DL manuals
H3C
Switch
S5500-EI series
Configuration Manual

H3C S5500-EI series Configuration Manual

Other manuals for S5500-EI series: Operation Manual, Operation Manual – Port Security, Configuration Manual

Page of 457

Download

Print this page

Bookmark us

H3C S5500-EI & S5500-SI Switch Series

Layer 3 - IP Routing Configuration Guide

Hangzhou H3C Technologies Co., Ltd.

http://www.h3c.com

Software version: Release 2210

Document version: 6W100-20110915

1 2 3 4 5 6 7 Next › »

Summary of S5500-EI series

Page 1
H3c s5500-ei & s5500-si switch series layer 3 - ip routing configuration guide hangzhou h3c technologies co., ltd. Http://www.H3c.Com software version: release 2210 document version: 6w100-20110915.
Page 2
Copyright © 2011, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , irf, n...
Page 3
Preface the h3c s5500-ei & s5500-si documentation set includes 10 configuration guides, which describe the software features for the h3c s5500-ei & s5500-si switch series release 2210, and guide you through the software configuration procedures. These configuration guides also provide configuration ...
Page 4
Feature module new features bgp (only available on the s5500-ei) 4-byte as number suppression ipv6 static routing support for vpn instances ripng s5500-ei only: support for vpn instances ospfv3 (only available on the s5500-ei) • collaboration with bfd • support for vpn instances ipv6 is-is (only ava...
Page 5
Gui conventions convention description boldface window names, button names, field names, and menu items are in boldface. For example, the new user window appears; click ok. > multi-level menus are separated by angle brackets. For example, file > create > folder. Symbols convention description warnin...
Page 6
Documents purposes installation guides provides a complete guide to switch installation and specifications. Psr150-a [ psr150-d ] power modules user manual describe the specifications, installation, and replacement of hot swappable 150w power modules. Rps ordering information for h3c low-end etherne...
Page 7
Documentation feedback you can e-mail your comments about product documentation to info@h3c.Com. We appreciate your comments..
Page 8
I contents ip routing basics ··························································································································································· 1 ip routing overview ·····························································································...
Page 9
Ii tuning and optimizing rip networks···························································································································· 32 configuring rip timers·················································································································...
Page 10
Iii configuring ospf inbound route filtering ·········································································································· 82 configuring abr type-3 lsa filtering ············································································································...
Page 11
Iv basic concepts ·····················································································································································131 is-is area ······················································································································...
Page 12
V is-is authentication configuration example·······································································································184 configuring bfd for is-is····························································································································...
Page 13
Vi configuring bgp community······························································································································227 configuring a bgp route reflector ············································································································...
Page 14
Vii configuring the maximum number of equal cost routes for load balancing ················································271 applying ipsec policies for ripng ·······························································································································272 displayi...
Page 15
Viii configuring ospfv3 ipsec policies ···················································································································311 troubleshooting ospfv3 configuration ·········································································································...
Page 16
Ix configuring a large-scale ipv6 bgp network············································································································344 configuration prerequisites ···················································································································...
Page 17
X configuring pbr (using a qos policy)·······················································································································384 configuring a qos policy···················································································································...
Page 18
1 ip routing basics note: • the term router in this document refers to both routers and layer 3 switches. • the types of interfaces that appear in any figures other than the network diagrams for configuration examples are for illustration only. Some of them might be unavailable on your switch. • the...
Page 19
2 each entry in the fib table specifies a physical interface that packets destined for a certain address should go out to reach the next hop—the next router—or the directly connected destination. Note: for more information about the fib table, see layer 3—ip services configuration guide . Routing ta...
Page 20
3 table 1 dynamic routing protocols criterion categories optional scope • interior gateway protocols (igps)—work within an autonomous system (as). Examples include rip, ospf, and is-is. • exterior gateway protocols (egps)—work between ass. The most popular one is bgp. Routing algorithm • distance-ve...
Page 21
4 load sharing a routing protocol can be configured with multiple equal-cost routes to the same destination. These routes have the same preference and will all be used to accomplish load sharing if there is no route with a higher preference available. Note: at present, routing protocols supporting l...
Page 24
7 static routing configuration note: • the term router in this document refers to both routers and layer 3 switches. • the s5500-si switch series does not support vpn and bfd related parameters or frr. Introduction static route static routes are manually configured. If a network’s topology is simple...
Page 25
8 when specifying the output interface, observe the following rules: • if the output interface is a null 0 interface, no next hop address is required. • if you specify a broadcast interface (such as an ethernet interface or vlan interface) as the output interface, you must specify the corresponding ...
Page 26
9 note: • when you configure a static route, the static route does not take effect if you specify the next hop address first and then configure it as the ip address of a local interface, such as ethernet interface and vlan interface. • if you do not specify the preference when you configure a static...
Page 28
11 figure 1 network diagram as shown in figure 1 , upon a link failure, frr designates a backup next hop by using a routing policy for routes matching the specified criteria. Packets are directed to the backup next hop to avoid traffic interruption. Configuration prerequisites configuring static rou...
Page 29
12 static route configuration examples basic static route configuration example network requirements the ip addresses and masks of the switches and hosts are shown in figure 2 . Static routes are required for interconnection between any two hosts. Figure 2 network diagram configuration procedure 1. ...
Page 30
13 destination/mask proto pre cost nexthop interface 0.0.0.0/0 static 60 0 1.1.4.2 vlan500 1.1.2.0/24 direct 0 0 1.1.2.3 vlan300 1.1.2.3/32 direct 0 0 127.0.0.1 inloop0 1.1.4.0/30 direct 0 0 1.1.4.1 vlan500 1.1.4.1/32 direct 0 0 127.0.0.1 inloop0 127.0.0.0/8 direct 0 0 127.0.0.1 inloop0 127.0.0.1/32...
Page 31
14 2 3 1 ms trace complete. Static route frr configuration example network requirements switch s, switch a, and switch d are interconnected through static routes, as illustrated in figure 3 . Configure static route frr so that when the link between switch s and switch d fails, traffic can be switche...
Page 32
15 [switchs-route-policy] apply fast-reroute backup-interface vlan-interface 100 backup-nexthop 12.12.12.2 [switchs-route-policy] quit [switchs] ip route-static fast-reroute route-policy frr # configure switch d. [switchd] bfd echo-source-ip 4.4.4.4 [switchd] ip ip-prefix abc index 10 permit 1.1.1.1...
Page 33
16 bfd for static routes configuration example (direct session) network requirements as shown in figure 4 , configure static routes to subnet 120.1.1.0/24 on switch a, static routes to subnet 121.1.1.0/24 on switch b, and static routes to subnets 120.1.1.0/24 and 121.1.1.0/24 on switch c. Enable bfd...
Page 34
17 [switchb] ip route-static 121.1.1.0 24 vlan-interface 10 12.1.1.1 bfd control-packet [switchb] ip route-static 121.1.1.0 24 vlan-interface 13 13.1.1.2 preference 65 [switchb] quit # configure static routes on switch c. System-view [switchc] ip route-static 120.1.1.0 24 vlan-interface 13 13.1.1.1 ...
Page 35
18 public routing table : static summary count : 2 static routing table status : summary count : 1 destination/mask proto pre cost nexthop interface 120.1.1.0/24 static 65 0 10.1.1.100 vlan11 static routing table status : summary count : 1 destination/mask proto pre cost nexthop interface 120.1.1.0/...
Page 36
19 [switcha] interface loopback 1 [switcha-loopback1] bfd min-transmit-interval 500 [switcha-loopback1] bfd min-receive-interval 500 [switcha-loopback1] bfd detect-multiplier 9 [switcha-loopback1] quit [switcha] ip route-static 120.1.1.0 24 2.2.2.9 bfd control-packet bfd-source 1.1.1.9 [switcha] ip ...
Page 37
20 destination/mask proto pre cost nexthop interface 120.1.1.0/24 static 60 0 2.2.2.9 vlan10 static routing table status : summary count : 1 destination/mask proto pre cost nexthop interface 120.1.1.0/24 static 65 0 10.1.1.100 vlan11 # enable bfd debugging on switch a. When the link between switch a...
Page 38
21 rip configuration note: • the term router in this document refers to both routers and layer 3 switches. • the s5500-si switch series does not support vpn and bfd related parameters or frr. Rip overview rip is a simple interior gateway protocol (igp), mainly used in small-sized networks, such as a...
Page 39
22 • suppress timer—defines how long a rip route stays in suppressed state. When the metric of a route is 16, the route enters the suppressed state. In suppressed state, only routes coming from the same neighbor and whose metric is less than 16 will be received by the router to replace unreachable r...
Page 40
23 • supports plain text authentication and md5 authentication to enhance security. Note: ripv2 has two types of message transmission: broadcast and multicast. Multicast is the default type using 224.0.0.9 as the multicast address. The interface working in the ripv2 broadcast mode can also receive r...
Page 41
24 differences from ripv1: • version–version of rip. For ripv2 the value is 0x02. • route tag • ip address—destination ip address. It can be a natural network address, subnet address, or host address. • subnet mask—mask of the destination address. Unlike ripv1, ripv2 can carry subnet information. • ...
Page 42
25 protocols and standards • rfc 1058, routing information protocol • rfc 1723, rip version 2 - carrying additional information • rfc 1721, rip version 2 protocol analysis • rfc 1722, rip version 2 protocol applicability statement • rfc 1724, rip version 2 mib extension • rfc 2082, ripv2 md5 authent...
Page 43
26 configuring rip basic functions configuration prerequisites before configuring rip basic functions, complete the following tasks: • configure the link layer protocol • configure an ip address on each interface, and ensure all adjacent routers are reachable to each other configuration procedure en...
Page 44
27 to do… use the command… remarks enable the interface to receive rip messages rip input optional enabled by default enable the interface to send rip messages rip output optional enabled by default configuring a rip version you can configure a rip version in rip view or interface view under the fol...
Page 46
29 enabling ripv2 route automatic summarization you can disable ripv2 route automatic summarization if you want to advertise all subnet routes. Follow these steps to enable ripv2 route automatic summarization: to do… use the command… remarks enter system view system-view –– enter rip view rip [ proc...
Page 47
30 to do… use the command… remarks disable rip from receiving host routes undo host-route required enabled by default note: ripv2 can be disabled from receiving host routes, but ripv1 cannot. Advertising a default route under the following conditions, you can configure rip to advertise a default rou...
Page 50
33 enabling split horizon the split horizon function disables an interface from sending routes received from the interface to prevent routing loops between adjacent routers. Follow these steps to enable split horizon: to do… use the command… remarks enter system view system-view — enter interface vi...
Page 51
34 to do… use the command… remarks enter system view system-view –– enter rip view rip [ process-id ] [ vpn-instance vpn-instance-name ] –– enable zero field check on received ripv1 messages checkzero optional enabled by default enabling source ip address check on incoming rip updates you can enable...
Page 52
35 note: this feature does not apply to ripv1 because ripv1 does not support authentication. Although you can specify an authentication mode for ripv1 in interface view, the configuration does not take effect. Specifying a rip neighbor usually, rip sends messages to broadcast or multicast addresses....
Page 53
36 to do… use the command… remarks enable a rip process and enter rip view rip [ process-id ] [ vpn-instance vpn-instance-name ] –– configure the maximum number of rip packets that can be sent at the specified interval output-delay time count count optional by default, an interface sends up to three...
Page 54
37 to do… use the command… remarks enter rip view rip [ process-id ] [ vpn-instance vpn-instance-name ] — enable rip frr and reference a routing policy to designate a backup next hop fast-reroute route-policy route-policy-name required disabled by default. Configuring bfd for rip note: for more info...
Page 55
38 to do… use the command… remarks specify a rip neighbor peer ip-address required by default, rip does not unicast updates to any peer. Enter interface view interface interface-type interface-number — enable bfd on the rip interface rip bfd enable required disabled by default note: • unidirectional...
Page 56
