Page 11
What is policy-based routing ·················································································································· 393 Policy ······················································································································································ 393 IPv6 PBR configuration task list ····················································································································· 394 Configuring an IPv6 policy ····························································································································· 395 Creating an IPv6 node ··························································································································· 395 Configuring match criteria for an IPv6 node ··························································································· 395 Defining the actions for an IPv6 node ···································································································· 395 Configuring IPv6 PBR ····································································································································...
IP routing basics IP routing directs the forwarding of IP packets on routers based on a routing table. This book focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A router maintains at least two routing tables: one global routing table and one forwarding information base (FIB).
• Pre—Preference of the route. Among routes to the same destination, the one with the highest preference is optimal. • Cost—When multiple routes to a destination have the same preference, the one with the smallest cost becomes the optimal route. •...
Routing type Preference IS-IS Static route OSPF ASE OSPF NSSA IBGP EBGP Unknown (route from an untrusted source) Load sharing A routing protocol might find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing. Static routing, IPv6 static routing, RIP/RIPng, OSPF/OSPFv3, BGP/IPv6 BGP, and IS-IS/IPv6 IS-IS support ECMP load sharing.
Page 16
Task Command Remarks display ip routing-table [ multiple-topology topology-name | vpn-instance vpn-instance-name ] Display the routing table. Available in any view. [ verbose ] [ | { begin | exclude | include } regular-expression ] display ip routing-table [ multiple-topology topology-name | Display routes matching an IPv4 vpn-instance vpn-instance-name ] acl Available in any view.
Page 17
Task Command Remarks display ipv6 routing-table Display routing information for a [ vpn-instance vpn-instance-name ] specified destination IPv6 ipv6-address [ prefix-length ] Available in any view. address. [ longer-match ] [ verbose ] [ | { begin | exclude | include } regular-expression ] display ipv6 routing-table [ vpn-instance vpn-instance-name ] Display IPv6 routes with...
Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.
Step Command Remarks Configure the Optional. ip route-static default-preference default preference default-preference-value 60 by default. for static routes. Delete all static delete [ multiple-topology topology-name | routes, including Optional. vpn-instance vpn-instance-name ] static-routes all the default route. Configuring BFD for static routes Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium-, and protocol-independent fast failure detection mechanism.
Figure 1 Network diagram for static route FRR As shown in Figure 1, upon a link failure, FRR designates a backup next hop by using a routing policy for routes matching the specified criteria. Packets are directed to the backup next hop to avoid traffic interruption.
Static route configuration examples Basic static route configuration example Network requirements Configure static routes in Figure 2 for interconnections between any two hosts. Figure 2 Network diagram Host B 1.1.6.2/24 GE2/1/3 1.1.6.1/24 GE2/1/1 GE2/1/2 1.1.4.2/30 1.1.5.5/30 Router B GE2/1/2 GE2/1/2 1.1.5.6/30 1.1.4.1/30 GE2/1/1...
Page 23
1.1.2.0/24 Direct 0 1.1.2.3 GE2/1/1 1.1.2.3/32 Direct 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 1.1.4.1 GE2/1/2 1.1.4.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 # Display the IP routing table of Router B. [RouterB] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10...
BFD for static routes configuration example (direct next hop) Network requirements Figure 3, configure a static route to subnet 120.1.1.0/24 on Router A, configure a static route to subnet 121.1.1.0/24 on Router B, and enable BFD for both routes. Configure a static route to subnet 120.1.1.0/24 and a static route to subnet 121.1.1.0/24 on Router C.
Page 25
[RouterB] ip route-static 121.1.1.0 24 GigabitEthernet 2/1/1 12.1.1.1 bfd control-packet [RouterB] ip route-static 121.1.1.0 24 GigabitEthernet 2/1/2 13.1.1.2 preference 65 [RouterB] quit # Configure static routes on Router C. <RouterC> system-view [RouterC] ip route-static 120.1.1.0 24 GigabitEthernet 2/1/2 13.1.1.1 [RouterC] ip route-static 121.1.1.0 24 GigabitEthernet 2/1/1 10.1.1.102 Verify the configuration: # Display BFD sessions on Router A.
# Display the static route information again. Router A communicates with Router B over the static route passing Router C now. <RouterA> display ip routing-table protocol static Public Routing Table : Static Summary Count : 2 Static Routing table Status : <Active> Summary Count : 1 Destination/Mask Proto...
Page 27
Configuration procedure Configure IP addresses for the interfaces. (Details not shown.) Configure static routes and BFD: # Configure static routes on Router A and enable BFD control packet mode for the static route through Router D. <RouterA> system-view [RouterA] interface loopback 1 [RouterA-LoopBack1] bfd min-transmit-interval 500 [RouterA-LoopBack1] bfd min-receive-interval 500 [RouterA-LoopBack1] bfd detect-multiplier 9...
Static route FRR configuration example Network requirements As shown in Figure 5, configure static routes on Router S, Router A, and Router D, and configure static route FRR so that when Link A fails, traffic can be switched to Link B immediately. Figure 5 Network diagram Router A Link B...
Page 30
[RouterD-route-policy] quit [RouterD] ip route-static fast-reroute route-policy frr Verify the configuration: # Display route 4.4.4.4/32 on Router S to view the backup next hop information. [RouterS] display ip routing-table 4.4.4.4 verbose Routing Table : Public Summary Count : 1 Destination: 4.4.4.4/32 Protocol: Static Process ID: 0 Preference: 60...
Configuring a default route A default route is used to forward packets that match no entry in the routing table. Without a default route, a packet that does not match any routing entries is discarded. A default route can be configured in either of the following ways: •...
Configuring RIP Routing Information Protocol (RIP) is a distance-vector simple interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0.
• Poison reverse—Enables RIP to set the metric of routes received from a neighbor to 16 and sends back these routes to the neighbor so the neighbor can delete such information from its routing table to prevent routing loops. • Triggered updates—RIP immediately advertises triggered updates for topology changes to reduce the possibility of routing loops and to speed up convergence.
• Configure the link layer protocol. • Configure IP addresses for interfaces to ensure IP connectivity between neighboring routers. Enabling RIP Perform this task to create a RIP process and enable the RIP process on the interface attached to the specified network. An interface that is not on the specified network does not run RIP. If you configure RIP settings in interface view before enabling RIP, the settings do not take effect until RIP is enabled.
A RIPv2-enabled broadcast interface sends RIPv2 broadcasts and can receive RIPv1 unicasts and broadcasts, and RIPv2 broadcasts, multicasts, and unicasts. You can configure a global RIP version in RIP view or an interface-specific RIP version in interface view. An interface preferentially uses the interface-specific RIP version. If no interface-specific version is specified, the interface uses the global RIP version.
An inbound additional metric is added to the metric of a received route before the route is added into the routing table, and the route's metric is changed. If the sum of the additional metric and the original metric is greater than 16, the metric of the route becomes 16. To configure additional routing metrics: Step Command...
Step Command Remarks Optional. rip default-route { { only | By default, a RIP interface can Configure the RIP interface originate } [ cost cost ] | advertise a default route if the RIP to advertise a default route. no-originate } process is configured with default route advertisement.
Configuring RIP route redistribution Perform this task to configure RIP to redistribute routes from other routing protocols, including OSPF, IS-IS, BGP, static, and direct routes. Only active routes can be redistributed. To display active routes, use the display ip routing-table protocol command. To configure RIP route redistribution: Step Command...
Configuring split horizon and poison reverse The split horizon and poison reverse functions can prevent routing loops. If both split horizon and poison reverse are configured, only the poison reverse function takes effect. Enabling split horizon Split horizon disables RIP from sending routes through the interface where the routes were learned to prevent routing loops between adjacent routers.
Enabling zero field check on incoming RIPv1 messages Some fields in the RIPv1 message must be set to zero. These fields are called "zero fields." You can enable zero field check on incoming RIPv1 messages. If a zero field of a message contains a non-zero value, RIPv1 does not process the message.
To configure the RIP packet sending rate: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Specify the interval for Optional. sending RIP packets and the By default, an interface sends up maximum number of RIP output-delay time count count to three RIP packets every 20...
Step Command Remarks rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Enable RIP FRR and reference a routing policy to fast-reroute route-policy Disabled by default. designate a backup next route-policy-name hop. Configuring BFD for RIP BFD for RIP provides the following link detection modes: •...
Step Command Remarks Enter system view. system-view Configure the source IP By default, no source IP address address of BFD echo is configured for BFD echo bfd echo-source-ip ip-address packets. packets. interface interface-type Enter interface view. interface-number By default, BFD for RIP is disabled.
Task Command Remarks display rip process-id database Display all active routes in RIP [ | { begin | exclude | include } Available in any view. database. regular-expression ] display rip process-id interface [ interface-type interface-number ] Display RIP interface information. Available in any view.
# Display the RIP routing table on Router A. [RouterA] display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect -------------------------------------------------------------------------- Peer 1.1.1.2 on GigabitEthernet2/1/1 Destination/Mask Nexthop Cost Flags...
Page 49
Figure 8 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP basic functions: # Enable RIP 100, and configure a RIPv2 on Router A. <RouterA> system-view [RouterA] rip 100 [RouterA-rip-100] network 10.0.0.0 [RouterA-rip-100] network 11.0.0.0 [RouterA-rip-100] version 2 [RouterA-rip-100] undo summary [RouterA-rip-100] quit...
Page 50
16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 Configure RIP route redistribution: # Configure RIP 200 to redistribute direct routes and routes from RIP 100 on Router B. [RouterB] rip 200 [RouterB-rip-200] import-route rip 100 [RouterB-rip-200] import-route direct [RouterB-rip-200] quit # Display the routing table of Router C.
Configuring an additional metric for a RIP interface Network requirements As shown in Figure 9, run RIPv2 on all the interfaces of Router A, Router B, Router C, Router D, and Router E. Router A has two links to Router D. The link from Router B to Router D is more stable than that from Router C to Router D.
[RouterD-rip-1] version 2 [RouterD-rip-1] undo summary [RouterD-rip-1] quit # Configure RIP to redistribute the routes from OSPF process 1 and direct routes on Router C. [RouterC-rip-1] import-route direct [RouterC-rip-1] import-route ospf 1 [RouterC-rip-1] quit # Display the IP routing table on Router D. [RouterD] display ip routing-table Routing Tables: Public Destinations : 10...
Page 55
Figure 11 Network diagram Configuration procedure Configure IP addresses for the interfaces on each router and configure RIPv2: Follow Figure 11 to configure the IP address and subnet mask of each interface on the routers. (Details not shown.) Configure RIPv2 on the routers, ensuring that Router A, Router D, and Router S can communicate with each other at Layer 3.
Page 57
Figure 12 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP and enable BFD on the interfaces: # Configure Router A. <RouterA> system-view [RouterA] rip 1 [RouterA-rip-1] network 192.168.1.0 [RouterA-rip-1] quit [RouterA] interface GigabitEthernet 2//1 [RouterA-GigabitEthernet2/1/1] rip bfd enable [RouterA-GigabitEthernet2/1/1] quit [RouterA] rip 2...
Page 58
Configure a static route on Router C: [RouterC] ip route-static 100.1.1.1 24 null 0 Verify the configuration: # Display the BFD session information of Router A. <RouterA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Echo Mode: SourceAddr DestAddr State...
# Display the RIP routes of RIP process 1 on Router A. <RouterA> display rip 1 route Route Flags: R - RIP, T - TRIP P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------------------- The output shows that the RIP route learned from Router C no longer exists. # Display the RIP route destined for 100.1.1.0/24 on Router A.
Page 60
Figure 13 Network diagram Router B GE2/1/1 GE2/1/2 192.168.2.2/24 192.168.3.1/24 GE2/1/2 192.168.3.2/24 Router A Router C RIP packets Fault BFD session Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP and enable BFD on the interfaces: # Configure Router A.
Page 61
Verify the configuration: # Display the BFD session information on Router A. <RouterA> display bfd session Total session number: 1 Up session number: 1 Init Mode: Active IPv4 session working under Echo mode: SourceAddr DestAddr State Holdtime Interface 192.168.2.1 192.168.2.2 2000ms GE2/1/2 # Display routes destined for 100.1.1.0/24 on Router B.
# Display routes destined for 100.1.1.0/24 on Router B when the route learned from Router A ages out. <RouterB> display ip routing-table 100.1.1.0 24 verbose Routing Table : Public Summary Count : 1 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1 Preference: 100 Cost: 4 IpPrecedence:...
Page 63
Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP basic and enable static route redistribution into RIP so Router A and Router C have routes to send to each other: # Configure Router A. <RouterA> system-view [RouterA] rip 1 [RouterA-rip-1] network 192.168.1.0 [RouterA-rip-1] peer 192.168.2.2...
Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h10m35s Tag: 0 Troubleshooting RIP No RIP updates received Symptom No RIP updates are received when the links work correctly. Analysis After enabling RIP, use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages.
Configuring OSPF This chapter describes how to configure OSPF. Overview Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. Unless otherwise stated, OSPF refers to OSPFv2 (defined in RFC 2328) throughout this document.
