwidth for IP interfaces Syntax: clear ip tunnel { pmtud tunnel-ID | stat tunnel-ID } Use the pmtud option to reset a dynamically-configured MTU on a tunnel Interface back to the configured value. Use the stat option to clear tunnel statistics. The tunnel-ID variable is a valid tunnel number or name.
Page 100: Limitations And Pre-Requisites
Bandwidth for IP interfaces NOTE If the interface bandwidth configuration of the primary port is different to any of the secondary ports, then the LAG is not deployed. When the LAG is undeployed, the interface bandwidth value for all secondary ports is reset to the port speed. The configured value is exposed in SNMP via ifSpeed (in ifTable) and ifHighSpeed (in ifXTable) objects.
Page 101: Setting The Bandwidth Value For A Ve Interface
Bandwidth for IP interfaces This example sets the bandwidth to 2000 kbps on a specific Ethernet interface. device# configure terminal device(config)# interface ethernet 1/1/1 device(config-if-e1000-1/1/1)# bandwidth 2000 The bandwidth specified in this example results in the following OSPF cost, assuming the auto-cost is 100: •...
Page 102: Setting The Bandwidth Value For A Tunnel Interface
User-configurable MAC address per IP interface Setting the bandwidth value for a tunnel interface The current bandwidth value for a tunnel interface can be set and communicated to higher-level protocols such as OSPF. Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the interface tunnel command and specify a value to configure a tunnel interface.
Page 103: Manually Configuring An Ip Mac Address
User-configurable MAC address per IP interface • IPv6 support—BGP4+, Neighbor Discovery (ND),OSPFv3, RD, RIPng In addition to the unicast protocol support, the configured MAC address is used by IPv4 and IPv6 unicast software-generated packets (for example, ping) and IPv4 and IPv6 hardware-forwarded packets. For IPv4 addresses that are configured on the IP interface, gratuitous ARP is generated when the IP MAC address is configured.
Page 104: Modifying And Displaying Layer 3 System Parameter Limits
Modifying and displaying Layer 3 system parameter limits Use the show ip interface command to verify the user-configured MAC address. device# show ip interface ethernet 1/1/6 Interface Ethernet 1/1/6 port enabled port state: DOWN ip address: 10.53.5.1 subnet mask: 255.255.255.0 Port belongs to VRF: default-vrf encapsulation: ETHERNET, mtu: 1500, metric: 1 directed-broadcast-forwarding: disabled...
Page 105: Enabling Or Disabling Routing Protocols
Enabling or disabling routing protocols System Parameters Default Maximum Current Configured ip-arp 4000 64000 4000 4000 ip-static-arp 6000 ip-cache 10000 32768 10000 10000 ip-filter-port 3071 3071 3071 3071 ip-filter-sys 3072 8192 3072 3072 l3-vlan 1024 ip-qos-session 1024 16000 1024 1024 32768 32768 32768...
Page 106: Enabling Or Disabling Layer 2 Switching
Enabling or disabling Layer 2 switching Enabling or disabling Layer 2 switching By default, Brocade Layer 3 switches support Layer 2 switching. These devices modify the routing protocols that are not supported on the devices. If you want to disable Layer 2 switching, you can do so globally or on individual ports, depending on the version of software your device is running.
Page 107: Disabling Ip Checksum Check
Disabling IP checksum check Run the route-only command to disable switching and enable routing on the LAG. Brocade(config-if-e1000-4/1/4)# route-only Run the ip address command to assign an IP address for the LAG. Brocade(config-if-e1000-4/1/4)# ip address 25.0.0.2/24 The following example shows the creation and deployment of a dynamic LAG that is used for routing on a FastIron device with Layer 3 image.
Page 108: Displaying Ip Configuration Information And Statistics
Displaying IP configuration information and statistics Displaying IP configuration information and statistics The following sections describe IP display options for Layer 3 switches and Layer 2 switches. By default, the CLI displays network masks in classical IP address format (example: 255.255.255.0). You can change the displays to prefix format (example: /18) on a Layer 3 switch or Layer 2 switch using the following CLI method.
Page 109 Displaying IP configuration information and statistics Static Routes Index IP Address Subnet Mask Next Hop Router Metric Distance 0.0.0.0 0.0.0.0 10.157.23.2 Policies Index Action Source Destination Protocol Port Operator deny 10.157.22.34 10.157.22.26 http permit Syntax: show ip NOTE This command has additional options, which are explained in other sections in this guide, including the sections following this one.
Page 110 Displaying IP configuration information and statistics TABLE 13 CLI display of global IP configuration information - Layer 3 switch (continued) Field Description Destination The destination IP address the policy matches. Protocol The IP protocol the policy matches. The protocol can be one of the following: •...
Page 111 Displaying IP configuration information and statistics TABLE 14 CLI display of interface IP configuration information (continued) Field Description have not saved the configuration, the entry for the interface in the Method field is "manual". Status The link status of the interface. If you have disabled the interface with the disable command, the entry in the Status field will be "administratively down".
Page 112 Displaying IP configuration information and statistics To display the contents of the ARP cache when a VRF is configured, enter the following command at any CLI level. Brocade# show arp vrf one Total number of ARP entries: 1 Entries in VRF one: IP Address MAC Address Type...
Page 113 Displaying IP configuration information and statistics TABLE 15 CLI display of ARP cache (continued) Field Description NOTE Static entries do not age out. Port The port on which the entry was learned. NOTE If the ARP entry type is DHCP, the port number will not be available until the entry gets resolved through ARP.
Page 114 Displaying IP configuration information and statistics TABLE 16 CLI display of static ARP table (continued) Field Description IP Address The IP address of the device. MAC Address The MAC address of the device. Port The port attached to the device the entry is for. Displaying the forwarding cache To display the IP forwarding cache, enter the following command at any CLI level.
Page 115 Displaying IP configuration information and statistics TABLE 17 CLI display of IP forwarding cache - Layer 3 switch (continued) Field Description Port The port through which this device reaches the destination. For destinations that are located on this device, the port number is shown as "n/a".
Page 116 Displaying IP configuration information and statistics The summary option displays a summary of the information in the IP route table. The following is an example of the output from this command. device# show ip route summary IP Routing Table - 35 entries: 6 connected, 28 static, 0 RIP, 1 OSPF, 0 BGP, 0 ISIS, 0 MPLS Number of prefixes: /0: 1 /16: 27 /22: 1 /24: 5 /32: 1...
Page 117 Displaying IP configuration information and statistics Syntax: clear ip route [ ip-addr ip-mask ] Syntax: clear ip route [ ip-addr/mask-bits ] Displaying IP traffic statistics To display IP traffic statistics, enter the show ip traffic command at any CLI level. device# show ip traffic IP Statistics 139 received, 145 sent, 0 forwarded...
Page 118 Displaying IP configuration information and statistics TABLE 19 CLI display of IP traffic statistics - Layer 3 switch (continued) Field Description other errors The number of packets dropped due to error types other than those listed above. ICMP statistics The ICMP statistics are derived from RFC 792, "Internet Control Message Protocol", RFC 950, "Internet Standard Subnetting Procedure", and RFC 1256, "ICMP Router Discovery Messages".
Page 119: Displaying Ip Information - Layer 2 Switches
Displaying IP configuration information and statistics TABLE 19 CLI display of IP traffic statistics - Layer 3 switch (continued) Field Description out segments The number of TCP segments sent by the device. retransmission The number of segments that this device retransmitted because the retransmission timer for the segment had expired before the device at the other end of the connection had acknowledged receipt of the segment.
Page 120 Displaying IP configuration information and statistics This display shows the following information. TABLE 20 CLI display of global IP configuration information - Layer 2 switch Field Description IP configuration Switch IP address The management IP address configured on the Layer 2 switch. Specify this address for Telnet access or Web management access.
Page 121 Displaying IP configuration information and statistics TABLE 21 CLI display of ARP cache (continued) Syntax: show arp Description Field NOTE If the MAC address is all zeros, this field shows a random VLAN ID, since the Layer 2 switch does not yet know which port the device for this entry is attached to.
Page 122 Displaying IP configuration information and statistics TABLE 22 CLI display of IP traffic statistics - Layer 2 switch (continued) Field Description other errors The number of packets that this device dropped due to error types other than the types listed above. ICMP statistics The ICMP statistics are derived from RFC 792, "Internet Control Message Protocol", RFC 950, "Internet Standard Subnetting Procedure", and RFC 1256, "ICMP Router Discovery Messages".
Page 123 Displaying IP configuration information and statistics TABLE 22 CLI display of IP traffic statistics - Layer 2 switch (continued) Field Description passive resets The number of TCP connections this device reset because the device at the other end of the connection sent a TCP RESET message. input errors This information is used by Brocade customer support.
Page 124 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 125: Ipv6 Addressing
IPv6 Addressing • IPv6 addressing overview...................................125 • Full Layer 3 IPv6 feature support................................128 • IPv6 CLI command support ..................................128 • IPv6 host address on a Layer 2 switch..............................130 • Configuring the management port for an IPv6 automatic address configuration...............132 •...
Page 126: Ipv6 Address Types
IPv6 addressing overview • The hexadecimal letters in IPv6 addresses are not case-sensitive. As shown in Figure 10, the IPv6 network prefix is composed of the left-most bits of the address. As with an IPv4 address, you can specify the IPv6 prefix using the prefix/prefix-length format, where the following applies. The prefix parameter is specified as 16-bit hexadecimal values separated by a colon.
Page 127: Ipv6 Stateless Auto-Configuration
IPv6 addressing overview TABLE 23 IPv6 address types (continued) Address type Description Address structure order 96 bits are zeros. The address structure is as follows: 0:0:0:0:0:0:A.B.C.D. • Loopback address--An address (0:0:0:0:0:0:0:1 or ::1) that a switch can use to send an IPv6 packet to itself.
Page 128: Full Layer 3 Ipv6 Feature Support
Full Layer 3 IPv6 feature support The duplicate address detection feature verifies that a unicast IPv6 address is unique before it is assigned to a host interface by the stateless auto configuration feature. Duplicate address detection uses neighbor solicitation messages to verify that a unicast IPv6 address is unique.
Page 129 IPv6 CLI command support TABLE 24 IPv6 CLI command support (continued) IPv6 command Description Switch code Router code clear ipv6 neighbor Deletes all dynamic entries in the IPv6 neighbor table. clear ipv6 ospf Clears OSPF-related entries. clear ipv6 rip Clears RIP-related entries. clear ipv6 route Deletes all dynamic entries in the IPv6 route table.
Page 130: Ipv6 Host Address On A Layer 2 Switch
IPv6 host address on a Layer 2 switch TABLE 24 IPv6 CLI command support (continued) IPv6 command Description Switch code Router code log host ipv6 Configures the IPv6 Syslog server. ping ipv6 Performs an ICMP for IPv6 echo test. show ipv6 Displays some global IPv6 parameters, such IPv6 DNS server address.
Page 131: Configuring A Global Or Site-Local Ipv6 Address With A Manually Configured Interface Id
IPv6 host address on a Layer 2 switch There is support for configuring an IPv6 address on the management port as described in Configuring the management port for an IPv6 automatic address configuration on page 132, and for configuring a system-wide IPv6 address on a Layer 2 switch. Configuration of the system-wide IPv6 address is exactly like configuration of an IPv6 address in router mode, except that the IPv6 configuration is at the Global CONFIG level instead of at the Interface level.
Page 132: Configuring The Management Port For An Ipv6 Automatic Address Configuration
Configuring the management port for an IPv6 automatic address configuration Configuring the management port for an IPv6 automatic address configuration You can have the management port configured to automatically obtain an IPv6 address. This process is the same for any other port and is described in detail in the section Configuring a global or site-local IPv6 address on an interface on page 133...
Page 133 Configuring basic IPv6 connectivity on a Layer 3 switch Configuring a global or site-local IPv6 address on an interface Configuring a global or site-local IPv6 address on an interface does the following: • Automatically configures an interface ID (a link-local address), if specified. •...
Page 134 Configuring basic IPv6 connectivity on a Layer 3 switch These commands configure the global prefix 2001:DB8:12d:1300::/64 and an interface ID, and enable IPv6 on Ethernet interface 1/3/1. Syntax: ipv6 address ipv6-prefix/prefix-length eui-64 You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value.
Page 135: Configuring Ipv4 And Ipv6 Protocol Stacks
Configuring basic IPv6 connectivity on a Layer 3 switch For example, the following commands configure an anycast address on interface 1/2/1. device(config)#int e 1/2/1 device(config-if-e1000-1/2/1)#ipv6 address 2001:DB8::/64 anycast Syntax: ipv6 address ipv6-prefix/prefix-length [ anycast ] IPv6 anycast addresses are described in detail in RFC 1884. Refer to RFC 2461 for a description of how the IPv6 Neighbor Discovery mechanism handles anycast addresses.
Page 136: Ipv6 Over Ipv4 Tunnels
IPv6 over IPv4 tunnels IPv6 over IPv4 tunnels To enable communication between isolated IPv6 domains using the IPv4 infrastructure, you can manually configure IPv6 over IPv4 tunnels that provide static point-point connectivity. As shown in the following illustration, these tunnels encapsulate an IPv6 packet within an IPv4 packet. FIGURE 11 IPv6 over an IPv4 tunnel A manually configured tunnel establishes a permanent link between switches in IPv6 domains.
Page 137: Clearing Ipv6 Tunnel Statistics
IPv6 over IPv4 tunnels To configure a manual IPv6 tunnel, enter commands such as the following on a Layer 3 Switch running both IPv4 and IPv6 protocol stacks on each end of the tunnel. device(config)#interface tunnel 1 device(config-tnif-1)#tunnel source ethernet 1/3/1 device(config-tnif-1)#tunnel destination 10.162.100.1 device(config-tnif-1)#tunnel mode ipv6ip device(config-tnif-1)#ipv6 enable...
Page 138: Displaying Ipv6 Tunnel Information
IPv6 over IPv4 tunnels Syntax: clear ipv6 tunnel [number] The number parameter specifies the tunnel number. Displaying IPv6 tunnel information Use the commands in this section to display the configuration, status, and counters associated with IPv6 tunnels. Displaying a summary of tunnel information To display a summary of tunnel information, enter the following command at any level of the CLI.
Page 139: Ipv6 Management (Ipv6 Host Support)
IPv6 management (IPv6 host support) The display command above reflects the following configuration. device#show running-config interface tunnel 1 interface tunnel 1 port-name ManualTunnel1 tunnel mode ipv6ip tunnel source loopback 1 tunnel destination 10.1.1.1 ipv6 address 1011::1/64 ipv6 address 1001::1/64 ipv6 ospf area 0 TABLE 26 Interface level IPv6 tunnel information Field Description...
Page 140: Specifying An Ipv6 Snmp Trap Receiver
IPv6 management (IPv6 host support) Syntax: snmp-client ipv6 ipv6-address The ipv6-address you specify must be in hexadecimal format using 16-bit values between colons as documented in RFC 2373. Specifying an IPv6 SNMP trap receiver You can specify an IPv6 host as a trap receiver to ensure that all SNMP traps sent by the device will go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network.
Page 141: Ipv6 Traceroute
IPv6 management (IPv6 host support) If the IPv6 address you specify is a link-local address, you must specify the outgoing-interface ethernet port | ve number parameter. This parameter identifies the interface that must be used to reach the remote host. If you specify an Ethernet interface, you must also specify the port number associated with the interface.
Page 142: Restricting Web Management Access
IPv6 management (IPv6 host support) Restricting Web management access You can restrict Web management access to include only management functions on a Brocade device that is acting as an IPv6 host, or restrict access so that the Brocade host can be reached by a specified IPv6 device. Restricting Web management access by specifying an IPv6 ACL You can specify an IPv6 ACL that restricts Web management access to management functions on the device that is acting as the IPv6 host.
Page 143: Pinging An Ipv6 Address
IPv6 management (IPv6 host support) AAAA DNS records are analogous to the A DNS records used with IPv4. They store a complete IPv6 address in each record. AAAA records have a type value of 28. To define an IPv6 DNS server address, enter command such as the following: device(config)#ipv6 dns server-address 2001:DB8::1 Syntax: [no] ipv6 dns server-address ipv6-addr [ ipv6-addr ] [ ipv6-addr ] [ ipv6-addr ] The ipv6 dns server-address parameter sets IPv6 DNS server addresses.
Page 144: Configuring An Ipv6 Syslog Server
IPv6 management (IPv6 host support) NOTE For parameters that require a numeric value, the CLI does not check that the value you enter is within the allowed range. Instead, if you do exceed the range for a numeric value, the software rounds the value to the nearest valid value. •...
Page 145: Disabling Router Advertisement And Solicitation Messages
IPv6 ICMP feature configuration STP topology change: Enable vsrp: Enable Total Trap-Receiver Entries: 4 Trap-Receiver IP-Address Port-Number Community 10.147.201.100 ..2001:DB8::200 ..10.147.202.100 ..2001:DB8::200 ..Disabling router advertisement and solicitation messages Router advertisement and solicitation messages enable a node on a link to discover the routers on the same link. By default, router advertisement and solicitation messages are permitted on the device.
Page 146: Configuring Icmp Rate Limiting
IPv6 ICMP feature configuration Configuring ICMP rate limiting You can limit the rate at which IPv6 ICMP error messages are sent out on a network. IPv6 ICMP implements a token bucket algorithm. To illustrate how this algorithm works, imagine a virtual bucket that contains a number of tokens. Each token represents the ability to send one ICMP error message.
Page 147: Ipv6 Neighbor Discovery Configuration
IPv6 neighbor discovery configuration IPv6 neighbor discovery configuration The neighbor discovery feature for IPv6 uses IPv6 ICMP messages to do the following tasks: • Determine the link-layer address of a neighbor on the same link. • Verify that a neighbor is reachable. •...