39 figure 10 network diagram configuration procedure 1. Configure an ip address for each interface. (details not shown) 2. Configure basic rip functions. # configure switch a. [switcha] rip [switcha-rip-1] network 192.168.1.0 [switcha-rip-1] network 172.16.0.0 [switcha-rip-1] network 172.17.0.0 # co...
Page 57
40 10.0.0.0/8 192.168.1.2 1 0 ra 50 10.2.1.0/24 192.168.1.2 1 0 ra 16 10.1.1.0/24 192.168.1.2 1 0 ra 16 the output shows that ripv2 uses classless subnet mask. Note: ripv1 routing information has a long aging time, so it will exist until it ages out after ripv2 is configured. Configuring rip route r...
Page 58
41 [switchb] rip 200 [switchb-rip-200] network 12.0.0.0 [switchb-rip-200] version 2 [switchb-rip-200] undo summary [switchb-rip-200] quit # enable rip 200 and specify rip version 2 on switch c. System-view [switchc] rip 200 [switchc-rip-200] network 12.0.0.0 [switchc-rip-200] network 16.0.0.0 [switc...
Page 59
42 [switchb-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [switchb-acl-basic-2000] rule permit [switchb-acl-basic-2000] quit [switchb] rip 200 [switchb-rip-200] filter-policy 2000 export rip 100 # display the routing table of switch c. [switchc] display ip routing-table routing tables: public ...
Page 60
43 [switcha-rip-1] quit # configure switch b. System-view [switchb] rip 1 [switchb-rip-1] network 1.0.0.0 [switchb-rip-1] version 2 [switchb-rip-1] undo summary # configure switch c. System-view [switchb] rip 1 [switchc-rip-1] network 1.0.0.0 [switchc-rip-1] version 2 [switchc-rip-1] undo summary # ...
Page 61
44 1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 the output shows that only one rip route reaches network 1.1.5.0/24, with the next hop as switch b (1.1.1.2) and a cost of 2. Configuring rip to advertise a summary route network requirements in the following figure, switch a...
Page 62
45 system-view [switchc] ospf [switchc-ospf-1] area 0 [switchc-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [switchc-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [switchc-ospf-1-area-0.0.0.0] quit 3. Configure rip basic functions. # configure switch c. System-view [switchc] rip 1 [switchc-rip-...
Page 63
46 destinations : 7 routes : 7 destination/mask proto pre cost nexthop interface 10.0.0.0/8 rip 100 1 11.3.1.1 vlan300 11.3.1.0/24 direct 0 0 11.3.1.2 vlan300 11.3.1.2/32 direct 0 0 127.0.0.1 inloop0 11.4.1.0/24 direct 0 0 11.4.1.2 vlan400 11.4.1.2/32 direct 0 0 127.0.0.1 inloop0 127.0.0.0/8 direct ...
Page 64
47 [switchs-rip-1] quit # configure switch d. System-view [switchd] bfd echo-source-ip 4.4.4.4 [switchd] ip ip-prefix abc index 10 permit 1.1.1.1 32 [switchd] route-policy frr permit node 10 [switchd-route-policy] if-match ip-prefix abc [switchd-route-policy] apply fast-reroute backup-interface vlan...
Page 65
48 configuring bfd for rip (single-hop detection in bfd echo packet mode) network requirements in the following figure, switch a and switch c are interconnected through a layer 2 switch. Vlan-interface 100 of the two switches runs rip process 1, bfd is enabled on vlan-interface 100 of switch a. Swit...
Page 66
49 # configure switch b. [switchb] rip 1 [switchb-rip-1] network 192.168.2.0 [switchb-rip-1] network 192.168.3.0 [switchb-rip-1] quit # configure switch c. [switchc] rip 1 [switchc-rip-1] network 192.168.1.0 [switchc-rip-1] network 192.168.3.0 [switchc-rip-1] import-route static [switchc-rip-1] quit...
Page 67
50 protocol: rip process id: 2 preference: 100 cost: 2 ipprecedence: qoslcid: nexthop: 192.168.2.2 interface: vlan-interface 200 bknexthop: 0.0.0.0 bkinterface: relynexthop: 0.0.0.0 neighbor : 192.168.2.2 tunnel id: 0x0 label: null bktunnel id: 0x0 bklabel: null state: inactive adv age: 00h12m50s ta...
Page 68
51 configuring bfd for rip (bidirectional detection in bfd control packet mode) network requirements in the following figure, switch a is connected to switch c through switch b. Vlan-interface 100 on switch a, vlan-interface 200 on switch c, and vlan-interface 200 and vlan-interface 100 on switch b ...
Page 69
52 [switcha-rip-1] quit [switcha] interface vlan-interface 100 [switcha-vlan-interface100] rip bfd enable [switcha-vlan-interface100] quit [switcha] rip 2 [switcha-rip-2] network 192.168.3.0 [switcha-rip-2] quit # configure switch c. [switchc] rip 1 [switchc-rip-1] network 192.168.2.0 [switchc-rip-1...
Page 70
53 caution: if you specify null 0 interface as the output interface for a static route, do not specify the ip address of a directly connected network as the destination ip address. 5. Verify the configuration. # display the bfd session information of switch a. Display bfd session total session num: ...
Page 71
54 # display the bfd information of switch a. Switch a has deleted the neighbor relationship with switch c and no output information is displayed. Display bfd session # display the rip routes of rip process 1 on switch a. The rip route learned from switch c is no longer existent. Display rip 1 route...
Page 72
55 when all links function, route oscillation occurs on the rip network. After displaying the routing table, you may find some routes intermittently appear and disappear in the routing table. Analysis: in the rip network, make sure that all the same timers within the entire network are identical and...
Page 73
56 ospf configuration open shortest path first (ospf) is a link state interior gateway protocol developed by the ospf working group of the internet engineering task force (ietf). Now, ospf version 2 (rfc 2328) is used. Note: • unless otherwise noted, ospf refers to ospfv2 throughout this document. •...
Page 74
57 • each router uses the spf algorithm to compute a shortest path tree showing the routes to the nodes in the as. The router itself is the root of the tree. Router id an ospf process running on a router must have its own router id. This id is a 32-bit unsigned integer that uniquely identifies the r...
Page 75
58 adjacency: two ospf neighbors establish an adjacency relationship to synchronize their lsdbs. Therefore, any two neighbors without exchanging route information do not establish an adjacency. Area based ospf network partition network partition in a large ospf routing domain, the lsdb becomes very ...
Page 76
59 a virtual link is established between two abrs through a non-backbone area and is configured on both abrs to take effect. The non-backbone area is called a transit area. In the following figure, area 2 has no direct physical link to the backbone area 0. You can configure a virtual link between th...
Page 77
60 • a totally stub area cannot have an asbr because as external routes cannot be distributed into the stub area. • virtual links cannot transit totally stub areas. Nssa area similar to a stub area, an nssa area does not import as external lsas (type-5 lsas), but can import type-7 lsas generated by ...
Page 78
61 router types classification of routers the following are ospf router types and their positions in the as: 1. Internal router all interfaces on an internal router belong to one ospf area. 2. Area border router (abr) an abr belongs to more than two areas, one of which must be the backbone area. It ...
Page 79
62 the intra-area and inter-area routes describe the network topology of the as. The external routes describe routes to external ass. Ospf classifies external routes as type-1 or type-2. A type-1 external route has high credibility. The cost from a router to the destination of the type-1 external ro...
Page 80
63 dr and bdr introduction on a broadcast or nbma network, any two routers need to establish an adjacency to exchange routing information with each other. If n routers are present on the network, n(n-1)/2 adjacencies are required. In addition, any topology change on the network results in traffic fo...
Page 81
64 ospf packet formats ospf packets are directly encapsulated into ip packets. Ospf uses the ip protocol number 89. The format of an ospf lsu packet is shown in figure 24 . Figure 24 ospf packet format ospf packet header ospf packets are classified into five types that have the same packet header. F...
Page 82
65 figure 26 hello packet format ... Major fields of the hello packet are as follows: • network mask: network mask associated with the router’s sending interface. If two routers have different network masks, they cannot become neighbors. • hellointerval: interval for sending hello packets. If two ro...
Page 83
66 figure 27 dd packet format ... Version 2 router id area id checksum autype packet length authentication authentication interface mtu dd sequence number lsa header options 0 0 0 0 0 i m m s 0 7 15 31 lsa header major fields of the dd packets are as follows: • interface mtu: specifies the largest i...
Page 84
67 figure 28 lsr packet format major fields of the lsr packets are as follows: • ls type: type of the lsa to be requested. Type 1 for example indicates the router lsa. • link state id: determined by lsa type. • advertising router: id of the router that sent the lsa. Lsu packet lsu (link state update...
Page 85
68 figure 30 lsack packet format ... Lsa header format all lsas have the same header. Figure 31 lsa header format major fields of the lsa header are as follows: • ls age: time, in seconds, elapsed since the lsa was originated. An lsa ages in the lsdb (added by 1 per second), but does not age during ...
Page 86
69 figure 32 router lsa format major fields of the router lsa are as follows: • link state id: id of the router that originated the lsa. • v (virtual link): set to 1 if the router that originated the lsa is a virtual link endpoint. • e (external): set to 1 if the router that originated the lsa is an...
Page 87
70 figure 33 network lsa format major fields of the network lsa are as follows: • link state id: the interface address of the dr. • network mask: the mask of the network (a broadcast or nbma network). • attached router: the ids of the routers, which are adjacent to the dr, including the dr itself. 3...
Page 88
71 an as external lsa is originated by an asbr, and describes routing information to a destination outside the as. Figure 35 as external lsa format major fields of the as external lsa are as follows: • link state id: the ip address of another as to be advertised. When describing a default route, the...
Page 89
72 figure 36 nssa external lsa format supported features multi-process this feature allows multiple ospf processes to run on a router both simultaneously and independently. Routing information interactions between different processes simulate interactions between different routing protocols. Multipl...
Page 90
73 bfd note: for more information about bfd, see high availability configuration guide . Bidirectional forwarding detection (bfd) provides a single mechanism to quickly detect and monitor the connectivity of links between ospf neighbors, reducing network convergence time. Protocols and standards • r...
Page 91
74 task remarks configuring the maximum number of ospf routes optional configuring the maximum number of load-balanced routes optional configuring ospf preference optional configuring ospf route redistribution optional configuring ospf packet timers optional specifying lsa transmission delay optiona...
Page 92
75 configuration procedure to enable ospf on a router, create an ospf process and specify areas with which the process is associated, and the network segments contained in each area. If an interface’s ip address resides on a network segment of an area, the interface belongs to the area and is enable...
Page 93
76 note: • a network segment can only belong to one area. • h3c recommends configuring a description for each ospf process to help identify purposes of processes and for ease of management and memorization. • h3c recommends configuring a description for each area to help identify purposes of areas a...
Page 94
77 note: • you must use the stub command on routers attached to a stub area. • using the default-cost command only takes effect on the abr of a stub area. • the backbone area cannot be a totally stub area. • a (totally) stub area cannot have an asbr because as external routes cannot be distributed i...
Page 96
79 configuring the ospf network type for an interface as broadcast follow these steps to configure the ospf network type for an interface as broadcast: to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number — configure the ospf ...
Page 97
80 note: the router priority configured with the ospf dr-priority command and the one configured with the peer command have the following differences. • the former is for actual dr election. • the latter is to indicate whether a neighbor has the election right or not. If you configure the router pri...
Page 98
81 to do… use the command… remarks configure the ospf network type for the interface as p2p ospf network-type p2p required by default, the network type of an interface depends on the link layer protocol. Configuring ospf route control this section describes how to control the advertisement and recep...
Page 99
82 configuring route summarization when redistributing routes into ospf on an asbr without route summarization, an asbr advertises each redistributed route in a separate ase lsa. After a summary route is configured, the asbr advertises only the summary route in an ase lsa instead of more specific ro...
Page 102
85 configuring ospf route redistribution configure route redistribution into ospf on a router running ospf and other routing protocols, you can configure ospf to redistribute routes from other protocols such as rip, is-is, bgp, static, and direct routes, and advertise them in type-5 lsas or type-7 l...
Page 103
86 configure the default parameters for redistributed routes you can configure default parameters, such as the cost, upper limit, tag and type for redistributed routes. Tags indicate information related to protocols. For example, when redistributing bgp routes, ospf uses tags to identify as ids. Fol...
Page 104
87 configuration prerequisites before configuring ospf network optimization, complete the following tasks: • configure ip addresses for interfaces • configure ospf basic functions configuring ospf packet timers you can configure the following timers on ospf interfaces as needed. • hello timer—interv...
Page 105
88 specifying lsa transmission delay each lsa in the lsdb has an age that is incremented by 1 every second, but the age does not change during transmission. It is necessary to add a transmission delay into the age time especially for low-speed links. Follow these steps to specify the lsa transmissio...
Page 106
89 to do… use the command… remarks configure the lsa arrival interval lsa-arrival-interval interval optional 1000 milliseconds by default note: the interval set with the lsa-arrival-interval command must be smaller than or equal to the interval set with the lsa-generation-interval command. Specifyin...
Page 107
90 note: • different ospf processes can disable the same interface from receiving and sending ospf packets. The silent-interface command disables only the interfaces associated with the current process rather than interfaces associated with other processes. • after an ospf interface is set to silent...
Page 111
94 to do… use the command… remarks configure ospf to give priority to receiving and processing hello packets ospf packet-process prioritized-treatment required not configured by default. Configuring the lsu transmit rate sending large numbers of lsu packets affects router performance and consumes to...