• Network LSA—Type-2 LSA, originated for broadcast and NBMA networks by the designated router, and flooded throughout a single area only. This LSA contains the list of routers connected to the network. • Network Summary LSA—Type-3 LSA, originated by ABRs (Area Border Routers), and flooded throughout the LSA's associated area.
Page 69
Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF requires the following: • All non-backbone areas must maintain connectivity to the backbone area. •...
routes. It advertises a default route in a Type-3 LSA so that the routers in the area can reach external networks through the default route. NSSA area and totally NSSA area A Not-So-Stubby Area (NSSA) area does not import AS external LSAs (Type-5 LSAs) but it can import Type-7 LSAs generated by the NSSA ASBR.
• Each OSPF router collects LSAs from other routers to compose an LSDB. An LSA describes the network topology around a router, and the LSDB describes the entire network topology of the area. • Each router transforms the LSDB to a weighted directed graph that shows the topology of the area.
Figure 20 DR and BDR in a network DR other DR other DR other In OSPF, "neighbor" and "adjacency" are different concepts. After startup, OSPF sends a hello packet on each OSPF interface. A receiving router checks parameters in the packet. If the parameters match its own, the receiving router considers the sending router an OSPF neighbor.
Page 74
Task Remarks Enabling OSPF Required. Configuring a stub area Configuring OSPF areas Configuring an NSSA area Optional. Configuring a virtual link Configuring the broadcast network type for an interface Optional. Configuring the NBMA network type for an interface Optional. Configuring OSPF network types Configuring the P2MP network type for an interface Optional.
Task Remarks Configuring the OSPF GR helper Optional. Triggering OSPF GR Optional. Configuring OSPF NSR Optional. Configuring BFD for OSPF Optional. Enabling OSPF Enable OSPF before you perform other OSPF configuration tasks. Configuration prerequisites Configure the link layer protocol and IP addresses for interfaces so that neighboring nodes can communicate with each other.
Step Command Remarks Optional. Not configured by default. If no global router ID is configured, the Configure a global router highest loopback interface IP address, if router id router-id any, is used as the router ID. If no loopback interface IP address is available, the highest physical interface IP address is used, regardless of the interface status.
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enter OSPF view. router-id | vpn-instance vpn-instance-name ] * Enter area view. area area-id Not configured by default. You cannot configure the backbone area as a stub or totally stub Configure the area as a stub area.
NOTE: Virtual links cannot transit a stub area or totally stub areas. Configuring a virtual link Non-backbone areas exchange routing information through the backbone area. Connectivity between the backbone and non-backbone areas and within the backbone must be available. You can configure virtual links to ensure the connectivity when physical links are not enough. Virtual links cannot transit a stub area, a totally stub area, an NSSA area, or a totally NSSA area.
Two broadcast-, NBMA-, P2MP-type interfaces can establish a neighbor relationship only when they are on the same network segment. Configuration prerequisites Before you configure OSPF network types, complete the following tasks: • Configure IP addresses for interfaces so neighboring nodes can reach each other at network layer.
Step Command Remarks Exit to system view. quit ospf [ process-id | router-id Enter OSPF view. router-id | vpn-instance vpn-instance-name ] * Specify a neighbor and its peer ip-address [ cost value | By default, no neighbor is specified. router priority. dr-priority dr-priority ] Configuring the P2MP network type for an interface Step...
Configuring OSPF route control This section describes how to control the advertisement and reception of OSPF routing information, as well as route redistribution from other protocols. Configuration prerequisites Before you configure OSPF route control, complete the following tasks: • Configure IP addresses for interfaces. •...
Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enter OSPF view. router-id | vpn-instance vpn-instance-name ]* The command is available on an asbr-summary ip-address { mask | Configure ASBR route ASBR only. mask-length } [ tag tag | summarization.
Configuring an OSPF cost for an interface You can configure an OSPF cost for an interface by using either of the following methods: • Configure the cost value in interface view • Configure a bandwidth reference value for the interface. OSPF computes the cost with this formula: Interface OSPF cost = Bandwidth reference value (100 Mbps)/Interface bandwidth (Mbps).
Configuring OSPF preference A router can run multiple routing protocols, and each protocol is assigned a preference. When the routing protocols find routes to the same destination, the route found by the protocol with the highest preference is selected as the best route. To configure OSPF preference: Step Command...
Tuning and optimizing OSPF networks You can optimize an OSPF network in the following ways: • Change OSPF packet timers to adjust the convergence speed and network load. On low-speed links, consider the delay time for sending LSAs. • Change the SPF calculation interval to reduce resource consumption caused by frequent network changes.
Step Command Remarks Optional. The default dead interval is 40 seconds on Specify the dead P2P and broadcast interfaces and 120 ospf timer dead seconds interval. seconds on P2MP and NBMA interfaces. The default dead interval is restored when the network type for an interface is changed.
Specifying the LSA arrival interval If OSPF receives an LSA that has the same LSA type, LS ID, and router ID as the previously received LSA within the LSA arrival interval, OSPF discards the LSA to save bandwidth and route resources. To configure the LSA arrival interval: Step Command...
• After an OSPF interface is set to "silent," other interfaces on the router can still advertise direct routes of the interface in Router LSAs, but the interface cannot send any packet. This configuration can enhance OSPF networking adaptability and reduce resource consumption. To disable interfaces from receiving and sending routing information: Step Command...
Configure the new MD5/HMAC-MD5 authentication key on all neighbor devices. When the local device receives packets with the new key from all neighbor devices, it exits MD5 key rollover. Delete the old MD5/HMAC-MD5 authentication key from the local device and all its neighbors. This operation helps prevent attacks from devices that use the old key for communication and reduces system resources and bandwidth consumption caused by key rollover.
Configuring the maximum number of external LSAs in LSDB To configure the maximum number of external LSAs in the LSDB: Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional.
• Level-3—Fault traps • Level-4—Alarm traps • Level-5—Normal but important traps • Level-6—Notification traps The generated traps are sent to the information center of the device. The output rules of the traps (whether to output the traps and the output direction) are determined according to the information center configuration.
Step Command Remarks Optional. Enable the advertisement and reception of opaque opaque-capability enable By default, the LSAs. function is disabled. Configuring OSPF to give priority to receiving and processing hello packets To ensure OSPF runs correctly, a router receives and processes hello packets and other protocol packets at the same time.
Step Command Remarks ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Optional. Enable OSPF ISPF. ispf enable By default, OSPF ISPF is disabled. Configuring OSPF FRR When a link fails, the packets on the link are discarded, and a routing loop might occur until OSPF completes routing convergence based on the new network topology.
Step Command Remarks ospf [ process-id | router-id Enter OSPF view. router-id | vpn-instance vpn-instance-name ] * Not configured by default. Enable OSPF FRR to If abr-only is specified, the route to automatically calculate a fast-reroute auto [ abr-only ] the ABR is selected as the backup backup next hop.
Configuring the IETF standard OSPF GR restarter Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enable OSPF and enter router-id | vpn-instance its view. vpn-instance-name ] * Enable opaque LSA Disabled by default. opaque-capability enable advertisement capability. Enable the IETF standard Disabled by default.
Configuring the non-IETF standard OSPF GR helper Step Command Remarks Enter system view. system-view ospf [ process-id | router-id 21. Enable OSPF and enter its router-id | vpn-instance view. vpn-instance-name ] * 22. Enable the link-local Disabled by default. enable link-local-signaling signaling capability.
Step Command Remarks By default, OSPF NSR is Enable OSPF NSR. ospf non-stop-routing disabled. Configuring BFD for OSPF Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide.
Step Command Remarks Exit to system view. quit interface interface-type Enter interface view. interface-number Enable BFD echo packet single-hop Not enabled by ospf bfd enable echo detection on the interface. default. Displaying and maintaining OSPF Task Command Remarks display ospf [ process-id ] brief [ | { begin | Available in any Display OSPF brief information.
Task Command Remarks display ospf [ process-id ] error [ | { begin | Available in any Display OSPF error information. exclude | include } regular-expression ] view. display ospf [ process-id ] asbr-summary Display OSPF ASBR Available in any [ ip-address { mask | mask-length } ] [ | { begin | summarization information.
Page 101
[RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.1] quit [RouterA-ospf-1] quit # Configure Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] area 2 [RouterB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.2] quit [RouterB-ospf-1] quit...
Page 102
Neighbors Area 0.0.0.1 interface 10.2.1.1(GigabitEthernet2/1/2)'s neighbors Router ID: 10.4.1.1 Address: 10.2.1.2 GR State: Normal State: Full Mode: Nbr is Master Priority: 1 DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Dead timer due in 32 Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Router A.
Sum-Net 10.1.1.0 10.2.1.1 1069 8000000F Sum-Asbr 10.3.1.1 10.2.1.1 1069 8000000F # Display OSPF routing information on Router D. [RouterD] display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Inter 10.3.1.1...
Page 104
Figure 23 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions (see "Configuring OSPF basic functions"). Configure OSPF to redistribute routes: # On Router C, configure a static route destined for network 3.1.2.0/24. <RouterC>...
Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Configuring OSPF to advertise a summary route Network requirements • Configure OSPF on Router A and Router B in AS 200. •...
[RouterA] display ip routing-table Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Cost NextHop Interface 10.1.1.0/24 O_ASE 11.2.1.1 GE2/1/1 10.2.1.0/24 O_ASE 11.2.1.1 GE2/1/1 10.3.1.0/24 O_ASE 11.2.1.1 GE2/1/1 10.4.1.0/24 O_ASE 11.2.1.1 GE2/1/1 11.2.1.0/24 Direct 0 11.2.1.2 GE2/1/1 11.2.1.2/32 Direct 0 127.0.0.1 InLoop0...
Page 108
Figure 25 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions (see "Configuring OSPF basic functions"). Configure Router D to redistribute static routes: <RouterD> system-view [RouterD] ip route-static 3.1.2.1 24 10.5.1.2 [RouterD] ospf [RouterD-ospf-1] import-route static [RouterD-ospf-1] quit # Display ABR/ASBR information on Router C.
Page 109
3.1.2.0/24 Type2 10.2.1.1 10.5.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Because Router C resides in a normal OSPF area, its routing table contains an AS external route. Configure Area 1 as a stub area: # Configure Router A.
OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 The output shows that inter-area routes are removed, and only one external route (a default...
Page 111
[RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] nssa [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] quit NOTE: • To allow Router C in the NSSA area to reach other areas within the AS, you must provide the keyword default-route-advertise for the nssa command issued on Router A (the ABR) so Router C can obtain a default route.
Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.2.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 The output shows an external route imported from the NSSA area on Router D. Configuring OSPF DR election Network requirements •...
Page 113
[RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. <RouterD> system-view [RouterD] router id 4.4.4.4 [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] return # Display neighbor information on Router A. [RouterA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors...
Page 114
[RouterB-GigabitEthernet2/1/1] ospf dr-priority 0 [RouterB-GigabitEthernet2/1/1] quit # Configure Router C. [RouterC] interface GigabitEthernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ospf dr-priority 2 [RouterC-GigabitEthernet2/1/1] quit # Display information about neighbors on Router D. <RouterD> display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(GigabitEthernet2/1/1)'s neighbors Router ID: 1.1.1.1...
DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 39 Neighbor is up for 00:01:40 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 0 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Dead timer due in 35 Neighbor is up for 00:01:44 Authentication Sequence: [ 0 ]...
Page 116
Figure 28 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Router A. <RouterA> system-view [RouterA] ospf 1 router-id 1.1.1.1 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit # Configure Router B. <RouterB>...
OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 2 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Area 0 has no direct connection to Area 2, so the OSPF routing table of Router B has no route to Area 2.
Page 118
Figure 29 Network diagram Configuration procedure Configure IP address for interfaces. (Details not shown.) Configure OSPF basic functions: # Configure Router A <RouterA> system-view [RouterA] router id 1.1.1.1 [RouterA] ospf 100 [RouterA-ospf-100] area 0 [RouterA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterA-ospf-100-area-0.0.0.0] quit # Configure Router B <RouterB>...
Page 119
# Configure Router B as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [RouterB-ospf-100] enable link-local-signaling [RouterB-ospf-100] enable out-of-band-resynchronization # Configure Router C as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100.
Configuring OSPF NSR Network requirements As shown in Figure 30, Router S, Router A, and Router B belong to the same OSPF routing domain. Enable OSPF NSR on Router S to ensure correct routing when an active/standby switchover occurs on Router S. Router S is an HSR6802, HSR6804, or HSR6808 router. Figure 30 Network diagram Configuration procedure Configure IP addresses for the interfaces on each router and configure OSPF:...
Routing for Network Destination Cost Type NextHop AdvRouter Area 44.44.44.44/32 Stub 12.12.12.2 44.44.44.44 0.0.0.0 14.14.14.0/24 Transit 12.12.12.2 192.168.1.41 0.0.0.0 22.22.22.22/32 Stub 22.22.22.22 192.168.1.40 0.0.0.0 12.12.12.0/24 Transit 12.12.12.1 192.168.1.40 0.0.0.0 Total Nets: 4 Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0 # Display OSPF neighbors and routes on Router B.
Page 122
Figure 31 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF basic functions (see "Configuring OSPF basic functions"). Configure OSPF to redistribute routes: # On Router C, configure a static route destined for network 3.1.1.0/24. <RouterC>...