Page 148: Router Advertisement And Solicitation Messages
IPv6 neighbor discovery configuration • Link-layer address of node 1. • A query for the link-layer address of node 2. After receiving the neighbor solicitation message from node 1, node 2 replies by sending a neighbor advertisement message, which has a value of 136 in the Type field of the ICMP packet header.
Page 149: Setting Ipv6 Router Advertisement Parameters
IPv6 neighbor discovery configuration If duplicate address detection identifies a duplicate unicast IPv6 address, the address is not used. If the duplicate address is the link-local address of the host interface, the interface stops processing IPv6 packets. NOTE Duplicate Address Detection (DAD) is not currently supported with IPv6 tunnels. Make sure tunnel endpoints do not have duplicate IP addresses.
Page 150: Prefixes Advertised In Ipv6 Router Advertisement Messages
IPv6 neighbor discovery configuration advertisements to 300 seconds and the router lifetime value to 1900 seconds on Ethernet interface 1/3/1, enter the following commands. device(config)#interface ethernet 1/3/1 device(config-if-e1000-1/3/1)#ipv6 nd ra-interval 300 device(config-if-e1000-1/3/1)#ipv6 nd ra-lifetime 1900 device(config-if-e1000-1/3/1)#ipv6 nd ra-hop-limit 1 Here is another example with a specified range. device(config)#interface ethernet 1/3/1 device(config-if-e1000-1/3/1)#ipv6 nd ra-interval range 33 55 device(config-if-e1000-1/3/1)#ipv6 nd ra-lifetime 1900...
Page 151: Setting Flags In Ipv6 Router Advertisement Messages
IPv6 neighbor discovery configuration • Onlink flag --(Optional) If this flag is set, the specified prefix is assigned to the link upon which it is advertised. Nodes sending traffic to addresses that contain the specified prefix consider the destination to be reachable on the local link. •...
Page 152: Enabling And Disabling Ipv6 Router Advertisements
IPv6 neighbor discovery configuration Enabling and disabling IPv6 router advertisements If IPv6 unicast routing is enabled on an Ethernet interface, by default, this interface sends IPv6 router advertisement messages. However, by default, non-LAN interface types, for example, tunnel interfaces, do not send router advertisement messages. To disable the sending of router advertisement messages on an Ethernet interface, enter commands such as the following.
Page 153: Ipv6 Neighbor Discovery Inspection
IPv6 neighbor discovery inspection NOTE The actual reachable time will be from 0.5 to 1.5 times the configured or default value. IPv6 neighbor discovery inspection IPv6 ND inspection is an internal network security system that detects and prevents IPv6 address spoofing at the switch level. IP communication within a Layer 2 infrastructure is established by mapping an IP address to a MAC address.
Page 154 IPv6 neighbor discovery inspection ND inspection, when enabled on a VLAN, checks all the neighbor discovery messages flowing through the switches between the hosts that are part of the VLAN and validates the IP-to-MAC address binding of the packets. All the packets are verified against the trusted binding tables where the preconfigured static ND inspection entries or dynamically learned DHCPv6 snoop entries are stored.
Page 155 IPv6 neighbor discovery inspection FIGURE 13 Neighbor discovery inspection Though you can configure interfaces in “trust” or “untrust” mode, ND inspection is performed only on untrusted ports that are part of the ND inspection-enabled VLAN. When you enable ND inspection on a VLAN, by default, all the interfaces and member ports are considered as untrusted.
Page 156: Neighbor Discovery Inspection Configuration
IPv6 MTU NOTE ND inspection is supported on LAGs and trunk ports and supports Multi-VRF instances. Multiple VRFs can be deployed on a Brocade Ethernet switch. Each VLAN having a Virtual Interface (VE) is assigned to a VRF. Neighbor discovery inspection configuration The ND inspection configuration includes enabling ND inspection on a VLAN, adding static inspection entries, and enabling trust mode for switch or server ports.
Page 157: Changing The Ipv6 Mtu
Static neighbor entries configuration • You cannot use IPv6 MTU to set Layer 2 maximum frame sizes per interface. Enabling global jumbo mode causes all interfaces to accept Layer 2 frames. Changing the IPv6 MTU You can configure the IPv6 MTU on individual interfaces. For example, to configure the MTU on Ethernet interface 1/3/1 as 1280 bytes, enter the following commands.
Page 158: Limiting The Number Of Hops An Ipv6 Packet Can Traverse
Limiting the number of hops an IPv6 packet can traverse Limiting the number of hops an IPv6 packet can traverse By default, the maximum number of hops an IPv6 packet can traverse is 64. You can change this value to between 0 - 255 hops. For example, to change the maximum number of hops to 70, enter the following command.
Page 159: Allocating Tcam Space
TCAM space configuration TABLE 28 TCAM space allocation on ICX 7750 devices (continued) Default Maximum Minimum GRE tunnels TABLE 29 TCAM space allocation on ICX 7450 devices Default Maximum Minimum IPv4 route entries 12000 15168 4096 IPv6 route entries 5120 5120 GRE tunnels TABLE 30 TCAM space allocation on ICX 7250 devices...
Page 160: Allocating Tcam Space For Gre Tunnels
TCAM space configuration Return to privileged EXEC mode. device(config)# exit Reload the device for the new TCAM space allocations to be changed. device# reload The following example configures TCAM space for 6000 IPv4 route entries. After the reload, you can view the new TCAM allocation numbers for IPv6 entries.
Page 161: Displaying Global Ipv6 Information
Displaying global IPv6 information The following example configures TCAM storage space for 20 GRE tunnel entries. After the reload, you can view the new TCAM allocation numbers for GRE tunnels in the running configuration. device# configure terminal device(config)# system-max gre-tunnels 20 device(config)# write memory device(config)# exit device# reload...
Page 162: Displaying Ipv6 Interface Information
Displaying global IPv6 information The ethernet | ve | tunnel parameter restricts the display to the entries for the specified interface. The ipv6-address parameter restricts the display to the entries for the specified IPv6 address. You must specify this parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Page 163: Displaying Ipv6 Neighbor Information
Displaying global IPv6 information To display detailed information for a specific interface, enter a command such as the following at any CLI level. device#show ipv6 interface ethernet 1/3/1 Interface Ethernet 1/3/1 is up, line protocol is up IPv6 is enabled, link-local address is fe80::2e0:52ff:fe99:97 Global unicast address(es): Joined group address(es): ff02::9...
Page 164: Displaying The Ipv6 Route Table
Displaying global IPv6 information Syntax: show ipv6 neighbor [ ipv6-prefix/prefix-length | ipv6-address | interface [ unit / slot / port | number ] ] The ipv6-prefix / prefix-length parameters restrict the display to the entries for the specified IPv6 prefix. You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Page 165 Displaying global IPv6 information 2001:DB8:1234::/32 tunnel 6 2001:DB8:46a::/64 ethe 1/3/2 2001:DB8::1/128 loopback 2 2001:DB8::2/128 fe80::2e0:52ff:fe91:bb37 ethe 1/3/2 110/1 2001:DB8::/64 tunnel 2 The ipv6-address parameter restricts the display to the entries for the specified IPv6 address. You must specify the ipv6-address parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Page 166: Displaying Local Ipv6 Routers
Displaying global IPv6 information Displaying local IPv6 routers The Brocade device can function as an IPv6 host, instead of an IPv6 router, if you configure IPv6 addresses on its interfaces but do not enable IPv6 routing using the ipv6 unicast-routing command. From the IPv6 host, you can display information about IPv6 routers to which the host is connected.
Page 167 Displaying global IPv6 information To display general information about each TCP connection on the router, enter the following command at any CLI level. device#show ipv6 tcp connections Local IP address:port <-> Remote IP address:port TCP state 10.168.182.110:23 <-> 10.168.8.186:4933 ESTABLISHED 10.168.182.110:8218 <->...
Page 168 Displaying global IPv6 information TABLE 38 General IPv6 TCP connection fields (continued) Field Description FREE TCP RECEIVE BUFFER = percentage The percentage of free TCP receive buffer space. FREE TCP OUT OF SEQUENCE BUFFER = percentage The percentage of free TCP out of sequence buffer space. To display detailed information about a specified TCP connection, enter a command such as the following at any CLI level.
Page 169: Displaying Ipv6 Traffic Statistics
Displaying global IPv6 information TABLE 39 Specific IPv6 TCP connection fields (continued) Field Description Receive: received window = number The size of the local router’s receive window. Receive: bytes in receive queue = number The number of bytes in the local router’s receive queue. Receive: congestion window = number The size of the local router’s receive congestion window.
Page 170 Displaying global IPv6 information Field Description bad options The number of IPv6 packets dropped by the router because of bad options. too many hdr The number of IPv6 packets dropped by the router because the packets had too many headers. no route The number of IPv6 packets dropped by the router because there was no route.
Page 171 Displaying global IPv6 information Field Description nei soli The number of Neighbor Solicitation messages sent or received by the router. nei adv The number of Router Advertisement messages sent or received by the router. redirect The number of redirect messages sent or received by the router. Applies to received only bad code The number of Bad Code messages received by the router.
Page 172: Clearing Global Ipv6 Information
Clearing global IPv6 information Field Description active resets The number of TCP connections the router reset by sending a TCP RESET message to the device at the other end of the connection. passive resets The number of TCP connections the router reset because the device at the other end of the connection sent a TCP RESET message.
Page 173: Clearing Ipv6 Routes From The Ipv6 Route Table
Clearing global IPv6 information • IPv6 address • Interface type For example, to remove entries for Ethernet interface 1/3/1, enter the following command at the Privileged EXEC level or any of the CONFIG levels of the CLI. device#clear ipv6 neighbor ethernet 1/3/1 Syntax: clear ipv6 neighbor [ ipv6-prefix / prefix-length | ipv6-address | ethernet port | ve number | vrf vrf-name ] You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Page 174 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 175: Ipv4 Static Routing
IPv4 Static Routing • Static routes configuration..................................175 Static routes configuration The IP route table can receive routes from the following sources: • Directly-connected networks - When you add an IP interface, the Layer 3 switch automatically creates a route for the network the interface is in.
Page 176: Multiple Static Routes To The Same Destination Provide Load Sharing And Redundancy
Static routes configuration – A virtual interface (a routing interface used by VLANs for routing Layer 3 protocol traffic among one another) – A tunnel number of the next-hop gateway – A "null" interface. The Layer 3 switch drops traffic forwarded to the null interface. You can also specify the following optional parameters: •...
Page 177: Configuring A Static Ip Route
Static routes configuration When you configure a static IP route, you specify the destination address for the route and the next-hop gateway or Layer 3 interface through which the Layer 3 device can reach the route. The device adds the route to the IP route table. In this case, Switch A knows that 207.95.6.157 is reachable through port 1/1/2, and also assumes that local interfaces within that subnet are on the same port.
Page 178: Static Route Next Hop Resolution
Static routes configuration NOTE If you specify 16, RIP considers the metric to be infinite and thus also considers the route to be unreachable. The distance num variable specifies the administrative distance of the route. When comparing otherwise equal routes to a destination, the Layer 3 switch prefers lower administrative distances over higher ones, so make sure you use a low value for your default route.
Page 179: Removing A Name Or A Static Route
Static routes configuration To assign a name to a static route, enter commands such as the following. device(config)# ip route 10.22.22.22 255.255.255.255 eth 1/1/1 name abc device(config)# ip route 10.22.22.22 255.255.255.255 10.1.1.1 name abc Syntax: [no] ip route dest-ip-addr dest-mask { next-hop-ip-addr | ethernet unit / slot / port | ve num } [ metric ] [ distance num ] [ name static-route-name ] [ tag tag-num ] Enter the static route name for name string.
Page 180: Static Route Recursive Lookup
Static routes configuration The following example removes the name of the designated static route, removes the route, and saves the change to the IP routing table. device# configure terminal device(config)# no ip route 10.22.22.22 255.255.255.255 10.1.1.1 name xyz device(config)# no ip route 10.22.22.22 255.255.255.255 10.1.1.1 device(config)# write memory Static route recursive lookup This feature enables the Brocade device to use static routes to resolve another static route.
Page 181: Configuring Load Balancing And Redundancy Using Multiple Static Routes To The Same Destination
Static routes configuration Syntax: ip route ip-addr /mask-bits null0 [ metric ] [ distance num ] To display the maximum value for your device, enter the show default values command. The maximum number of static IP routes the system can hold is listed in the ip-static-route row in the System Parameters section of the display. To change the maximum value, use the system-max ip-static-route command at the global CONFIG level.
Page 182: Configuring Standard Static Ip Routes And Interface Or Null Static Routes To The Same Destination
Static routes configuration The following commands configure static IP routes to the same destination, but with different metrics. The route with the lowest metric is used by default. The other routes are backups in case the first route becomes unavailable. The Layer 3 switch uses the route with the lowest metric if the route is available.
Page 183 Static routes configuration FIGURE 15 Standard and null static routes to the same destination network The next example shows another example of two static routes. In this example, a standard static route and an interface-based static route are configured for destination network 192.168.6.0/24. The interface-based static route has a lower metric than the standard static route.
Page 184 Static routes configuration FIGURE 16 Standard and interface routes to the same destination network To configure a standard static IP route and a null route to the same network, enter commands such as the following. device(config)# ip route 192.168.7.0/24 192.168.6.157/24 1 device(config)# ip route 192.168.7.0/24 null0 3 The first command configures a standard static route, which includes specification of the next-hop gateway.
Page 185: Ipv6 Static Routing
IPv6 Static Routing • Static IPv6 route configuration..................................185 • Configuring a static IPv6 route................................. 185 • Configuring a static route in a non-default VRF or User VRF.....................186 Static IPv6 route configuration You can configure a static IPv6 route to be redistributed into a routing protocol, but you cannot redistribute routes learned by a routing protocol into the static IPv6 routing table.
Page 186: Configuring A Static Route In A Non-Default Vrf Or User Vrf
Configuring a static route in a non-default VRF or User VRF TABLE 40 Static IPv6 route parameters (continued) Parameter Configuration details Status The route’s next-hop gateway, which can be one You can specify the next-hop gateway as one of Mandatory for all static IPv6 routes. of the following: the following types of IPv6 addresses: •...
Page 187 Configuring a static route in a non-default VRF or User VRF The next-hop-ip-addr is the IPv6 address of the next-hop router (gateway) for the route. NOTE The vrf needs to be a valid VRF to be used in this command. NOTE When a tunnel is configured as the next hop for a static route, the tunnel must already be configured if the destination is a non- default VRF.
Page 188 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 189: Rip Overview
• RIP overview........................................189 • RIP parameters and defaults..................................189 • Configuring RIP parameters..................................191 • Displaying RIP Information..................................198 • Displaying CPU utilization statistics................................200 RIP overview Routing Information Protocol (RIP) is an IP route exchange protocol that uses a distance vector (a number representing distance) to measure the cost of a given route.
Page 190 RIP parameters and defaults TABLE 41 RIP global parameters (continued) Parameter Description Default NOTE You also must enable the protocol on individual interfaces. Globally enabling the protocol does not allow interfaces to send and receive RIP information. Administrative distance The administrative distance is a numeric value assigned to each type of route on the device.
Page 191: Rip Interface Parameters
Configuring RIP parameters RIP interface parameters TABLE 42 RIP interface parameters Parameter Description Default RIP state and version The state of the protocol and the version that is Disabled supported on the interface. The version can be one of the following: •...
Page 192: Configuring Route Costs
Configuring RIP parameters After globally enabling the protocol, you must enable it on individual interfaces. You can enable the protocol on physical interfaces as well as virtual routing interfaces. To enable RIP on an interface, enter commands such as the following. device(config)# interface ethernet 1/1/1 device(config-if-e1000-1/1/1)# ip rip v1-only Syntax: [no] ip rip {v1-only | v1-compatible-v2 | v2-only}...
Page 193 Configuring RIP parameters To configure redistribution, perform the following tasks. Configure redistribution filters (optional). You can configure filters to permit or deny redistribution for a route based on its origin (OSPF, BGP4, and so on), the destination network address, and the route’s metric. You also can configure a filter to set the metric based on these criteria.
Page 194: Configuring Route Learning And Advertising Parameters
Configuring RIP parameters The static keyword applies redistribution to IP static routes. The metric value parameter sets the RIP metric value from 1 through 15 that will be applied to the routes imported into RIP. The route-map name parameter indicates the route map’s name. Matching based on RIP protocol type The match option has been added to the route-map command that allows statically configured routes or the routes learned from the IGP protocol RIP.
Page 195: Changing The Route Loop Prevention Method
Configuring RIP parameters Enabling learning of RIP default routes By default, the Brocade device does not learn default RIP routes. You can enable learning of RIP default routes on a global or interface basis. To enable learning of default RIP routes on a global basis, enter the following command. device(config-rip-router)# learn-default Syntax: [no] learn-default To enable learning of default RIP routes on an interface, enter the ip rip learn-default command.
Page 196: Suppressing Rip Route Advertisement On A Vrrp Or Vrrpe Backup Interface
Configuring RIP parameters Syntax: [no] poison-reverse To disable poison reverse and enable split horizon on an interface, enter commands such as the following. device(config)#interface ethernet 1/1/1 device(config-if-e10000-1/1/1)# no ip rip poison-reverse Syntax: [no] ip rip poison-reverse To disable split horizon and enable poison reverse on an interface, enter commands such as the following. device(config)#interface ethernet 1/1/1 device(config-if-e10000-1/1/1)# ip rip poison-reverse You can configure the Brocade device to avoid routing loops by advertising local RIP routes with a cost of 16 ("infinite"...
Page 197 Configuring RIP parameters NOTE By default, routes that do not match a prefix list are learned or advertised. To prevent a route from being learned or advertised, you must configure a prefix list to deny the route. To configure a prefix list, enter commands such as the following. device(config)# ip prefix-list list1 permit 10.53.4.1 255.255.255.0 device(config)# ip prefix-list list2...