Page 112
95 figure 37 network diagram for ospf frr in figure 37 , after you enable frr on router b, ospf automatically calculates or designates a backup next hop when a link failure is detected. Packets are directed to the backup next hop. At the same time, ospf calculates the shortest path based on the new ...
Page 114
97 to do… use the command… remarks enable the out-of-band re-synchronization capability enable out-of-band-resynchronization required disabled by default enable non-ietf standard graceful restart capability for ospf graceful-restart [ nonstandard ] required disabled by default configure graceful res...
Page 115
98 triggering ospf graceful restart performing a master/slave switchover, or performing the following configuration on an ospf router, will trigger ospf graceful restart. Follow these steps to trigger ospf graceful restart: to do… use the command… remarks trigger ospf graceful restart reset ospf [ p...
Page 118
101 [switcha] ospf [switcha-ospf-1] area 0 [switcha-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [switcha-ospf-1-area-0.0.0.0] quit [switcha-ospf-1] area 1 [switcha-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [switcha-ospf-1-area-0.0.0.1] quit [switcha-ospf-1] quit # configure switch b. Syste...
Page 119
102 authentication sequence: [ 0 ] neighbor state change count: 5 neighbors area 0.0.0.1 interface 10.2.1.1(vlan-interface200)'s neighbors router id: 10.4.1.1 address: 10.2.1.2 gr state: normal state: full mode: nbr is master priority: 1 dr: 10.2.1.1 bdr: 10.2.1.2 mtu: 0 dead timer due in 32 sec nei...
Page 120
103 network 10.2.1.1 10.2.1.1 769 32 80000010 0 sum-net 10.5.1.0 10.2.1.1 769 28 80000003 14 sum-net 10.3.1.0 10.2.1.1 1069 28 8000000f 4 sum-net 10.1.1.0 10.2.1.1 1069 28 8000000f 2 sum-asbr 10.3.1.1 10.2.1.1 1069 28 8000000f 2 # display ospf routing information on switch d. [switchd] display ospf ...
Page 121
104 figure 39 network diagram configuration procedure 1. Configure ip addresses for interfaces. (details not shown) 2. Configure ospf basic functions. (see “ configuring ospf basic functions ”) 3. Configure ospf to redistribute routes. # on switch c, configure a static route destined for network 3.1...
Page 122
105 routing for ases destination cost type tag nexthop advrouter 3.1.2.0/24 1 type2 1 10.3.1.1 10.4.1.1 total nets: 6 intra area: 2 inter area: 3 ase: 1 nssa: 0 configuring ospf to advertise a summary route network requirements as shown in figure 40 : • switch a and switch b are in as 200, which run...
Page 123
106 [switcha-ospf-1-area-0.0.0.0] quit [switcha-ospf-1] quit # configure switch b. System-view [switchb] ospf [switchb-ospf-1] area 0 [switchb-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [switchb-ospf-1-area-0.0.0.0] quit [switchb-ospf-1] quit # configure switch c. System-view [switchc] ospf [sw...
Page 124
107 # configure ospf to redistribute routes from bgp on switch b. [switchb] ospf [switchb-ospf-1] import-route bgp # configure ospf to redistribute routes from bgp on switch c. [switchc] ospf [switchc-ospf-1] import-route bgp # display the ospf routing table of switch a. [switcha] display ip routing...
Page 125
108 figure 41 network diagram area 0 area 1 stub area 2 switch c vlan-int100 10.1.1.2/24 vlan-int100 10.1.1.1/24 vlan-int300 10.4.1.1/24 vlan-int200 10.2.1.2/24 switch b vlan-int200 10.3.1.1/24 vlan-int200 10.3.1.2/24 switch a vlan-int200 10.2.1.1/24 vlan-int300 10.5.1.1/24 switch d asbr configurati...
Page 126
109 destination cost type tag nexthop advrouter 3.1.2.0/24 1 type2 1 10.2.1.1 10.5.1.1 total nets: 6 intra area: 2 inter area: 3 ase: 1 nssa: 0 note: in the above output, because switch c resides in a normal ospf area, its routing table contains an external route. 4. Configure area 1 as a stub area....
Page 127
110 [switcha] ospf [switcha-ospf-1] area 1 [switcha-ospf-1-area-0.0.0.1] stub no-summary [switcha-ospf-1-area-0.0.0.1] quit # display ospf routing information on switch c. [switchc] display ospf routing ospf process 1 with router id 10.4.1.1 routing tables routing for network destination cost type n...
Page 128
111 3. Configure area 1 as an nssa area. # configure switch a. System-view [switcha] ospf [switcha-ospf-1] area 1 [switcha-ospf-1-area-0.0.0.1] nssa default-route-advertise no-summary [switcha-ospf-1-area-0.0.0.1] quit [switcha-ospf-1] quit # configure switch c. System-view [switchc] ospf [switchc-o...
Page 129
112 routing tables routing for network destination cost type nexthop advrouter area 10.2.1.0/24 22 inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 10 transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 25 inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 10 stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 12 inter 10.3.1...
Page 130
113 [switcha-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [switcha-ospf-1-area-0.0.0.0] quit [switcha-ospf-1] quit # configure switch b. System-view [switchb] router id 2.2.2.2 [switchb] ospf [switchb-ospf-1] area 0 [switchb-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [switchb-ospf-1-ar...
Page 131
114 authentication sequence: [ 0 ] router id: 4.4.4.4 address: 192.168.1.4 gr state: normal state: full mode: nbr is master priority: 1 dr: 192.168.1.4 bdr: 192.168.1.3 mtu: 0 dead timer due in 31 sec neighbor is up for 00:01:28 authentication sequence: [ 0 ] switch d becomes the dr, and switch c is...
Page 132
115 dead timer due in 33 sec neighbor is up for 00:11:15 authentication sequence: [ 0 ] the dr and bdr have not changed. Note: in the above output, you can find the priority configuration does not take effect immediately. 4. Restart ospf process. # restart the ospf process of switch d. Reset ospf 1 ...
Page 133
116 [switcha] display ospf interface ospf process 1 with router id 1.1.1.1 interfaces area: 0.0.0.0 ip address type state cost pri dr bdr 192.168.1.1 broadcast dr 1 100 192.168.1.1 192.168.1.3 [switchb] display ospf interface ospf process 1 with router id 2.2.2.2 interfaces area: 0.0.0.0 ip address ...
Page 134
117 [switcha-ospf-1-area-0.0.0.0] quit # configure switch b. System-view [switchb] ospf 1 router-id 2.2.2.2 [switchb-ospf-1] area 0 [switchb-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [switchb-ospf-1-area-0.0.0.0] quit [switchb-ospf-1] area 1 [switchb–ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0...
Page 135
118 [switchb-ospf-1-area-0.0.0.1] quit [switchb-ospf-1] quit # configure switch c. [switchc] ospf 1 [switchc-ospf-1] area 1 [switchc-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2 [switchc-ospf-1-area-0.0.0.1] quit # display the ospf routing table of switch b. [switchb] display ospf routing ospf process 1 ...
Page 136
119 system-view [switcha] router id 1.1.1.1 [switcha] ospf 100 [switcha-ospf-100] area 0 [switcha-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [switcha-ospf-100-area-0.0.0.0] quit # configure switch b system-view [switchb] router id 2.2.2.2 [switchb] ospf 100 [switchb-ospf-100] area 0 [switchb...
Page 137
120 192.1.1.1(vlan100) from full to down ospf 100: intf 192.1.1.1 rcv interfacedown state backupdr -> down. Ospf 100 nonstandard gr started for ospf router ospf 100 notify rm that ospf process will enter gr. Ospf 100 created gr wait timer, timeout interval is 40(s). Ospf 100 created gr interval time...
Page 138
121 figure 46 network diagram configuration procedure 1. Configure ip addresses for interfaces. (details not shown) 2. Configure ospf basic functions. (see “ configuring ospf basic functions ”) 3. Configure ospf to redistribute routes. # on switch c, configure a static route destined for network 3.1...
Page 139
122 127.0.0.1/32 direct 0 0 127.0.0.1 inloop0 4. On switch c, filter out route 3.1.3.0/24. # configure the ipv4 prefix list. [switchc] ip ip-prefix prefix1 index 1 deny 3.1.3.0 24 [switchc] ip ip-prefix prefix1 index 2 permit 3.1.1.0 24 [switchc] ip ip-prefix prefix1 index 3 permit 3.1.2.0 24 # refe...
Page 140
123 3.1.1.0/24 o_ase 150 1 10.2.1.2 vlan200 3.1.2.0/24 o_ase 150 1 10.2.1.2 vlan200 10.1.1.0/24 direct 0 0 10.1.1.1 vlan100 10.1.1.1/32 direct 0 0 127.0.0.1 inloop0 10.2.1.0/24 direct 0 0 10.2.1.1 vlan200 10.2.1.1/32 direct 0 0 127.0.0.1 inloop0 10.3.1.0/24 ospf 10 4 10.1.1.2 vlan100 10.4.1.0/24 osp...
Page 141
124 # configure switch d. System-view [switchd] bfd echo-source-ip 4.4.4.4 [switchd] ospf 1 [switchd-ospf-1] fast-reroute auto [switchd-ospf-1] quit method ii: enable ospf frr to designate a backup next hop by using a routing policy. # configure switch s. System-view [switchs] bfd echo-source-ip 1.1...
Page 142
125 tag: 0 # display route 1.1.1.1/32 on switch d. You can find the backup next hop information. [switchd] display ip routing-table 1.1.1.1 verbose routing table : public summary count : 1 destination: 1.1.1.1/32 protocol: ospf process id: 1 preference: 10 cost: 1 ipprecedence: qoslcid: nexthop: 13....
Page 143
126 2. Configure ospf basic functions. # configure switch a. System-view [switcha] ospf [switcha-ospf-1] area 0 [switcha-ospf-1-area-0.0.0.0] network 10.1.0.0 0.0.0.255 [switcha-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [switcha-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [switcha-ospf-1-...
Page 144
127 [switchb-vlan-interface10] ospf bfd enable [switchb-vlan-interface10] bfd min-transmit-interval 500 [switchb-vlan-interface10] bfd min-receive-interval 500 [switchb-vlan-interface10] bfd detect-multiplier 6 4. Verify the configuration. The following operations are performed on switch a. The oper...
Page 145
128 %nov 12 18:34:48:823 2005 switcha bfd/5/log: sess[10.1.0.102/10.1.0.100, vlan10], sta : up->down, diag: 1 %nov 12 18:34:48:824 2005 switcha rm/4/rmlog:ospf-nbrchange: process 1, neighbour 10.1.0.102 (vlan10) from full to down *0.50673825 switcha bfd/8/scm:sess[10.1.0.102/10.1.0.100, vlan10],oper...
Page 146
129 protocol: ospf process id: 0 preference: 0 cost: 2 ipprecedence: qoslcid: nexthop: 192.168.0.100 interface: vlan-interface10 bknexthop: 0.0.0.0 bkinterface: relynexthop: 0.0.0.0 neighbor : 0.0.0.0 tunnel id: 0x0 label: null bktunnel id: 0x0 bklabel: null state: invalid adv age: 00h58m05s tag: 0 ...
Page 147
130 solution 1. Use the display ospf peer command to display neighbors. 2. Use the display ospf interface command to display ospf interface information. 3. Use the display ospf lsdb command to display the lsdb to check its integrity. 4. Display information about area configuration using the display ...
Page 148
131 is-is configuration note: • the term router in this document refers to both routers and layer 3 switches. • the s5500-si switch series does not support is-is. Is-is overview intermediate system-to-intermediate system (is-is) is a dynamic routing protocol designed by the international organizatio...
Page 149
132 is-is address format 1. Nsap as shown in figure 49 , an nsap address consists of the initial domain part (idp) and the domain specific part (dsp). The idp is equal to the network id of an ip address, and the dsp is equal to the subnet and host id. The idp includes the authority and format identi...
Page 150
133 net a network entity title (net) indicates the network layer information of an is, and does not include transport layer information. It is a special nsap address with the sel being 0. The length of the net is equal to the nsap, and is in the range of 8 bytes to 20 bytes. A net comprises the foll...
Page 151
134 figure 50 is-is topology 1 figure 51 is another is-is topology. The level-1-2 routers connect to the level-1 and level-2 routers, and form the is-is backbone together with the level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous level-2 and ...
Page 152
135 the routing information of a level-1 area is sent to the level-2 area through the level-1-2 router; therefore, the level-2 router knows the routing information of the entire is-is routing domain. But the level-1-2 router does not share the information of other level-1 areas and the level-2 area ...
Page 153
136 note: on is-is broadcast networks, all routers are adjacent with each other. However, the dis is responsible for the synchronization of their lsdbs. Is-is pdu format pdu header format is-is packets are encapsulated into link layer frames. The protocol data unit (pdu) consists of two parts, the h...
Page 154
137 type pdu type acronym 17 point-to-point is-is hello pdu p2p iih 18 level-1 link state pdu l1 lsp 20 level-2 link state pdu l2 lsp 24 level-1 complete sequence numbers pdu l1 csnp 25 level-2 complete sequence numbers pdu l2 csnp 26 level-1 partial sequence numbers pdu l1 psnp 27 level-2 partial s...
Page 155
138 • priority: dis priority. • lan id: includes the system id and a one-byte pseudonode id. Figure 56 shows the hello packet format on the point-to-point networks. Figure 56 p2p iih format instead of the priority and lan id fields in the lan iih, the p2p iih has a local circuit id field. Lsp packet...
Page 156
139 figure 57 l1/l2 lsp format major fields of the l1/l2 lsp are as follows: • pdu length: total length of the pdu in bytes • remaining lifetime: lsp remaining lifetime in seconds • lsp id: consists of the system id, the pseudonode id (one byte) and the lsp fragment number (one byte) • sequence numb...
Page 157
140 figure 58 lsdb overload • is type: type of the router generating the lsp. Snp format a sequence number pdu (snp) acknowledges the latest received lsps. It is similar to an acknowledge packet, but more efficient. Snp involves complete snp (csnp) and partial snp (psnp), which are further divided i...
Page 158
141 figure 60 l1/l2 psnp format intradomain routing protocol discriminator reserved version r id length version/protocol id extension length indicator maximum area address r r pdu type no. Of octets 1 1 1 1 1 1 1 1 pdu length source id variable length fields 2 id length+1 clv the variable fields of ...
Page 159
142 clv code name pdu type 132 ip interface address iih, lsp supported is-is features multiple instances and processes is-is supports multiple instances and processes. Multiple processes allow an is-is process to work in concert with a group of interfaces. A router can run multiple is-is processes, ...
Page 160
143 the lsp fragment extension feature allows an is-is router to generate more lsp fragments. Up to 50 additional virtual systems can be configured on the router, and each virtual system is capable of generating 256 lsp fragments to enable the is-is router to generate up to 13056 lsp fragments. 1. T...
Page 161
144 dynamic host name mapping mechanism the dynamic host name mapping mechanism provides the mappings between the host names and the system ids for the is-is routers. The dynamic host name information is announced in the dynamic host name clv of an lsp. This mechanism also provides the mapping betwe...
Page 162
145 task remarks configuring is-is link cost optional specifying a priority for is-is required configuring the maximum number of equal cost routes optional configuring is-is route summarization optional advertising a default route optional configuring is-is route redistribution optional configuring ...
Page 163
146 • configure an ip address for each interface, and make sure all neighboring nodes are reachable to each other at the network layer. Enabling is-is follow these steps to enable is-is: to do… use the command… remarks enter system view system-view — enable the is-is routing process and enter its vi...