Page 123
# Configure the IPv4 prefix list. [RouterC] ip ip-prefix prefix1 index 1 deny 3.1.3.0 24 [RouterC] ip ip-prefix prefix1 index 2 permit 3.1.1.0 24 [RouterC] ip ip-prefix prefix1 index 3 permit 3.1.2.0 24 # Reference the prefix list to filter out the route 3.1.3.0/24. [RouterC] ospf 1 [RouterC-ospf-1] filter-policy ip-prefix prefix1 export static # Display the OSPF routing table of Router A.
10.2.1.0/24 Direct 0 10.2.1.1 GE2/1/2 10.2.1.1/32 Direct 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10.1.1.2 GE2/1/1 10.4.1.0/24 OSPF 10.2.1.2 GE2/1/2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The route to 10.5.1.1/24 is filtered out. Configuring OSPF FRR Network requirements Router S, Router A, and Router D belong to the same OSPF domain as shown in Figure Configure OSPF FRR so that when the link between Router S and Router D fails, traffic is...
Page 128
192.168.0.102 192.168.0.100 1700ms GE2/1/1 # Display routes to 120.1.1.0/24 on Router A, and you can see that Router A communicates with Router B through the Layer 2 switch. <RouterA> display ip routing-table 120.1.1.0 verbose Routing Table : Public Summary Count : 2 Destination: 120.1.1.0/24 Protocol: OSPF Process ID: 0...
Page 129
*0.50673829 RouterA BFD/8/EVENT:Receive Delete-sess, [Src:192.168.0.102, Dst:192.168.0.100,GigabitEthernet2/1/1], Direct, Proto:OSPF *0.50673830 RouterA BFD/8/SCM:Sess[192.168.0.102/192.168.0.100,GE2/1/1], Oper: Del application(OSPF) *0.50673831 RouterA BFD/8/SCM:No application in session, delete session[192.168.0.102/192.168.0.100,GE2/1/1] *0.50673831 RouterA BFD/8/SCM:Sess[192.168.0.102/192.168.0.100,GE2/1/1], Oper: Delete *0.50673832 RouterA BFD/8/SCM:Delete send-packet timer *0.50673833 RouterA BFD/8/SCM:Delete session entry *0.50673833 RouterA BFD/8/SCM:Delete session from IP hash table *0.50673834 RouterA BFD/8/SCM:Delete session from bfd interface *0.50673834 RouterA BFD/8/SCM:No session under bfd-int[GigabitEthernet2/1/1] with default configuration, delete bfd-if...
Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower layer protocols work well, check OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment, and mask (a P2P or virtual link might have different network segments and masks).
Configuring IS-IS This chapter describes how to configure IS-IS for an IPv4 network. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, and the new one is called "Integrated IS-IS"...
Figure 34 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address. Typically, a router only needs one area address, and all nodes in the same area must have the same area address.
Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning. When you configure multiple NETs, make sure their system IDs are the same. IS-IS area IS-IS has a two-level hierarchy to support large-scale networks. A large-scale routing domain is divided into multiple areas.
Figure 36 shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas.
The Level-1 and Level-2 DISs are elected separately. You can assign different priorities to a router for different level DIS elections. The higher the router priority, the more likely the router becomes the DIS. If multiple routers with the same highest DIS priority exist, the one with the highest SNPA (Subnetwork Point of Attachment) address (MAC address on a broadcast network) will be elected.
Page 136
Common header format Figure 39 PDU common header format No. of Octets Intradomain routing protocol discriminator Length indicator Version/Protocol ID extension ID length PDU type Version Reserved Maximum area address Major fields of the PDU common header are as follows: •...
Page 137
Figure 40 L1/L2 LAN IIH format Major fields of the L1/L2 LAN IIH are as follows: • Reserved/Circuit type—The first six bits are reserved with a value of 0. The last two bits indicate the router type—00 means reserved, 01 indicates L1, 10 indicates L2, and 11 indicates L1/2.
Page 138
Figure 41 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field. The Link State PDUs (LSPs) carry link state information. LSPs include Level-1 LSPs and Level-2 LSP.
Page 139
Major fields of the L1/L2 LSP are as follows: • PDU length—Total length of the PDU in bytes. • Remaining lifetime—LSP remaining lifetime in seconds. • LSP ID—Consists of the system ID, the pseudonode ID (one byte) and the LSP fragment number (one byte).
Page 140
Figure 44 L1/L2 CSNP format A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor. Figure 45 L1/L2 PSNP format No.
Table 5 shows that different PDUs contain different CLVs. Code 1 through 10 of are defined in ISO 10589 (code 3 and 5 are not shown in the table), and others are defined in RFC 1195. Table 5 CLV codes and PDU types CLV Code Name PDU Type...
Page 142
• GR helper—A neighbor of the GR restarter. It helps the GR restarter to complete the GR process. After an IS-IS GR restarter restarts, it must complete the following tasks to synchronize the LSDB with its neighbors: • Obtain IS-IS neighbor information without changing adjacencies. •...
Original LSP—The LSP generated by the originating system. The system ID in its LSP ID field is the system ID of the originating system. Extended LSP—Extended LSPs are generated by virtual systems. The system ID in its LSP ID field is the virtual system ID.
• ISO 8348/Ad2, Network Services Access Points • RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments • RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS • RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS • RFC 2973, IS-IS Mesh Groups •...
Task Remarks Setting the LSDB overload bit Optional. Configuring system ID to host name mappings Optional. Enabling the logging of neighbor state changes Optional. Configuring neighbor relationship authentication Optional. Enhancing IS-IS Configuring area authentication Optional. network security Configuring routing domain authentication Optional.
Configuring the IS level and circuit level If only one area exists, perform the following operations: • Configure the IS level of all routers as Level-1 or Level-2 rather than different levels because the routers do not need to maintain two identical LSDBs. •...
Configuring IS-IS routing information control Perform the tasks in this section to affect IS-IS route selection. Configuration prerequisites Before the configuration, complete the following tasks: • Configure IP addresses for all interfaces, and make sure that all neighboring nodes are reachable to each other at the network layer.
Step Command Remarks Optional. isis [ ipv4-unicast topology-name | Specify a cost for the ipv6-unicast ] cost value [ level-1 | No cost is specified for the interface. level-2 ] interface by default. Configuring a global IS-IS cost Step Command Remarks Enter system view.
Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] Specify the maximum By default, the...
Step Command Remarks [ ipv4-unicast topology-name ] Advertise a default default-route-advertise [ route-policy By default, the function is route. route-policy-name | [ level-1 | level-1-2 | disabled. level-2 ] ] * Configuring IS-IS route redistribution Redistributing large numbers of routes on a device might affect the performance of other devices in the network.
Step Command Remarks Filter routes [ ipv4-unicast topology-name ] filter-policy No filtering is configured by calculated from { acl-number | ip-prefix ip-prefix-name | default. received LSPs. route-policy route-policy-name } import Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them into the IS-IS routing table, and advertise them in LSPs.
• Configure IP addresses for all interfaces, and make sure that all neighboring nodes are reachable to each other at the network layer. • Enable IS-IS. Specifying intervals for sending IS-IS hello and CSNP packets Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Specify a DIS priority for the isis dis-priority value [ level-1 | interface. level-2 ] 64 by default. Disabling an interface from sending/receiving IS-IS packets After being disabled from sending and receiving hello packets, an interface cannot form any neighbor relationship, but can advertise directly connected networks in LSPs through other interfaces.
To enable an interface to send small hello packets: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable the interface to send Standard hello packets are sent small hello packets without isis small-hello by default. CLVs.
Page 155
If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors. You can specify the minimum interval for sending such LSPs. On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP. To configure LSP sending intervals: Step Command...
Page 156
Step Command Remarks isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] flash-flood [ flood-count flooding-count | Enable LSP flash Not enabled by max-timer-interval flooding-interval | [ level-1 | flooding. default. level-2 ] ] * Enabling LSP fragment extension After LSP fragment extension is enabled for an IS-IS process, the MTUs of all the interfaces running the IS-IS process must not be less than 512.
Before you configure this task, you must consider redundancy for interfaces in case that LSP packets cannot be flooded due to link failures. To add an interface into a mesh group and block an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view.
Step Command Remarks Optional. Not assigned by default. If no IS-IS route is assigned a high Assign a high priority to IS-IS priority high { ip-prefix priority, IS-IS host routes are routes. prefix-name | tag tag-value } processed first in network convergence because they have higher priority than other types of IS-IS routes.
Configuring dynamic system ID to host name mapping You must configure a static system ID to host name mapping for any other router in a network. When a new router is added into the network or a mapping must be modified, perform configuration on all routers.
Configuration prerequisites Before the configuration, complete the following tasks: • Configure network layer addresses for interfaces to make neighboring nodes accessible to each other at the network layer. • Enable IS-IS. Configuring neighbor relationship authentication With neighbor relationship authentication configured, an interface adds the password in the specified mode into hello packets to the peer and checks the password in the received hello packets.
Configuring routing domain authentication Routing domain authentication prevents untrusted routing information from entering into a routing domain. A router with the authentication configured encapsulates the password in the specified mode into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets.
Configuring IS-IS NSR According to the GR feature, after an active/standby MPU switchover in standalone mode or a global active/standby MPU switchover, the GR restarter obtains routing information from its neighbors, and the IS-IS process must learn all routes. If the network topology has changed during the switchover period, removed routes cannot be updated to the device, which might cause blackhole routes.
• Configure network layer addresses for interfaces to make the neighboring nodes reachable at the network layer. • Enable IS-IS. Configuration guidelines • Do not use FRR and BFD at the same time. Otherwise, FRR might fail to take effect. •...
Step Command Remarks Enable SNMP trap. Enabled by default. is-snmp-traps enable Binding an IS-IS process with MIBs This task allows you to bind MIB with an IS-IS process to send and collect information. For more information about MIB, see Network Management and Monitoring Configuration Guide. To bind an IS-IS process with MIBs: Step Command...
Page 165
Figure 49 Network diagram for IS-IS MTR As shown in Figure 49, the base topology is split into two topologies, topology A and topology B. You can forward voice traffic through topology A and video traffic through topology B. Router B does not belong to topology A. In topology B, the links between Router A and Router D and between Router B and Router C do not exist.
Displaying and maintaining IS-IS Task Command Remarks display isis brief [ process-id | vpn-instance Display brief IS-IS configuration Available in any vpn-instance-name ] [ | { begin | exclude | information. view. include } regular-expression ] display isis debug-switches { process-id | Display the status of IS-IS debug Available in any vpn-instance vpn-instance-name } [ | { begin |...
IS-IS configuration examples IS-IS basic configuration Network requirements As shown in Figure 50, Routers A, B, C, and D reside in an autonomous system. They are interconnected through IS-IS. Router A and Router B are Level-1 routers, Router D is a Level-2 router, and Router C is a Level-1-2 router connecting two areas.
Page 169
LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0001.00-00 0x0000000d 0xb184 0/0/0 0000.0000.0002.00-00* 0x0000000c 0xcd66 1167 0/0/0 0000.0000.0003.00-00 0x00000013 0x2d39 1136 1/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [RouterC] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum...
Page 170
# Display the IS-IS routing information on each router. The routing table of Level-1 routers must contain a default route with the next hop being the Level-1-2 router. The routing table of Level-2 router must contain all Level-1 and Level-2 routes. [RouterA] display isis route Route information for ISIS(1) -----------------------------...
Page 173
Interface: GigabitEthernet2/1/1 Circuit Id: 0000.0000.0004.01 State: Up HoldTime: 23s Type: L2 PRI: 64 # Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for ISIS(1) --------------------------------- Interface: GigabitEthernet2/1/1 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No # Display IS-IS interfaces of Router C.
Page 174
State: Up HoldTime: 22s Type: L2(L1L2) PRI: 64 System Id: 0000.0000.0004 Interface: GigabitEthernet2/1/1 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 22s Type: L2 PRI: 64 # Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for ISIS(1) --------------------------------- Interface: GigabitEthernet2/1/1 IPV4.State...
State: Up HoldTime: 26s Type: L2 PRI: 64 [RouterD] display isis interface Interface information for ISIS(1) --------------------------------- Interface: GigabitEthernet2/1/1 IPV4.State IPV6.State Type Down 1497 L1/L2 No/No Configuring IS-IS route redistribution Network requirements As shown in Figure 52, Router A, Router B, Router C, and Router D reside in the same AS. They use IS-IS to interconnect.
[RouterE] rip 1 [RouterE-rip-1] network 10.0.0.0 [RouterE-rip-1] version 2 [RouterE-rip-1] undo summary # Configure route redistribution from RIP to IS-IS on Router D. [RouterD-rip-1] quit [RouterD] isis 1 [RouterD–isis-1] import-route rip level-2 # Display IS-IS routing information on Router C. [RouterC] display isis route Route information for ISIS(1) -----------------------------...
Page 179
Figure 53 Network diagram Configuration procedure Configure IP addresses of the interfaces on each router and configure IS-IS: Follow Figure 53 to configure the IP address and subnet mask of each interface on the router. (Details not shown.) Configure IS-IS on the routers, ensuring that Router A, Router B, and Router C can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS.
Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS NSR configuration example Network requirements Router S, Router A, and Router B belong to the same IS-IS routing domain as illustrated in Figure...
Page 181
[RouterS] slave switchover enable [RouterS] slave switchover Caution!!! Confirm to switch slave to master? [Y/N]:Y # Display IS-IS neighbors and routes on Router A. <RouterA> display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0001 Interface: GE2/1/1 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 25s Type: L1(L1L2)
System Id: 0000.0000.0001 Interface: GE2/1/1 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 25s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0001 Interface: GE2/1/1 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 27s Type: L2(L1L2) PRI: 64 <RouterB> display isis route Route information for ISIS(1) ----------------------------- ISIS(1) IPv4 Level-1 Forwarding Table -------------------------------------...
Page 183
Figure 55 Network diagram Configuration procedure Configure IP addresses for the interfaces on each router and configure IS-IS. Follow Figure 55 to configure the IP address and subnet mask of each interface on the routers. (Details not shown.) Configure IS-IS on the routers, ensuring that Router A, Router D, and Router S can communicate with each other at Layer 3.
Page 184
[RouterD] bfd echo-source-ip 4.4.4.4 [RouterD] ip ip-prefix abc index 10 permit 1.1.1.1 32 [RouterD] route-policy frr permit node 10 [RouterD-route-policy] if-match ip-prefix abc [RouterD-route-policy] apply fast-reroute backup-interface gigabitethernet 2/1/1 backup-nexthop 24.24.24.2 [RouterD-route-policy] quit [RouterD] isis 1 [RouterD-isis-1] fast-reroute route-policy frr [RouterD-isis-1] quit Verify the configuration: # Display route 4.4.4.4/32 on Router S to view the backup next hop information.
IS-IS authentication configuration example Network requirements As shown in Figure 56, Router A, Router B, Router C, and Router D reside in the same IS-IS routing domain. Router A, Router B, and Router C belong to Area 10, and Router D belongs to Area 20. Configure neighbor relationship authentication between neighbors.
Page 189
Verify the configuration: The following configurations are made on Router A. Configurations for Router B are similar. (Details not shown.) # Display the BFD information of Router A. <RouterA> display bfd session Total Session Num: 1 Init Mode: Active Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr...
#Aug 8 14:54:05:364 2008 RouterA ISIS/4/ADJ_CHANGE:TrapID(1.3.6.1.2.1.138.0.17<isisAdjacencyChange>), ISIS Level-1 Adjencency IN Circuit-983041 State Change. %Aug 8 14:54:05:365 2008 RouterA IFNET/4/LINK UPDOWN: GigabitEthernet2/1/1 link status is DOWN %Aug 8 14:54:05:366 2008 RouterA IFNET/4/UPDOWN: Line protocol on the interface GigabitEthernet2/1/1 is DOWN %Aug 8 14:54:05:367 2008 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (GE2/1/1) DOWN, Level-2 Circuit Down.
Page 191
Figure 58 Network diagram Device Interface IP address Device Interface IP address Router A GE2/2/1 4.4.4.20/24 Router B GE2/2/1 5.1.1.21/24 GE2/2/2 3.1.1.20/24 GE2/2/2 3.1.1.21/24 GE2/2/3 6.1.1.21/22 Router C GE2/2/1 5.1.1.23/24 Router D GE2/2/1 4.4.4.21/24 GE2/2/2 7.1.1.23/24 GE2/2/2 7.1.1.22/24 Loop0 4.4.4.4/32 GE2/2/3 6.1.1.22/22 Configuration procedure...
Page 192
[RouterA-multiple-topology-video] acl 3002 [RouterA-multiple-topology-video] quit [RouterA-address-family ipv4] quit # Enable topology voice for GigabitEthernet 2/2/1, and video for GigabitEthernet 2/2/2. [RouterA] interface gigabitethernet 2/2/2 [RouterA-GigabitEthernet2/2/2] multiple-topology video enable [RouterA-GigabitEthernet2/2/2] quit [RouterA] interface gigabitethernet 2/2/1 [RouterA-GigabitEthernet2/2/1] multiple-topology voice enable [RouterA-GigabitEthernet2/2/1] quit Configurations on other routers are similar.
Configuring BGP Overview Border Gateway Protocol (BGP) is an exterior gateway protocol. It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271). Unless otherwise stated, BGP refers to BGP-4 in this document.
Page 197
• ORIGIN The ORIGIN attribute identifies the origin of routing information (how a route became a BGP route). This attribute has the following types: IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute. EGP—Has the second highest priority. Routes obtained through EGP have the EGP attribute. INCOMPLETE—Has the lowest priority.
Page 198
When a BGP speaker advertises a self-originated route to a BGP peer, it sets the address of the sending interface as the NEXT_HOP. When a BGP speaker sends a received route to an EBGP peer, it sets the address of the sending interface as the NEXT_HOP.
Page 199
Figure 61 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 EBGP IBGP MED = 0 9.0.0.0 IBGP Router A Router D D = 9.0.0.0 EBGP IBGP Next_hop = 3.1.1.1 MED = 100 AS 10 3.1.1.1 Router C AS 20...
Page 200
Figure 62 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a four-byte integer).
BGP route selection BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the best route in the following sequence: Highest Preferred_value Highest LOCAL_PREF Summary route Shortest AS_PATH IGP, EGP, or INCOMPLETE route in turn Lowest MED value Learned from EBGP, confederation, or IBGP in turn Smallest next hop metric...
BGP differs from IGP in the implementation of load balancing in the following ways: IGP routing protocols, such as RIP and OSPF, compute metrics of routes, and then implement load balancing over routes with the same metric and to the same destination. The route selection criterion is metric.
Page 203
When a route flap occurs, the routing protocol sends an update to its neighbor, and then the neighbor recalculates routes and modifies the routing table. Frequent route flaps consume too many resources and affect other operations. In most cases, BGP runs in complex networks, where route changes are more frequent. To solve the problem caused by route flapping, you can use BGP route dampening to suppress unstable routes.
Page 204
Figure 65 Network diagram for a route reflector The route reflector and clients form a cluster. Typically a cluster has one route reflector. The ID of the route reflector is the Cluster_ID. You can configure more than one route reflector in a cluster to improve availability as shown in Figure 66.
Figure 67 Confederation network diagram A non-confederation BGP speaker does not need to know sub ASs in the confederation. It considers the confederation as one AS, and the confederation ID as the AS number. In the above figure, AS 200 is the confederation ID. Confederation has a deficiency.
The system supports multiple MP-BGP extensions, including VPN extension (see MPLS Configuration Guide), IPv6 extension (see "Configuring IPv6 BGP"), and multicast extension (see IP Multicast Configuration Guide). Address family MP-BGP uses address families and subsequent address families to differentiate network layer protocols of routes contained in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes.
Page 207
Task Remarks Enterprise recommends that you configure BGP peer groups on large scale Configuring the BGP dynamic peer feature BGP networks for easy configuration and maintenance. Specifying the source interface for TCP Optional. connections Injecting a local network Required. Controlling route generation Use at least one method.
Page 208
Task Remarks taking effect During network optimization upgrade, each change routing policies triggers route refreshing, which burdens BGP routers the network. This task disables policies from automatically taking effect. After modifying all policies, execute refresh or reset bgp command make the new polices take effect.
Task Remarks Configuring BGP GR Optional. Configuring BGP NSR Optional. Enabling trap Optional. Enabling logging of session state changes Optional. Configuring BFD for BGP Optional. Configuring basic BGP This section describes the tasks required for a BGP network to work. Enabling BGP A router ID is the unique identifier of a BGP router in an AS.
Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Create a BGP peer and peer as-number ip-address...
Page 211
Step Command Remarks By default, no peer exists in the peer group. peer ip-address group Add a peer into the IBGP group-name [ as-number To use the as-number peer group. as-number ] as-number option, you must specify the local AS number. Optional.
Page 212
Step Command Remarks Optional. Configure a description for a peer group-name description By default, no description is peer group. description-text configured for the peer group. To configure an EBGP peer group by using Method 2: Step Command Remarks Enter system view. system-view •...
Step Command Remarks peer ip-address group Add a peer into the EBGP group-name as-number peer group. as-number Optional. Enable a peer. peer ip-address enable Enabled by default. Optional. Configure a description for a peer group-name description By default, no description is peer group.
Step Command Remarks By default, MD5 authentication is not configured for the BGP peer group. To prevent illegal neighbors Configure MD5 peer group-name password from attacking the device, authentication for the BGP { cipher | simple } password Hewlett Packard Enterprise peer group.
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name By default, BGP uses the outbound Specify the source interface of the best route to the peer { group-name | ip-address } interface for establishing...
Redistributing IGP routes Perform this task to configure route redistribution from an IGP to BGP. By default, BGP does not redistribute default IGP routes. You can use the default-route imported command to redistribute default IGP routes into the BGP routing table. The origin attribute of BGP routes redistributed from IGPs is INCOMPLETE.
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Configure automatic route Not configured by default. summary automatic summarization.
Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Advertise a default route to a default-route-advertise Not advertised by default.
Page 219
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name • Configure the filtering of redistributed routes advertised to all peers: filter-policy { acl-number | ip-prefix ip-prefix-name } export...
Only routes passing all the configured policies can be received. To configure BGP route reception filtering policies: Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view.
IGP, Router D forwards the packet to Router C through route recursion. Router C does not know the route 8.0.0.0/8, so it discards the packet. Figure 68 IBGP and IGP synchronization For this example, if synchronization is enabled, and the route 8.0.0.0/24 received from Router B is available in its IGP routing table, Router D advertises the IBGP route when the following conditions are met: •...
Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Specify the maximum By default, the number of routes route-limit prefix-number...
Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Optional. Specify a preferred value for peer { group-name | ip-address } routes received from a peer By default, the preferred value is...
Configure the default local preference The local preference is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest local preference as the best route.
Page 225
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Enable the comparison of MED of routes from different Not enabled by default.
Page 226
To resolve this issue, configure the bestroute compare-med command on Router D. After that, Router D puts routes received from the same AS into a group. Router D then selects the route with the lowest MED from the same group, and compares routes from different groups. The following output is the BGP routing table on Router D after the comparison of MED of routes from each AS is enabled.
Configuring the NEXT_HOP attribute By default, when advertising routes to an IBGP peer or peer group, a BGP router does not set itself as the next hop. However, to ensure a BGP peer can find the correct next hop in some cases, you need to configure the router as the next hop for routes sent to the peer.
Step Command Remarks Optional. By default, the router sets it as the Specify the router as the next hop for routes sent to an peer { group-name | ip-address } next hop of routes sent to a EBGP peer or peer group, but next-hop-local peer or peer group.
Page 229
Specifying a fake AS number for a peer or peer group When Router A in AS 2 is moved to AS 3, you can configure Router A to specify a fake AS number of 2 for created connections to EBGP peers or peer groups. In this way, these EBGP peers still think Router A is in AS 2 and need not change their configurations.
Page 230
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Replace the AS number of a peer or peer group in the peer { group-name | ip-address } Not configured by default.
Tuning and optimizing BGP networks Configuring the BGP keepalive interval and holdtime After establishing a BGP session, two routers send keepalive messages at the specified keepalive interval to each other to keep the session. If a router receives no keepalive or update message from the peer within the holdtime, it tears down the session.
Configuring the interval for sending the same update A BGP router sends an update message to its peers when a route is changed. If the route changes frequently, the BGP router sends a large number of updates for the route, which can cause route flaps.
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Enable BGP route refresh for Enabled by default.
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Enable 4-byte AS number Disabled by default.
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name peer { group-name | ip-address } Enable MD5 authentication password { cipher | simple } Not enabled by default.
Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP-VPN instance view: Enter BGP view or Use either method. BGP-VPN instance view. a. bgp as-number b. ipv4-family vpn-instance vpn-instance-name Forbid session peer { group-name | ip-address } establishment with a peer or Not forbidden by default.
Disabling BGP route advertisement to a peer or peer group To disable BGP from sending routing updates to the specified peer or peer group: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Disable BGP from sending peer { group-name | ip-address } By default, BGP sends routing routing updates to the...
Step Command Remarks peer { group-name | ip-address } Optional. Enable BGP route refresh for capability-advertise a peer or peer group. Enabled by default. route-refresh Configuring manual soft-reset If a BGP peer does not support route-refresh, you must save updates from the peer on the local router by using the peer keep-all-routes command, and use the refresh bgp command to refresh the BGP routing table.
• rr-filter (see MPLS Command Reference) • peer upe route-policy (see MPLS Command Reference) To disable BGP routing policies from automatically taking effect: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number By default, when a BGP routing Disable BGP routing policies policy is changed, BGP from automatically taking...
Step Command Remarks • Advertise the community attribute to a peer or peer group: peer { group-name | ip-address } Advertise the community Use either method. attribute or extended advertise-community community attribute to a peer • Advertise the extended Not configured by default. or peer group.
Step Command Remarks Not configured by default. The peer reflect-client command can be configured in both BGP view and BGP-VPNv4 subaddress family view. In BGP view, the command enables the router to reflect routes of the Configure the router as a public network;...
Step Command Remarks Configure a confederation Not configured by default. confederation id as-number Specify peering sub ASs in confederation peer-as Not configured by default. the confederation. as-number-list Configuring confederation compatibility If some other routers in the confederation do not comply with RFC 3065, you must enable confederation compatibility to allow the router to work with those routers.