Page 198: Setting Rip Timers
Displaying RIP Information Setting RIP timers You can set basic update timers for the RIP protocol. The protocol must be enabled in order to set the timers. The timers command specifies how often RIP update messages are sent. To set the timers, enter the following commands. device(config) router rip device(config-rip-router)# timer 30 180 180 120 Syntax: [no] timers update-timer timeout-timer hold-down-timer garbage-collection-timer...
Page 199 Displaying RIP Information TABLE 43 CLI display of neighbor filter information (continued) Field. Defiinition Action The action the Brocade device takes for RIP route packets to or from the specified neighbor: • deny - If the filter is applied to an interface’s outbound filter group, the filter prevents the Brocade device from advertising RIP routes to the specified neighbor on that interface.
Page 200: Displaying Cpu Utilization Statistics
Displaying CPU utilization statistics To display current running configuration for interface 1/1/1, enter the following command. device# show running-config interface ethernet 1/1/1 interface ethernet 1/1/1 enable ip ospf area 0 ip ospf priority 0 ip rip v2-only ip address 10.1.1.2/24 ipv6 address 2000::1/32 ipv6 enable To display current running configuration for ve 10, enter the following command.
Page 201 Displaying CPU utilization statistics Syntax: show cpu-utilization tasks The command lists the usage statistics for the previous five-second, one-minute, five-minute, and fifteen-minute intervals. Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 202 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 203: Ripng
RIPng • RIPng Overview......................................203 • Configuring RIPng......................................203 • Clearing RIPng routes from IPv6 route table............................208 • Displaying RIPng information..................................208 RIPng Overview Routing Information Protocol (RIP) is an IP route exchange protocol that uses a distance vector (a number representing a distance) to measure the cost of a given route.
Page 204: Configuring Ripng Timers
Configuring RIPng To enable RIPng globally, enter the following command. device(config-rip-router)#ipv6 router rip device(config-ripng-router)# After you enter this command, the device enters the RIPng configuration level, where you can access several commands that allow you to configure RIPng. Syntax: [no] ipv6 router rip To disable RIPng globally, use the no form of this command.
Page 205: Configuring Route Learning And Advertising Parameters
Configuring RIPng • Hold-down timer: 9 through 65535 seconds. • Garbage-collection timer: 9 through 65535 seconds. NOTE You must enter a value for each timer, even if you want to retain the current setting of a particular timer. To return to the default values of the RIPng timers, use the no form of this command. Configuring route learning and advertising parameters You can configure the following learning and advertising parameters: •...
Page 206: Redistributing Routes Into Ripng
Configuring RIPng For example, to advertise the summarized prefix 2001:db8::/36 instead of the IPv6 address 2001:db8:0:adff:8935:e838:78:e0ff with a prefix length of 64 bits from Ethernet interface 1/3/1, enter the following commands. device(config)# interface ethernet 1/3/1 device(config-if-e100-1/3/1)# ipv6 address 2001:db8:0:adff:8935:e838:78: e0ff /64 device(config-if-e100-1/3/1)# ipv6 rip summary-address 2001:db8::/36 Syntax: [no] ipv6 rip summary-address ipv6-prefix/prefix-length You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Page 207: Controlling Distribution Of Routes Through Ripng
Configuring RIPng For example, to redistribute OSPFv3 routes into RIPng, enter the following command. device(config)# ipv6 router rip device(config-ripng-router)# redistribute ospf Syntax: [no] redistribute{ bgp | connected | ospf | static [ metric number ] } For the metric, specify a numerical value that is consistent with RIPng. Controlling distribution of routes through RIPng You can create a prefix list and then apply it to RIPng routing updates that are received or sent on a device interface.
Page 208: Clearing Ripng Routes From Ipv6 Route Table
Clearing RIPng routes from IPv6 route table To better handle this situation, you can configure a RIPng Brocade device to send a triggered update containing the local routes of the disabled interface with an unreachable metric of 16 to the other RIPng routers in the routing domain. You can enable the sending of a triggered update by entering the following commands.
Page 209: Displaying Ripng Routing Table
Displaying RIPng information TABLE 45 show ipv6 rip output descriptions (continued) Field Description Split horizon/poison reverse The status of the RIPng split horizon and poison reverse features. Possible status is "on" or "off." Default routes The status of RIPng default routes. Periodic updates/trigger updates The number of periodic updates and triggered updates sent by the RIPng Brocade device.
Page 210 Displaying RIPng information TABLE 46 show ipv6 rip route output descriptions (continued) Field Description • STATIC - IPv6 static routes are redistributed into RIPng. • BGP - BGP4+ routes are redistributed into RIPng. • OSPF - OSPFv3 routes are redistributed into RIPng. Metric number The cost of the route.
Page 211: Ospfv2
OSPFv2 • OSPFv2 overview......................................211 • Autonomous System....................................211 • OSPFv2 components and roles................................212 • Reduction of equivalent AS external LSAs............................214 • Algorithm for AS external LSA reduction............................. 216 • OSPFv2 areas......................................... 216 • Virtual links........................................219 • Default route origination....................................220 •...
Page 212: Ospfv2 Components And Roles
OSPFv2 components and roles FIGURE 17 OSPF operating in a network NOTE For details of components and virtual links, refer to OSPFv2 components and roles on page 212 and Virtual links on page 219, respectively. Once OSPFv2 is enabled on the system, the user assigns an IP address or number as the area ID for each area. The area ID is representative of all IP addresses (subnets) on a router port.
Page 213: Designated Routers
OSPFv2 components and roles For more information about redistribution, refer to the redistribute command in the FastIron Command Reference. Designated routers In an OSPF broadcast network, OSPF elects one router to serve as the designated router (DR) and another router on the segment to act as the backup designated router (BDR).
Page 214: Reduction Of Equivalent As External Lsas
Reduction of equivalent AS external LSAs The DR and BDR election process is performed when one of the following events occurs: • An interface is in a waiting state and the wait time expires. • An interface is in a waiting state and receives a hello packet that addresses the BDR. •...
Page 215 Reduction of equivalent AS external LSAs FIGURE 19 AS external LSA reduction Notice that both Router D and Router E have a route to the other routing domain through Router F. OSPF eliminates the duplicate AS External LSAs. When two or more devices are configured as ASBRs have equal-cost routes to the same next-hop router in an external routing domain, the ASBR with the highest router ID floods the AS External LSAs for the external domain into the OSPF AS, while the other ASBRs flush the equivalent AS External LSAs from their databases.
Page 216: Algorithm For As External Lsa Reduction
Algorithm for AS external LSA reduction Algorithm for AS external LSA reduction The AS external LSA reduction example shows the normal AS External LSA reduction feature. The behavior changes under the following conditions: • There is one ASBR advertising (originating) a route to the external destination, but one of the following happens: –...
Page 217: Area Range
OSPFv2 areas When an NSSA contains more than one ABR, OSPFv2 elects one of the ABRs to perform the LSA translation for NSSA. OSPFv2 elects the ABR with the highest router ID. If the elected ABR becomes unavailable, OSPFv2 automatically elects the ABR with the next highest router ID to take over translation of LSAs for the NSSA.
Page 218: Link State Advertisements
OSPFv2 areas FIGURE 20 OSPF network containing an NSSA This example shows two routing domains, a BGP domain and an OSPF domain. The ASBR inside the NSSA imports external routes from BGP into the NSSA as type 7 LSAs, which the ASBR floods throughout the NSSA. The ABR translates the type 7 LSAs into type 5 LSAs.
Page 219: Virtual Links
Virtual links Virtual links All ABRs must have either a direct or indirect link to the OSPFv2 backbone area (0.0.0.0 or 0). If an ABR does not have a physical link to the area backbone, the ABR can configure a virtual link to another router within the same area, which has a physical connection to the area backbone.
Page 220: Default Route Origination
Default route origination Default route origination When the device is an OSPFv2 Autonomous System Boundary Router (ASBR), you can configure it to automatically generate a default external route into an OSPFv2 routing domain. By default, a device does not advertise the default route into the OSPFv2 domain. If you want the device to advertise the OSPFv2 default route, you must explicitly enable default route origination.
Page 221: Spf Timers
OSPFv2 LSA refreshes NOTE This option affects only imported, type 5 external LSA routes. A single type 5 LSA is generated and flooded throughout the autonomous system for multiple external routes. Type 7-route redistribution is not affected by this feature. All type 7 routes will be imported (if redistribution is enabled).
Page 222: Support For Ospf Rfc 2328 Appendix E
Support for OSPF RFC 2328 Appendix E Support for OSPF RFC 2328 Appendix E Brocade devices support Appendix E in OSPF RFC 2328. Appendix E describes a method to ensure that an OSPF device generates unique link state IDs for type-5 (External) link state advertisements (LSAs) in cases where two networks have the same network address but different network masks.
Page 223: Ospfv2 Graceful Restart
OSPFv2 stub router advertisement OSPFv2 graceful restart The graceful restart (GR) feature provides a routing device with the capability to inform its neighbors when it is performing a restart. Neighboring devices, known as GR helpers, are informed via protocol extensions that the device is undergoing a restart and assist in the restart.
Page 224: Ospfv2 Shortest Path First Throttling
OSPFv2 Shortest Path First throttling OSPFv2 Shortest Path First throttling Rapid triggering of SPF calculations with exponential back-off to offer the advantages of rapid convergence without sacrificing stability. As the delay increases, multiple topology changes can occur within a single SPF. This dampens network activity due to frequent topology changes.
Page 225: Limitations Of Nsr
Synchronization of critical OSPFv2 elements If the active management module fails, the standby management module takes over and maintains the current OSPF routes, link-state advertisements (LSAs), and neighbor adjacencies, so that there is no loss of existing traffic to the OSPF destination. Limitations of NSR •...
Page 226: Lsa Syncing And Packing
Standby module operations LSA syncing and packing When the LSA processing is completed on the active management module and the decision is made to install the LSA in its link state database (LSDB), OSPF synchronizes that LSA to the standby module. OSPF checks the current state of the database entry, whether or not it is marked for deletion.
Page 227: Neighbor Database
OSPFv2 distribute list Neighbor database Neighbor information is updated in the standby module based on updates from the active module. Certain neighbor state and interface transitions are synchronized to the standby module. By default, the neighbor timers on the standby module are disabled. LSA database The standby module processes LSA synchronization events from the active module and unpacks the LSA synchronization information to directly install it in its LSDB, as the LSA has already been processed on the active module.
Page 228: Configuring An Ospfv2 Distribution List Using Route Maps
OSPFv2 distribute list any 10.x.x.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database. device(config)# ip access-list standard no_ip device(config-std-nacl)# deny 10.0.0.0 0.255.255.255 device(config-std-nacl)# permit any device(config)# router ospf device(config-ospf-router) # area 0 device(config-ospf-router) # distribute-list no_ip in In the following example, the first three commands configure an extended ACL that denies routes to any 10.31.39.x destination network...
Page 229: Ospfv2 Route Redistribution
OSPFv2 route redistribution device(config-routemap setdistance)# exit device(config)# router ospf device(config-ospf-router)# area 0 device(config-ospf-router)# area 1 device(config-ospf-router)# distribute-list route-map setdistance in device(config-ospf-router)# exit Once this configuration is implemented, the routes identified by the ip prefix-list command and matched in the route map will have their OSPFv2 administrative distance set to 200.
Page 230: Load Sharing
Load sharing FIGURE 22 Redistributing OSPF and static routes to RIP routes Load sharing Brocade devices can load share among up to eight equal-cost IP routes to a destination. By default, IP load sharing is enabled. The default is 4 equal-cost paths but you can specify from 2 to 8 paths. On the ICX 7750 device, the value range for the maximum number of load-sharing paths is from 2 through 32 ,which is controlled by the system-max max-ecmp command.
Page 231 Load sharing FIGURE 23 Example OSPF network with four equal-cost paths The device has four paths to R1: • Router ->R3 • Router ->R4 • Router ->R5 • Router ->R6 Normally, the device chooses the path to the R1 with the lower metric. For example, if the metric for R3 is 1400 and the metric for R4 is 600, the device always chooses R4.
Page 232: Interface Types To Which The Reference Bandwidth Does Not Apply
Interface types to which the reference bandwidth does not apply Interface types to which the reference bandwidth does not apply Some interface types are not affected by the reference bandwidth and always have the same cost regardless of the reference bandwidth in use: •...
Page 233: Ospfv2 Over Vrf
Configuring OSPFv2 OSPFv2 over VRF OSPFv2 can run over multiple Virtual Routing and Forwarding (VRF) instances. All OSPFv2 commands are available over default and non-default OSPF instances. OSPFv2 maintains multiple instances of the routing protocol to exchange route information among various VRF instances. A multi-VRF- capable device maps an input interface to a unique VRF, based on user configuration.
Page 234: Configuring An Nssa
Configuring OSPFv2 Enter the area command to define a second OSPFv2 area ID. device(config-ospf-router)# area 10.1.1.1 The following example assigns an OSPFv2 ID to two areas. One of the areas is assigned by decimal number. The second area is assigned by IP address. device# configure terminal device(config)# router ospf device(config-ospf-router)# area 0...
Page 235: Disabling Summary Lsas For A Stub Area
Configuring OSPFv2 The following example configures a summary-address in NSSA 1.1.1.1. device# configure terminal device(config)# router ospf device(config-ospf-router)# area 1.1.1.1 nssa 10 device(config-ospf-router)# summary-address 10.10.1.0 10.10.2.0 Disabling summary LSAs for a stub area LSAs can be disabled for a stub area. Enter the configure terminal command to access global configuration mode.
Page 236: Assigning Interfaces To An Area
Configuring OSPFv2 Assigning interfaces to an area Once you define OSPFv2 areas, you can assign interfaces to the areas. All device ports must be assigned to one of the defined areas on an OSPFv2 device. When a port is assigned to an area, all corresponding subnets on that port are automatically included in the assignment.
Page 237: Modifying Shortest Path First Timers
Configuring OSPFv2 On ABR2, enter the configure terminal command to access global configuration mode. device# configure terminal Enter the router ospf command to enter OSPFv2 router configuration mode and enable OSPFv2 on the device. device(config)# router ospf Enter the area command to assign an OSPFv2 area ID. device(config-ospf-router)# area 1 Enter the area command to assign an OSPFv2 area ID.
Page 238: Configuring The Ospfv2 Lsa Pacing Interval
Configuring OSPFv2 Configuring the OSPFv2 LSA pacing interval The interval between OSPFv2 LSA refreshes can be modified. Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the router ospf command to enter OSPF router configuration mode and enable OSPFv2 globally. device(config)# router ospf Enter the timers command with the lsa-group-pacing parameter.
Page 239: Disabling Ospfv2 Graceful Restart Helper
Configuring OSPFv2 Enter the graceful restart command with the restart-time parameter and specify a value to re-enable GR on the device, and change the maximum restart wait time from the default value of 120 seconds. device(config-ospf-router)# graceful-restart restart-time 240 The following example re-enables GR and changes the maximum restart wait time from the default value of 120 seconds to 240 seconds.
Page 240: Configuring The Ospfv2 Max-Metric Router Lsa
Configuring OSPFv2 The following example redistributes static and RIP routes into OSPFv2 on a device. device# configure terminal device(config)# router ospf device(config-ospf-router)# redistribute static device(config-ospf-router)# redistribute rip Configuring the OSPFv2 Max-Metric Router LSA By configuring the OSPFv2 max-metric router LSA you can enable OSPFv2 to advertise its locally generated router LSAs with a maximum metric.
Page 241: Changing Default Settings
Configuring OSPFv2 Changing default settings Refer to the FastIron Command Reference for other commands you can use to change default OSPF settings. Some commonly configured items include the following: • Changing reference bandwidth to change interface costs by using the auto-cost reference-bandwidth command. •...
Page 242 Configuring OSPFv2 Disabling OSPFv2 To disable OSPFv2 on a device, use the no router ospf command: Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the no router ospf command to disable OSPFv2 on the device. device(config)# no router ospf The following example disables OSPFv2 on a device.
Page 243: Ospfv3
OSPFv3 • OSPFv3 overview......................................243 • OSPFv3 areas......................................... 244 • Virtual links........................................246 • OSPFv3 route redistribution..................................248 • Default route origination....................................249 • Filtering OSPFv3 routes....................................249 • SPF timers.........................................249 • OSPFv3 administrative distance................................250 • OSPFv3 LSA refreshes....................................250 • External route summarization..................................251 •...
Page 244: Ospfv3 Areas
OSPFv3 areas OSPFv3 areas After OSPFv3 is enabled, you can assign OSPFv3 areas. You can assign an IPv6 address or a number as the area ID for each area. The area ID is representative of all IP addresses (subnets) on a device interface. Each device interface can support one area. NOTE You can assign only one area on a device interface.
Page 245: Area Range
OSPFv3 areas Area range You can further consolidate routes at an area boundary by defining an area range. The area range allows you to assign an aggregate value to a range of IP and IPv6 addresses. This aggregate value becomes the address that is advertised instead of all the individual addresses it represents being advertised. You have the option of adding the cost to the summarized route.
Page 246: Lsa Types For Ospfv3
Virtual links If the router is an ABR, you can prevent any type 3 and type 4 LSA from being injected into the area. The only exception is that a default route is injected into the NSSA by the ABR, and strictly as a type 3 LSA. LSA types for OSPFv3 Communication among OSPFv3 areas is provided by means of link-state advertisements (LSAs).
Page 247 Virtual links FIGURE 24 OSPFv3 virtual link Two parameters must be defined for all virtual links—transit area ID and neighbor router: • The transit area ID represents the shared area of the two ABRs and serves as the connection point between the two routers. This number should match the area ID value.