Page 164
147 configuring the network type of an interface as p2p interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the dis and flood csnp packets to synchronize the lsdbs, but p2p interfaces on a network do not need to elect the dis, and ha...
Page 165
148 equals 40; if the interface bandwidth does not exceed 622 mbps, the interface cost equals 30; if the interface bandwidth does not exceed 2500 mbps, the interface cost equals 20; if the interface bandwidth exceeds 2500 mbps, the interface cost equals 10. If none of the above costs are used, a def...
Page 166
149 to do… use the command… remarks configure a bandwidth reference value for automatic is-is cost calculation bandwidth-reference value optional 100 mbps by default specifying a priority for is-is a router can run multiple routing protocols. When routes to the same destination are found by multiple...
Page 171
154 disabling an interface from sending or receiving is-is packets after being disabled from sending or receiving hello packets, an interface cannot form a neighbor relationship, but can advertise directly connected networks in lsps through other interfaces. This can save bandwidth and cpu resources...
Page 172
155 2. Specify the lsp refresh interval and generation interval each router needs to refresh lsps generated by itself at a configurable interval and send them to other routers to prevent valid routes from being aged out. A smaller refresh interval speeds up network convergence but consumes more band...
Page 173
156 if the is-is routers have different interface mtus, h3c recommends configuring the maximum size of generated lsp packets to be smaller than the smallest interface mtu in this area. If they are not, the routers must dynamically adjust the lsp packet size to fit the smallest interface mtu, which t...
Page 174
157 configuring spf parameters when the lsdb changes on a router, a route calculation starts. Frequent route calculations consume a lot of system resources. You can set an appropriate interval for spf calculations to improve efficiency. Follow these steps to configure the spf parameters: to do… use ...
Page 176
159 to do… use the command... Remarks enter interface view interface interface-type interface-number — configure a dis name isis dis-name symbolic-name optional not configured by default. This command takes effect only on a router with dynamic system id to host name mapping configured. This command ...
Page 178
161 configuring is-is gr note: the is-is gr and is-is nsr features are mutually exclusive. Restarting is-is on a router causes network disconnections and route reconvergence. With the graceful restart (gr) feature, the restarting router—known as the gr restarter—can notify the event to its gr capabl...
Page 179
162 nsr is introduced to solve the problem. It backs up is-is link state information from the master device to the slave device. After a master/slave switchover, nsr can complete link state recovery and route re-generation without requiring the cooperation of other devices. Follow these steps to con...
Page 180
163 • enable is-is configure is-is frr to automatically calculate a backup next hop follow these steps to configure is-is frr: to do… use the command… remarks enter system view system-view — configure the source address of echo packets bfd echo-source-ip ip-address required not configured by default...
Page 181
164 to do… use the command… remarks enter system view system-view — enter is-is view isis [ process-id ] [ vpn-instance vpn-instance-name ] — bind the is-is process with mibs isis mib-binding process-id required by default, mibs are bound with is-is process 1. Configuring bfd for is-is follow these ...
Page 183
166 configuration procedure 1. Configure ip addresses for interfaces. (details not shown) 2. Configure is-is. # configure switch a. System-view [switcha] isis 1 [switcha-isis-1] is-level level-1 [switcha-isis-1] network-entity 10.0000.0000.0001.00 [switcha-isis-1] quit [switcha] interface vlan-inter...
Page 184
167 [switchd-vlan-interface300] quit 3. Verify the configuration. # display the is-is lsdb of each switch to check the lsp integrity. [switcha] display isis lsdb database information for isis(1) -------------------------------- level-1 link state database lspid seq num checksum holdtime length att/p...
Page 185
168 0000.0000.0003.01-00* 0x00000002 0xabdb 854 55 0/0/0 *-self lsp, +-self lsp(extended), att-attached, p-partition, ol-overload level-2 link state database lspid seq num checksum holdtime length att/p/ol -------------------------------------------------------------------------- 0000.0000.0003.00-0...
Page 186
169 route information for isis(1) ----------------------------- isis(1) ipv4 level-1 forwarding table ------------------------------------- ipv4 destination intcost extcost exitinterface nexthop flags -------------------------------------------------------------------------- 192.168.0.0/24 10 null v...
Page 187
170 dis election configuration network requirements as shown in figure 64 , switch a, b, c, and d reside in is-is area 10 on a broadcast network (ethernet). Switch a and switch b are level-1-2 switches, switch c is a level-1 switch, and switch d is a level-2 switch. Change the dis priority of switch...
Page 188
171 [switchc] interface vlan-interface 100 [switchc-vlan-interface100] isis enable 1 [switchc-vlan-interface100] quit # configure switch d. System-view [switchd] isis 1 [switchd-isis-1] network-entity 10.0000.0000.0004.00 [switchd-isis-1] is-level level-2 [switchd-isis-1] quit [switchd] interface vl...
Page 189
172 id ipv4.State ipv6.State mtu type dis 001 up down 1497 l1/l2 yes/no # display information about is-is interfaces of switch d. [switchd] display isis interface interface information for isis(1) --------------------------------- interface: vlan-interface100 id ipv4.State ipv6.State mtu type dis 00...
Page 190
173 id ipv4.State ipv6.State mtu type dis 001 up down 1497 l1/l2 yes/yes note: after the dis priority configuration, switch a becomes the level-1-2 dis, and the pseudonode is 0000.0000.0001.01. # display information about is-is neighbors and interfaces of switch c. [switchc] display isis peer peer i...
Page 191
174 configuring is-is route redistribution network requirements as shown in figure 65 , switch a, switch b, switch c, and switch d reside in the same as. They use is-is to interconnect. Switch a and switch b are level-1 routers, switch d is a level-2 router, and switch c is a level-1-2 router. Redis...
Page 192
175 [switchc-isis-1] network-entity 10.0000.0000.0003.00 [switchc-isis-1] quit [switchc] interface vlan-interface 200 [switchc-vlan-interface200] isis enable 1 [switchc-vlan-interface200] quit [switchc] interface vlan-interface 100 [switchc-vlan-interface100] isis enable 1 [switchc-vlan-interface100...
Page 193
176 10.1.1.0/24 10 null vlan100 direct d/l/- 10.1.2.0/24 10 null vlan200 direct d/l/- 192.168.0.0/24 10 null vlan300 direct d/l/- flags: d-direct, r-added to rm, l-advertised in lsps, u-up/down bit set isis(1) ipv4 level-2 forwarding table ------------------------------------- ipv4 destination intco...
Page 194
177 [switchd] isis 1 [switchd–isis-1] import-route rip level-2 # display is-is routing information on switch c. [switchc] display isis route route information for isis(1) ----------------------------- isis(1) ipv4 level-1 forwarding table ------------------------------------- ipv4 destination intcos...
Page 195
178 figure 66 network diagram for is-is gr configuration vlan-int100 10.0.0.1/24 vlan-int100 10.0.0.3/24 vlan-int100 10.0.0.2/24 gr helper gr helper gr restarter switch a switch c switch b configuration procedure 1. Configure ip addresses of the interfaces on each switch and configure is-is. Follow ...
Page 196
179 t2 timer status: remaining time: 59 is-is(1) level-2 restart status restart interval: 150 sa bit supported total number of interfaces = 1 restart status: restarting number of lsps awaited: 3 t3 timer status: remaining time: 140 t2 timer status: remaining time: 59 is-is nsr configuration example ...
Page 197
180 if routes from switch a to the loopback interface on switch b and from switch b to the loopback interface on switch a exist. # when a master/slave switchover occurs on switch s, display is-is neighbors and routes on switch a. Display isis peer peer information for isis(1) -----------------------...
Page 198
181 interface: vlan200 circuit id: 0000.0000.0001.01 state: up holdtime: 25s type: l1(l1l2) pri: 64 system id: 0000.0000.0001 interface: vlan200 circuit id: 0000.0000.0001.01 state: up holdtime: 27s type: l2(l1l2) pri: 64 display isis route route information for isis(1) -----------------------------...
Page 199
182 figure 68 network diagram for is-is frr configuration switch s switch d switch a loop 0 1.1.1.1/32 vla n-i nt1 00 12 .12 .12 .1/ 24 vlan-int200 13.13.13.1/24 vlan-int200 13.13.13.2/24 vla n-i nt1 00 12 .12 .12 .2/ 24 vla n-in t10 1 24.2 4.2 4.2 /24 vla n-in t10 1 24.2 4.2 4.4 /24 loop 0 4.4.4.4/...
Page 200
183 # configure switch d. System-view [switchd] bfd echo-source-ip 4.4.4.4 [switchd] ip ip-prefix abc index 10 permit 1.1.1.1 32 [switchd] route-policy frr permit node 10 [switchd-route-policy] if-match ip-prefix abc [switchd-route-policy] apply fast-reroute backup-interface vlan-interface 101 backu...
Page 201
184 is-is authentication configuration example network requirements as shown in figure 69 , switch a, switch b, switch c and switch d reside in the same is-is routing domain. Switch a, switch b, and switch c belong to area 10, and switch d belongs to area 20. Configure relationship authentication be...
Page 202
185 [switchc] isis 1 [switchc-isis-1] network-entity 10.0000.0000.0003.00 [switchc-isis-1] quit [switchc] interface vlan-interface 200 [switchc-vlan-interface200] isis enable 1 [switchc-vlan-interface200] quit [switchc] interface vlan-interface 300 [switchc-vlan-interface300] isis enable 1 [switchc-...
Page 203
186 [switcha] isis 1 [switcha-isis-1] area-authentication-mode md5 10sec [switcha-isis-1] quit [switchb] isis 1 [switchb-isis-1] area-authentication-mode md5 10sec [switchb-isis-1] quit [switchc] isis 1 [switchc-isis-1] area-authentication-mode md5 10sec [switchc-isis-1] quit 5. Configure routing do...
Page 204
187 # configure switch a. System-view [switcha] isis [switcha-isis-1] network-entity 10.0000.0000.0001.00 [switcha-isis-1] quit [switcha] interface vlan-interface 10 [switcha-vlan-interface10] isis enable [switcha-vlan-interface10] quit [switcha] interface vlan-interface 11 [switcha-vlan-interface11...
Page 205
188 [switchb-vlan-interface10] bfd detect-multiplier 8 [switchb-vlan-interface10] return 4. Verify the configuration. The following configurations are made on switch a. Configurations for switch b are similar. (details not shown) # display the bfd information of switch a. Display bfd session total s...
Page 206
189 #aug 8 14:54:05:363 2008 switcha isis/4/adj_change:trapid(1.3.6.1.2.1.138.0.17), isis level-2 adjencency in circuit-983041 state change. #aug 8 14:54:05:364 2008 switcha isis/4/adj_change:trapid(1.3.6.1.2.1.138.0.17), isis level-1 adjencency in circuit-983041 state change. %aug 8 14:54:05:365 20...
Page 207
190 bgp configuration the border gateway protocol (bgp) is a dynamic inter-as exterior gateway protocol. Note: • the term router refers to both routers and layer 3 switches, and bgp refers to bgp-4 in this document. • the s5500-si switch series does not support bgp. Bgp overview the three early bgp ...
Page 208
191 • keepalive • route-refresh they have the same header. Figure 71 bgp message header • marker—the 16-byte field is used to delimit bgp messages. The marker must be all ones. • length—the two-byte unsigned integer indicates the total length of the message. • type—this one-byte unsigned integer ind...
Page 209
192 • optional parameters—used for multiprotocol extensions and other functions. Update the update messages are used to exchange routing information between peers. It can advertise feasible routes or remove multiple unfeasible routes. Figure 73 bgp update message format each update message can adver...
Page 210
193 keepalive keepalive messages are sent between peers to maintain connectivity. Its format contains only the message header. Route-refresh a route-refresh message is sent to a peer to request the specified address family routing information. Figure 75 bgp route-refresh message format • afi—address...
Page 211
194 name category cluster_list optional non-transitive usage of bgp path attributes 1. Origin origin is a well-known mandatory attribute that defines the origin of routing information (how a route became a bgp route). This attribute has the following types: • igp—has the highest priority. Routes add...
Page 212
195 use the as_path attribute for route selection and filtering. Bgp gives priority to the route with the shortest as_path length, if other factors are the same. As shown in figure 76 , the bgp router in as50 gives priority to the route passing as40 for sending data to the destination 8.0.0.0. In so...
Page 213
196 figure 78 med attribute d = 9.0.0.0 next_hop = 2.1.1.1 med = 0 d = 9.0.0.0 next_hop = 3.1.1.1 med = 100 med = 0 router b router a router c router d 2.1.1.1 3.1.1.1 med = 100 as 20 as 10 9.0.0.0 ebgp ebgp ibgp ibgp ibgp in general, bgp compares meds of routes received from the same as only. Note:...
Page 214
197 based on the community attribute values. This simplifies routing policy usage and facilitates management and maintenance. Well-known community attributes are as follows: • internet: by default, all routes belong to the internet community. Routes with this attribute can be advertised to all bgp p...
Page 215
198 • igp routing protocols such as rip and ospf compute metrics of routes, and then implement load balancing over routes with the same metric and to the same destination. The route selection criterion is metric. • bgp has no route computation algorithm, so it cannot implement load balancing accordi...
Page 216
199 • a bgp speaker advertises routes learned through ibgp to ebgp peers. If bgp and igp synchronization is disabled, those routes are advertised to ebgp peers directly. If the feature is enabled, only after igp advertises those routes, can bgp advertise the routes to ebgp peers. • a bgp speaker adv...
Page 217
200 when a route flap occurs, the routing protocol sends an update to its neighbor, and then the neighbor must recalculate routes and modify the routing table. Frequent route flaps consume large bandwidth and cpu resources, which could affect network operation. In most cases, bgp is used in complex ...
Page 218
201 besides using well-known community attributes, you can define extended community attributes by using a community list to define a routing policy. Route reflector ibgp peers must be fully meshed to maintain connectivity. If n routers exist in an as, the number of ibgp connections is n (n-1)/2, an...
Page 219
202 note: after route reflection is disabled between clients, routes can still be reflected between a client and a non-client. Confederation confederation is another method to manage growing ibgp connections in ass. This method splits an as into multiple sub-ass. In each sub-as, ibgp peers are fully...