BGP routes already learned to complete BGP routing convergence. The GR helper then removes the stale routes. Follow these guidelines when you configure BGP GR: • The GR and NSR features are mutually exclusive. Do not configure them at the same time. •...
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enable BGP NSR. Disabled by default. non-stop-routing Enabling trap After trap is enabled for BGP, BGP generates Level-4 traps to report important events. The generated traps are sent to the information center of the device. The output rules of the traps (whether to output the traps and the output direction) are determined according to the information center configuration.
IMPORTANT: • Before you configure BFD for BGP, you must enable BGP. • After a link failure occurs, BFD can detect the failure before the system performs GR. As a result, GR will fail. If GR capability is enabled for BGP, use BFD with caution. If GR and BFD are both enabled, do not disable BFD during a GR process;...
Page 246
Task Command Remarks display bgp routing-table [ ip-address [ { mask | mask-length } Display BGP routing information. [ longer-prefixes ] ] ] [ | { begin | Available in any view. exclude | include } regular-expression ] display bgp routing-table Display routing information as-path-acl as-path-acl-number [ | Available in any view.
Task Command Remarks display bgp routing-table Display routing information Available in any view. regular-expression matching a regular expression. as-regular-expression display bgp routing-table statistic [ | Display BGP routing statistics. { begin | exclude | include } Available in any view. regular-expression ] display router id [ | { begin | exclude | Display the global router ID.
Page 248
Figure 73 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure IBGP: To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections. Because loopback interfaces are virtual interfaces, you need to use the peer connect-interface command to specify the loopback interface as the source interface for establishing BGP connections.
Page 249
Total number of peers : 1 Peers in established state : 1 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 2.2.2.2 65009 0 00:06:09 Established The output shows that Router C has established an IBGP peer relationship with Router B. Configure EBGP: The EBGP peers, Router A and Router B (usually belong to different ISPs), are located in different ASs.
Page 250
*> 8.1.1.0/24 0.0.0.0 # Display the BGP routing table on Router B. [RouterB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 2.2.2.2 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete...
*> 2.2.2.2/32 3.1.1.1 65009? 3.1.1.0/24 3.1.1.1 65009? *> 8.1.1.0/24 0.0.0.0 *> 9.1.1.0/24 3.1.1.1 65009? Two routes 2.2.2.2/32 and 9.1.1.0/24 have been added in the routing table of Router A. # Display the BGP routing table on Router C. [RouterC] display bgp routing-table Total Number of Routes: 4 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, >...
Figure 74 Network diagram AS 65009 AS 65008 Loop0 Loop0 Loop0 1.1.1.1/32 2.2.2.2/32 3.3.3.3/32 GE2/1/1 EBGP OSPF GE2/1/1 8.1.1.1/24 9.1.2.1/24 S2/2/1 S2/2/1 S2/2/0 S2/2/0 3.1.1.2/24 3.1.1.1/24 9.1.1.1/24 9.1.1.2/24 Router A Router B Router C Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF: Enable OSPF in AS 65009, so that Router B can obtain the route to 9.1.2.0/24.
Page 253
Configure OSPF to redistribute routes from BGP on Router B, so that Router C can obtain the route to 8.1.1.0/24. # Configure BGP to redistribute routes from OSPF on Router B. [RouterB-bgp] import-route ospf 1 [RouterB-bgp] quit [RouterB] ospf 1 [RouterB-ospf-1] import-route bgp [RouterB-ospf-1] quit # Display the BGP routing table on Router A.
--- 9.1.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/37/47 ms [RouterC] ping -a 9.1.2.1 8.1.1.1 PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms...
Page 255
On Router B, establish an EBGP connection with Router A and an IBGP connection with Router C; configure BGP to advertise network 9.1.1.0/24 to Router A, so Router A can access the intranet through Router B; configure a static route to interface loopback 0 on Router C (or use a routing protocol like OSPF) to establish the IBGP connection.
*> 9.1.1.0/24 3.1.1.1 65009i 3.1.2.1 65009i The output shows two valid routes to destination 9.1.1.0/24: the route with next hop 3.1.1.1 is marked with a greater-than sign (>), indicating it is the best route; the route with next hop 3.1.2.1 is marked with only an asterisk (*), indicating it is a valid route, but not the best.
Page 257
Figure 76 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure static routing between Router A and Router B: # Configure a default route with the next hop 192.168.212.1 on Router A. <RouterA> system-view [RouterA] ip route-static 0.0.0.0 0 192.168.212.1 # Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B.
Page 258
Destination/Mask Proto Cost NextHop Interface 3.3.3.3/32 Direct 0 127.0.0.1 InLoop0 10.220.2.0/24 Direct 0 10.220.2.16 S2/2/0 10.220.2.16/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 172.17.100.0/24 Direct 0 172.17.100.2 S2/2/1 172.17.100.2/32 Direct 0 127.0.0.1 InLoop0 192.168.64.0/24 O_ASE 172.17.100.1...
# Summarize 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 into a single route 192.168.64.0/18 on Router C and disable advertisement of the specific routes. [RouterC-bgp] aggregate 192.168.64.0 18 detail-suppressed [RouterC-bgp] quit Verify the configuration: # Display IP routing table information on Router C. [RouterC] display ip routing-table Routing Tables: Public Destinations : 11...
Page 260
Figure 77 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure EBGP connections: # Configure Router A. <RouterA> system-view [RouterA] bgp 10 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 200.1.2.2 as-number 20 [RouterA-bgp] network 9.1.1.0 255.255.255.0 [RouterA-bgp] quit # Configure Router B.
Page 261
Origin : igp Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Advertised to such 1 peers: 200.1.3.2 Router B has advertised the route to Router C in AS 30. # Display BGP routing table information on Router C. [RouterC] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 3.3.3.3...
BGP route reflector configuration Network requirements As shown in Figure 78, all routers run BGP. • EBGP runs between Router A and Router B. IBGP runs between Router C and Router B, and between Router C and Router D. • Router C is a route reflector with clients Router B and D.
[RouterD-bgp] peer 194.1.1.1 as-number 200 [RouterD-bgp] quit Configure the route reflector: # Configure Router C as the route reflector. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.2 reflect-client [RouterC-bgp] peer 194.1.1.2 reflect-client [RouterC-bgp] quit Verify the configuration: # Display the BGP routing table on Router B. [RouterB] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 200.1.2.2...
Page 264
Figure 79 Network diagram Router C Router B GE2/1/1 GE2/1/1 GE2/1/1 AS 65002 AS 65003 S2/2/0 Router F GE2/1/4 AS 100 S2/2/1 GE2/1/1 GE2/1/2 GE2/1/2 Router A GE2/1/1 GE2/1/3 Router D AS 65001 GE2/1/2 GE2/1/1 Router E AS 200 Device Interface IP address Device...
Page 266
BGP Local router ID is 2.2.2.2 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
State : valid, internal, best, Not advertised to any peers yet The output indicates the following: Router F can send route information to Router B and Router C through the confederation by establishing only an EBGP connection with Router A. Router B and Router D are in the same confederation, but belong to different sub ASs.
Page 269
# Define routing policy apply_med_50 that sets the MED value of route 1.0.0.0/8 to 50, and routing policy apply_med_100 that sets the MED value of route 1.0.0.0/8 to 100. [RouterA] route-policy apply_med_50 permit node 10 [RouterA-route-policy] if-match acl 2000 [RouterA-route-policy] apply cost 50 [RouterA-route-policy] quit [RouterA] route-policy apply_med_100 permit node 10 [RouterA-route-policy] if-match acl 2000...
Total Number of Routes: 2 BGP Local router ID is 194.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
# Configure the IBGP connection. [RouterB-bgp] peer 9.1.1.2 as-number 65009 # Inject networks 200.1.1.0/24 and 9.1.1.0/24 to the BGP routing table. [RouterB-bgp] network 200.1.1.0 24 [RouterB-bgp] network 9.1.1.0 24 # Enable GR capability for BGP. [RouterB-bgp] graceful-restart Configure Router C: # Configure IP addresses for interfaces.
Page 272
Configure OSPF so that Router A and Router C are reachable to each other. (Details not shown.) Configure BGP on Router A: # Establish two IBGP connections to Router C. <RouterA> system-view [RouterA] bgp 200 [RouterA-bgp] peer 3.0.2.2 as-number 200 [RouterA-bgp] peer 2.0.2.2 as-number 200 [RouterA-bgp] quit # Create ACL 2000 to permit 1.1.1.0/24 to pass.
Page 273
[RouterA-GigabitEthernet2/1/2] bfd detect-multiplier 7 # Configure Router C. [RouterC] bfd session init-mode active [RouterC] interface gigabitethernet 2/1 [RouterC-GigabitEthernet2/1] bfd min-transmit-interval 500 [RouterC-GigabitEthernet2/1] bfd min-receive-interval 500 [RouterC-GigabitEthernet2/1] bfd detect-multiplier 7 [RouterC-GigabitEthernet2/1] return Verify the configuration: The following operations are made on Router C. Operations on Router A are similar. # Display detailed BFD session information.
BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 2.0.2.1 Neighbor : 2.0.1.1 Tunnel ID: 0x0 Label: NULL State: Active Adv Age: 00h09m54s Tag: 0 The output shows that Router C has one route to reach network 1.1.1.0/24, that is, Router C<—>Router D<—>Router A. BGP dynamic peer configuration Network diagram All routers run BGP.
Page 276
[RouterC-bgp] peer 10.1.2.1 as-number 200 # On Router D, configure Router A as an IBGP peer. <RouterD> system-view [RouterD] bgp 200 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] peer 10.1.3.1 as-number 200 # Display information about BGP peers on Router A. [RouterA] display bgp peer BGP local router ID : 1.1.1.1 Local AS number : 200 Total number of peers : 3...
Troubleshooting BGP BGP peer relationship not established Symptom Display BGP peer information by using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis To become BGP peers, any two routers must establish a TCP session using port 179 and exchange Open messages successfully.
Configuring policy-based routing Overview Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address, packet length, and other criteria. A policy can specify the output interface, next hop, default output interface, default next hop, and other parameters for packets that match specific criteria such as ACLs or have specific lengths.
Page 279
Clause Meaning Priority If this clause is configured, other apply clauses, except the apply ip-df zero clause, are not executed. apply access-vpn If a packet matches a forwarding entry of a specified Sets VPN instances. vpn-instance VPN instance, it is forwarded in the VPN instance. If it does not match any entry in all VPN instances specified, it is discarded.
PBR and track You can use track to monitor the output interface, default output interface, next hop, and default next hop for PBR so that PBR can discover link failures faster. PBR takes effect when the status of the associated track entry is positive or invalid. For more information about track-PBR collaboration, see High Availability Configuration Guide.
Step Command Remarks Configure a packet length Optional. if-match packet-length min-len max-len match criterion. Configure a reverse input if-match reverse-input-interface Optional. interface match criterion. interface-type interface-number Configuring actions for a node Step Command Remarks Enter system view. system-view policy-based-route policy-name Enter policy node view.
Step Command Remarks Optional. 11. Set two default next hops to apply ip-address default By default, both default next hops operate in active/standby next-hop standby take effect to achieve load mode. sharing. Optional. 12. Match packets against the Use this command only when the next node upon match apply fail-action continue match mode of the node is...
Step Command Remarks interface interface-type Enter interface view. interface-number Apply a policy on the ip policy-based-route Not applied by default. interface. policy-name Displaying and maintaining PBR Task Command Remarks display policy-based-route Available in any Display PBR configuration for a policy. [ policy-name ] [ | { begin | exclude view.
PBR configuration examples Configuring local PBR based on packet type Network requirements As shown in Figure 84, configure local PBR on Router A to forward all locally generated TCP packets through Serial 2/2/0. Router A forwards other packets according to the routing table. Figure 84 Network diagram Configuration procedure Configure Router A:...
[RouterC-Serial2/2/1] ip address 1.1.3.2 255.255.255.0 [RouterC-Serial2/2/1] quit Verify the configuration: # Telnet to Router B (1.1.2.2/24) from Router A. The operation succeeds. # Telnet to Router C (1.1.3.2/24) from Router A. The operation fails. # Ping Router C (1.1.3.2/24) from Router A. The operation succeeds. Telnet uses TCP, and ping uses ICMP.
[RouterA-pbr-aaa-5] quit # Configure interface PBR by applying the policy aaa on GigabitEthernet 2/1/1. [RouterA] interface GigabitEthernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ip address 10.110.0.10 255.255.255.0 [RouterA-GigabitEthernet2/1/1] ip policy-based-route aaa [RouterA-GigabitEthernet2/1/1] quit # Configure the IP addresses of the serial interfaces. [RouterA] interface serial 2/2/0 [RouterA-Serial2/2/0] ip address 1.1.2.1 255.255.255.0 [RouterA-Serial2/2/0] quit [RouterA] interface serial 2/2/1...