Page 248: Virtual Link Source Address Assignment
OSPFv3 route redistribution NOTE By default, the router ID is the IPv4 address configured on the lowest-numbered loopback interface. If the device does not have a loopback interface, the default router ID is the highest-numbered IPv4 address configured on the device. When you establish an area virtual link, you must configure it on both ends of the virtual link.
Page 249: Default Route Origination
SPF timers NOTE For an external route that is redistributed into OSPFv3 through a route map, the metric value of the route remains the same unless the metric is set by the set metric command inside the route map or the default-metric command. For a route redistributed without using a route map, the metric is set by the metric parameter if set or the default-metric command if the metric parameter is not set.
Page 250: Ospfv3 Administrative Distance
OSPFv3 administrative distance You can set the SPF delay and hold time to lower values to cause the device to change to alternate paths more quickly if a route fails. Note that lower values for these parameters require more CPU processing time. You can change one or both of the timers.
Page 251: External Route Summarization
OSPFv3 graceful restart helper External route summarization An ASBR can be configured to advertise one external route as an aggregate for all redistributed routes that are covered by a specified IPv6 address range. When you configure an address range, the range takes effect immediately. All the imported routes are summarized according to the configured address range.
Page 252: Ospfv3 Non-Stop Routing
OSPFv3 non-stop routing OSPFv3 non-stop routing OSPFv3 can continue operation without interruption during hitless failover when the NSR feature is enabled. During graceful restart (GR), the restarting neighbors must help build routing information during a failover. However, the GR helper may not be supported by all devices in a network.
Page 253: Ipsec For Ospfv3 Configuration
IPsec for OSPFv3 For IPsec, the system generates two types of databases. The Security Association Database (SAD) contains a security association for each interface or one global database for a virtual link. Even if IPsec is configured for an area, each interface that uses the area's IPsec still has its own security association in the SAD.
Page 254: Configuring Ospfv3
Configuring OSPFv3 • The old key is active for twice the current configured key rollover interval for the inbound direction. In the outbound direction, the old key remains active for a duration equal to the key rollover interval. If the key rollover interval is set to 0, the new key immediately takes effect for both directions.
Page 255: Enabling Ospfv3 In A Non-Default Vrf
Configuring OSPFv3 The following example enables OSPFv3 on a device. device# configure terminal device(config)# ip router-id 10.11.12.13 device(config)# ipv6 router ospf device(config-ospf6-router)# Enabling OSPFv3 in a non-default VRF When OSPFv3 is enabled in a non-default VRF instance, the device enters OSPFv3 router VRF configuration mode. Several commands can then be accessed that allow the configuration of OSPFv3.
Page 256: Assigning Ospfv3 Areas
Configuring OSPFv3 Assigning OSPFv3 areas Areas can be assigned as OSPFv3 areas. Enable IPv6 on each interface on which you plan to enable OSPFv3. You enable IPv6 on an interface by configuring an IP address or explicitly enabling IPv6 on that interface. Enter the configure terminal command to access global configuration mode.
Page 257: Assigning Ospfv3 Areas To Interfaces
Configuring OSPFv3 Enter the address-family ipv6 command to enter IPv6 address-family configuration mode. device(config-vrf-red)# address-family ipv6 Enter the exit command until you return to global configuration mode. device(config-vrf-red-ipv6)# exit Enter the ipv6 router ospf command and specify a VRF name to enter OSPFv3 configuration mode and enable OSPFv3 in a non-default VRF.
Page 258: Assigning A Stub Area
Configuring OSPFv3 Enter the ipv6 ospf area command. device(config-vif-1)# ipv6 ospf area 0 Area 0 is assigned to the specified interface with the IPv6 address of 2001:db8:93e8:cc00::1. Enter the exit command to return to global configuration mode. device(config-vif-1)# exit Enter the interface command and specify an interface. device(config)# interface ve 2 Enter the ipv6 address command to specify the router ID.
Page 259: Configuring An Nssa
Configuring OSPFv3 Configuring an NSSA OSPFv3 areas can be defined as NSSA areas with configurable parameters. Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the ip router-id command to specify the router ID. device(config)# ip router-id 10.3.3.3 Enter the ipv6 router ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 on the device.
Page 260: Redistributing Routes Into Ospfv3
Configuring OSPFv3 On ABR2, enter the configure terminal command to access global configuration mode. device# configure terminal Enter the ip router-id command to specify the router ID. device(config)# ip router-id 10.2.2.2 Enter the ipv6 router ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 on the device. device(config)# ipv6 router ospf 10.
Page 261: Modifying Spf Timers
Configuring OSPFv3 On device2, enter the configure terminal command to access global configuration mode. device# configure terminal Enter the ipv6 router ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 on the device. device(config)# ipv6 router ospf Enter the redistribute command with the connected and route-map parameters to redistribute connected routes and specify a route map.
Page 262: Configuring Default External Routes
Configuring OSPFv3 Enter the timers command with the lsa-group-pacing parameter. device(config-ospf6-router)# timers lsa-group-pacing 120 The OSPFv3 LSA pacing interval is changed to 120 seconds (two minutes). The following example restores the pacing interval to the default value of 240 seconds (4 minutes). device# configure terminal device(config)# ipv6 router ospf device(config-ospf6-router)# no timers lsa-group-pacing...
Page 263: Configuring Administrative Distance Based On Route Type
Configuring OSPFv3 Configuring administrative distance based on route type The default administrative distances for intra-area routes, inter-area routes, and external routes can be altered. Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the ipv6 router ospf command to enter OSPFv3 router configuration mode and enable OSPFv3 globally. device(config)# ipv6 router ospf Enter the distance command with the intra-area parameter.
Page 264: Setting All Ospfv3 Interfaces To The Passive State
Configuring OSPFv3 The following example changes the auto-cost reference bandwidth to 500. device# configure terminal device(config)# ipv6 router ospf device(config-ospf6-router)# auto-cost reference-bandwidth 500 The reference bandwidth specified in this example results in the following costs: • 10-Mbps port cost = 500/10 = 50 •...
Page 265: Re-Enabling Ospfv3 Graceful Restart Helper
Configuring OSPFv3 The following example disables the GR helper with strict link-state advertisement (LSA) checking. device# configure terminal device(config)# ipv6 router ospf device(config-ospf6-router)# no graceful-restart helper strict-lsa-checking Re-enabling OSPFv3 graceful restart helper If the OSPFv3 graceful restart (GR) helper has been disabled on a routing device, it can be re-enabled. GR helper mode can also be enabled with strict link-state advertisement (LSA) checking.
Page 266: Configuring Ipsec On An Ospfv3 Interface
Configuring OSPFv3 Enter area authentication ipsec spi spi esp sha1, specifying an area, and enter a 40-character hexadecimal key. device(config-ospf6-router)# area 0 authentication ipsec spi 600 esp sha1 abcef12345678901234fedcba098765432109876 IPsec is configured in OSPv3 area 0 with a security parameter index (SPI) value of 600, and Hashed Message Authentication Code (HMAC) Secure Hash Algorithm 1 (SHA-1) authentication is enabled.
Page 267: Configuring Ipsec On Ospfv3 Virtual Links
Configuring OSPFv3 Configuring IPsec on OSPFv3 virtual links IP Security (IPsec) can be configured for virtual links. An OSPFv3 virtual link must be configured. Currently certain keyword parameters must be entered though only one keyword choice is possible for that parameter. For example, the only authentication algorithm is HMAC-SHA1-96, but you must nevertheless enter the sha1 keyword for this algorithm.
Page 268: Clearing Ipsec Statistics
Configuring OSPFv3 Enter the key-rollover-interval command and specify the desired interval to set the timing of the configuration changeover. device(config-ospf6-router)# key-rollover-interval 240 The following example sets the timing of the configuration changeover to 240 seconds (4 minutes). device# configure terminal device(config)# ip router-id 10.11.12.13 device(config)# ipv6 router ospf device(config-ospf6-router)# key-rollover-interval 240...
Page 269: Displaying Ospfv3 Results
Configuring OSPFv3 The following example clears IPsec statistics and verifies that the IPsec statistics have been cleared. device(config-ospf6-router)# exit device(config)# exit device# show ipsec statistics device# clear ipsec statistics device# show ipsec statistics Displaying OSPFv3 results The show ipv6 ospf command and its variations can be used to display information about OSPFv3 configurations. Use one or more of the following commands to verify OSPFv3 information.
Page 270 Configuring OSPFv3 The following example of the show ipv6 ospf neighbor command shows OSPFv3 neighbor information for the device. device> show ipv6 ospf neighbor Total number of neighbors in all states: 2 Number of neighbors in state Full RouterID Pri State Interface [State] 192.168.98.111...
Page 271 Configuring OSPFv3 The following example of the show ipv6 ospf database as-external command shows information about external LSAs. device> show ipv6 ospf database as-external LSA Key - Rtr:Router Net:Network Inap:InterPrefix Inar:InterRouter Extn:ASExternal Grp:GroupMembership Typ7:Type7 Link:Link Iap:IntraPrefix Grc:Grace Area ID Type LSID Adv Rtr Seq(Hex) Age Cksum Len...
Page 272 Configuring OSPFv3 13. The following example of the show ipv6 ospf routes command shows information about a specified OSPFv3 route. device> show ipv6 ospf routes 2001::192:111:42:111 Destination Cost E2Cost Flags IA 2001::192:111:42:111/128 00000007 110 Next_Hop_Router Outgoing_Interface Adv_Router fe80::768e:f8ff:fe3e:1800 e 4/3/1 10.168.98.111 fe80::768e:f8ff:fe3e:1800 ve 17...
Page 273: Configuring Bgp4 (Ipv4)
Configuring BGP4 (IPv4) • BGP4 overview....................................... 273 • Implementation of BGP4....................................278 • BGP4 restart........................................278 • Basic configuration and activation for BGP4............................. 282 • BGP4 parameters......................................283 • Memory considerations....................................286 • Basic configuration tasks required for BGP4............................. 286 • Optional BGP4 configuration tasks................................299 •...
Page 274: Relationship Between The Bgp4 Route Table And The Ip Route Table
BGP4 overview FIGURE 25 Example BGP4 autonomous systems Relationship between the BGP4 route table and the IP route table The device BGP4 route table can have multiple routes or paths to the same destination, which are learned from different BGP4 neighbors.
Page 275: How Bgp4 Selects A Path For A Route (Bgp Best Path Selection Algorithm)
BGP4 overview After a device successfully negotiates a BGP4 session with a neighbor (a BGP4 peer), the device exchanges complete BGP4 route tables with the neighbor. After this initial exchange, the device and all other RFC 1771-compliant BGP4 devices send UPDATE messages to inform neighbors of new, changed, or no longer feasible routes.
Page 276: Bgp4 Message Types
BGP4 overview If all the comparisons above are equal, prefer the route with the lowest IGP metric to the BGP4 next hop. This is the closest internal path inside the AS to reach the destination. 10. If the internal paths also are the same and BGP4 load sharing is enabled, load share among the paths. Otherwise prefer the route that comes from the BGP4 device with the lowest device ID.
Page 277 BGP4 overview numbered loopback interface configured on the device. If the device does not have a loopback interface, the default device ID is the lowest numbered IP address configured on the device. • Parameter list - An optional list of additional parameters used in peer negotiation with BGP4 neighbors. UPDATE message After BGP4 neighbors establish a BGP4 connection over TCP and exchange their BGP4 routing tables, they do not send periodic routing updates.
Page 278: Grouping Of Rib-Out Peers
Implementation of BGP4 Grouping of RIB-out peers To improve efficiency in the calculation of outbound route filters, the device groups BGP4 peers together based on their outbound policies. To reduce RIB-out memory usage, the device then groups the peers within an outbound policy group according to their RIB-out routes.
Page 279: Bgp4 Peer Notification During A Management Module Switchover
BGP4 restart marker that indicates it has received all of the BGP4 route updates, it recomputes the new routes and replaces the stale routes in the route map with the newly computed routes. If the device does not come back up within the time configured for the purge timer, the stale routes are removed.
Page 280: Bgp4 Neighbor Local As
BGP4 restart FIGURE 26 Management module switchover behavior for BGP4 peer notification If the active management module fails due to a fault, the management module does not have the opportunity to reset BGP4 sessions with neighbors as described for intentional failovers. In this situation the management module will reboot, or the standby management module becomes the new active management module.
Page 281 BGP4 restart FIGURE 27 Example of customer connected to two ISPs In the next example, ISP-A has purchased ISP-B. The AS associated with ISP-B changes to AS 100. If Customer C cannot or does not want to change their configuration or peering relationship with ISP-B, a peer with Local-AS configured with the value 200 can be established on ISP-B.
Page 282: Basic Configuration And Activation For Bgp4
Basic configuration and activation for BGP4 FIGURE 28 Example of Local AS configured on ISP-B A Local AS is configured using the BGP4 neighbor command. To confirm that a Local AS has been configured, use the show ip bgp neighbors command. Basic configuration and activation for BGP4 BGP4 is disabled by default.
Page 283: Disabling Bgp4
BGP4 parameters Save the BGP4 configuration information to the system configuration file. For example, enter commands such as the following. device> enable device# configure terminal device(config)# router bgp BGP4: Please configure 'local-as' parameter in order to enable BGP4. device(config-bgp)# local-as 10 device(config-bgp-router)#neighbor 10.157.23.99 remote-as 100 device(config-bgp)# write memory Syntax: router bgp...
Page 284 BGP4 parameters • Required - Specify the local AS number. • Optional - Add a loopback interface for use with neighbors. • Required - Identify BGP4 neighbors. • Optional - Change the Keep Alive Time and Hold Time. • Optional - Change the update timer for route changes. •...
Page 285: Parameter Changes That Take Effect Immediately
BGP4 parameters Parameter changes that take effect immediately The following parameter changes take effect immediately: • Enable or disable BGP4. • Set or change the local AS. • Add neighbors. • Change the update timer for route changes. • Disable or enable fast external failover. •...
Page 286: Parameter Changes That Take Effect After Disabling And Re-Enabling Redistribution
Memory considerations Parameter changes that take effect after disabling and re-enabling redistribution The following parameter change takes effect only after you disable and then re-enable redistribution: • Change the default MED (metric). Memory considerations BGP4 can handle a very large number of routes and therefore requires a lot of memory. For example, in a typical configuration with a single BGP4 neighbor, receiving a full internet route table, a BGP4 device may need to hold over a million routes.
Page 287: Changing The Device Id
Basic configuration tasks required for BGP4 Changing the device ID The OSPF and BGP4 protocols use device IDs to identify devices that are running the protocols. A device ID is a valid, unique IP address and sometimes is an IP address configured on the device. The device ID cannot be an IP address in use by another device. By default, the device ID on a Brocade device is one of the following: •...
Page 288: Adding A Loopback Interface
Basic configuration tasks required for BGP4 To set the local as number for a VRF, enter commands such as the following. device(config-bgp)# address-family ipv4 unicast vrf vrf-name device(config-bgp)# local-as num Syntax: [no] local-as num The num parameter specifies a local AS number in the range 1 - 4294967295. It has no default. AS numbers 64512 - 65535 are the well-known private BGP4 AS numbers and are not advertised to the Internet community.
Page 289: Adding Bgp4 Neighbors
Basic configuration tasks required for BGP4 Adding BGP4 neighbors Because BGP4 does not contain a peer discovery process, for each BGP4 neighbor (peer), you must indicate the IP address and the AS number of each neighbor. Neighbors that are in different autonomous systems communicate using EBGP. Neighbors within the same AS communicate using IBGP.
Page 290 Basic configuration tasks required for BGP4 capability orf prefixlist [send | receive ] configures cooperative device filtering. The send and receive parameters specify the support you are enabling: • send - The device sends the IP prefix lists as Outbound Route Filters (ORFs) to the neighbor. •...
Page 291 Basic configuration tasks required for BGP4 NOTE The AS-path filter or ACL must already be configured. local-as as-num assigns a local AS number with the value specified by the as-num variable to the neighbor being configured. The as- num has no default value. Its range is 1 - 4294967295. NOTE When the local-as option is used, the device automatically prepends the local AS number to the routes that are received from the EBGP peer;...
Page 292 Basic configuration tasks required for BGP4 • 2 = the password uses proprietary base64 cryptographic 2-way algorithm peer-group group-name assigns the neighbor to the specified peer group. prefix-list string in |out specifies an IP prefix list. You can use IP prefix lists to control routes to and from the neighbor. IP prefix lists are an alternative method to AS-path filters.
Page 293 Basic configuration tasks required for BGP4 Removing route dampening from suppressed routes You can selectively un-suppress specific routes that have been suppressed due to aggregation, and allow these routes to be advertised to a specific neighbor or peer group. device(config-bgp)# aggregate-address 10.1.0.0 255.255.0.0 summary-only device(config-bgp)# show ip bgp route 10.1.0.0/16 longer Number of BGP Routes matching display condition : 2 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED...
Page 294 Basic configuration tasks required for BGP4 Encrypting BGP4 MD5 authentication keys When you configure a BGP4 neighbor or neighbor peer group, you can specify an MD5 authentication string to authenticate packets exchanged with the neighbor or peer group of neighbors. For added security, by default, the software encrypts the display of the authentication string.
Page 295 Basic configuration tasks required for BGP4 password or string you enter before using the value for authentication. If you accidentally enter option 1 followed by the clear-text version of the password or string, authentication will fail because the value used by the software will not match the value you intended to use. The password string parameter specifies an MD5 authentication string to secure sessions between the device and the neighbor.
Page 296: Adding A Bgp4 Peer Group
Basic configuration tasks required for BGP4 Syntax: show ip bgp ipv6 neighbors [last-packet-with-error] [routes-summary] [ip-address] The neighbors parameter provides details on TCP and BGP neighbor connections. The last-packet-with-error parameter displays the last packet received with error. The routes-summary parameter displays the routes summary. The ip-address parameter is the neighbor IP address.