Page 220
203 session. If neither party has the gr capability, the session established between them will not be gr capable. 3. When a master/slave switchover occurs on the gr restarter, sessions on it will go down. Then, gr-capable peers will mark all routes associated with the gr restarter as stale. However,...
Page 221
204 • rfc 2439, bgp route flap damping • rfc 1997, bgp communities attribute • rfc 2796, bgp route reflection • rfc 3065, autonomous system confederations for bgp • rfc 4271, a border gateway protocol 4 (bgp-4) • rfc 5291, outbound route filtering capability for bgp-4 • rfc 5292, address-prefix-base...
Page 222
205 task remarks configuring the bgp keepalive interval and holdtime optional configuring the interval for sending the same update optional configuring bgp soft-reset optional enabling the bgp orf capability optional enabling 4-byte as number suppression optional enabling quick ebgp session reestabl...
Page 223
206 follow these steps to create a bgp connection: to do… use the command… remarks enter system view system-view — configure a global router id router id router-id optional not configured by default. If no global router id is configured, the highest loopback interface ip address—if any—is used as th...
Page 225
208 injecting a local network in bgp view, you can inject a local network to allow bgp to advertise to bgp peers. The origin attribute of routes advertised in this way is igp. You can also reference a routing policy to flexibly control route advertisement. The network to be injected must be availabl...
Page 229
212 in addition to the reachability check of the next hop, the bgp router must find an active igp route with the same destination network segment before it can advertise the ibgp route (use the display ip routing-table protocol command to check the igp route state). Follow these steps to enable bgp ...
Page 231
214 configuring preferences for bgp routes a router can run multiple routing protocols with each having a preference. If they find the same route, the route found by the routing protocol with the highest preference is selected. This task allows you to configure preferences for external, internal, an...
Page 232
215 to do… use the command… remarks configure the default med value default med med-value optional 0 by default enable the comparison of med of routes from different ass follow these steps to enable the comparison of med of routes from different ass: to do… use the command… remarks enter system view...
Page 233
216 problem. The following output is the bgp routing table on router d after the comparison of med of routes from each as is enabled. Network 10.0.0.0 learned from router c is the optimal route. Network nexthop med locprf prefval path/ogn *>i 10.0.0.0 3.3.3.3 50 0 200e * i 10.0.0.0 2.2.2.2 50 0 300e...
Page 234
217 figure 87 next hop attribute configuration 1 if a bgp router has two peers on a common broadcast network, it does not set itself as the next hop for routes sent to an ebgp peer by default. As shown in figure 88 , router a and router b establish an ebgp neighbor relationship, and router b and rou...
Page 236
219 figure 89 as number substitution configuration mpls backbone vpnv4_update:10.1.0.0/16 rd:10.1.1.1/32 as_path:800 ebgp_update:10.1.1.1/32 as_path:100,100 pe 1 pe 2 as 800 ebgp_update:10.1.1.1/32 as_path:800 as 800 as 100 ce 1 ce 2 as shown in the above figure, ce 1 and ce 2 use the same as number...
Page 237
220 to do… use the command… remarks configure bgp to ignore the first as number of ebgp route updates ignore-first-as required by default, bgp checks the first as number of ebgp route updates. Tuning and optimizing bgp networks configuration prerequisites bgp connections must be created. Configuring...
Page 238
221 note: • the maximum keepalive interval must be one third of the holdtime and no less than one second. The holdtime is no less than three seconds unless it is set to 0. • the intervals set with the peer timer command are preferred to those set with the timer command. • if the router has establish...
Page 241
224 note: if the peer device supports 4-byte as numbers, do not enable the 4-byte as number suppression function; otherwise, the bgp peer relationship cannot be established. Enabling quick ebgp session reestablishment if the router receives no keepalive messages from a bgp peer within the holdtime, ...
Page 242
225 to do… use the command… remarks configure the maximum number of bgp routes for load balancing balance number optional load balancing is not enabled by default. Forbiding session establishment with a peer or peer group follow these steps to forbid session establishment with a peer or peer group: ...
Page 243
226 to do… use the command… remarks enter bgp view bgp as-number — create an ibgp peer group group group-name [ internal ] required add a peer into the ibgp peer group peer ip-address group group-name required configure an ebgp peer group if peers in an ebgp group belong to the same external as, the...
Page 244
227 to do… use the command… remarks add the peer into the group peer ip-address group group-name [ as-number as-number ] required the as number can be either specified or not specified in the command. If specified, the as number must be the same as that specified for the peer with the peer ip-addres...
Page 246
229 configure a bgp confederation after you split an as into multiple sub ass, you can configure a router in a sub as as follows: 1. Enable bgp and specify the as number of the router. 2. Specify the confederation id. From an outsider’s perspective, the sub ass of the confederation is a single as, w...
Page 247
230 to do… use the command… remarks enable bgp and enter its view bgp as-number — enable gr capability for bgp graceful-restart required disabled by default configure the maximum time allowed for the peer to reestablish a bgp session graceful-restart timer restart timer optional 150 seconds by defau...
Page 248
231 configuring bfd for bgp bgp maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds. Bgp defines that the holdtime interval must be at least three times the keepalive interval. This slows down link failure detection; once a failure occurs on a h...
Page 250
233 to do… use the command… remarks reset the bgp connections to a peer group reset bgp group group-name reset all ibgp connections reset bgp internal reset all ipv4 unicast bgp connections reset bgp ipv4 all clearing bgp information to do… use the command… remarks clear dampened bgp routing informa...
Page 251
234 system-view [switchb] bgp 65009 [switchb-bgp] router-id 2.2.2.2 [switchb-bgp] peer 3.3.3.3 as-number 65009 [switchb-bgp] peer 3.3.3.3 connect-interface loopback 0 [switchb-bgp] quit [switchb] ospf 1 [switchb-ospf-1] area 0 [switchb-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [switchb-ospf-1-are...
Page 252
235 [switcha-bgp] quit # configure switch b. [switchb] bgp 65009 [switchb-bgp] peer 3.1.1.2 as-number 65008 [switchb-bgp] quit # display bgp peer information on switch b. [switchb] display bgp peer bgp local router id : 2.2.2.2 local as number : 65009 total number of peers : 2 peers in established s...
Page 253
236 total number of routes: 1 bgp local router id is 3.3.3.3 status codes: * - valid, ^ - vpnv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn i 8.1.1.0/24 3.1.1.2 0 100 0 65008i n...
Page 254
237 origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn i 2.2.2.2/32 2.2.2.2 0 100 0 ? *>i 3.1.1.0/24 2.2.2.2 0 100 0 ? *>i 8.1.1.0/24 3.1.1.2 0 100 0 65008i * i 9.1.1.0/24 2.2.2.2 0 100 0 ? The output shows that the route 8.1.1.0 becomes valid with the next hop as ...
Page 255
238 system-view [switchb] ospf 1 [switchb-ospf-1] area 0 [switchb-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [switchb-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [switchb-ospf-1-area-0.0.0.0] quit [switchb-ospf-1] quit # configure switch c. System-view [switchc] ospf 1 [switchc-ospf-1] import-r...
Page 256
239 status codes: * - valid, ^ - vpnv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn *> 3.3.3.3/32 3.1.1.1 1 0 65009? *> 8.1.1.0/24 0.0.0.0 0 0 i *> 9.1.2.0/24 3.1.1.1 1 0 65009? ...
Page 257
240 --- 8.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 2/2/2 ms bgp load balancing configuration network requirements as shown in figure 92 , all the switches run bgp. Switch a resides in as 65008, switch b and switch c in as 65009...
Page 258
241 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] peer 3.1.1.1 as-number 65009 [switcha-bgp] peer 3.1.2.1 as-number 65009 [switcha-bgp] network 8.1.1.1 24 [switcha-bgp] quit # configure switch b. System-view [switchb] bgp 65009 [switchb-bgp] router-id 2.2.2.2 [switchb-bgp] peer 3.1.1.2 as-number 650...
Page 259
242 since switch a has two routes to reach as 65009, configuring load balancing over the two bgp routes on switch a can improve link utilization. # configure switch a. [switcha] bgp 65008 [switcha-bgp] balance 2 [switcha-bgp] quit 4. Verify the configuration. # display the bgp routing table on switc...
Page 260
243 configuration procedure 1. Configure ip addresses for interfaces. (details not shown) 2. Configure ebgp. # configure switch a. System-view [switcha] bgp 10 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] peer 200.1.2.2 as-number 20 [switcha-bgp] network 9.1.1.0 255.255.255.0 [switcha-bgp] quit # c...
Page 261
244 bgp local router id is 3.3.3.3 status codes: * - valid, ^ - vpnv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn *> 9.1.1.0/24 200.1.3.1 0 0 20 10i switch c has learned route 9...
Page 262
245 figure 94 network diagram configuration procedure 1. Configure ip addresses for interfaces. (details not shown) 2. Configure bgp connections. # configure switch a. System-view [switcha] bgp 100 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] peer 192.1.1.2 as-number 200 # inject network 1.0.0.0/8 ...
Page 263
246 # configure switch c. [switchc] bgp 200 [switchc-bgp] peer 193.1.1.2 reflect-client [switchc-bgp] peer 194.1.1.2 reflect-client [switchc-bgp] quit 4. Verify the configuration. # display the bgp routing table on switch b. [switchb] display bgp routing-table total number of routes: 1 bgp local rou...
Page 264
247 figure 95 network diagram switch f switch a switch d switch e as 200 as 100 vlan-int600 switch b switch c as 65002 as 65003 vlan-int100 vlan-int100 as 65001 vl an- int300 vlan-int400 vlan-int500 vlan-int400 vlan-int500 vlan-int200 vlan-int200 vlan-int300 vlan-int200 device interface ip address d...
Page 265
248 system-view [switchc] bgp 65003 [switchc-bgp] router-id 3.3.3.3 [switchc-bgp] confederation id 200 [switchc-bgp] confederation peer-as 65001 65002 [switchc-bgp] peer 10.1.2.1 as-number 65001 [switchc-bgp] quit 3. Configure ibgp connections in as65001. # configure switch a. [switcha] bgp 65001 [s...
Page 266
249 total number of routes: 1 bgp local router id is 2.2.2.2 status codes: * - valid, ^ - vpnv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn *>i 9.1.1.0/24 10.1.1.1 0 100 0 (6500...
Page 267
250 origin : igp attribute value : med 0, localpref 100, pref-val 0, pre 255 state : valid, internal, best, not advertised to any peers yet the output information shows the following: • switch f can send route information to switch b and switch c through the confederation by establishing only an ebg...
Page 268
251 [switchb-ospf-1-area-0.0.0.0] quit [switchb-ospf-1] quit # configure switch c. System-view [switchc] ospf [switchc-ospf] area 0 [switchc-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [switchc-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [switchc-ospf-1-area-0.0.0.0] quit [switchc-ospf-1] ...
Page 269
252 • method i: configure a higher med value for the route 1.0.0.0/8 advertised from switch a to peer 192.1.1.2. # define an acl numbered 2000 to permit route 1.0.0.0/8. [switcha] acl number 2000 [switcha-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [switcha-acl-basic-2000] quit # define...
Page 270
253 [switchc-route-policy] apply local-preference 200 [switchc-route-policy] quit # apply routing policy localpref to routes from peer 193.1.1.1. [switchc] bgp 200 [switchc-bgp] peer 193.1.1.1 route-policy localpref import [switchc-bgp] quit # display the routing table on switch d. [switchd] display...
Page 271
254 # inject network 8.0.0.0/8 to the bgp routing table. [switcha-bgp] network 8.0.0.0 # enable gr capability for bgp. [switcha-bgp] graceful-restart 2. Configure switch b. # configure ip addresses for interfaces. (details not shown) # configure the ebgp connection. System-view [switchb] bgp 65009 [...
Page 272
255 figure 98 network diagram device interface ip address device interface ip address switch a vlan-int100 3.0.1.1/24 switch c vlan-int101 3.0.2.2/24 vlan-int200 2.0.1.1/24 vlan-int201 2.0.2.2/24 switch b vlan-int100 3.0.1.2/24 switch d vlan-int200 2.0.1.2/24 vlan-int101 3.0.2.1/24 vlan-int201 2.0.2...
Page 273
256 [switcha-route-policy] quit [switcha] route-policy apply_med_100 permit node 10 [switcha-route-policy] if-match acl 2000 [switcha-route-policy] apply cost 100 [switcha-route-policy] quit • apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing policy apply_med_10...
Page 274
257 the following operations are made on switch c. Operations on switch a are similar. (details not shown) # display detailed bfd session information. Display bfd session verbose total session num: 1 init mode: active ip session working under ctrl mode: local discr: 17 remote discr: 13 source ip: 3....
Page 275
258 destination: 1.1.1.0/24 protocol: bgp process id: 0 preference: 0 cost: 100 nexthop: 2.0.1.1 interface: vlan-interface201 bknexthop: 0.0.0.0 bkinterface: relynexthop: 2.0.2.1 neighbor : 2.0.1.1 tunnel id: 0x0 label: null state: invalid adv age: 00h08m54s tag: 0 the output shows that switch c has...
Page 276
259 troubleshooting bgp bgp peer relationship not established symptom display bgp peer information by using the display bgp peer command. The state of the connection to a peer cannot become established. Analysis to become bgp peers, any two routers must establish a tcp session using port 179 and exc...
Page 277
260 ipv6 static routing configuration note: • the term router in this document refers to both routers and layer 3 switches. • the s5500-si switch series does not support vpn-related parameters. Introduction to ipv6 static routing static routes are manually configured. They work well in simple networ...
Page 279
262 figure 99 network diagram configuration procedure 1. Configure the ipv6 addresses for all vlan interfaces. (details not shown) 2. Configure ipv6 static routes. # configure a default ipv6 static route on switch a. System-view [switcha] ipv6 [switcha] ipv6 route-static :: 0 4::2 # configure two ip...
Page 280
263 interface : inloop0 cost : 0 destination : 1::/64 protocol : direct nexthop : 1::1 preference : 0 interface : vlan-interface100 cost : 0 destination : 1::1/128 protocol : direct nexthop : ::1 preference : 0 interface : inloop0 cost : 0 destination : fe80::/10 protocol : direct nexthop : :: prefe...
Page 281
264 ripng configuration note: • the term router in this document refers to both routers and layer 3 switches. • the s5500-si switch series does not support vpn-related parameters. Introduction to ripng rip next generation (ripng) is an extension of rip-2 for ipv4. Most rip concepts are applicable in...