Page 287
Figure 86 Network diagram Configuration procedure Configure Router A: # Configure RIP. <RouterA> system-view [RouterA] rip [RouterA-rip-1] network 192.1.1.0 [RouterA-rip-1] network 150.1.0.0 [RouterA-rip-1] network 151.1.0.0 [RouterA-rip-1] quit # Configure Node 10 for policy lab1 to forward packets with a length of 64 to 100 bytes to the next hop 150.1.1.2, and packets with a length of 101 to 1000 bytes to the next hop 151.1.1.2.
Page 288
[RouterB-rip-1] network 151.1.0.0 # Configure the IP addresses of the serial interfaces. [RouterB] interface serial 2/2/0 [RouterB-Serial2/2/0] ip address 150.1.1.2 255.255.255.0 [RouterB-Serial2/2/0] quit [RouterB] interface serial 2/2/1 [RouterB-Serial2/2/1] ip address 151.1.1.2 255.255.255.0 [RouterB-Serial2/2/1] quit # Configure the loopback interface address. [RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 10.1.1.1 32 Verify the configuration:...
Reply from 10.1.1.1: bytes=200 time<1ms TTL=255 Reply from 10.1.1.1: bytes=200 time<1ms TTL=255 Reply from 10.1.1.1: bytes=200 time<1ms TTL=255 Ping statistics for 10.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms The debugging information about PBR displayed on Router A is as follows: <RouterA>...
Page 290
Figure 87 Network diagram Configuration procedure # Configure IP addresses for the interfaces on Router A and make sure that Router A can reach the public network. (Details not shown.) # Configure an NAT internal server on interface Serial 2/2/0, and specify 2.1.1.100/16 (on the same network segment as the IP address of Serial 2/2/0 on Router A) as the public address of the HTTP server 192.168.1.2/24.
Configuring interface PBR on a VLAN interface Network requirements Figure 88. Router A is configured with SAP modules. Configure Router A to operate in gateway mode, create VLAN 100 and VLAN 200 on it, and configure interface PBR on VLAN-interface 200 so that packets from VLAN 200 to VLAN 100 are forwarded through GigabitEthernet 2/0/2.
Page 292
[Route A-acl-adv-3000] quit # Create a policy and define node 1, setting the next hop to 30.1.1.2 for packets matching ACL 3000. [Route A] policy-based-route aaa node 1 [Route A-pbr-aaa-1] if-match acl 3000 [Route A-pbr-aaa-1] apply ip-address next-hop 30.1.1.2 [Route A-pbr-aaa-1] quit # Configure interface PBR on VLAN-interface 200.
Configuring IPv6 static routing Overview Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Proper configuration and use can improve network performance and ensure enough bandwidth for important applications. Static routes cannot adapt to network topology changes.
Displaying and maintaining IPv6 static routes Task Command Remarks display ipv6 routing-table Display IPv6 static route protocol static [ inactive | Available in any view. information. verbose ] [ | { begin | exclude | include } regular-expression ] For more information about the display ipv6 routing-table protocol static [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] command, see Layer 3—IP Routing Command Reference.
Page 295
<RouterC> system-view [RouterC] ipv6 [RouterC] ipv6 route-static :: 0 5::2 Configure the IPv6 addresses of hosts and gateways: Configure the IPv6 addresses of all the hosts based on the network diagram, and configure the default gateway of Host A as 1::1, Host B as 2::1, and Host C as 3::1. Verify the configuration: # Display the IPv6 routing table on Router A.
Configuring an IPv6 default route An IPv6 default route is used to forward packets that match no entry in the routing table. An IPv6 default route can be configured in either of the following ways: • The network administrator can configure a default route with a destination prefix of ::/0. For more information, see "Configuring IPv6 static routing."...
Configuring RIPng Overview RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: • UDP port number—RIPng uses UDP port 521 for sending and receiving routing information. •...
Figure 90 RIPng basic packet format Packet header description: • Command—Type of message. 0x01 indicates Request, 0x02 indicates Response. • Version—Version of RIPng. It can only be 0x01. • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: •...
the entire routing table information in response messages. If multiple RTEs exist in the request message, the RIPng router examines each RTE, update its metric, and send the requested routing information to the requesting router in the response packet. Response packet The response packet containing the local routing table information is generated as follows: •...
Configuration prerequisites Before you configure RIPng basic functions, complete the following tasks: • Enable IPv6 packet forwarding. • Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration procedure To configure the basic RIPng functions: Step Command Remarks...
Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional. Specify an inbound ripng metricin value routing additional metric. 0 by default. Optional. Specify an outbound ripng metricout value routing additional metric. 1 by default. Configuring RIPng route summarization Step Command Enter system view.
Step Command Remarks filter-policy { acl6-number | Configure a filter policy By default, RIPng does not filter ipv6-prefix ipv6-prefix-name } export to filter outgoing routes. outgoing routing information. [ protocol [ process-id ] ] Configuring a priority for RIPng Routing protocols have their own protocol priorities used for optimal route selection. You can set a priority for RIPng manually.
When adjusting RIPng timers, consider the network performance, and perform unified configurations on routers running RIPng to avoid unnecessary network traffic or route oscillation. To configure RIPng timers: Step Command Remarks Enter system view. system-view ripng [ process-id ] Enter RIPng view. [ vpn-instance vpn-instance-name ] Optional.
Step Command Remarks Enable the poison reverse Disabled by default. ripng poison-reverse function. Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called "zero fields." With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded.
Configuration prerequisites Before you apply an IPsec policy for RIPng, complete following tasks: • Create an IPsec proposal. • Create an IPsec policy. For more information about IPsec policy configuration, see Security Configuration Guide. Configuration procedure To apply an IPsec policy in a process: Step Command Remarks...
RIPng configuration examples Configuring RIPng basic functions Network requirements As shown in Figure 93, all routers learn IPv6 routing information through RIPng. Configure Router B to filter the route (3::/64) learned from Router C, which means the route is not added to the routing table of Router B, and Router B does not forward it to Router A.
Page 308
[RouterC-Gigabitethernet2/1/2] ripng 1 enable [RouterC-Gigabitethernet2/1/2] quit [RouterC] interface gigabitethernet 2/1/3 [RouterC-Gigabitethernet2/1/3] ripng 1 enable [RouterC-Gigabitethernet2/1/3] quit # Display the routing table of Router B. [RouterB] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------- Peer FE80::20F:E2FF:FE23:82F5 on Gigabitethernet2/1/1...
---------------------------------------------------------------- Peer FE80::20F:E2FF:FE00:1235 on Gigabitethernet2/1/1 Dest 1::/64, via FE80::20F:E2FF:FE00:1235, cost 1, tag 0, A, 2 Sec Dest 4::/64, via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:1235, cost 2, tag 0, A, 2 Sec Configuring RIPng route redistribution Network requirements •...
Configuring OSPFv3 Overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 5340 (OSPF for IPv6). OSPFv3 and OSPFv2 have the following similarities: • A 32-bits router ID and area ID • Packets, including Hello, DD (Data Description), LSR (Link State Request), LSU (Link State Update), LSAck (Link State Acknowledgment) •...
• Network-LSA—Originated for broadcast and NBMA networks by the Designated Router. This LSA contains the list of routers connected to the network, and is flooded throughout a single area only. • Inter-Area-Prefix-LSA—Originated by Area Border Routers (ABRs), and flooded throughout the LSA's associated area.
SPF timer Whenever the LSDB changes, an SPF calculation happens. If recalculations become frequent, a large amount of resources are occupied. You can adjust the SPF calculation interval and delay time to protect networks from being overloaded due to frequent changes. GR timer If a failure to establish adjacencies occurs during a GR, the device is in the GR process for a long time.
Task Remarks optimizing Configuring a DR priority for an interface Optional. OSPFv3 networks Ignoring MTU check for DD packets Optional. Disabling interfaces from receiving and sending OSPFv3 Optional. packets Enabling the logging of neighbor state changes Optional. Configuring GR restarter Optional.
Configuring OSPFv3 area parameters The stub area, NSSA area, and virtual link features of OSPFv3 are the same as OSPFv2. Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications. For those non-backbone areas residing on the AS boundary, configure them as stub areas to further reduce the size of routing tables and the number of LSAs.
Step Command Remarks Enter OSPFv3 area view. area area-id nssa [ default-route-advertise [ cost cost | type type ] * | no-import-route | no-summary | Configure the area as an By default, no area is configured suppress-fa | { translate-always NSSA area.
Configuration prerequisites Before you configure OSPFv3 network types, complete the following tasks: • Configure IPv6 functions. • Configure OSPFv3 basic functions. Configuring the OSPFv3 network type for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Optional.
route. Any LSA falling into the specified network segment will not be advertised, reducing the LSDB size in other areas. To configure route summarization: Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Enter OSPFv3 area view. area area-id Not configured by default.
Step Command Remarks Optional. The default cost depends on the interface Configure an OSPFv3 ospfv3 cost value type: 1 for a VLAN interface; 0 for a loopback cost for the interface. [ instance instance-id ] interface; computed according to the bandwidth for other interfaces.
• Executing the import-route or default-route-advertise command on a router makes it become an ASBR. • You can only inject and advertise a default route by using the default-route-advertise command. • Because OSPFv3 is a link state routing protocol, it cannot directly filter LSAs to be advertised; you must filter redistributed routes first.
Configuring OSPFv3 timers Make sure that the dead interval set on neighboring interfaces is not too short; otherwise, a neighbor is easily considered down. Also, make sure that the LSA retransmission interval is not too short; otherwise, unnecessary retransmissions might occur. To configure OSPFv3 timers: Step Command...
Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Optional. ospfv3 dr-priority priority [ instance Configure a DR priority. instance-id ] Defaults to 1. Ignoring MTU check for DD packets When LSAs are few in DD packets, it is unnecessary to check the MTU in DD packets to improve efficiency.
Step Command Remarks Enter OSPFv3 view. ospfv3 [ process-id ] Enable the logging of Enabled by default. log-peer-change neighbor state changes. Configuring OSPFv3 GR GR ensures the continuity of packet forwarding when a routing protocol restarts, an active/standby MPU switchover occurs in standalone mode, or a global active/standby MPU switchover occurs in IRF mode.
Step Command Remarks Enter system view. system-view Enter OSPFv3 view. ospfv3 [ process-id ] Optional. Enable the GR graceful-restart helper enable helper capability. Enabled by default. Optional. Enable strict LSA graceful-restart helper checking. strict-lsa-checking Disabled by default. Configuring BFD for OSPFv3 Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links between OSPFv3 neighbors, thus to improve the convergence speed of OSPFv3.
Page 328
• To implement interface-based IPsec protection, configure the same IPsec policy on the interfaces between two neighboring routers. • To implement virtual link-based IPsec protection, configure the same IPsec policy on the two routers connected over the virtual link. If an interface and its area each have an IPsec policy configured, the interface uses its own IPsec policy.
OSPFv3 configuration examples Configuring OSPFv3 areas Network requirements As shown in Figure • Enable OSPFv3 on all routers. • Split the AS into three areas. • Configure Router B and Router C as ABRs to forward routing information between areas. •...
Page 332
Neighbor ID State Dead Time Interface Instance ID 2.2.2.2 Full/DR 00:00:35 GE2/2/0 OSPFv3 Area ID 0.0.0.2 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 4.4.4.4 Full/Backup 00:00:36 GE2/2/1 # Display OSPFv3 routing information on Router D. [RouterD] display ospfv3 routing - Intra area route, E1 - Type 1 external route, N1 –...
Page 333
OSPFv3 Router with ID (4.4.4.4) (Process 1) ------------------------------------------------------------------------ *Destination: ::/0 Type : IA Cost : 11 NextHop : FE80::F40D:0:93D0:1 Interface: GE2/2/1 *Destination: 2001::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: GE2/2/1 *Destination: 2001:1::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: GE2/2/1 *Destination: 2001:2::/64 Type...
Configuring OSPFv3 DR election Network requirements • As shown in Figure 98, the priority of Router A is 100, the highest priority on the network, so it becomes the DR. • The priority of Router C is 2, the second highest priority on the network, so it becomes the BDR. •...
Page 335
[RouterC] ospfv3 [RouterC-ospfv3-1] router-id 3.3.3.3 [RouterC-ospfv3-1] quit [RouterC] interface GigabitEthernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ospfv3 1 area 0 [RouterC-GigabitEthernet2/1/1] quit # Configure Router D. <RouterD> system-view [RouterD] ipv6 [RouterD] ospfv3 [RouterD-ospfv3-1] router-id 4.4.4.4 [RouterD-ospfv3-1] quit [RouterD] interface GigabitEthernet 2/1/1 [RouterD-GigabitEthernet2/1/1] ospfv3 1 area 0 [RouterD-GigabitEthernet2/1/1] quit # Display neighbor information on Router A.
OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------- Neighbor ID State Dead Time Interface Instance ID 2.2.2.2 2-Way/DROther 00:00:38 GE2/1/1 3.3.3.3 Full/Backup 00:00:32 GE2/1/1 4.4.4.4 Full/DR 00:00:36 GE2/1/1 # Display neighbor information on Router D. Router D is still the DR. [RouterD] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ----------------------------------------------------------------------...
Page 337
Figure 99 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # Enable OSPFv3 process 1 on Router A. <RouterA> system-view [RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface GigabitEthernet 2/1/2 [RouterA-GigabitEthernet2/1/2] ospfv3 1 area 2 [RouterA-GigabitEthernet2/1/2] quit [RouterA] interface GigabitEthernet 2/1/1...