Page 297: Configuring A Peer Group
Basic configuration tasks required for BGP4 Peer group configuration rules The following rules apply to peer group configuration: • You must configure a peer group before you can add neighbors to the peer group. • If you remove a parameter from a peer group, the value for that parameter is reset to the default for all the neighbors within the peer group, unless you have explicitly set that parameter on individual neighbors.
Page 298: Applying A Peer Group To A Neighbor
Basic configuration tasks required for BGP4 client ] [ send-community ] [ soft-reconfiguration inbound ] [ shutdown ] [ timers keep-alive num hold-time num ] [ update-source loopback num ethernet unit/slot/port | loopback num | ve num ] [ weight num ] [ local-as as-num ] The ip-addr and peer-group-name parameters indicate whether you are configuring a peer group or an individual neighbor.
Page 299: Optional Bgp4 Configuration Tasks
Optional BGP4 configuration tasks Syntax: [no] neighbor ip-addr shutdown [ generate-rib-out ] The ip-addr parameter specifies the IP address of the neighbor. Optional BGP4 configuration tasks The following sections describe how to perform optional BGP4 configuration tasks. Changing the Keep Alive Time and Hold Time The Keep Alive Time specifies how frequently the device will send KEEPALIVE messages to its BGP4 neighbors.
Page 300: Enabling Fast External Fallover
Optional BGP4 configuration tasks Enabling fast external fallover BGP4 devices rely on KEEPALIVE and UPDATE messages from neighbors to signify that the neighbors are alive. For BGP4 neighbors that are two or more hops away, such messages are the only indication that the BGP4 protocol has concerning the alive state of the neighbors.
Page 301: Customizing Bgp4 Multipath Load Sharing
Optional BGP4 configuration tasks How Multipath load sharing works Multipath load sharing is performed in round-robin fashion and is based on the destination IP address only. The first time the device receives a packet destined for a specific IP address, the device uses a round-robin algorithm to select the path that was not used for the last newly learned destination IP address.
Page 302: Specifying A List Of Networks To Advertise
Optional BGP4 configuration tasks The ebgp, bgp, and multi-as parameters specify the change you are making to load sharing: • ebgp - Multipath load sharing applies only to EBGP paths. Multipath load sharing is disabled for IBGP paths. • ibgp - Multipath load sharing applies only to IBGP paths. Multipath load sharing is disabled for EBGP paths. •...
Page 303: Changing The Default Local Preference
Optional BGP4 configuration tasks Specifying a route map when configuring BGP4 network advertising You can specify a route map when you configure a BGP4 network to be advertised. The device uses the route map to set or change BGP4 attributes when creating a local BGP4 route. NOTE You must configure the route map before you can specify the route map name in a BGP4 network configuration;...
Page 304: Changing The Default Med (Metric) Used For Route Redistribution
Optional BGP4 configuration tasks In some cases, such as when the device is acting as an edge device, you can allow the device to use the default route as a valid next-hop. To do so, enter the following command at the BGP4 configuration level of the CLI. device(config-bgp)# next-hop-enable-default Syntax: [no] next-hop-enable-default Changing the default MED (Metric) used for route redistribution...
Page 305 Optional BGP4 configuration tasks Enabling recursive next-hop lookups The recursive next-hop lookups feature is disabled by default. To enable recursive next-hop lookups, enter the following command at the BGP4 configuration level of the CLI. device(config-bgp-router)# next-hop-recursion Syntax: [no] next-hop-recursion Example when recursive route lookups are disabled The output here shows the results of an unsuccessful next-hop lookup for a BGP4 route.
Page 306: Changing Administrative Distances
Optional BGP4 configuration tasks AS_PATH: 65001 4355 701 1 189 10.0.0.0/24 10.0.0.1 AS_PATH: 65001 4355 3356 7170 1455 10.25.0.0/24 10.157.24.1 AS_PATH: 65001 4355 701 The first lookup results in an IBGP route, to network 10.0.0.0/24. device# show ip route 10.0.0.1 Total number of IP routes: 38 Network Address NetMask...
Page 307: Requiring The First As To Be The Neighbor As
Optional BGP4 configuration tasks When selecting a route from among different sources (BGP4, OSPF, RIP, static routes, and so on), the software compares the routes on the basis of the administrative distance for each route. If the administrative distance of the paths is lower than the administrative distance of paths from other sources (such as static IP routes, RIP, or OSPF), the BGP4 paths are installed in the IP route table.
Page 308: Disabling Or Re-Enabling Comparison Of The As-Path Length
Optional BGP4 configuration tasks Syntax: [no] enforce-first-as To enable this feature for a specific neighbor, enter the following command at the BGP4 configuration level. device(config-bgp)# neighbor 10.1.1.1 enforce-first-as enable Syntax: [no] neighbor ip-address enforce-first-as [ enable | disable ] The ip-address value is the IP address of the neighbor. When the first-as requirement is enabled, its status appears in the output of the show running configuration command.
Page 309: Configuring The Device To Always Compare Multi-Exit Discriminators
Optional BGP4 configuration tasks When device ID comparison is enabled, the path comparison algorithm compares the device IDs of the neighbors that sent the otherwise equal paths: • If BGP4 load sharing is disabled (maximum-paths 1), the instructions in this section selects the path that came from the neighbor with the lower device ID.
Page 310: Treating Missing Meds As The Worst Meds
Optional BGP4 configuration tasks Treating missing MEDs as the worst MEDs By default, the device favors a lower MED over a higher MED during MED comparison. Since the device assigns the value 0 to a route path MED if the MED value is missing, the default MED comparison results in the device favoring the route paths that are missing their MEDs.
Page 311 Optional BGP4 configuration tasks FIGURE 29 A route reflector configuration Support for RFC 4456 Route reflection on Brocade devices is based on RFC 4456. This updated RFC helps eliminate routing loops that are possible in some implementations of the older specification, RFC 1966. These instances include: •...
Page 312: Configuring Confederations
Optional BGP4 configuration tasks NOTE All configuration for route reflection takes place on the route reflectors, not on the clients. Enter the following commands to configure a Brocade device as route reflector 1. To configure route reflector 2, enter the same commands on the device that will be route reflector 2.
Page 313 Optional BGP4 configuration tasks NOTE Another way to reduce the complexity of an IBGP mesh is to use route reflection. However, if you want to run different Interior Gateway Protocols (IGPs) within an AS, you must configure a confederation. You can run a separate IGP within each sub-AS. To configure a confederation, configure groups of BGP4 devices into sub-autonomous systems.
Page 314 Optional BGP4 configuration tasks devices in the confederation. Thus, devices in other autonomous systems see traffic as coming from AS 10 and are unaware that the devices in AS 10 are subdivided into sub-autonomous systems within a confederation. Configuring a BGP4 confederation To configure a BGP4 configuration, perform these configuration tasks on each BGP4 device within the confederation: •...
Page 315: Aggregating Routes Advertised To Bgp4 Neighbors
Optional BGP4 configuration tasks deviceB(config-bgp-router)# confederation identifier 10 deviceB(config-bgp-router)# confederation peers 64512 64513 deviceB(config-bgp-router)# write memory Commands for device C deviceC(config)# router bgp deviceC(config-bgp-router)# local-as 64513 deviceC(config-bgp-router)# confederation identifier 10 deviceC(config-bgp-router)# confederation peers 64512 64513 deviceC(config-bgp-router)# write memory Commands for device D deviceD(config)# router bgp deviceD(config-bgp-router)# local-as 64513 deviceD(config-bgp-router)# confederation identifier 10...
Page 316: Configuring Bgp4 Restart
Configuring BGP4 restart Configuring BGP4 restart BGP4 restart can be configured for a global routing instance or for a specified Virtual Routing and Forwarding (VRF) instance. The following sections describe how to enable the BGP4 restart feature. BGP4 restart is enabled by default. Configuring BGP4 Restart for the global routing instance Use the following command to enable the BGP4 Restart feature globally on a device.
Page 317: Bgp4 Null0 Routing
Configuring BGP4 restart Configuring BGP4 Restart stale routes timer Use the following command to specify the maximum amount of time a helper device will wait for an end-of-RIB message from a peer before deleting routes from that peer. device(config-bgp)# graceful-restart stale-routes-time 120 Syntax: [no] graceful-restart stale-routes-time seconds The seconds variable sets the maximum time before a helper device cleans up stale routes.
Page 318: Configuring Bgp4 Null0 Routing
Configuring BGP4 restart FIGURE 31 SAMPLE null0 routing application Configuring BGP4 null0 routing The following example configures a null0 routing application to stop denial of service attacks from remote hosts on the Internet. Select a device, for example, device 6, to distribute null0 routes throughout the BGP4 network. To configure a route-map perform the following step.
Page 319: Configuration Examples
Configuring BGP4 restart Repeat step 3 for all devices interfacing with the Internet (edge corporate devices). In this case, device 2 has the same null0 route as device 1. On device 6, configure the network prefixes associated with the traffic you want to drop. The static route IP address references a destination address.
Page 320 Configuring BGP4 restart The following configuration defines a null0 route to the specific next hop address. The next hop address 10.199.1.1 points to the null0 route, which gets blocked. device(config)# ip route 10.199.1.1/32 null0 device(config)# router bgp device(config-bgp-router)# local-as 100 device(config-bgp-router)# neighbor router1_int_ip address remote-as 100 device(config-bgp-router)# neighbor router3_int_ip address remote-as 100 device(config-bgp-router)# neighbor router4_int_ip address remote-as 100...
Page 321: Modifying Redistribution Parameters
Modifying redistribution parameters Device 1 and 2 The show ip route output for device 1 and device 2 shows "drop" under the Port column for the network prefixes you configured with null0 routing device# show ip route Total number of IP routes: 133 Type Codes - B:BGP D:Connected S:Static...
Page 322: Redistributing Rip Routes
Modifying redistribution parameters The connected parameter indicates that you are redistributing routes to directly attached devices into BGP4. The metric num parameter changes the metric. You can specify a value from 0 through 4294967295. The default is not assigned. The route-map map-name parameter specifies a route map to be consulted before adding the RIP route to the BGP4 route table. NOTE The route map you specify must already be configured on the device.
Page 323: Redistributing Static Routes
Filtering Redistributing static routes To configure the device to redistribute static routes, enter the following command. device(config-bgp)# redistribute static Syntax: [no] redistribute static [ metric num ] [ route-map map-name ] The static parameter indicates that you are redistributing static routes into BGP4. The metricnum parameter changes the metric.
Page 324 Filtering NOTE Once you define a filter or ACL, the default action for updates that do not match a filter is deny . To change the default action to permit , configure the last filter or ACL as permit any any . AS-path filters or AS-path ACLs can be referred to by the filter list number of a BGP4 neighbor as well as by match clauses in a route map.
Page 325 Filtering TABLE 47 BGP4 special characters for regular expressions Character Operation The period matches on any single character, including a blank space. For example, the following regular expression matches for "aa", "ab", "ac", and so on, but not just "a". The asterisk matches on zero or more sequences of a pattern.
Page 326: Bgp4 Filtering Communities
Filtering TABLE 47 BGP4 special characters for regular expressions (continued) Character Operation • - The hyphen separates the beginning and ending of a range of characters. A match occurs if any of the characters within the range is present. Refer to the example above. A vertical bar (sometimes called a pipe or a "logical or") separates two alternative values or sets of values.
Page 327: Defining And Applying Ip Prefix Lists
Filtering NOTE Once you define a filter or ACL, the default action for communities that do not match a filter or ACL is deny . To change the default action to permit , configure the last filter or ACL entry as permit any any . Community filters or ACLs can be referred to by match clauses in a route map.
Page 328: Defining Neighbor Distribute Lists
Filtering Syntax: [no] ip prefix-list name [ seq seq-value ] [ description string ] deny | permit network-addr / mask-bits [ ge ge-value ] [ le le- value ] The name parameter specifies the prefix list name. Use this name when applying the prefix list to a neighbor. The description string parameter is a text string describing the prefix list.
Page 329: Defining Route Maps
Filtering The in and out parameters specify whether the distribute list applies to inbound or outbound routes: • in - controls the routes the device will accept from the neighbor. • out - controls the routes sent to the neighbor. Defining route maps A route map is a named set of match conditions and parameter settings that the device can use to modify route attributes and to control redistribution of the routes into other protocols.
Page 330: Entering The Route Map Into The Software
Filtering • Set the IP address of the next-hop device. • Set the origin to IGP or INCOMPLETE. • Set the weight. • Set a BGP4 static network route. When you configure parameters for redistributing routes into BGP4, one of the optional parameters is a route map. If you specify a route map as one of the redistribution parameters, the device matches the route against the match statements in the route map.
Page 331: Match Examples Using Acls
Filtering The community num parameter specifies a community ACL. NOTE The ACL must already be configured. The communityaclexact-match parameter matches a route if (and only if) the route community attributes field contains the same community numbers specified in the match statement. The ip address, next-hop acl-num, prefix-list, and string parameters specify an ACL or IP prefix list.
Page 332 Filtering Matching based on destination network You can use the results of an IP ACL or an IP prefix list as the match condition. To construct a route map that matches based on destination network, enter commands such as the following. device(config)# route-map NetMap permit 1 device(config-routemap NetMap)# match ip address 1 Syntax: [no] match ip address ACL-name-or-num...
Page 333 Filtering Matching on routes containing a specific set of communities The device can match routes based on the presence of a community name or number in a route. To match based on a set of communities, configure a community ACL that lists the communities, then compare routes against the ACL. device(config)# ip community-list standard std_1 permit 12:34 no-export device(config)# route-map bgp2 permit 1 device(config-routemap bgp2)# match community std_1 exact-match...
Page 334: Setting Parameters In The Routes
Filtering • The match interface option is only effective during redistribution and does not apply for other route map usage such as: bgp outbound route update policy. • The match interface option can be applied to other types of redistribution such as redistributing OSPF routes to BGP4, or filtering out all OSPF routes that point to a specific interface.
Page 335 Filtering The local-preference num parameter sets the local preference for the route. You can set the preference to a value from 0 through 4294967295. The metric [ + | - ] num | none parameter sets the MED (metric) value for the route. The default MED value is 0. You can set the preference to a value from 0 through 4294967295.
Page 336: Using A Table Map To Set The Tag Value
Filtering Syntax: [no] set ip next-hop peer-address The value that the software substitutes for peer-address depends on whether the route map is used for inbound filtering or outbound filtering: • When you use the set ip next-hop peer-address command in an inbound route map filter, peer-address substitutes for the neighbor IP address.
Page 337: Configuring Cooperative Bgp4 Route Filtering
Filtering device(config-routemap TAG_IP)# set tag 100 device(config-routemap TAG_IP)# router bgp device(config-bgp)# table-map TAG_IP Configuring cooperative BGP4 route filtering By default, the device performs all filtering of incoming routes locally, on the device itself. You can use cooperative BGP4 route filtering to cause the filtering to be performed by a neighbor before it sends the routes to the device.
Page 338 Filtering Syntax: [no] neighbor ip-addr | peer-group-name capability orf prefixlist [ send | receive ] The ip-addr | peer-group-name parameters specify the IP address of a neighbor or the name of a peer group of neighbors. The send and receive parameters specify the support you are enabling: •...
Page 339: Four-Byte Autonomous System Numbers (As4)
Four-byte Autonomous System Numbers (AS4) To display the cooperative filtering configuration on the device, enter a command such as the following. device# show ip bgp neighbor 10.10.10.1 IP Address: 10.10.10.1, AS: 65200 (IBGP), RouterID: 10.10.10.1 State: ESTABLISHED, Time: 0h0m7s, KeepAliveTime: 60, HoldTime: 180 RefreshCapability: Received CooperativeFilteringCapability: Received Messages:...
Page 340: Enabling As4 Numbers
Four-byte Autonomous System Numbers (AS4) • If a neighbor belongs to peer group with an AS4 configuration but you want that neighbor to be disabled or have a different AS4 configuration, the neighbor AS4 configuration overrides the peer group configuration. For example, you can ensure that neighbor has no AS4 announcement and negotiation activity even though the peer group is enabled for AS4 capability.
Page 341 Four-byte Autonomous System Numbers (AS4) The consequences using the enable or disable keywords are reflected in the output of the show running configuration command. However, if the peer group configuration omits an explicit AS4 argument, the show running configuration output will not contain AS4 information.
Page 342 Four-byte Autonomous System Numbers (AS4) NOTE If the autononous system path for a route map has prepended ASNs and you want to use the no form of the command to delete the configuration, you must include the prepended ASNs in the no set as-path entry. For example, if 70000 and 70001 have been prepended to a route map, enter no set as-path prepend 70000 70001 .
Page 343 Four-byte Autonomous System Numbers (AS4) AS4 notation A AS4 can appear in either a plain or a dot notation format in the output of show commands. To select one of these formats, specify the format before entering the show command. This section defines these formats and describes how to select a format. The following notations are currently supported: •...
Page 344: Bgp4 As4 Attribute Errors
BGP4 AS4 attribute errors BGP4 AS4 attribute errors This section describes the handling of the confederation path segments in the AS4_PATH attribute, and also specifies the error handling for the new attributes. To support AS4, the following attributes: AS4_PATH and AS4_Aggregator were specified in RFC 4893. Confederation path segments in an AS4_PATH are discarded and if there are any other errors such as: attribute length , flag , confederation segments after AS_SEQ/ AS_SET, Invalid segment types and More than one AS4_PATH in these new attributes, the attribute is discarded and the error is logged.
Page 345: Globally Configuring Route Flap Dampening
Configuring route flap dampening Route flap dampening helps reduce the impact of route flap by changing the way a BGP4 device responds to route state changes. When route flap dampening is configured, the device suppresses unstable routes until the number of route state changes drops enough to meet an acceptable degree of stability.