Page 282
265 ripng packet format basic format a ripng packet consists of a header and multiple route table entries (rtes). The maximum number of rtes in a packet depends on the ipv6 mtu of the sending interface. Figure 100 ripng basic packet format … packet header description: • command: type of message. 0x0...
Page 283
266 ripng packet processing procedure request packet when a ripng router first starts or needs to update entries in its routing table, usually a multicast request packet is sent to ask for needed routes from neighbors. The receiving ripng router processes rtes in the request. If only one rte exists ...
Page 284
267 configuring ripng basic functions this section presents the information to configure the basic ripng features. You must enable ripng first before configuring other tasks, but it is not necessary for ripng-related interface configurations, such as assigning an ipv6 address. Configuration prerequi...
Page 285
268 • define an ipv6 address prefix list before using it for route filtering. See the chapter “routing policy configuration” for related information. Configuring an additional routing metric an additional routing metric can be added to the metric of an inbound or outbound rip route. The outbound add...
Page 286
269 configuring a ripng route filtering policy reference a configured ipv6 acl or prefix list to filter received or advertised routing information. You can also filter outbound routes redistributed from a routing specific routing protocol. Follow these steps to configure a ripng route filtering poli...
Page 287
270 tuning and optimizing the ripng network this section describes how to tune and optimize the performance of the ripng network, as well as applications under special network environments. Before tuning and optimizing the ripng network, complete the following tasks: • configure a network layer addr...
Page 288
271 note: h3c recommends enabling split horizon to prevent routing loops. Configuring the poison reverse function the poison reverse function enables a route learned from an interface to be advertised through the interface. However, the metric of the route is set to 16 (unreachable). Follow these st...
Page 289
272 applying ipsec policies for ripng to protect routing information and defend attacks, ripng supports using an ipsec policy to authenticate protocol packets. Outbound ripng packets carry the security parameter index (spi) defined in the relevant ipsec policy. A device uses the spi carried in a rec...
Page 291
274 [switcha-vlan-interface100] quit [switcha] interface vlan-interface 400 [switcha-vlan-interface400] ripng 1 enable [switcha-vlan-interface400] quit # configure switch b. System-view [switchb] ripng 1 [switchb-ripng-1] quit [switchb] interface vlan-interface 200 [switchb-vlan-interface200] ripng ...
Page 292
275 route flags: a - aging, s - suppressed, g - garbage-collect ---------------------------------------------------------------- peer fe80::200:2ff:fe64:8904 on vlan-interface100 dest 1::/64, via fe80::200:2ff:fe64:8904, cost 1, tag 0, a, 31 sec dest 4::/64, via fe80::200:2ff:fe64:8904, cost 2, tag ...
Page 293
276 configuring ripng route redistribution network requirements two ripng processes are running on switch b, which communicates with switch a through ripng 100 and with switch c through ripng 200. Configure route redistribution on switch b, letting the two ripng processes redistribute routes from ea...
Page 294
277 [switchc-vlan-interface300] quit [switchc] interface vlan-interface 400 [switchc-vlan-interface400] ripng 200 enable [switchc-vlan-interface400] quit # display the routing table of switch a. [switcha] display ipv6 routing-table routing table : destinations : 6 routes : 6 destination: ::1/128 pro...
Page 295
278 nexthop : ::1 preference: 0 interface : inloop0 cost : 0 destination: 1::/64 protocol : direct nexthop : 1::1 preference: 0 interface : vlan100 cost : 0 destination: 1::1/128 protocol : direct nexthop : ::1 preference: 0 interface : inloop0 cost : 0 destination: 2::/64 protocol : direct nexthop ...
Page 296
279 [switcha-vlan-interface100] quit # configure switch b. System-view [switchb] ripng 1 [switchb-ripng-1] quit [switchb] interface vlan-interface 200 [switchb-vlan-interface200] ripng 1 enable [switchb-vlan-interface200] quit [switchb] interface vlan-interface 100 [switchb-vlan-interface100] ripng ...
Page 297
280 [switchb-ipsec-proposal-tran1] quit [switchb] ipsec policy policy001 10 manual [switchb-ipsec-policy-manual-policy001-10] proposal tran1 [switchb-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [switchb-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [switchb-ipsec-policy-...
Page 298
281 ospfv3 configuration note: • the term router in this document refers to both routers and layer 3 switches. • the s5500-si switch series does not support ospfv3. Introduction to ospfv3 ospfv3 overview open shortest path first version 3 (ospfv3) supports ipv6 and complies with rfc 2740 (ospf for i...
Page 299
282 • packet length—packet length in bytes, including header. • instance id—instance id for a link. • 0—reserved. It must be 0. Ospfv3 lsa types ospfv3 sends routing information in lsas, which, as defined in rfc 2740, have the following types: • router-lsa—originated by all routers. This lsa describ...
Page 300
283 after sending an lsa to its adjacency, a router waits for an acknowledgment from the adjacency. If no response is received after the retransmission interval elapses, the router will send the lsa again. The retransmission interval must be longer than the round-trip time of the lsa. Lsa delay time...
Page 301
284 task remarks configuring an ospfv3 cost for an interface optional configuring the maximum number of ospfv3 load-balanced routes optional configuring a priority for ospfv3 optional configuring ospfv3 route redistribution optional configuring ospfv3 timers optional configuring a dr priority for an...
Page 302
285 to do… use the command… remarks specify a router id router-id router-id required enter interface view interface interface-type interface-number — enable an ospfv3 process on the interface ospfv3 process-id area area-id [ instance instance-id ] required not enabled by default configuring ospfv3 a...
Page 303
286 note: • you cannot remove an ospfv3 area directly. The area can be removed only when you remove all configurations in area view and all interfaces attached to the area become down. • all the routers attached to a stub area must be configured with the stub command. The keyword no-summary is only ...
Page 304
287 configuration prerequisites before configuring ospfv3 network types, complete the following tasks: • configure ipv6 functions • configure ospfv3 basic functions configuring the ospfv3 network type for an interface follow these steps to configure the ospfv3 network type for an interface: to do… u...
Page 305
288 configuring ospfv3 route summarization if contiguous network segments exist in an area, use the abr-summary command to summarize them into one network segment on the abr. The abr will advertise only the summary route. Any lsa in the specified network segment will not be advertised, reducing the ...
Page 306
289 to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number — configure an ospfv3 cost for the interface ospfv3 cost value [ instance instance-id ] optional the default cost depends on the interface type: 1 for a vlan interface; ...
Page 307
290 configuring ospfv3 route redistribution follow these steps to configure ospfv3 route redistribution: to do… use the command… remarks enter system view system-view — enter ospfv3 view ospfv3 [ process-id ] — specify a default cost for redistributed routes default cost value optional defaults to 1...
Page 308
291 configuration prerequisites before tuning and optimizing ospfv3 networks, complete the following tasks: • enable ipv6 packet forwarding • configure ospfv3 basic functions configuring ospfv3 timers follow these steps to configure ospfv3 timers: to do… use the command… remarks enter system view sy...
Page 309
292 configuring a dr priority for an interface follow these steps to configure a dr priority for an interface: to do… use the command… remarks enter system view system-view — enter interface view interface interface-type interface-number — configure a dr priority ospfv3 dr-priority priority [ instan...
Page 310
293 enable the logging of neighbor state changes follow these steps to enable the logging of neighbor state changes: to do… use the command… remarks enter system view system-view — enter ospfv3 view ospfv3 [ process-id ] — enable the logging of neighbor state changes log-peer-change required enabled...
Page 311
294 configuring gr helper you can configure the gr helper capability on a gr helper. Follow these steps to configure gr helper to do… use the command… remarks enter system view system-view — enter ospfv3 view ospfv3 [ process-id ] — enable the gr helper capability graceful-restart helper enable opti...
Page 312
295 applying ipsec policies for ospfv3 to protect routing information and defend attacks, ospfv3 can authenticate protocol packets by using an ipsec policy. Outbound ospfv3 packets carry the security parameter index (spi) defined in the relevant ipsec policy. A device uses the spi carried in a recei...
Page 315
298 [switcha-ospfv3-1] router-id 1.1.1.1 [switcha-ospfv3-1] quit [switcha] interface vlan-interface 300 [switcha-vlan-interface300] ospfv3 1 area 1 [switcha-vlan-interface300] quit [switcha] interface vlan-interface 200 [switcha-vlan-interface200] ospfv3 1 area 1 [switcha-vlan-interface200] quit # c...
Page 316
299 3.3.3.3 1 full/dr 00:00:39 vlan100 0 ospfv3 area id 0.0.0.1 (process 1) ---------------------------------------------------------------------- neighbor id pri state dead time interface instance id 1.1.1.1 1 full/backup 00:00:38 vlan200 0 # display ospfv3 neighbor information on switch c. [switch...
Page 317
300 [switchc-ospfv3-1] area 2 [switchc-ospfv3-1-area-0.0.0.2] stub [switchc-ospfv3-1-area-0.0.0.2] default-cost 10 # display ospfv3 routing table information on switch d. A default route is added, and its cost is the cost of a direct route plus the configured cost. [switchd] display ospfv3 routing e...
Page 318
301 nexthop : directly-connected interface: vlan400 configuring ospfv3 dr election network requirements as shown in figure 108 : • the priority of switch a is 100, the highest priority on the network, so it will be the dr. • the priority of switch c is 2, the second highest priority on the network, ...
Page 319
302 # configure switch c. System-view [switchc] ipv6 [switchc] ospfv3 [switchc-ospfv3-1] router-id 3.3.3.3 [switchc-ospfv3-1] quit [switchc] interface vlan-interface 100 [switchc-vlan-interface100] ospfv3 1 area 0 [switchc-vlan-interface100] quit # configure switch d. System-view [switchd] ipv6 [swi...
Page 320
303 [switchc-vlan-interface100] ospfv3 dr-priority 2 [switchc-vlan-interface100] quit # display neighbor information on switch a. Dr priorities have been updated, but the dr and bdr are not changed. [switcha] display ospfv3 peer ospfv3 area id 0.0.0.0 (process 1) ------------------------------------...
Page 321
304 configure ospfv3 process 2 to redistribute direct routes and the routes from ospfv3 process 1 on switch b and set the default metric for redistributed routes to 3. Then, switch c can learn the routes destined for 1::0/64 and 2::0/64, and switch a cannot learn the routes destined for 3::0/64 or 4...
Page 322
305 system-view [switchc] ipv6 [switchc] ospfv3 2 [switchc-ospfv3-2] router-id 4.4.4.4 [switchc-ospfv3-2] quit [switchc] interface vlan-interface 300 [switchc-vlan-interface300] ospfv3 2 area 2 [switchc-vlan-interface300] quit [switchc] interface vlan-interface 400 [switchc-vlan-interface400] ospfv3...
Page 323
306 # display the routing table of switch c. [switchc] display ipv6 routing-table routing table : destinations : 8 routes : 8 destination: ::1/128 protocol : direct nexthop : ::1 preference: 0 interface : inloop0 cost : 0 destination: 1::/64 protocol : ospfv3 nexthop : fe80::200:cff:fe01:1c03 prefer...
Page 324
307 figure 110 network diagram configuration procedure 1. Configure ipv6 addresses for interfaces. (details not shown) 2. Configure ospfv3 basic functions. # on switch a, enable ospfv3 process 1, enable gr, and set the router id to 1.1.1.1. System-view [switcha] ipv6 [switcha] ospfv3 1 [switcha-ospf...
Page 325
308 after all switches function properly, perform a master/slave switchover on switch a to trigger an ospfv3 gr operation. Configuring bfd for ospfv3 network requirements in figure 111 , configure ospfv3 on switch a, switch b and switch c and configure bfd over the link switch al2 switchswitch b. Af...
Page 326
309 [switchb] ospfv3 [switchb-ospf-1] router-id 2.2.2.2 [switchb-ospf-1] quit [switchb] interface vlan-interface 10 [switchb-vlan-interface10] ospfv3 1 area 0 [switchb-vlan-interface10] quit [switchb] interface vlan-interface 13 [switchb-vlan-interface13] ospfv3 1 area 0 [switchb-vlan-interface13] q...
Page 327
310 local discr: 1441 remote discr: 1450 source ip: fe80::20f:ff:fe00:1202 (link-local address of vlan-interface 10 on switch a) destination ip: fe80::20f:ff:fe00:1200 (link-local address of vlan-interface 10 on switch b) session state: up interface: vlan10 hold time: / # display routes to 2001:4::0...
Page 328
311 # display the bfd information of switch a. You can see that switch a has removed its neighbor relationship with switch b and therefore no information is output. Display bfd session # display routes to 2001:4::0/64 on switch a, and you can see that switch a communicates with switch b through swit...
Page 329
312 [switcha-ospfv3-1] quit [switcha] interface vlan-interface 200 [switcha-vlan-interface200] ospfv3 1 area 1 [switcha-vlan-interface200] quit # configure switch b: enable ospfv3 and configure the router id as 2.2.2.2. System-view [switchb] ipv6 [switchb] ospfv3 1 [switchb-ospfv3-1] router-id 2.2.2...
Page 330
313 tran1, set the spis of the inbound and outbound sas to 12345, and the keys for the inbound and outbound sas using esp to abcdefg; create an ipsec proposal named tran2, and set the encapsulation mode to transport mode, the security protocol to esp, the encryption algorithm to des, and authenticat...
Page 331
314 [switchc-ipsec-policy-manual-policy002-10] quit 4. Apply the ipsec policies in areas. # configure switch a. [switcha] ospfv3 1 [switcha-ospfv3-1] area 1 [switcha-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001 [switcha-ospfv3-1-area-0.0.0.1] quit [switcha-ospfv3-1] quit # configure switch b...
Page 332
315 incorrect routing information symptom ospfv3 cannot find routes to other areas. Analysis the backbone area must maintain connectivity to all other areas. If a router connects to more than one area, at least one area must be connected to the backbone. The backbone cannot be configured as a stub a...
Page 333
316 ipv6 is-is configuration note: • ipv6 is-is supports all ipv4 is-is features, but advertises ipv6 routing information. This document describes only ipv6 is-is exclusive configuration tasks. For other configuration tasks, see the chapter “is-is configuration.” • the term router in this document r...
Page 334