Page 338
[RouterC-GigabitEthernet2/1/2] ospfv3 2 area 2 [RouterC-GigabitEthernet2/1/2] quit [RouterC] interface GigabitEthernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ospfv3 2 area 2 [RouterC-GigabitEthernet2/1/1] quit # Display the routing table of Router C. [RouterC] display ipv6 routing-table Routing Table : Destinations : 6 Routes : 6 Destination: ::1/128 Protocol : Direct NextHop...
Verify the configuration: # After all routers function correctly, perform a master/backup switchover on Router A to trigger an OSPFv3 GR operation. Configuring BFD for OSPFv3 Network requirements As shown in Figure 101: • Configure OSPFv3 on Router A, Router B and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B.
Page 342
<RouterB> system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-Gigabitethernet2/1/1] ospfv3 1 area 0 [RouterB-Gigabitethernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-Gigabitethernet2/1/2] ospfv3 1 area 0 [RouterB-Gigabitethernet2/1/2] quit # Configure Router C. Enable OSPFv3 and configure the router ID as 3.3.3.3. <RouterC>...
Page 343
Source IP: FE80::20F:FF:FE00:1202 (link-local address of Gigabitethernet2/1/1 on Router A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Gigabitethernet2/1/1 on Router B) Session State: Up Interface: GE2/1/1 Hold Time: # Display routes to 2001:4::0/64 on Router A, and you can see that Router A communicates with Router B through the Layer 2 switch.
# Display routes to 2001::4/64 on Router A, and you can see that Router A communicates with Router B through Router C. <RouterA> display ipv6 routing-table 2001:4::0 64 verbose Routing Table : Summary Count : 1 Destination : 2001:4:: PrefixLength : 64 NextHop : 2001:2::2 Preference...
Page 345
# Configure Router B: enable OSPFv3 and configure the Router ID as 2.2.2.2. <RouterB> system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface GigabitEthernet 2/2/1 [RouterB-GigabitEthernet2/2/1] ospfv3 1 area 1 [RouterB-GigabitEthernet2/2/1] quit [RouterB] interface GigabitEthernet 2/2/0 [RouterB-GigabitEthernet2/2/0] ospfv3 1 area 0 [RouterB-GigabitEthernet2/2/0] quit # Configure Router C: enable OSPFv3 and configure the Router ID as 3.3.3.3.
Page 346
[RouterB] ipsec transform-set tran1 [RouterB-ipsec-transform-set-tran1] encapsulation-mode transport [RouterB-ipsec-transform-set-tran1] transform esp [RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des [RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1 [RouterB-ipsec-transform-set-tran1] quit [RouterB] ipsec policy policy001 10 manual [RouterB-ipsec-policy-manual-policy001-10] transform-set tran1 [RouterB-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [RouterB-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [RouterB-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [RouterB-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [RouterB-ipsec-policy-manual-policy001-10] quit...
[RouterA-ospfv3-1-area-0.0.0.1] quit [RouterA-ospfv3-1] quit # Configure Router B. [RouterB] ospfv3 1 [RouterB-ospfv3-1] area 0 [RouterB-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002 [RouterB-ospfv3-1-area-0.0.0.0] quit [RouterB-ospfv3-1] area 1 [RouterB-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001 [RouterB-ospfv3-1-area-0.0.0.1] quit [RouterB-ospfv3-1] quit # Configure Router C. [RouterC] ospfv3 1 [RouterC-ospfv3-1] area 0 [RouterC-ospfv3-1-area-0.0.0.0] enable ipsec-policy policy002 [RouterC-ospfv3-1-area-0.0.0.0] quit [RouterC-ospfv3-1] quit...
Page 348
Analysis The backbone area must maintain connectivity to all other areas. If a router connects to more than one area, at least one area must be connected to the backbone. The backbone cannot be configured as a stub area. In a stub area, all routers cannot receive external routes, and interfaces connected to the stub area must be associated with the stub area.
Configuring IPv6 IS-IS This chapter describes how to configure IPv6 IS-IS, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information. For information about IS-IS, see "Configuring IS-IS." Overview Intermediate System-to-Intermediate System (IS-IS) supports multiple network protocols, including IPv6.
Step Command Remarks Enable IPv6 for an IS-IS isis ipv6 enable [ process-id ] Disabled by default. process on the interface. Configuring IPv6 IS-IS route control Before you configure IPv6 IS-IS route control, complete basic IPv6 IS-IS configuration. For information about ACL, see ACL and QoS Configuration Guide. For information about routing policy and IPv6 prefix list, see "Configuring routing policies."...
NOTE: The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement. If a protocol is specified, only routes redistributed from the routing protocol are filtered for advertisement.
Figure 103 Network diagram Router A Router B IPv6 IPv6 IPv6 IPv4 IPv6 IPv4 IPv4 IPv4 Router C Router D Figure 103, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6. Router C supports only IPv4 and cannot forward IPv6 packets. Enable IPv6 IS-IS MTR on Router A, Router B, Router C, and Router D to make them perform route calculation separately in IPv4 and IPv6 topologies.
Page 356
[RouterB] display isis route ipv6 Route information for ISIS(1) ----------------------------- ISIS(1) IPv6 Level-1 Forwarding Table ------------------------------------- Destination: :: PrefixLen: 0 Flag : R/-/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4 Interface: S2/2/0 Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4...
Page 357
------------------------------------- Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: S2/2/1 Destination: 2001:2:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: S2/2/0 Destination: 2001:3:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop...
Configuring BFD for IPv6 IS-IS Network requirements As shown in Figure 105, configure IPv6 IS-IS on Router A, Router B, and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B. When the link between Router B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure.
Page 360
Source IP: FE80::20F:FF:FE00:1202 (link-local address of GigabitEthernet2/1/1 on Router A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of GigabitEthernet2/1/1 on Router B) Session State: Up Interface: GE2/1/1 Hold Time: # Display route 2001:4::0/64 on Router A, and you can see that Router A and Router B communicate through the Layer-2 switch.
%Aug 8 14:54:05:366 2008 RouterA IFNET/4/UPDOWN: Line protocol on the interface Ethernet0/1 is DOWN %Aug 8 14:54:05:367 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (GE2/1/1) DOWN, Level-2 Circuit Down. %Aug 8 14:54:05:367 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (GE2/1/1) DOWN, Level-2 Adjacency clear. %Aug 8 14:54:05:368 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (GE2/1/1) DOWN, Level-1 Circuit Down.
Page 362
Figure 106 Network diagram Configuration procedure Configure IPv4 and IPv6 addresses for the interfaces on each router and configure IS-IS: Follow Figure 106 to configure the IPv4 and IPv6 address and subnet mask of each interface on the routers. (Details not shown.) Configure IS-IS on the routers, making sure that Router A, Router B, Router C, and Router D can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS.
Page 363
Next Hop : Direct Interface: GE2/1/1 Destination: 44::1 PrefixLen: 128 Flag : R/L/- Cost : 36 Next Hop : FE80::200:5EFF:FE00:F11 Interface: GE2/1/2 Destination: 14:: PrefixLen: 64 Flag : D/L/- Cost : 36 Next Hop : Direct Interface: GE2/1/2 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------- Destination: 12::...
Configuring IPv6 BGP This chapter describes only configuration for IPv6 BGP. For BGP-related information, see "Configuring BGP." IPv6 BGP overview BGP-4 can only carry IPv4 routing information. To support multiple network layer protocols, IETF extended BGP-4 by introducing Multiprotocol Border Gateway Protocol (MP-BGP). MP-BGP for IPv6 is called "IPv6 BGP" for short. IPv6 BGP puts IPv6 network layer information into the attributes of Network Layer Reachability Information (NLRI) and NEXT_HOP.
Step Command Remarks Optional. Specify a router ID. router-id router-id Required, if no IP addresses are configured for any interfaces. Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ] instance view. peer ipv6-address as-number Specify an IPv6 peer. as-number Injecting a local IPv6 route Step...
Specifying the source interface for establishing TCP connections IPv6 BGP uses TCP as the transport layer protocol. By default, IPv6 BGP uses the output interface of the optimal route to a peer or peer group as the source interface for establishing TCP connections to the peer or peer group.
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Optional. Not configured by default. Configure a description for peer { ipv6-group-name | ipv6-address } The peer group to be an IPv6 peer or peer group. description description-text configured with a description must have been...
Configuration prerequisites Before you configure route distribution and reception control, complete the following tasks: • Enable IPv6. • Configure IPv6 BGP basic functions. Configuring IPv6 BGP route redistribution IMPORTANT: If the default-route imported command is not configured, using the import-route command cannot redistribute an IGP default route.
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Advertise a default route peer { ipv6-group-name | ipv6-address } Not advertised by to an IPv6 peer or peer default-route-advertise [ route-policy default.
Configuring inbound route filtering Only routes passing the configured filtering can be added into the local IPv6 BGP routing table. Members of a peer group can have different inbound route filtering policies. To configure inbound route filtering: Step Command Remarks Enter system view.
Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ] instance view. preference Optional. { external-preference Configure preference values internal-preference The default preference values of for IPv6 BGP external, local-preference | external, internal, and local routes...
Configuring the AS_PATH attribute Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Allow the local AS number to appear in AS_PATH of peer { ipv6-group-name | Optional. routes from a peer or peer ipv6-address } allow-as-loop Not allowed by default.
Configuration prerequisites Before you configure IPv6 BGP timers, complete the following tasks: • Enable IPv6. • Configure IPv6 BGP basic functions. Configuring IPv6 BGP timers To configure IPv6 BGP timers: Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family...
Step Command Remarks Optional. peer { ipv6-group-name | ipv6-address } Enable route refresh. capability-advertise route-refresh Enabled by default. Performing manual soft-reset Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Save all routes from an IPv6 Optional.
Step Command Remarks peer { group-name | Enable BGP route refresh for ipv6-address } Enabled by default. a peer or peer group. capability-advertise route-refresh Optional. peer { group-name | Enable the non-standard ipv6-address } By default, standard BGP ORF ORF capability for a BGP capability-advertise orf capability defined in RFC 5291 peer or peer group.
Step Command Remarks peer { group-name | ipv6-address } Enable 4-byte AS Disabled by default. capability-advertise number suppression. suppress-4-byte-as Configuring the maximum number of ECMP routes Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ]...
Configuration prerequisites Before applying an IPsec policy to a peer or peer group, complete the following tasks: • Create an IPsec proposal. • Create an IPsec policy. For more information about IPsec policy configuration, see Security Configuration Guide. Configuration procedure An IPsec policy used for IPv6 BGP can be only in manual mode.
NOTE: • The peer ttl-security hops command and the peer ebgp-max-hop command are mutually exclusive. • You must configure GTSM on both the local and peer devices, and you can specify different hop-count values in a valid range for them. Configuring a large-scale IPv6 BGP network In a large-scale IPv6 BGP network, configuration and maintenance become inconvenient because of too many peers.
Step Command Remarks Enter BGP view. bgp as-number Enter IPv6 address family ipv6-family view. Create an EBGP peer group. group ipv6-group-name external Configure the AS number for peer ipv6-group-name Not configured by default. the peer group. as-number as-number Add an IPv6 peer into the peer ipv6-address group Not added by default.
Step Command Remarks Advertise extended peer { ipv6-group-name | community attribute to an ipv6-address } Not advertised by default. IPv6 peer or peer group. advertise-ext-community Applying a routing policy to routes advertised to a peer or peer group When configuring IPv6 BGP community, you must configure a routing policy to define the community attribute, and apply the routing policy to route advertisement.
Configuring 6PE IPv6 provider edge (6PE) is a transition technology with which Internet service providers (ISPs) can use existing IPv4 backbone networks to provide access capability for sparsely populated IPv6 networks, allowing customer edge (CE) routers in these isolated IPv6 networks to communicate with IPv4 PE routers.
Step Command Remarks Enable the 6PE peer or peer { ipv4-group-name | Not enabled by default. peer group. ipv4-address | ipv6-address } enable Enable the router to exchange labeled IPv6 peer { ipv4-group-name | Not enabled by default. routes with the 6PE peer or ipv4-address } label-route-capability peer group.
Step Command Remarks 14. Keep all routes from the 6PE Optional. peer or peer group, including peer { group-name | ipv4-address } routes not passing the keep-all-routes Not kept by default. inbound filtering policy. 15. Configure the device as a Optional.
Step Command Remarks Enable BGP and enter BGP Not enabled by default. bgp as-number view. Enter IPv6 address family ipv6-family [ vpn-instance view or IPv6 BGP-VPN vpn-instance-name ] instance view. Enable BFD for the specified Not enabled for any BGP peer by peer ipv6-address bfd BGP peer.
Task Command Remarks display bgp ipv6 routing-table dampening Display IPv6 BGP dampening parameter [ | { begin | exclude | include } Available in any view. parameter information. regular-expression ] Display IPv6 BGP routing display bgp ipv6 routing-table information originated from different-origin-as [ | { begin | exclude | Available in any view.