Page 346: Using A Route Map To Configure Route Flap Dampening For A Specific Neighbor
Configuring route flap dampening The reuse parameter specifies how low a penalty for a route must be before the route becomes eligible for use again, after being suppressed. You can set the reuse threshold to a value from 1 through 20000. The default is 750 (0.75, or three-fourths, of the penalty assessed for a one flap).
Page 347: Removing Route Dampening From A Route
Configuring route flap dampening Although the second route map enables dampening, the first route map is still required. The second route map enables dampening for the neighbors to which the route map is applied. However, unless dampening is already enabled globally by the first route map, the second route map has no effect.
Page 348: Generating Traps For Bgp4
Generating traps for BGP4 The neighborip-addr parameter displays route flap dampening statistics only for routes learned from the specified neighbor. You also can display route flap statistics for routes learned from a neighbor by entering the following command: show ip bgp neighbor flap- statistics .
Page 349: Configuring Bgp4
Configuring BGP4 Syntax: [no] snmp-server enable traps bgp Use the no form of the command to disable BGP4 traps. Configuring BGP4 Once you activate BGP4, you can configure the BGP4 options. There are two configuration levels: global and address family. At the global level , all BGP4 configurations apply to IPv4 and IPv6.
Page 350: Entering And Exiting The Address Family Configuration Level
Entering and exiting the address family configuration level TABLE 49 IPv4 BGP4 commands for different configuration levels (continued) Command Global (iPv4 and IPv6) IPv4 address family unicast neighbor network next-hop-enable-default next-hop-recursion redistribute rib-route-limit show static-network table-map timers update-time Entering and exiting the address family configuration level The BGP4 address family contains a unicast sub-level.
Page 351: Configuring Bgp Route Reflector
BGP route reflector for those BGP4 routes. Those BGP4 routes are not considered as the best BGP4 routes, and are not advertised to other BGP4 neighbors because traffic miss-forwarding or packet drop can occur. When a BGP device is configured as only a route reflector server, and is not placed directly in the forwarding path, it is possible to mark all preferred BGP4 routes as the best routes to be advertised to other BGP4 neighbors even if the routes are not installed in the RTM.
Page 352 BGP route reflector Enter the rib-route-limit command to set the maximum number of BGP4 rib routes that can be installed in the RTM. device(config-bgp)# rib-route-limit 500 Syntax: rib-route-limit decimal The decimal variable specifies the maximum number of BGP4 rib routes that can be installed in the RTM. The user may enter any number for the decimal variable for the rib-route-limit command.
Page 353: Specifying A Maximum As Path Length
Specifying a maximum AS path length not enabled, the status field displays only the default letter "E", as displayed for BGP4 route 10.12.0.0/24. The letter "B" or "b" is missing from the Status field. NOTE The description of the status "b: NOT-INSTALLED-BEST" has changed. The status description for "b: NOT-INSTALLED- BEST"...
Page 354: Setting A Global Maximum As Path Limit
Specifying a maximum AS path length When you configure maxas-limit in , the behavior of the device changes to first check the length of the AS paths in the UPDATE messages and then to apply the inbound policy. If the AS path exceeds the configured length, then the device performs the following actions: •...
Page 355: Bgp4 Max-As Error Messages
Changing the default metric used for route cost By default, neighbors or peer groups have no configured maximum values. The range is 0 - 300. The disable keyword is used to stop a neighbor from inheriting the configuration from the peer-group or global and to the use system default value. To configure a peer group named "PeerGroup1"...
Page 356: Configuring A Static Bgp4 Network
Configuring a static BGP4 network NOTE It is recommended that you change the default to IGP cost only in mixed-vendor environments, and that you change it on all Brocade devices in the environment. To change the route cost default from BGP MED to IGP cost, enter a command such as the following: device(config-bgp)# install-igp-cost Syntax: [no] install-igp-cost Use the no form of the command to revert to the default of BGP MED.
Page 357: Limiting Advertisement Of A Static Bgp4 Network To Selected Neighbors
Configuring a static BGP4 network Limiting advertisement of a static BGP4 network to selected neighbors You can control the advertisement of a static BGP4 network to BGP4 neighbors that are configured as Service Edge Devices. When this feature is configured for a BGP4 neighbor, static BGP4 network routes that are installed in the routing table as DROP routes are not advertised to that neighbor.
Page 358 Configuring a static BGP4 network When a route filter is changed (created, modified or deleted) by a user, the filter change notification will be sent to all relevant protocols, so that protocols can take appropriate actions. For example if BGP4 is using a route-map (say MapX) to control the routes advertised to a particular peer, the change of route-map (MapX) will cause BGP4 to re-evaluate the advertised routes, and make the appropriate advertisements or withdrawals according to the new route-map policy.
Page 359: Generalized Ttl Security Mechanism Support
Displaying BGP4 information Generalized TTL Security Mechanism support The device supports the Generalized TTL Security Mechanism (GTSM) as defined in RFC 3682. GTSM protects the device from attacks of invalid BGP4 control traffic that is sent to overload the CPU or hijack the BGP4 session. GTSM protection applies to EBGP neighbors only.
Page 360 Displaying BGP4 information The show ip bgp summary command output has the following limitations: • If a BGP4 peer is not configured for an address-family, the peer information is not displayed. • If a BGP4 peer is configured for an address-family but not negotiated for an address-family after the BGP4 peer is in the established state, the show ip bgp summary command output shows (NoNeg ) at the end of the line for this peer.
Page 361 Displaying BGP4 information TABLE 51 show ip bgp summary output descriptions (continued) This field Displays BGP4 process. A minus sign (-) indicates that the session has gone down and the software is clearing or removing routes. • ADMND - The neighbor has been administratively shut down. •...
Page 362: Displaying The Active Bgp4 Configuration
Displaying BGP4 information TABLE 51 show ip bgp summary output descriptions (continued) This field Displays • If soft reconfiguration is not enabled, this field shows the number of BGP4 routes that have been filtered out. Sent The number of BGP4 routes the device has sent to the neighbor. ToSend The number of routes the device has queued to advertise and withdraw to a neighbor.
Page 363 Displaying BGP4 information If BGP4 peer is configured for an address-family, it will display the same as in previous releases. To display summary neighbor information, enter a command such as the following at any level of the CLI. device# show ip bgp neighbor 192.168.4.211 routes-summary IP Address: 192.168.4.211 Routes Accepted/Installed:1, Filtered/Kept:11,...
Page 364: Displaying Bgp4 Neighbor Information
Displaying BGP4 information TABLE 52 show ip bgp neighbors route-summary output descriptions (continued) This field Displays • AS Loop - An AS loop occurred. An AS loop occurs when the BGP4 AS-path attribute contains the local AS number. • maxas-limit aspath - The number of route entries discarded because the AS path exceeded the configured maximum length or exceeded the internal memory limits.
Page 365 Displaying BGP4 information RouteReflectorClient: yes SendCommunity: yes NextHopSelf: yes DefaultOriginate: yes (default sent) MaximumPrefixLimit: 90000 RemovePrivateAs: : yes RefreshCapability: Received Route Filter Policies: Distribute-list: (out) 20 Filter-list: (in) 30 Prefix-list: (in) pf1 Route-map: (in) setnp1 (out) setnp2 Messages: Open Update KeepAlive Notification Refresh-Req Sent Received: 1...
Page 366 Displaying BGP4 information • not-installed-best - Displays the routes received from the neighbor that are the best BGP4 routes to their destinations, but were not installed in the IP route table because the device received better routes from other sources (such as OSPF, RIP, or static IP routes).
Page 367 Displaying BGP4 information TABLE 53 show ip bgp neighbor output descriptions (continued) Field Information displayed NOTE If the state frequently changes between CONNECT and ACTIVE, there may be a problem with the TCP connection. • OPEN SENT - BGP4 is waiting for an Open message from the neighbor.
Page 368 Displaying BGP4 information TABLE 53 show ip bgp neighbor output descriptions (continued) Field Information displayed Messages Received The number of messages this device has received from the neighbor. The message types are the same as for the Message Sent field. Last Update Time Lists the last time updates were sent and received for the following: •...
Page 369 Displaying BGP4 information TABLE 53 show ip bgp neighbor output descriptions (continued) Field Information displayed Notification Sent If the device receives a NOTIFICATION message from the neighbor, the message contains an error code corresponding to one of the following errors. Some errors have subcodes that clarify the reason for the error. Where applicable, the subcode messages are listed underneath the error code messages.
Page 370: Displaying Route Information For A Neighbor
Displaying BGP4 information TABLE 53 show ip bgp neighbor output descriptions (continued) Field Information displayed • CLOSING - Waiting for a connection termination request acknowledgment from the remote TCP. • LAST-ACK - Waiting for an acknowledgment of the connection termination request previously sent to the remote TCP (which includes an acknowledgment of its connection termination request).
Page 371 Displaying BGP4 information • The Routing Information Base (RIB) for a specific network advertised to the neighbor. You can display the RIB regardless of whether the device has already sent it to the neighbor. Displaying advertised routes To display the routes the device has advertised to a specific neighbor for a specific network, enter a command such as the following at any level of the CLI.
Page 372: Displaying Peer Group Information
Displaying BGP4 information Displaying the Adj-RIB-Out for a neighbor To display the current BGP4 Routing Information Base (Adj-RIB-Out) for a specific neighbor and a specific destination network, enter a command such as the following at any level of the CLI. device# show ip bgp neighbor 192.168.4.211 rib-out-routes 192.168.1.0/24 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH...
Page 373: Displaying Vrf Instance Information
Displaying BGP4 information TABLE 54 show ip bgp routes output descriptions This field Displays Total number of BGP4 routes (NLRIs) Installed Number of BGP4 routes the device has installed in the BGP4 route table. Distinct BGP4 destination networks Number of destination networks the installed routes represent. The BGP4 route table can have multiple routes to the same network.
Page 374 Displaying BGP4 information Syntax: show ip bgp routes [ [ network ] ip-addr ] | num | [ age secs ] | [ as-path-access-list num ] | [ best ] | [ cidr-only ] | [ community num | no-export | no-advertise | internet | local-as ] | [ community-access-list num ] | [ community-list num | [ detail option ] | [ filter- list num,num,..
Page 375: Displaying The Best Bgp4 Routes
Displaying BGP4 information Displaying the best BGP4 routes To display all the BGP4 routes in the device’s BGP4 route table that are the best routes to their destinations, enter a command such as the following at any level of the CLI device# show ip bgp routes best Searching for matching routes, use ^C to quit...
Page 376: Displaying Information For A Specific Route
Displaying BGP4 information S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop Metric LocPrf Weight Status 10.8.8.0/24 192.168.5.1 AS_PATH: 65001 4355 1 Syntax: show ip bgp routes unreachable Displaying information for a specific route To display BGP4 network information by specifying an IP address within the network, enter a command such as the following at any level of the CLI.
Page 377 Displaying BGP4 information TABLE 55 show ip bgp route output descriptions (continued) This field Displays Weight The value that this device associates with routes from a specific neighbor. For example, if the device receives routes to the same destination from two BGP4 neighbors, the device prefers the route from the neighbor with the larger weight.
Page 378 Displaying BGP4 information Displaying route details This example shows the information displayed when you use the detail option. In this example, the information for one route is shown. device# show ip bgp routes detail 2 Number of BGP Routes matching display condition : 1 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE...
Page 379 Displaying BGP4 information TABLE 56 show ip bgp routes detail output descriptions (continued) This field Displays NOTE If the "m" is lowercase, the software was not able to install the route in the IP route table. • S - SUPPRESSED. This route was suppressed during aggregation and thus is not advertised to neighbors.
Page 380: Displaying Bgp4 Route-Attribute Entries
Displaying BGP4 information Displaying BGP4 route-attribute entries The route-attribute entries table lists the sets of BGP4 attributes stored in device memory. Each set of attributes is unique and can be associated with one or more routes. In fact, the device typically has fewer route attribute entries than routes. To display the IP route table, enter the following command.
Page 381: Displaying The Routes Bgp4 Has Placed In The Ip Route Table
Displaying BGP4 information TABLE 57 show ip bgp attribute-entries output descriptions (continued) This field Displays NOTE Information loss under these circumstances is a normal part of BGP4 and does not indicate an error. Local Pref The degree of preference for routes that use these attributes relative to other routes in the local AS.
Page 382: Displaying The Active Route Map Configuration
Displaying BGP4 information The regular-expressionregular-expression parameter is a regular expression. The regular expressions are the same ones supported for BGP4 AS-path filters. The address mask parameters specify a particular route. If you also use the optional longer-prefixes parameter, all statistics for routes that match the specified route or have a longer prefix than the specified route are displayed.
Page 383: Displaying Bgp4 Graceful Restart Neighbor Information
Displaying BGP4 information This example shows that the running configuration contains six route maps. Notice that the match and set statements within each route map are listed beneath the command for the route map itself. In this simplified example, each route map contains only one match or set statement.
Page 384 Displaying BGP4 information 65536 65537 65538 65539 75000 Syntax: show ip bgp Current AS numbers To display current AS numbers, use the show ip bgp neighbors command at any level of the CLI. device# show ip bgp neighbors neighbors Details on TCP and BGP neighbor connections Total number of BGP Neighbors: 1 IP Address: 192.168.1.1, AS: 7701000 (IBGP), RouterID: 192.168.1.1, VRF: default-vrf State: ESTABLISHED, Time: 0h3m33s, KeepAliveTime: 60, HoldTime: 180...
Page 385 Displaying BGP4 information TABLE 59 show ip bgp neighbors output descriptions (continued) Field Description State Shows the state of the device session with the neighbor. The states are from the device’s perspective of the session, not the neighbor’s perspective. The state can be one of the following values: •...
Page 386 Displaying BGP4 information TABLE 59 show ip bgp neighbors output descriptions (continued) Field Description Last Update Time Shows the list of last time updates were sent and received for the following: • NLRIs • Withdraws Last Connection Reset Reason Shows the reason for ending the previous session with this neighbor. The reason can be one of the following: •...
Page 387 Displaying BGP4 information TABLE 59 show ip bgp neighbors output descriptions (continued) Field Description • Open Message Error – Unsupported Version – Bad Peer AS – Bad BGP Identifier – Unsupported Optional Parameter – Authentication Failure – Unacceptable Hold Time –...
Page 388 Displaying BGP4 information TABLE 59 show ip bgp neighbors output descriptions (continued) Field Description • FIN-WAIT-1 - Waiting for a connection termination request from the remote TCP, or an acknowledgment of the connection termination request previously sent. • FIN-WAIT-2 - Waiting for a connection termination request from the remote TCP.
Page 389: Running Configuration
Displaying BGP4 information Attribute entries Use the show ip bgp attribute-entries command to see AS4 path values, as the following example illustrates. device# show ip bgp attribute-entries Total number of BGP Attribute Entries: 18 (0) Next Hop :192.168.1.6 MED :1 Origin:INCOMP Originator:0.0.0.0 Cluster List:None...
Page 390: Updating Route Information And Resetting A Neighbor Session
Displaying BGP4 information Syntax: as-format asdot device# as-format asdot+ device# show ip bgp Total number of BGP Routes: 1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, S stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path...
Page 391 Displaying BGP4 information This command enables soft reconfiguration for updates received from 10.10.200.102. The software dynamically resets the session with the neighbor, then retains all route updates from the neighbor following the reset. Syntax: [no] neighbor ip-addr | peer-group-name soft-reconfiguration inbound NOTE The syntax related to soft reconfiguration is shown.
Page 392: Dynamically Requesting A Route Refresh From A Bgp4 Neighbor
Displaying BGP4 information If you also use the optional longer-prefixes parameter, then all statistics for routes that match the specified route or have a longer prefix than the specified route are displayed. For example, if you specify 10.157.0.0 longer, then all routes with the prefix 10.157 or that have a longer prefix (such as 10.157.22) are displayed.
Page 393 Displaying BGP4 information • RFC 2918, which describes the dynamic route refresh capability The dynamic route refresh capability is enabled by default and cannot be disabled. When the device sends a BGP4 OPEN message to a neighbor, the device includes a Capability Advertisement to inform the neighbor that the device supports dynamic route refresh. NOTE The option for dynamically refreshing routes received from a neighbor requires the neighbor to support dynamic route refresh.
Page 394: Closing Or Resetting A Neighbor Session
Displaying BGP4 information NOTE The Brocade device does not automatically update outbound routes using a new or changed outbound policy or filter when a session with the neighbor goes up or down. Instead, the device applies a new or changed policy or filter when a route is placed in the outbound queue (Adj-RIB-Out).To place a new or changed outbound policy or filter into effect, you must enter a clear ip bgp neighbor command regardless of whether the neighbor session is up or down.
Page 395: Clearing And Resetting Bgp4 Routes In The Ip Route Table
Clearing traffic counters If you make changes to filters or route maps and the neighbor does not support dynamic route refresh, use the following methods to ensure that neighbors contain only the routes you want them to contain: • If you close a neighbor session, the device and the neighbor clear all the routes they learned from each other. When the device and neighbor establish a new BGP4 session, they exchange route tables again.
Page 396: Clearing Diagnostic Buffers
Clearing diagnostic buffers The all , ip-addr , peer-group-name , and as-num parameters specify the neighbor. The ip-addr parameter specifies a neighbor by its IP interface with the device. The peer-group-name specifies all neighbors in a specific peer group. The as-num parameter specifies all neighbors within the specified AS.
Page 397: Bgp4+ Overview
BGP4+ • BGP4+ overview......................................397 • BGP global mode ......................................397 • IPv6 unicast address family..................................398 • BGP4+ neighbors......................................399 • BGP4+ peer groups...................................... 399 • BGP4+ next hop recursion..................................400 • BGP4+ NLRIs and next hop attributes..............................400 • BGP4+ route reflection....................................401 •...