317 to do… use command to… remarks enter system view system-view –– enable an is-is process and enter is-is view isis [ process-id ] required not enabled by default configure the network entity title for the is-is process network-entity net required not configured by default enable ipv6 for the is-i...
Page 337
320 ipv6 is-is configuration examples ipv6 is-is basic configuration example network requirements as shown in figure 113 , switch a, switch b, switch c, and switch d reside in the same autonomous system, and all are enabled with ipv6. Switch a and switch b are level-1 switches, switch d is a level-2...
Page 338
321 [switchb] interface vlan-interface 200 [switchb-vlan-interface200] isis ipv6 enable 1 [switchb-vlan-interface200] quit # configure switch c. System-view [switchc] ipv6 [switchc] isis 1 [switchc-isis-1] network-entity 10.0000.0000.0003.00 [switchc-isis-1] ipv6 enable [switchc-isis-1] quit [switch...
Page 339
322 flag : d/l/- cost : 10 next hop : direct interface: vlan100 destination: 2001:2:: prefixlen: 64 flag : r/-/- cost : 20 next hop : fe80::200:ff:fe0f:4 interface: vlan100 destination: 2001:3:: prefixlen: 64 flag : r/-/- cost : 20 next hop : fe80::200:ff:fe0f:4 interface: vlan100 flags: d-direct, r...
Page 340
323 destination: 2001:2:: prefixlen: 64 flag : d/l/- cost : 10 next hop : direct interface: vlan200 destination: 2001:3:: prefixlen: 64 flag : d/l/- cost : 10 next hop : direct interface: vlan300 flags: d-direct, r-added to rm, l-advertised in lsps, u-up/down bit set isis(1) ipv6 level-2 forwarding ...
Page 341
324 flag : d/l/- cost : 10 next hop : direct interface: vlan300 destination: 2001:4::1 prefixlen: 128 flag : d/l/- cost : 0 next hop : direct interface: loop1 flags: d-direct, r-added to rm, l-advertised in lsps, u-up/down bit set configuring bfd for ipv6 is-is network requirements as shown in figur...
Page 342
325 [switcha-vlan-interface10] isis ipv6 enable 1 [switcha-vlan-interface10] quit [switcha] interface vlan-interface 11 [switcha-vlan-interface11] isis ipv6 enable 1 [switcha-vlan-interface11] quit # configure switch b. System-view [switchb] ipv6 [switchb] isis 1 [switchb-isis-1] is-level level-1 [s...
Page 343
326 [switchb-vlan-interface10] bfd detect-multiplier 6 4. Verify configuration. The following operations are made on switch a. Operations for switch b are similar and are not shown here. # display the bfd information of switch a. Display bfd session total session num: 1 init mode: active ipv6 sessio...
Page 344
327 # when the link between switch b and the layer-2 switch fails, bfd can quickly detect the failure. #aug 8 14:54:05:362 2009 switcha ifnet/4/interface updown: trap 1.3.6.1.6.3.1.1.5.3: interface 983041 is down, ifadminstatus is 1, ifoperstatus is 2 #aug 8 14:54:05:363 2009 switcha isis/4/adj_chan...
Page 345
328 ipv6 bgp configuration note: • the term router in this document refers to both routers and layer 3 switches. • this chapter describes only configuration for ipv6 bgp. For bgp related information, see the chapter “bgp configuration.” • the s5500-si switch series does not support ipv6 bgp. Ipv6 bg...
Page 346
329 ipv6 bgp configuration task list complete the following tasks to configure ipv6 bgp: task remarks specifying an ipv6 bgp peer required injecting a local ipv6 route optional configuring a preferred value for routes from a peer or peer group optional specifying the source interface for establishin...
Page 347
330 task remarks configuring an ipv6 bgp route reflector optional configuring bfd for ipv6 bgp optional configuring ipv6 bgp basic functions configuration prerequisites before configuring ipv6 bgp basic functions, complete the following tasks: • specify ip addresses for interfaces • enable ipv6 note...
Page 348
331 configuring a preferred value for routes from a peer or peer group follow these steps to configure a preferred value for routes received from a peer or peer group: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — enter ipv6 address family view ipv6-f...
Page 349
332 note: to establish a bgp connection, specify on the local router the source interface for establishing the tcp connection to the peer on the peering bgp router. Otherwise, the local bgp router may fail to establish tcp connection to the peer when using the outbound interface of the best route as...
Page 354
337 configuring ipv6 bgp route attributes use the following ipv6 bgp route attributes to modify bgp routing policy: • ipv6 bgp protocol preference • default local_pref attribute • med attribute • next_hop attribute • as_path attribute configuration prerequisites before configuring ipv6 bgp route att...
Page 355
338 note: • to ensure an ibgp peer can find the correct next hop, configure routes advertised to the ipv6 ibgp peer or peer group to use the local router as the next hop. If bgp load balancing is configured, the local router specifies itself as the next hop of routes sent to an ipv6 ibgp peer or pee...
Page 359
342 table 6 description of the both, send, and receive parameters and the negotiation result local parameter peer parameter negotiation result receive send both the orf sending capability is enabled locally and the orf receiving capability is enabled on the peer. Send receive both the orf receiving ...
Page 360
343 to do… use the command… remarks configure the maximum number of load balanced routes balance number required by default, no load balancing is enabled. Enabling md5 authentication for tcp connections ipv6 bgp employs tcp as the transport protocol. To enhance security, configure ipv6 bgp to perfor...
Page 362
345 to do… use the command… remarks add a peer into the group peer ipv6-address group ipv6-group-name [ as-number as-number ] required not added by default creating a pure ebgp peer group follow these steps to configure a pure ebgp group: to do… use the command… remarks enter system view system-view...
Page 363
346 configuring ipv6 bgp community advertise community attribute to an ipv6 peer or peer group follow these steps to advertise community attribute to an ipv6 peer or peer group: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — enter ipv6 address family v...
Page 364
347 to do… use the command… remarks configure the cluster id of the route reflector reflector cluster-id cluster-id optional by default, a route reflector uses its router id as the cluster id. Note: • because the route reflector forwards routing information between clients, you must make clients of ...
Page 367
350 figure 115 network diagram configuration procedure 1. Configure ipv6 addresses for interfaces. (details not shown) 2. Configure ibgp connections. # configure switch b. System-view [switchb] ipv6 [switchb] bgp 65009 [switchb-bgp] router-id 2.2.2.2 [switchb-bgp] ipv6-family [switchb-bgp-af-ipv6] p...
Page 368
351 # configure switch a. System-view [switcha] ipv6 [switcha] bgp 65008 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] ipv6-family [switcha-bgp-af-ipv6] peer 10::1 as-number 65009 [switcha-bgp-af-ipv6] quit [switcha-bgp] quit # configure switch b. [switchb] bgp 65009 [switchb-bgp] ipv6-family [switc...
Page 369
352 figure 116 network diagram configuration procedure 1. Configure ipv6 addresses for vlan interfaces. (details not shown) 2. Configure ipv6 bgp basic functions. # configure switch a. System-view [switcha] ipv6 [switcha] bgp 100 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] ipv6-family [switcha-bgp...
Page 370
353 [switchd-bgp-af-ipv6] peer 102::1 as-number 200 3. Configure route reflector. # configure switch c as a route reflector, and configure switch b and switch d as its clients. [switchc-bgp-af-ipv6] peer 101::2 reflect-client [switchc-bgp-af-ipv6] peer 102::2 reflect-client use the display bgp ipv6 ...
Page 371
354 [switchb-bgp] quit 3. Configure the ebgp connection. # configure switch c. System-view [switchc] ipv6 [switchc] bgp 65009 [switchc-bgp] router-id 3.3.3.3 [switchc-bgp] ipv6-family [switchc-bgp-af-ipv6] group ebgp external [switchc-bgp-af-ipv6] peer 3::1 as-number 65008 [switchc-bgp-af-ipv6] peer...
Page 372
355 ipsec proposal tran2, set the spis of the inbound and outbound sas to 54321, and the keys for the inbound and outbound sas using esp to gfedcba. [switchb] ipsec proposal tran1 [switchb-ipsec-proposal-tran1] encapsulation-mode transport [switchb-ipsec-proposal-tran1] transform esp [switchb-ipsec-...
Page 373
356 [switcha] bgp 65008 [switcha-bgp] ipv6-family [switcha-bgp-af-ipv6] peer 1::2 ipsec-policy policy001 [switcha-bgp-af-ipv6] quit [switcha-bgp] quit # configure switch b. [switchb] bgp 65008 [switchb-bgp] ipv6-family [switchb-bgp-af-ipv6] peer 1::1 ipsec-policy policy001 [switchb-bgp-af-ipv6] quit...
Page 374
357 route refresh capability has been enabled orf advertise capability based on prefix (type 64): local: both negotiated: send peer preferred value: 0 ipsec policy name: policy001, spi :12345 routing policy configured: no routing policy is configured bgp peer is 3::2, remote as 65009, type: ebgp lin...
Page 375
358 and notify it to ipv6 bgp. Then the link switch aswitch dswitch c takes effect immediately. Figure 118 network diagram device interface ip address device interface ip address switch a vlan-int100 3000::1/64 switch c vlan-int101 3001::3/64 vlan-int200 2000::1/64 vlan-int201 2001::3/64 switch b vl...
Page 376
359 [switcha] route-policy apply_med_50 permit node 10 [switcha-route-policy] if-match ipv6 address acl 2000 [switcha-route-policy] apply cost 50 [switcha-route-policy] quit [switcha] route-policy apply_med_100 permit node 10 [switcha-route-policy] if-match ipv6 address acl 2000 [switcha-route-polic...
Page 377
360 • configure the minimum interval for receiving bfd control packets as 500 milliseconds. [switchc-vlan-interface101] bfd min-receive-interval 500 • configure the detect multiplier as 7. [switchc-vlan-interface101] bfd detect-multiplier 7 [switchc-vlan-interface101] return 6. Verify the configurat...
Page 378
361 neighbor : 3000::1 processid : 0 interface : vlan-interface101 protocol : bgp4+ state : active adv cost : 50 tunnel id : 0x0 label : null age : 4538sec destination : 1200:: prefixlength : 64 nexthop : 2000::1 preference : 255 relaynexthop : 2001::2 tag : 0h neighbor : 2000::1 processid : 0 inter...
Page 379
362 the output shows that switch c has one route to reach network 1200::0/64, that is, switch cswitch dswitch a. Troubleshooting ipv6 bgp configuration ipv6 bgp peer relationship not established symptom display bgp peer information by using the display bgp ipv6 peer command. The state of the connect...
Page 380
363 routing policy configuration routing policies are used to receive, advertise, and redistribute only specific routes and modify the attributes of some routes. Note: • routing policy in this chapter involves both ipv4 routing policy and ipv6 routing policy. • the s5500-si switch series does not su...
Page 381
364 an ip prefix list is configured to match the destination address of routing information. You can use the gateway option to allow only routing information from certain routers to be received. For gateway option information, see the chapters “rip configuration” and “ospf configuration.” an ip pref...
Page 382
365 routing policy configuration task list complete the following tasks to configure a routing policy: task defining an ip-prefix list defining an as path list defining a community list defining filters defining an extended community list creating a routing policy defining if-match clauses defining ...
Page 383
366 [sysname] ip ip-prefix abc index 10 deny 10.1.0.0 16 [sysname] ip ip-prefix abc index 20 deny 10.2.0.0 16 [sysname] ip ip-prefix abc index 30 deny 10.3.0.0 16 [sysname] ip ip-prefix abc index 40 permit 0.0.0.0 0 less-equal 32 define an ipv6 prefix list identified by name, each ipv6 prefix list c...
Page 388
371 to do… use the command… remarks configure frr apply fast-reroute { backup-interface interface-type interface-number [ backup-nexthop ip-address ] } optional not configured by default. Note: • the difference between ipv4 and ipv6 apply clauses is the command for setting the next hop for routing i...
Page 390
373 [switchc-vlan-interface200] isis enable [switchc-vlan-interface200] quit [switchc] interface vlan-interface 201 [switchc-vlan-interface201] isis enable [switchc-vlan-interface201] quit [switchc] interface vlan-interface 202 [switchc-vlan-interface202] isis enable [switchc-vlan-interface202] quit...
Page 391
374 172.17.1.0/24 1 type2 1 192.168.1.2 192.168.2.2 172.17.2.0/24 1 type2 1 192.168.1.2 192.168.2.2 172.17.3.0/24 1 type2 1 192.168.1.2 192.168.2.2 192.168.2.0/24 1 type2 1 192.168.1.2 192.168.2.2 total nets: 5 intra area: 1 inter area: 0 ase: 4 nssa: 0 4. Configure filtering lists. # configure acl ...
Page 392
375 192.168.2.0/24 1 type2 1 192.168.1.2 192.168.2.2 total nets: 5 intra area: 1 inter area: 0 ase: 4 nssa: 0 applying a routing policy to ipv6 route redistribution network requirements as shown in figure 120 : • enable ripng on switch a and switch b. • on switch a, configure three static routes, an...
Page 393
376 [switcha-route-policy] quit [switcha] route-policy static2ripng permit node 10 [switcha-route-policy] quit # enable ripng and apply the routing policy to static route redistribution. [switcha] ripng [switcha-ripng-1] import-route static route-policy static2ripng 2. Configure switch b. # configur...
Page 394
377 figure 121 network diagram configuration procedure 1. Configure ip addresses for the interfaces. (details not shown) 2. Configure bgp. # configure switch a. System-view [switcha] bgp 100 [switcha-bgp] router-id 1.1.1.1 [switcha-bgp] peer 1.1.1.2 as-number 300 # configure switch b. System-view [s...
Page 395
378 [switcha-bgp] network 6.6.6.6 24 # on switch b, inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 to bgp. [switchb-bgp] network 7.7.7.7 24 [switchb-bgp] network 8.8.8.8 24 [switchb-bgp] network 9.9.9.9 24 # display the bgp routing table information of switch d. [switchd-bgp] display bgp routi...
Page 396
379 status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, s - stale origin : i - igp, e - egp, ? - incomplete network nexthop med locprf prefval path/ogn *> 4.4.4.0/24 1.1.3.1 0 300 100i *> 5.5.5.0/24 1.1.3.1 0 300 100i *> 6.6.6.0/24 1.1.3.1 0 300 100i the output ...
Page 397
380 policy-based routing configuration note: the s5500-si switch series does not support pbr. Introduction to pbr policy-based routing (pbr) is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, pbr enables you to use a policy (bas...
Page 398
381 concepts policy a policy is used to route ip packets. A policy can consist of one or multiple nodes. Node a node is identified by a node number. The node with the smallest node number has the highest priority. A policy node consists of if-match and apply clauses. An if-match clause specifies a m...
Page 399
382 note: for more information about qos policies, see acl and qos configuration guide . Configuring pbr (using a pbr policy) defining a policy follow these steps to define a policy: to do… use the command… remarks enter system view system-view –– create a policy or policy node and enter pbr policy ...
Page 400
383 note: • if a policy has a node with no if-match clause configured, all packets can pass the policy node. However, an action is taken according to the match mode, and the packets will not go to the next policy node for a match. • if a policy has a node with the permit match mode but no apply clau...