IPv6 BGP configuration examples Some examples for IPv6 BGP configuration are similar to those of BGP. For more information, see "Configuring BGP." IPv6 BGP basic configuration Network requirements All routers in Figure 108 run IPv6 BGP. Between Router A and Router B is an EBGP connection. Router B, Router C, and Router D are fully meshed through IBGP connections.
Router A and Router B have established an EBGP connection. Router B, C, and D have established IBGP connections to each other. IPv6 BGP route reflector configuration Network requirements Figure 109, Router B receives an EBGP update and sends it to Router C, which is configured as a route reflector with two clients: Router B and Router D.
Page 396
[RouterA-bgp-af-ipv6] group ibgp internal [RouterA-bgp-af-ipv6] peer 1::2 group ibgp [RouterA-bgp-af-ipv6] quit [RouterA-bgp] quit # Configure Router B. <RouterB> system-view [RouterB] ipv6 [RouterB] bgp 65008 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] ipv6-family [RouterB-bgp-af-ipv6] group ibgp internal [RouterB-bgp-af-ipv6] peer 1::1 group ibgp [RouterB-bgp-af-ipv6] quit [RouterB-bgp] quit Configure the EBGP connection: # Configure Router C.
Page 397
[RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] quit # On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
Page 398
[RouterC-ipsec-policy-manual-policy002-10] proposal tran2 [RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] quit Apply IPsec policies to IBGP peers: # Configure Router A. [RouterA] bgp 65008 [RouterA-bgp] ipv6-family [RouterA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001 [RouterA-bgp-af-ipv6] quit...
Page 399
Address family IPv4 Unicast: advertised and received Received: Total 0 messages, Update messages 0 Sent: Total 0 messages, Update messages 0 Maximum allowed prefix number: 4294967295 Threshold: 75% Minimum time between advertisement runs is 30 seconds Optional capabilities: Route refresh capability has been enabled ORF advertise capability based on prefix (type 64): Local: both Negotiated: send...
Configuring BFD for IPv6 BGP Network requirements • As shown in Figure 112, configure OSPFv3 as the IGP in AS 200. • Establish two IBGP connections between Router A and Router C. When both links are working, Router C adopts the link Router A<—>Router B<—>Router C to exchange packets with network 1200::0/64.
Page 402
Configure the detect multiplier as 7. [RouterC-GigabitEthernet2/1/1] bfd detect-multiplier 7 Configure the BFD authentication mode as plain-text authentication, and set the authentication key to ibgpbfd. [RouterC-GigabitEthernet2/1/1] bfd authentication-mode simple 1 ibgpbfd [RouterC-GigabitEthernet2/1/1] return Verify the configuration: The following operations are made on Router C. Operations on Router A and Router B are similar.
Configuring IPv6 policy-based routing Introduction to IPv6 policy-based routing What is policy-based routing Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address, packet length, and other criteria. A policy can specify the output interface, next hop, default output interface, default next hop, and other parameters for packets that match specific criteria such as ACLs or have specific lengths.
Clause Meaning Priority apply The apply output-interface clause takes output-interface Sets the output interface precedence over the apply ipv6-address next-hop and apply and sets the next hop. clause. Only the apply output-interface clause is ipv6-address executed when both are configured. next-hop The apply default output-interface clause takes precedence over the apply ipv6-address default...
Task Remarks Perform one of the tasks. Configuring IPv6 interface PBR Configuring an IPv6 policy Creating an IPv6 node Step Command Enter system view. system-view Create an IPv6 policy or policy node ipv6 policy-based-route policy-name [ deny | permit ] node and enter IPv6 policy node view.
Step Command Remarks Optional. Set a next hop for permitted apply ipv6-address next-hop You can define five next hops IPv6 packets. ipv6-address at most for load balancing. Optional. Set a default output interface apply default output-interface You can specify up to five for permitted IPv6 packets.
You can apply the same IPv6 policy on multiple interfaces. If the specified policy does not exist, the IPv6 interface PBR configuration succeeds, but it does not take effect until the policy is created. To configure IPv6 interface PBR: Step Command Remarks Enter system view.
IPv6 PBR configuration examples Configuring IPv6 local PBR based on packet type Network requirements As shown in Figure 113, configure IPv6 local PBR on Router A to forward all locally generated TCP packets through Serial 2/2/0. Router A forwards other IPv6 packets according to the routing table. Figure 113 Network diagram Configuration procedure Configure Router A:...
[RouterC] interface serial 2/2/1 [RouterC-Serial2/2/1] ipv6 address 2::2 64 Verify the configuration: # Telnet to Router B (1::2/64) from Router A. The operation succeeds. # Telnet to Router C (2::2/64) from Router A. The operation fails. # Ping Router C (2::2/64) from Router A. The operation succeeds. Telnet uses TCP, and ping uses ICMP.
Page 412
[RouterA] interface serial 2/2/1 [RouterA-Serial2/2/1] ipv6 address 2::1 64 [RouterA-Serial2/2/1] ripng 1 enable [RouterA-Serial2/2/1] quit # Configure ACL 3001 to match TCP packets. [RouterA] acl ipv6 number 3001 [RouterA-acl6-adv-3001] rule permit tcp [RouterA-acl6-adv-3001] quit # Configure Node 5 for policy aaa to forward TCP packets through Serial 2/2/0. [RouterA] ipv6 policy-based-route aaa permit node 5 [RouterA-pbr6-aaa-5] if-match acl6 3001 [RouterA-pbr6-aaa-5] apply output-interface serial 2/2/0...
Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets received on GigabitEthernet 2/1/1 of Router A are forwarded through Serial 2/2/0, and other packets are forwarded through Serial 2/2/1. The IPv6 interface PBR configuration is effective. Configuring IPv6 interface PBR based on packet length Network requirements As shown in...
Page 415
Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 5ms, Average = 2ms The debugging information about PBR displayed on Router A is as follows: <RouterA> *Jun 7 16:03:28:946 2009 RouterA PBR6/7/IPv6-POLICY-ROUTING: IPv6 Policy routin g success : POLICY_ROUTEMAP_IPV6 : lab1, Node : 10, Packet sent with next-hop 0150::0002 *Jun 7 16:03:29:950 2009 RouterA PBR6/7/IPv6-POLICY-ROUTING: IPv6 Policy routin...
Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: Configure filters based on route attributes, such as destination address and the advertising router's address.
Routing policy A routing policy can comprise multiple nodes, which are in a logical OR relationship. A node with a smaller number is matched first. A route that matches one node matches the routing policy. A node can comprise a set of if-match, apply, and continue clauses. •...
Configuring an IPv6 prefix list Step Command Remarks Enter system view. system-view ip ipv6-prefix ipv6-prefix-name [ index Configure an IPv6 index-number ] { deny | permit } ipv6-address Not configured by prefix list. prefix-length [ greater-equal min-prefix-length ] default. [ less-equal max-prefix-length ] If all items are set to deny mode, no routes can pass the IPv6 prefix list.
Configuring an extended community list You can configure multiple items for an extended community list that is identified by number. The relationship between items is logic OR. A route that matches one item matches the extended community list. To configure an extended community list: Step Command Remarks...
Page 421
generated. These clauses have a logical OR relationship. A route only needs to match one of them. • You can specify no or multiple if-match clauses for a routing policy node. If no if-match clause is specified for a permit-mode node, all routing information can pass the node. If no if-match clause is specified for a deny-mode node, no routing information can pass the node.
Step Command Remarks Optional. 10. Match routing information having if-match mpls-label Not configured by MPLS labels. default. if-match route-type { external-type1 | external-type1or2 | external-type2 | Optional. 11. Match routing information having the internal | is-is-level-1 | is-is-level-2 | Not configured by specified route type.
Step Command Remarks • Set the next hop for IPv4 routes: apply ip-address next-hop Optional. ip-address Set the next hop. • Set the next hop for IPv6 Not set by default. routes: apply ipv6 next-hop ipv6-address Optional. apply ip-precedence 10. Set the IP precedence. ip-precedence-value Not set by default.
Step Command Remarks Enter system view. system-view route-policy route-policy-name Create a routing policy and { deny | permit } node Not created by default. enter routing policy view. node-number Optional. Not configured by default. Specify the next node to be continue [ node-number ] matched.
# On Router B, enable route redistribution from IS-IS and apply the routing policy. [RouterB] ospf [RouterB-ospf-1] import-route isis 1 route-policy isis2ospf [RouterB-ospf-1] quit # Display OSPF routing table information on Router A. The cost of route 172.17.1.0/24 is 100, and the tag of route 172.17.2.0/24 is 20.
Page 428
[RouterA-GigabitEthernet2/1/1] quit [RouterA] interface gigabitethernet 2/1/2 [RouterA-GigabitEthernet2/1/2] ipv6 address 11::1 32 [RouterA-GigabitEthernet2/1/2] quit # Enable RIPng on GigabitEthernet 2/1/1. [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ripng 1 enable [RouterA-GigabitEthernet2/1/1] quit # Configure three static routes with next hop 11::2, and make sure that the static routes are active.
Applying a routing policy to filter received BGP routes Network requirements • All the routers in Figure 118 run BGP. Router C establishes EBGP connections with other routers. • Configure a routing policy on Router D to reject routes from AS 200. Figure 118 Network diagram Configuration procedure Configure IP addresses for interfaces.
Page 430
[RouterD-bgp] peer 1.1.3.1 as-number 300 [RouterD-bgp] quit # Inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 on Router A. [RouterA-bgp] network 4.4.4.4 24 [RouterA-bgp] network 5.5.5.5 24 [RouterA-bgp] network 6.6.6.6 24 # Inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 on Router B. [RouterB-bgp] network 7.7.7.7 24 [RouterB-bgp] network 8.8.8.8 24 [RouterB-bgp] network 9.9.9.9 24 # Display the BGP routing table information of Router D.
BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...
Configuring QoS policy routing Overview QoS policy routing is a technique used to make routing decisions based on user-defined QoS policies. Different from destination-based routing, QoS policy routing makes routing decisions based on the source address and other criteria. For more information about QoS policies, see ACL and QoS Configuration Guide.
Step Command Remarks Enter system view. system-view • Enter Layer 2 Ethernet interface Use either method. view: Settings made in interface view take interface Enter Layer 2 Ethernet interface effect on the current interface only. interface-type view or port group view. Settings made in port group view interface-number take effect on all ports in the port...
[RouterA] acl number 2000 [RouterA-acl-basic-2000] rule 0 permit source any [RouterA-acl-basic-2000] quit # Define a match criterion for the class a to match ACL 2000. [RouterA] traffic classifier a [RouterA-classifier-a] if-match acl 2000 [RouterA-classifier-a] quit # Configure the action of redirecting traffic to GigabitEthernet 2/0/3 for the behavior a. [RouterA] traffic behavior a [RouterA-behavior-a] redirect interface gigabitethernet2/0/3 [RouterA-behavior-a] quit...
[RouterA] traffic classifier a [RouterA-classifier-a] if-match acl ipv6 2000 [RouterA-classifier-a] quit # Configure the action of redirecting traffic to GigabitEthernet 2/0/3 for the behavior a. [RouterA] traffic behavior a [RouterA-behavior-a] redirect interface gigabitethernet2/0/3 [RouterA-behavior-a] quit # Associate the class a with the behavior a in the QoS policy a. [RouterA] qos policy a [RouterA-qospolicy-a] classifier a behavior a [RouterA-qospolicy-a] quit...
Configuring MTR MTR overview Multi-Topology Routing (MTR) splits a base topology into multiple topologies, which might intersect or overlap with one another. Route calculation is performed on a per-topology basis. For example, IS-IS MTR splits an IS-IS routing domain into multiple independent IP topologies, such as an IPv4 topology and an IPv6 topology.
Step Command Remarks Enter IPv4 address address-family ipv4 family view. Create a topology and Not created by default. multiple-topology topology-name enter topology view. Specify an ACL for acl acl-number the topology. Configure the maximum number of routing-table limit number Optional. routes supported by { warn-threshold | simply-alert } the topology.
Document conventions and icons Conventions This section describes the conventions used in the documentation. Port numbering in examples The port numbers in this document are for illustration only and might be unavailable on your device. Command conventions Convention Description Bold text represents commands and keywords that you enter literally as shown. Boldface Italic text represents arguments that you replace with actual values.
Network topology icons Convention Description Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.
Support and other resources Accessing Hewlett Packard Enterprise Support • For live assistance, go to the Contact Hewlett Packard Enterprise Worldwide website: www.hpe.com/assistance • To access documentation and support services, go to the Hewlett Packard Enterprise Support Center website: www.hpe.com/support/hpesc Information to collect •...
For more information and device support details, go to the following website: www.hpe.com/info/insightremotesupport/docs Documentation feedback Hewlett Packard Enterprise is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hpe.com). When submitting your feedback, include the document title,...
Page 442
part number, edition, and publication date located on the front cover of the document. For online help content, include the product name, product version, help edition, and publication date located on the legal notices page.
Page 470
IS-IS LSP packet format, 126 permitting BGP local AS number to appear in peer/peer group routes, 216 IS-IS PDU hello packet format, 124 point-to-multipoint. See P2MP IS-IS SNP format, 127 point-to-point. See P2P peer poison reverse advertising BGP default route to peer/peer group, 205 enabling RIP, 29 applying IPsec policy to IPv6 BGP peer/peer...