Page 398: Ipv6 Unicast Address Family
IPv6 unicast address family client-to-client-reflection Configure client to client route reflection cluster-id Configure Route-Reflector Cluster-ID community-filter Configure community list filters compare-routerid Compare router-id for identical BGP paths confederation Configure AS confederation parameters dampening Enable route-flap dampening default-information-originate default-local-preference Configure default local preference value default-metric Set metric of redistributed routes distance...
Page 399: Bgp4+ Neighbors
BGP4+ peer groups network Specify a network to announce via BGP next-hop-enable-default Enable default route for BGP next-hop lookup next-hop-recursion Perform next-hop recursive lookup for BGP route redistribute Redistribute information from another routing protocol table-map Map external entry attributes into routing table update-time Configure igp route update interval...
Page 400: Bgp4+ Next Hop Recursion
BGP4+ next hop recursion BGP4+ next hop recursion A device can find the IGP route to the next-hop gateway for a BGP4+ route. For each BGP4+ route learned, the device performs a route lookup to obtain the IPv6 address of the next hop for the route. A BGP4+ route is eligible for addition in the IPv6 route table only if the following conditions are true: •...
Page 401: Bgp4+ Route Reflection
BGP4+ multipath BGP4+ route reflection A BGP device can act as a route-reflector client or as a route reflector. You can configure a BGP peer as a route-reflector client from the device that is going to reflect the routes and act as the route reflector using the neighbor route-reflector-client command. When there is more than one route reflector, they should all belong to the same cluster.
Page 402: Route Maps
Route maps • IGP metric to BGP next hop Route maps Route maps must be applied to IPv6 unicast address prefixes in IPv6 address family configuration mode. By default, route maps that are applied under IPv4 address family configuration mode using the neighbor route-map command are applied to only IPv4 unicast address prefixes.
Page 403: Bgp4+ Extended Community
Configuring BGP4+ BGP4+ extended community The BGP4+ extended community feature filters routes based on a regular expression specified when a route has multiple community values in it. A BGP community is a group of destinations that share a common property. Community information identifying community members is included as a path attribute in BGP UPDATE messages.
Page 404: Configuring Bgp4+ Neighbors Using Global Ipv6 Addresses
Configuring BGP4+ Configuring BGP4+ neighbors using global IPv6 addresses BGP4+ neighbors can be configured using global IPv6 addresses. Enter the configure terminal command to access global configuration mode. device# configure terminal Enter the router bgp command to enable BGP routing. device(config)# router bgp Enter the local-as command to configure the autonomous system number (ASN) in which your device resides.
Page 405: Configuring Bgp4+ Peer Groups
Configuring BGP4+ Enter the neighbor ipv6-address update-source command to specify an interface. device(config-bgp-router)# neighbor fe80:4398:ab30:45de::1 update-source ethernet 1/3/1 Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode. device(config-bgp-router)# address-family ipv6 unicast Enter the neighbor ipv6-address activate command to enable the exchange of information with the neighbor.
Page 406: Configuring A Peer Group With Ipv4 And Ipv6 Peers
Configuring BGP4+ Enter the neighbor peer-group-name peer-group command to create a peer group. device(config-bgp-router)# neighbor mypeergroup1 peer-group Enter the neighbor peer-group-name remote-as command to specify the ASN of the peer group. device(config-bgp-router)# neighbor mypeergroup1 remote-as 11 Enter the neighbor ipv6-address peer-group command to associate a neighbor with the peer group. device(config-bgp-router)# neighbor 2001:2018:8192::125 peer-group mypeergroup1 Enter the neighbor ipv6-address peer-group command to associate a neighbor with the peer group.
Page 407: Importing Routes Into Bgp4
Configuring BGP4+ Enter the neighbor ipv6-address peer-group command to associate a neighbor with the peer group. device(config-bgp-router)# neighbor 2001:2018:8192::124 peer-group p1 Enter the neighbor ip address peer-group command to associate a neighbor with the peer group. device(config-bgp-router)# neighbor 10.0.0.1 peer-group p1 Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode.
Page 408: Advertising The Default Bgp4+ Route
Configuring BGP4+ Advertising the default BGP4+ route A BGP device can be configured to advertise the default IPv6 route to all BGP4+ neighbors and to install that route in the local BGP4+ route table. The default route must be present in the local IPv6 route table. Enter the configure terminal command to access global configuration mode.
Page 409: Using The Ipv6 Default Route As A Valid Next Hop For A Bgp4+ Route
Configuring BGP4+ The following example enables a BGP4+ device to advertise the default IPv6 route to a specific neighbor. device# configure terminal device(config)# router bgp device(config-bgp-router)# local-as 1000 device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# neighbor 2001:db8:93e8:cc00::1 default-originate Using the IPv6 default route as a valid next hop for a BGP4+ route In certain cases, such as when a device is acting as an edge device, it can be configured to use the default route as a valid next hop.
Page 410: Configuring A Cluster Id For A Route Reflector
Configuring BGP4+ Enter the next-hop-recursion command to enable recursive next hop lookups. device(config-bgp-ipv6u)# next-hop-recursion The following example enables recursive next hop lookups. device# configure terminal device(config)# router bgp device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# next-hop-recursion Configuring a cluster ID for a route reflector The cluster ID can be changed if there is more than one route reflector, so that all route reflectors belong to the same cluster.
Page 411: Aggregating Routes Advertised To Bgp Neighbors
Configuring BGP4+ Enter the neighbor ipv6-address route-reflector-client command to configure a specified neighbor to be a route reflector client. device(config-bgp-ipv6u)# neighbor 2001:db8:e0ff:783a::4 route-reflector-client The following example configures a neighbor with the IPv6 address 2001:db8:e0ff:783a::4 to be a route reflector client. device# configure terminal device(config)# router bgp device(config-bgp-router)# local-as 1000...
Page 412: Configuring A Route Map For Bgp4+ Prefixes
Configuring BGP4+ Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode. device(config-bgp-router)# address-family ipv6 unicast Do one of the following: • Enter the maximum-paths command and specify a value to set the maximum number of BGP4+ shared paths. •...
Page 413: Redistributing Prefixes Into Bgp4
Configuring BGP4+ Enter the router bgp command to enable BGP routing. device(config)# router bgp Enter the local-as command to configure the autonomous system number (ASN) in which your device resides. device(config-bgp-router)# local-as 1000 Enter the neighbor ipv6-address remote-as command to specify the ASN in which the remote neighbor resides. device(config-bgp-router)# neighbor fe80:4398:ab30:45de::1 remote-as 1001 Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode.
Page 414: Configuring Bgp4+ Outbound Route Filtering
Configuring BGP4+ The following example redistributes RIPng prefixes into BGP4+. device# configure terminal device(config)# router bgp device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# redistribute rip Configuring BGP4+ outbound route filtering The BGP4+ Outbound Route Filtering (ORF) prefix list capability can be configured in receive mode, send mode, or both send and receive modes, minimizing the number of BGP updates exchanged between BGP peers.
Page 415: Configuring Bgp4+ Confederations
Configuring BGP4+ The following example configures ORF in send mode. device# configure terminal device(config)# router bgp device(config-bgp-router)# address-family ipv6 unicast device(config-bgp-ipv6u)# neighbor 2001:db8:e0ff:783a::4 activate device(config-bgp-ipv6u)# neighbor 2001:db8:e0ff:783a::4 prefix-list myprefixlist in device(config-bgp-ipv6u)# neighbor 2001:db8:e0ff:783a::4 capability orf prefixlist send The following example configures ORF in both send and receive modes. device# configure terminal device(config)# router bgp device(config-bgp-router)# address-family ipv6 unicast...
Page 416: Applying A Bgp Extended Community Filter
Configuring BGP4+ Enter the ip community-list extended command using the permit keyword to configure a BGP community ACL. device(config)# ip community-list extended 1 permit ^[1-2]23 Enter the route-map name command to create and define a route map and enter route map configuration mode. device(config)# route-map ComRmap permit 10 Enter the match community command and specify a community list name.
Page 417: Disabling Bgp4+ Graceful Restart
Configuring BGP4+ Enter the set local-preference command and specify a value to set a BGP local-preference path attribute. device(config-route-map-ComRmap)# set local-preference 200 Enter the router bgp command to enable BGP routing. device(config)# router bgp Enter the local-as command to configure the autonomous system number (ASN) in which your device resides. device(config-bgp-router)# local-as 1000 Enter the neighbor ipv6-address remote-as command to specify the ASN in which the remote neighbor resides.
Page 418: Re-Enabling Bgp4+ Graceful Restart
Configuring BGP4+ Enter the router bgp command to enable BGP routing. device(config)# router bgp (Optional) Enter the address-family command and specify the ipv6 and unicast keywords to enter IPv6 address family configuration mode. device(config-bgp-router)# address-family ipv6 unicast Enter the no graceful restart command to disable graceful restart at the IPv6 address family configuration level. device(config-bgp-ipv6u))# no graceful-restart In the following example, the graceful restart feature is disabled at the IPv6 address family configuration level.
Page 419 Configuring BGP4+ Do any of the following: • Enter the graceful-restart command using the purge-time keyword to overwrite the default purge-time value. device(config-bgp-ipv6u)# graceful-restart purge-time 300 • Enter the graceful-restart command using the restart-time keyword to overwrite the default restart-time advertised to graceful restart-capable neighbors.
Page 420: Disabling The Bgp As_Path Check Function
Configuring BGP4+ Disabling the BGP AS_PATH check function A device can be configured so that the AS_PATH check function for routes learned from a specific location is disabled, and routes that contain the recipient BGP speaker's AS number are not rejected. Enter the configure terminal command to access global configuration mode.
Page 421 Configuring BGP4+ Enter the show ipv6 bgp attribute-entries command. device# show ipv6 bgp attribute-entries Total number of BGP Attribute Entries: 2 Next Hop : 2001::1 Origin:IGP Originator:0.0.0.0 Cluster List:None Aggregator:AS Number :0 Router-ID:0.0.0.0 Atomic:None Local Pref:1 Communities:Internet AS Path : (length 0) Address: 0x1205c75c Hash:268 (0x01000000) Links: 0x00000000, 0x00000000...
Page 422 Configuring BGP4+ Enter the show ipv6 bgp routes command. device# show ipv6 bgp routes Total number of BGP Routes: 6 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop LocPrf Weight Status 57:7000:3:22:abc:1::/128 2001:700:122:57::57 AS_PATH: 7000 322...
Page 423: Displaying Bgp4+ Neighbor Statistics
Configuring BGP4+ Enter the show ipv6 bgp routes command, using the local keyword. device# show ipv6 bgp routes local Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH S:SUPPRESSED F:FILTERED s:STALE Prefix Next Hop LocPrf Weight Status 131::1/128 32768 AS_PATH:...
Page 424 Configuring BGP4+ Enter the show ipv6 bgp neighbors advertised-routes command. device# show ipv6 bgp neighbor 2001:db8::10 advertised-routes There are 7 routes advertised to neighbor 2001:db8::10 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST E:EBGP I:IBGP L:LOCAL Prefix Next Hop LocPrf Weight Status fd80:122:122:122:101:101:0:122/128 2001:122:122::122 AS_PATH: fd80:122:122:122:103:103:0:122/128 2001:122:122::122...
Page 425: Clearing Bgp4+ Dampened Paths
Configuring BGP4+ Enter the show ipv6 bgp neighbors rib-out-routes command. device# show ipv6 bgp neighbors 2001:db8::10 rib-out-routes There are 150 RIB_out routes for neighbor 2001:db8::10 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST E:EBGP I:IBGP L:LOCAL Prefix Next Hop LocPrf Weight Status fd80:122:122:122:101:101:0:122/128 AS_PATH: fd80:122:122:122:103:103:0:122/128 AS_PATH: fd80:122:122:122:105:105:0:122/128...
Page 426 Configuring BGP4+ The following example reactivates all suppressed BGP4+ routes and verifies that there are no suppressed routes. device(config-bgp-router)# exit device(config)# exit device# show ipv6 bgp dampened-paths device# clear ipv6 bgp dampening device# show ipv6 bgp dampened-paths Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 427: Vrrpv2
VRRPv2 • VRRPv2 overview......................................427 • Enabling an owner VRRP device................................432 • Enabling a backup VRRP device................................434 • Configuring simple text authentication on VRRP interfaces......................435 • Configuring MD5 authentication on VRRP interfaces........................436 • Abdicating VRRP master device status..............................437 •...
Page 428 VRRPv2 overview FIGURE 32 Single point of failure with Device 1 being the Host1 default gateway To connect to the Internet or an internal intranet Host 1, in the figure, uses the IP address of 10.53.5.1 on Router 1 as its default gateway.
Page 429: Vrrp Terminology
VRRPv2 overview FIGURE 33 Devices configured as VRRP virtual routers for redundant network access for Host 1 The blue rectangle in the figure represents a VRRP virtual router. When you configure a virtual router, one of the configuration parameters is a group number (also known as a virtual router ID or VRID), which can be a number from 1 through 255. The virtual router is identified with a group, and within the VRRP group, there is one physical device that forwards packets for the virtual router and this is called a master VRRP device.
Page 430: Vrrp Hold Timer
VRRPv2 overview Virtual router A collection of physical routers that can use VRRP to provide redundancy to routers within a LAN. Virtual router ID A group of physical routers that are assigned to the same virtual router ID (VRID). Virtual router address The virtual router IP address must belong to the same subnet as a real IP address configured on the VRRP interface, and it can be the same as a real IP address configured on the VRRP interface.
Page 431: Vrrp Authentication
VRRPv2 overview the backup devices assume that the master device is offline. When the master device is offline, the backup device with the highest priority assumes the role of the master device. NOTE The hello intervals must be set to the same value on both owner and backup devices for the same VRID. dead interval The dead interval is defined as the period of time for which backup devices wait for a hello message from the master device before assuming that the master device is offline.
Page 432: Vrrp Master Device Abdication To Backup Device
Enabling an owner VRRP device VRRP master device abdication to backup device To allow temporary control of a VRRP virtual router ID (VRID) to pass to a backup device, you can force the master device to abdicate to a backup device by setting a lower priority. Changing the priority of a VRRP master device allows a temporary abdication of the master device status to allow a backup device with a higher priority to assume the master device role.
Page 433 Enabling an owner VRRP device FIGURE 34 Basic VRRP topology On the device designated as the owner VRRP device, from privileged EXEC mode, enter global configuration mode by issuing the configure terminal command. device# configure terminal Globally enable VRRP. device(config)# router vrrp Configure the Ethernet interface link for Router 1.
Page 434: Enabling A Backup Vrrp Device
Enabling a backup VRRP device Designate this router as the VRRP owner device. device(config-if-e1000-1/1/6-vrid-1)# owner Configure the VRRP version. device(config-if-e1000-1/1/6-vrid-1)# version 2 Configure the IP address of the VRID. device(config-if-e1000-1/1/6-vrid-1)# ip-address 10.53.5.1 Enable the VRRP session. device(config-if-e1000-1/1/6-vrid-1)# activate The following example configures a VRRP owner device. device# configure terminal device(config)# router vrrp device(config)# interface ethernet 1/1/6...
Page 435: Configuring Simple Text Authentication On Vrrp Interfaces
Configuring simple text authentication on VRRP interfaces Designate this router as a backup VRRP device. device(config-if-e1000-1/1/5-vrid-1)# backup priority 110 While configuring a backup device, you can set a priority that is used when a master VRRP device goes offline. The backup device with the highest priority will assume the role of master device.
Page 436: Configuring Md5 Authentication On Vrrp Interfaces
Configuring MD5 authentication on VRRP interfaces NOTE This task supports VRRPv2 and VRRP-Ev2 only. VRRPv3 and VRRP-Ev3 are not supported. From privileged EXEC mode, enter global configuration mode by issuing the configure terminal command. device# configure terminal Globally enable VRRP. device(config)# router vrrp Configure an Ethernet interface.
Page 437: Abdicating Vrrp Master Device Status
Abdicating VRRP master device status Enter the MD5 password configuration using the ip vrrp auth-type command with a text password. The password will be encrypted when saved in the configuration file. When an MD5 authentication password is configured on an interface, a syslog message is displayed.
Page 438 Abdicating VRRP master device status NOTE This task is supports IPv4 VRRP only. IPv6 VRRP, VRRP-E, and IPv6 VRRP-E are not supported. On the master device and from privileged EXEC mode, enter global configuration mode by issuing the configure terminal command.
Page 439: Tracked Ports And Track Priority With Vrrp And Vrrp-E
Tracked ports and track priority with VRRP and VRRP-E Tracked ports and track priority with VRRP and VRRP-E Port tracking allows interfaces not configured for VRRP or VRRP-E to be monitored for link-state changes that can result in dynamic changes to the VRRP device priority. A tracked port allows you to monitor the state of the interfaces on the other end of a route path.
Page 440: Vrrp Backup Preemption
VRRP backup preemption The following example shows how to configure Ethernet interface 1/2/4 on virtual router 1 to be tracked; if the interface fails, the VRRP priority of the device becomes 20, forcing a negotiation for a new master device. device# configure terminal device(config)# router vrrp device(config)# interface ethernet 1/1/6...
Page 441: Accept Mode For Backup Vrrp Devices
Accept mode for backup VRRP devices Enter the non-preempt-mode command to disable backup preemption. device(config-if-e1000-1/1/5-vrid-1)# non-preempt-mode Even if a backup device has a higher priority than the current backup acting as a master device, the backup device will not assume the role of the VRRP master device. The following example disables preemption on a backup VRRP device.
Page 442 Accept mode for backup VRRP devices Configure the IP address of the interface. All devices configured for the same virtual router ID (VRID) must be on the same subnet. device(conf-if-e1000-1/1/5)# ip address 10.53.5.3/24 Assign this backup device to VRID 1, the same VRID as the VRRP owner device. device(conf-if-e1000-1/1/5)# ip vrrp vrid 1 NOTE You can assign a VRID number in the range of 1 through 255.