Page 401
384 pbr and track associated with a track object, pbr can sense topology changes faster. You can associate pbr with a track entry when configuring the outgoing interface, default outgoing interface, next hop, and default next hop to dynamically determine link reachability. The pbr configuration take...
Page 402
385 • applied globally—affects the traffic sent or received on all ports • applied to an interface—affects the traffic sent or received on the interface • applied to a vlan—affects the traffic sent or received on all ports in the vlan note: a qos policy used for pbr applies only to traffic received ...
Page 404
387 pbr configuration examples configuring local pbr based on packet type network requirements as shown in figure 122 , configure pbr on switch a, so that all tcp packets are forwarded to next hop 1.1.2.2 and other packets are forwarded according to the routing table. Switch a is directly connected ...
Page 405
388 3. Configure switch c. # configure the ip address of vlan-interface 20. System-view [switchc] interface vlan-interface 20 [switchc-vlan-interface20] ip address 1.1.3.2 255.255.255.0 [switchc-vlan-interface20] quit 4. Verify the configuration. # telnet to switch b (1.1.2.2/24) from switch a. The ...
Page 406
389 figure 123 network diagram configuration procedure note: in this example, static routes are configured to ensure the reachability among devices. 1. Configure switch a. # define acl 3101 to match tcp packets. System-view [switcha] acl number 3101 [switcha-acl-adv-3101] rule permit tcp [switcha-ac...
Page 407
390 [switcha-vlan-interface20] ip address 1.1.3.1 255.255.255.0 2. Configure switch b. # configure a static route to subnet 10.110.0.0/24. System-view [switchb] ip route-static 10.110.0.0 24 1.1.2.1 # configure the ip address of vlan-interface 10. [switchb] interface vlan-interface 10 [switchb-vlan-...
Page 408
391 configuration procedure # configure acl 2000. System-view [switcha] acl number 2000 [switcha-acl-basic-2000] rule 0 permit source any [switcha-acl-basic-2000] quit # define a match criterion for class a to match acl 2000. [switcha] traffic classifier a [switcha-classifier-a] if-match acl 2000 [s...
Page 409
392 system-view [switcha] acl ipv6 number 2000 [switcha-acl6-basic-2000] rule 0 permit source any [switcha-acl6-basic-2000] quit # define a match criterion for class a to match ipv6 acl 2000. [switcha] traffic classifier a [switcha-classifier-a] if-match acl ipv6 2000 [switcha-classifier-a] quit # c...
Page 410
393 mce configuration note: • the term router in this document refers to both routers and layer 3 switches. • this chapter covers mce configuration. For information about routing protocols, see layer 3—ip services configuration guide. • the term layer 3 interface in this chapter refers to route-mode...
Page 411
394 figure 126 network diagram for mpls l3vpn model vpn 1 ce site 1 vpn 2 ce ce ce site 3 vpn 2 pe vpn 1 site 2 site 4 pe pe p p p p ces and pes mark the boundary between the service providers and the customers. After a ce establishes adjacency with a directly connected pe, it advertises its vpn rou...
Page 412
395 address space overlapping each vpn independently manages the addresses it uses. The assembly of such addresses for a vpn is called an address space. The address spaces of vpns may overlap. For example, if both vpn 1 and vpn 2 use the addresses on network segment 10.110.10.0/24, address space ove...
Page 413
396 an rd can be in one of the following formats distinguished by the type field: • when the value of the type field is 0, the administrator subfield occupies two bytes, the assigned number subfield occupies four bytes, and the rd format is 16-bit as number:32-bit user-defined number. For example, 1...
Page 414
397 how mce works figure 128 shows how an mce maintains the routing entries of multiple vpns and how an mce exchanges vpn routes with pes. Figure 128 network diagram for the mce function pe1 pe pe2 p p vpn 2 site 2 vpn 1 site 1 mce vlan-int2 vlan-int3 ce site 1 vpn 2 ce vpn 1 site 2 vlan-int7 vlan-i...
Page 415
398 • is-is • ibgp • ebgp note: this briefly introduces the cooperation of routing protocols and mce. For information about the routing protocols, see layer 3—ip routing configuration guide . Static routes an mce can communicate with a site through static routes. As static routes configured for trad...
Page 416
399 connected with multiple sites in the same vpn, you can configure the mce as a route reflector (rr) and configure the egress routers of the sites as clients, making the mce reflect routing information between the sites. This eliminates the necessity for bgp connections between sites, reducing the...
Page 417
400 follow these steps to create and configure a vpn instance: to do… use the command… remarks enter system view system-view — create a vpn instance and enter vpn instance view ip vpn-instance vpn-instance-name required configure an rd for the vpn instance route-distinguisher route-distinguisher req...
Page 418
401 • the vpn instance determines which routes it can accept and redistribute according to the import-extcommunity in the vpn target. • the vpn instance determines how to change the vpn targets attributes for routes to be advertised according to the export-extcommunity in the vpn target. Follow thes...
Page 419
402 configuration prerequisites before you configure routing on an mce, complete the following tasks: • on the mce, configure vpn instances, and bind the vpn instances with the interfaces connected to the vpn sites and those connected to the pe. • configure the link layer and network layer protocols...
Page 421
404 note: • an ospf process that is bound with a vpn instance does not use the public network router id configured in system view. Therefore, you must configure a router id when starting the ospf process. All ospf processes for the same vpn must be configured with the same ospf domain id to ensure c...
Page 422
405 configuring ebgp between mce and vpn site to use ebgp for exchanging routing information between an mce and vpn sites, you must configure a bgp peer for each vpn instance on the mce, and redistribute the igp routes of each vpn instance on the vpn sites. If ebgp is used for route exchange, you al...
Page 423
406 after you configure a bgp vpn instance, the bgp route exchange for the vpn instance is the same with the normal bgp vpn route exchange. For more information about bgp, see layer 3—ip routing configuration guide. 2. Configure a vpn site follow these steps to configure a vpn site: to do… use the c...
Page 424
407 note: after you configure a vpn site as an ibgp peer of the mce, the mce does not advertise the bgp routes learned from the vpn site to other ibgp peers, including vpnv4 peers. Only when you configure the vpn site as a client of the rr (the mce), does the mce advertise routes learned from it to ...
Page 425
408 to do… use the command… remarks enter system view system-view — create a rip process for a vpn instance and enter rip view rip [ process-id ] vpn-instance vpn-instance-name required enable rip on the interface attached to the specified network network network-address required by default, rip is ...
Page 427
410 configuring ebgp between mce and pe follow these steps to configure ebgp between mce and pe: to do… use the command… remarks enter system view system-view — enter bgp view bgp as-number — enter bgp-vpn instance view ipv4-family vpn-instance vpn-instance-name required configure the pe as the ebgp...
Page 428
411 to do… use the command… remarks specify a cluster id for the route reflector reflector cluster-id cluster-id optional by default, each rr in a cluster uses its own router id as the cluster id. If more than one rr exists in a cluster, use this command to configure the same cluster id for all rrs ...
Page 431
414 figure 129 network diagram configuration procedure assume that the system name of the mce device is mce, the system names of the edge devices of vpn 1 and vpn 2 are vr1 and vr2 respectively, and the system name of pe 1 is pe1. 1. Configure the vpn instances on the mce and pe 1. # on the mce, con...
Page 432
415 [mce-vlan-interface10] ip address 10.214.10.3 24 # configure vlan 20, add port gigabitethernet 1/0/2 to vlan 20, bind vlan-interface 20 with vpn instance vpn2, and specify an ip address for vlan-interface 20. [mce-vlan-interface10] quit [mce] vlan 20 [mce-vlan20] port gigabitethernet 1/0/2 [mce-...
Page 433
416 # run rip in vpn 2. Create rip process 20 and bind it with vpn instance vpn2 on the mce, so that the mce can learn the routes of vpn 2 and add them to the routing table of the vpn instance vpn2. [mce] rip 20 vpn-instance vpn2 # advertise subnet 10.214.20.0. [mce-rip-20] network 10.214.20.0 [mce-...
Page 434
417 [mce-vlan-interface30] ip binding vpn-instance vpn1 [mce-vlan-interface30] ip address 30.1.1.1 24 [mce-vlan-interface30] quit # on the mce, create vlan 40 and vlan-interface 40, bind the vlan interface with vpn instance vpn2, and configure an ip address for the vlan interface. [mce] vlan 40 [mce...
Page 435
418 [pe1-ospf-10-area-0.0.0.0] quit [pe1-ospf-10] quit # on pe 1, display the routing table of vpn1. [pe1] display ip routing-table vpn-instance vpn1 routing tables: vpn1 destinations : 5 routes : 5 destination/mask proto pre cost nexthop interface 30.1.1.0/24 direct 0 0 30.1.1.2 vlan30 30.1.1.2/32 ...
Page 436
419 figure 130 network diagram configuration procedure 1. Configure vpn instances. # create vpn instances on the mce and pe 1, and bind the vpn instances with vlan interfaces. For the configuration procedure, see “ using ospf to advertise vpn routes to the pe .” 2. Configure routing between the mce ...
Page 437
420 127.0.0.1/32 direct 0 0 127.0.0.1 inloop0 192.168.0.0/24 ospf 10 1 10.214.10.2 vlan10 the output shows that the mce has learned the private route of vpn 1 through ospf process 10. # on mce, bind ospf process 20 with vpn instance vpn2 to learn the routes of vpn 2. The configuration procedure is s...
Page 438
421 192.168.0.0/24 bgp 255 2 30.1.1.1 vlan30 # perform similar configuration on the mce and pe 1 for vpn 2. Redistribute the ospf routes of vpn instance vpn2 into the ebgp routing table. (details not shown) the following output shows that pe 1 has learned the private route of vpn 2 through bgp: [pe1...
Page 439
422 ipv6 mce configuration note: the ipv6 mce function is available only on the s5500-ei switch series. Overview in an ipv6 mpls l3 vpn, an ipv6 mce advertises ipv6 routing information between the vpn and the connected pe and forwards ipv6 packets. An ipv6 mce operates in the same way as an ipv4 mce...
Page 440
423 associating a vpn instance with an interface after creating and configuring a vpn instance, you need to associate the vpn instance with the interface for connecting the ce. Any ldp-capable interface can be associated with a vpn instance. For information about ldp-capable interfaces, see the chap...
Page 441
424 note: • route related attributes configured in vpn instance view are applicable to both ipv4 vpns and ipv6 vpns. • you can configure route related attributes for ipv6 vpns in both vpn instance view and ipv6 vpn view. Those configured in ipv6 vpn view take precedence. • a single vpn-target comman...
Page 442
425 to do… use the command… remarks configure the default precedence for ipv6 static routes ipv6 route-static default-preference default-preference-value optional 60 by default configuring ripng between ipv6 mce and vpn site a ripng process belongs to the public network or a single ipv6 vpn instance...
Page 443
426 to do… use the command… remarks create an ospfv3 process for a vpn instance and enter ospfv3 view ospfv3 [ process-id ] vpn-instance vpn-instance-name required perform this configuration on the ipv6 mce. On a vpn site, configure normal ospfv3. Set the router id router-id router-id required redis...
Page 445
428 note: after you configure an ipv6 bgp vpn instance, the ipv6 bgp route exchange for the ipv6 vpn instance is the same with the normal ipv6 bgp vpn route exchange. For more information about ipv6 bgp, see layer 3—ip routing configuration guide . 2. Configure a vpn site. Follow these steps to conf...
Page 446
429 configuring ripng between ipv6 mce and pe follow these steps to configure ripng between ipv6 mce and pe: to do… use the command… remarks enter system view system-view — create a ripng process for an ipv6 vpn instance and enter ripng view ripng [ process-id ] vpn-instance vpn-instance-name requir...
Page 447
430 note: for more information about ospfv3, see layer 3—ip routing configuration guide . Configuring ipv6 is-is between ipv6 mce and pe follow these steps to configure ipv6 is-is between ipv6 mce and pe: to do… use the command… remarks enter system view system-view — create an is-is process for an ...
Page 450
433 figure 131 network diagram configuration procedure assume that the system name of the ipv6 mce device is mce, the system names of the edge devices of vpn 1 and vpn 2 are vr1 and vr2 respectively, and the system name of pe 1 is pe1. 1. Configure the vpn instances on the mce and pe 1. # on the mce...
Page 451
434 # bind vlan-interface 10 with vpn instance vpn1, and configure an ipv6 address for the vlan interface. [mce] interface vlan-interface 10 [mce-vlan-interface10] ip binding vpn-instance vpn1 [mce-vlan-interface10] ipv6 address 2001:1::1 64 [mce-vlan-interface10] quit # configure vlan 20, add port ...
Page 452
435 # on vr 2, assign ipv6 address 2002:1::2/64 to the interface connected to the mce and 2012::2/64 to the interface connected to vpn 2. (details not shown) # configure ripng, and advertise subnets 2012::/64 and 2002:1::/64. System-view [vr2] ripng 20 [vr2-ripng-20] quit [vr2] interface vlan-interf...
Page 453
436 destination: 2002:1::1/128 protocol : direct nexthop : ::1 preference: 0 interface : inloop0 cost : 0 destination: 2012::/64 protocol : ripng nexthop : fe80::20f:e2ff:fe3e:9ca2 preference: 100 interface : vlan20 cost : 1 destination: fe80::/10 protocol : direct nexthop : :: preference: 0 interfa...
Page 454
437 [pe1] interface vlan-interface 30 [pe1-vlan-interface30] ip binding vpn-instance vpn1 [pe1-vlan-interface30] ipv6 address 30::2 64 [pe1-vlan-interface30] quit # on pe 1, create vlan 40 and vlan-interface 40, bind vlan-interface 40 with vpn instance vpn2 and configure an ipv6 address for the vlan...
Page 455
438 destination: 30::2/128 protocol : direct nexthop : ::1 preference: 0 interface : inloop0 cost : 0 destination: 2012:1::/64 protocol : ospfv3 nexthop : fe80::202:ff:fe02:2 preference: 150 interface : vlan30 cost : 1 destination: fe80::/10 protocol : direct nexthop : :: preference: 0 interface : n...
Page 456
439 index a b c d e i m o p r s t a applying ipsec policies for ospfv3, 295 applying ipsec policies for ripng, 272 b bgp configuration examples, 233 bgp configuration task list, 204 bgp overview, 190 binding an is-is process with mibs, 163 c configuring a large scale bgp network, 225 configuring a l...
Page 457
440 displaying and maintaining the routing policy, 371 e enabling is-is snmp trap, 163 enabling logging of peer state changes, 230 enabling ospf, 74 enabling ospfv3, 284 enabling trap, 230 enhancing is-is network security, 159 i introduction, 7 introduction to ipv6 is-is, 316 introduction to ipv6 st...