Page 443: Suppressing Rip Route Advertisements On Vrrp Backup Devices
VRRP-Ev2 overview Suppressing RIP route advertisements on VRRP backup devices RIP route advertisement suppression can be enabled on VRRP backup devices to prevent other VRRP devices from learning multiple paths for a backed-up interface. A VRRP or VRRP-E session with master and backup devices must be configured and running. Normally, a VRRP or VRRP-E backup includes route information for the virtual IP address (the backed-up interface) in RIP advertisements.
Page 444: Enabling A Vrrp-E Device
Enabling a VRRP-E device Enabling a VRRP-E device This task is performed on any device that is designated as a VRRP extended (VRRP-E) device. For each VRRP-E virtual routing instance, there is one master device and all other devices are backups; but, unlike VRRP, every device is configured as a backup and the device with the highest priority becomes the master VRRP-E device.
Page 445: Vrrp-E Load-Balancing Using Short-Path Forwarding
VRRP-E load-balancing using short-path forwarding The following example configures a VRRP-E device. device# configure terminal device(config)# router vrrp-extended device(config-vrrpe-router)# interface ethernet 1/1/5 device(config-if-e1000-1/1/5)# ip address 10.53.5.3/24 device(config-if-e1000-1/1/5)# ip vrrp-extended vrid 1 device(config-if-e1000-1/1/5-vrid-1)# backup priority 110 device(config-if-e1000-1/1/5-vrid-1)# version 2 device(config-if-e1000-1/1/5-vrid-1)# ip-address 10.53.5.254 device(config-if-e1000-1/1/5-vrid-1)# activate VRRP-E router 1 for this interface is activating VRRP-E load-balancing using short-path forwarding...
Page 446: Short-Path Forwarding With Revert Priority
VRRP-E load-balancing using short-path forwarding FIGURE 35 Short-path forwarding If you enable short-path forwarding in both master and backup VRRP-E devices, packets sent by Host Server 1 (in the figure) and destined for the Internet cloud through the device on which a VRRP backup interface exists can be routed directly to the VRRP backup device (blue dotted line) instead of being switched to the master router and then back (red dotted-dash line).
Page 447: Configuring Vrrp-E Load-Balancing Using Short-Path Forwarding
VRRP-E load-balancing using short-path forwarding Configuring VRRP-E load-balancing using short-path forwarding VRRP-E traffic can be load-balanced using short-path forwarding on the backup devices. Before configuring VRRP-E load-balancing, VRRP-E must be configured on all devices in the VRRP-E session. Perform this task on all backup VRRP-E Layer 3 devices to allow load sharing within a VRRP extended group. Use the configure terminal command to enter global configuration mode.
Page 448: Vrrp-E Slow Start Timer
VRRP-E slow start timer In the following example, short-path forwarding is configured on a backup VRRP-E device, and a revert priority threshold is configured. If the backup device priority falls below this threshold, short-path forwarding is disabled. device# configure terminal device(config)# router vrrp-extended device(config-vrrpe-router)# interface ve 10 device(config-vif-10)# ip address 192.168.4.1/24...
Page 449: Configuration Example: Issu Upgrade Using Vrrp-E
Configuration example: ISSU upgrade using VRRP-E Configuration example: ISSU upgrade using VRRP-E Using VRRP-E, an In Service Software Upgrade (ISSU) can be performed with minimal downtime. VRRP-E supports ISSU and combined with the short-path forwarding feature, high availability can be achieved. When a software upgrade has to be performed, the backup router can be upgraded first and after it comes back online, the VRRP-E priority can be set to be higher than the current master.
Page 450: Displaying Vrrpv2 Information
Displaying VRRPv2 information Router B configuration The following example configuration configures VRRP-E using the short-path forwarding feature. On this device, the priority value for VRID 23 is set to 50. configure terminal router vrrp-extended interface ve 123 ip address 192.168.4.11 255.255.255.0 ip vrrp-extended vrid 23 backup priority 50 advertise backup...
Page 451: Clearing Vrrpv2 Statistics
Clearing VRRPv2 statistics Enter the show ip vrrp brief command. device(config)# show ip vrrp brief Total number of VRRP routers defined: 2 Flags Codes - P:Preempt 2:V2 3:V3 S:Short-Path-Fwd Inte- VRID Current Flags State Master IP Backup IP Virtual IP rface Priority Address...
Page 452 Clearing VRRPv2 statistics Enter the show ip vrrp statistics command for Ethernet interface 1/1/5. device# show ip vrrp statistics ethernet 1/1/5 Interface 1/1/5 ---------------- VRID 2 - number of transitions to backup state = 1 - number of transitions to master state = 1 - total number of vrrp packets received = 0 .
Page 453: Vrrpv3
VRRPv3 • VRRPv3 overview......................................453 • Enabling an IPv6 VRRPv3 owner device.............................454 • Enabling an IPv6 VRRPv3 backup device............................455 • Enabling an IPv4 VRRPv3 owner device.............................456 • Enabling an IPv4 VRRPv3 backup device............................457 • Tracked ports and track priority with VRRP and VRRP-E......................458 •...
Page 454: Enabling An Ipv6 Vrrpv3 Owner Device
Enabling an IPv6 VRRPv3 owner device Enabling an IPv6 VRRPv3 owner device This task is performed on the device that is designated as the owner VRRP device because the IPv6 address of one of its physical interfaces is assigned as the IP address of the virtual router. For each VRRP session, there are master and backup routers, and the owner router is elected, by default, as the master router.
Page 455: Enabling An Ipv6 Vrrpv3 Backup Device
Enabling an IPv6 VRRPv3 backup device The following example configures a VRRP owner device. device# configure terminal device(config)# ipv6 unicast-routing device(config)# ipv6 router vrrp device(config-ipv6-vrrp-router)# interface ethernet 1/1/5 device(config-if-e1000-1/1/5)# ipv6 address fd2b::2/64 device(config-if-e1000-1/1/5)# ipv6 vrrp vrid 2 device(config-if-e1000-1/1/5-vrid-2)# owner device(config-if-e1000-1/1/5-vrid-2)# version 3 device(config-if-e1000-1/1/5-vrid-2)# ipv6-address fe80::768e:f8ff:fe2a:0099 device(config-if-e1000-1/1/5-vrid-2)# ipv6-address fd2b::2 device(config-if-e1000-1/1/5-vrid-2)# activate...
Page 456: Enabling An Ipv4 Vrrpv3 Owner Device
Enabling an IPv4 VRRPv3 owner device By default, backup VRRP devices do not send hello messages to advertise themselves to the master. Use the following command to enable a backup router to send hello messages to the master VRRP device. device(config-if-e1000-1/1/4-vrid-2)# advertise backup Assign the IPv6 link-local address to the VRID for use in the local network.
Page 457: Enabling An Ipv4 Vrrpv3 Backup Device
Enabling an IPv4 VRRPv3 backup device Designate this router as the VRRP owner device. device(config-if-e1000-1/1/6-vrid-1)# owner Configure the VRRP version. device(config-if-e1000-1/1/6-vrid-1)# version 3 In this step, VRRPv3 is selected. Configure the IP address of the VRID. device(config-if-e1000-1/1/6-vrid-1)# ip-address 10.53.5.1 Enable the VRRP session. device(config-if-e1000-1/1/6-vrid-1)# activate The following example configures an IPv4 VRRPv3 owner device.
Page 458: Tracked Ports And Track Priority With Vrrp And Vrrp-E
Tracked ports and track priority with VRRP and VRRP-E Assign the same VRID as the VRID used by the owner device. device(config-if-e1000-1/1/5)# ip vrrp vrid 1 NOTE You can assign a VRID number in the range of 1 through 255. Designate this router as a backup VRRP device.
Page 459: Tracking Ports And Setting Vrrp Priority Using Vrrpv3
Accept mode for backup VRRP devices Tracking ports and setting VRRP priority using VRRPv3 Configuring port tracking on an exit path interface and setting a priority on a VRRPv3 device enables VRRPv3 to monitor the interface. For VRRPv3, if the interface goes down, the device priority is set to the priority value and another backup device with a higher priority assumes the role of master.
Page 460: Enabling Accept Mode On A Backup Vrrp Device
Accept mode for backup VRRP devices NOTE The accept mode functionality enables a VRRP nonowner master device to respond to ping, Telnet, and traceroute packets, but the device will not respond to SSH packets. Enabling accept mode on a backup VRRP device Enabling accept mode allows a backup VRRP device to respond to ping, traceroute, and Telnet packets if the backup device becomes the master VRRP device.
Page 461: Alternate Vrrpv2 Checksum For Vrrpv3 Ipv4 Sessions
Alternate VRRPv2 checksum for VRRPv3 IPv4 sessions Verify that accept mode is enabled. device# show ip vrrp vrid 1 Interface 1/1/5 ---------------- auth-type no authentication VRID 1 (index 1) interface 1/1/5 state master administrative-status enabled version v2 mode non-owner (backup) virtual mac aaaa.bbbb.cccc (configured) priority 110 current priority 110...
Page 462: Displaying Alternate Vrrpv2 Checksum Settings
Alternate VRRPv2 checksum for VRRPv3 IPv4 sessions Enable VRRP globally. device(config)# router vrrp Enter the interface command with an interface type and number. device(config)# interface ethernet 1/2/4 To configure a VRRP virtual routing ID, use the ip vrrp vrid command with an associated ID number. device(config-if-e1000-1/2/4)# ip vrrp vrid 14 To enable VRRP version 3 (VRRPv3), enter the version command with a version number of v3.
Page 463: Automatic Generation Of A Virtual Link-Local Address For Vrrpv3
Automatic generation of a virtual link-local address for VRRPv3 Use the show ip vrrp command with a virtual router ID number to display the current settings of a specific VRRP session, including the use-v2-checksum command, if configured. device# show ip vrrp vrid 14 Interface 1/2/4 ---------------- auth-type no authentication...
Page 464: Assigning An Auto-Generated Link-Local Ipv6 Address For A Vrrpv3 Cluster
Automatic generation of a virtual link-local address for VRRPv3 Assigning an auto-generated link-local IPv6 address for a VRRPv3 cluster A virtual link-local IPv6 address can be auto-generated and assigned as the virtual IPv6 address of a VRRPv3 session. The default VRRPv3 implementation allows only the link-local address that is configured on a physical interface to be used as the virtual IPv6 address of a VRRPv3 session.
Page 465: Displaying Vrrpv3 Statistics
Displaying VRRPv3 statistics Displaying VRRPv3 statistics Various show commands can display statistical information about IPv6 VRRP configurations. Before displaying statistics, VRRPv3 must be configured and enabled in your network to generate traffic. Use one or more of the following commands to display VRRPv3 information. The commands do not have to be entered in this order. Use the exit command to return to privileged EXEC mode, if required.
Page 466: Clearing Vrrpv3 Statistics
Clearing VRRPv3 statistics To view detailed statistical information about IPv6 VRRPv3, enter the show ipv6 vrrp statistics command. device# show ipv6 vrrp statistics Global IPv6 VRRP statistics ------------------------------- - received vrrp packets with checksum errors = 0 - received vrrp packets with invalid version number = 0 - received vrrp packets with unknown or inactive vrid = 0 Interface 1/1/3 ----------------...
Page 467: Enabling An Ipv6 Vrrp-Ev3 Device
Enabling an IPv6 VRRP-Ev3 device • Configuring VRRP-Ev3 uses the same task steps for all devices; no differences between master and backup device configuration. The device configured with the highest priority assumes the master role. VRRP-Ev3 is not supported on non-Brocade devices and does not interoperate with VRRPv2 or VRRPv3 sessions on Brocade devices. Enabling an IPv6 VRRP-Ev3 device This task is performed on any device that is designated as a VRRP extended version 3 (VRRP-Ev3) device.
Page 468: Displaying And Clearing Vrrp-Ev3 Statistics
Displaying and clearing VRRP-Ev3 statistics Configure a global IPv6 address for the VRID. device(config-if-e1000-1/1/7-vrid-4)# ipv6-address fd4b::99 The IPv6 address associated with the VRID must not be configured on any of the devices used for VRRP-Ev3. 10. Enable the VRRP session. device(config-if-e1000-1/1/7-vrid-4)# activate VRRP-E router 4 for this interface is activating The following example configures a backup VRRP-Ev3 device.
Page 469 Displaying and clearing VRRP-Ev3 statistics Enter the show ipv6 vrrp-extended vrid 1 command to display detailed IPv6 VRRP-E configuration information about VRID 1. device# show ipv6 vrrp-extended vrid 1 Interface 1/1/1 ---------------- auth-type md5-authentication VRID 1 (index 1) interface 1/1/1 state master administrative-status enabled mode non-owner(backup)
Page 470 Brocade FastIron Layer 3 Routing Configuration Guide 53-1003903-04...
Page 471: Multi-Vrf
Multi-VRF • Multi-VRF overview....................................... 471 • Configuring Multi-VRF....................................476 Multi-VRF overview Virtual Routing and Forwarding (VRF) allows routers to maintain multiple routing tables and forwarding tables on the same router. A Multi-VRF router can run multiple instances of routing protocols with a neighboring router with overlapping address spaces configured on different VRF instances.
Page 472 Multi-VRF overview FIGURE 37 Example high-level Multi-VRF topology A Multi-VRF instance can be configured on any of the following: • Platforms that support untagged physical ports - Applies only to the Brocade ICX 7750 and the Brocade ICX 7450. It is recommended that these ports be configured "route-only"...
Page 473: Fastiron Considerations For Multi-Vrf
Multi-VRF overview • (Optional) Configure a Route Distinguisher (RD) for new VRF instances. • Configure an IPv4 or IPv6 Address Family (AF) and Neighbor Discovery Protocol for new VRF instances. • Configure routing protocols for new Multi-VRF instances. • Assign VRF instances to Layer 3 interfaces. FastIron considerations for Multi-VRF When a VRF is configured, a warning message specifies that any configuration existing on the interface is deleted.
Page 474 Multi-VRF overview TABLE 61 Configuration limits for ip-vrf with the system-max command (continued) Hardware Minimum Default Maximum FSX 2rd-generation line card ICX 7450 ICX 7750 TABLE 62 Additional configuration limits for the system-max command Configuration ICX 7450 ICX 7750 Default Default ip-route (system-max IPv4 routes that all VRFs 4096...
Page 475: Additional Features To Support Multi-Vrf
Multi-VRF overview NOTE This example also modifies the ip6-route system-max parameter and is intended only for the ICX 7450. • To allocate 2 x 500 routes for IPv6 user-VRF (1408 - (500+500) = 408): device(config)# system-max ip6-route-default-vrf 408 Total max configured ipv6 routes are 1408 - Max ipv6 routes configured for default VRF are 408 - Max ipv6 routes available for all non-default VRFs are 1000 Warning: Please revalidate these values to be valid for your configuration.
Page 476: Configuring Multi-Vrf
Configuring Multi-VRF Proxy ARP Proxy ARP allows a Layer 3 switch to answer ARP requests from devices on one subnet on behalf of devices in another network. Proxy ARP is configured globally and can be further configured per interface. Interface-level configuration overrides the global configuration. With the proxy-arp command configured, a router does not respond to ARP requests for IP addresses in the same subnet as the incoming ports.
Page 477 Configuring Multi-VRF Once the device has rebooted after the reload, enter the show default values command to display the system-max settings. Verify the default values. device(config)# show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops ip addr per intf:24...
Page 478: Creating Vlans As Links On A Tagged Port For Security
Configuring Multi-VRF Confirm the modified values. device(config)# show default values sys log buffers:50 mac age time:300 sec telnet sessions:5 ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops ip addr per intf:24 System Parameters Default Maximum Current Configured ip-arp 4000 64000...
Page 479: Starting A Routing Process For A Vrf
Configuring Multi-VRF ATTENTION Using the overwrite option while downloading a configuration from a TFTP server to the running-config will lead to the loss of all VRF configurations when a VRF is configured on a routing interface. (Optional) Assign a Route Distinguisher (RD). device(config-vrf-corporate)# rd 11:11 (Optional) Assign a router ID.
Page 480: Assigning A Layer 3 Interface To A Vrf
Configuring Multi-VRF Assigning a Layer 3 interface to a VRF The following example illustrates how a virtual Ethernet (VE) interface is assigned to a VRF, and how IP addresses and the OSPF protocol are configured. ATTENTION After you configure a VRF instance on the device, you must assign one or more Layer 3 interfaces (physical or virtual Ethernet) to the VRF.
Page 481: Verifying A Multi-Vrf Configuration
Configuring Multi-VRF Use the vrf forwarding command to assign the interface to the VRF "customer-1" in this example. device(config-lbif-1)# vrf forwarding customer-1 Assign an IPv4 address and mask to the loopback interface. device(config-lbif-1)# ip address 10.0.0.1/24 Verifying a Multi-VRF configuration The following examples illustrate the use of a variety of show commands that are useful in verifying Multi-VRF configurations.
Page 482: Removing A Vrf Configuration
Configuring Multi-VRF The following commands display additional information about a specific application, protocol configuration, or protocol state for both the default VRF and user-defined VRFs. TABLE 64 Useful show commands Default VRF User-defined VRF show ip route show ip route vrf vrf-name show ip ospf neighbor show ip ospf vrf vrf-name neighbor show ip bgp summary...
Page 483: Configuring Additional Arp Features For Multi-Vrf
Configuring Multi-VRF The following example illustrates how to configure static ARP on nondefault VRFs. NOTE The arp command can be used to configure static-ARP entries on a nondefault VRF interface. The VRF command does not require an ARP index before a static-ARP is configured. The arp command is available in the address-family mode for a particular VRF.

This manual is also suitable for:

Icx 7450 series Icx 7750 series

Brocade Communications Systems ICX 7250 Series Configuration Manual

Quick Links

Related Manuals for Brocade Communications Systems ICX 7250 Series

Summary of Contents for Brocade Communications Systems ICX 7250 Series