HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

861

862

863

864

865

866

867

868

869

870

840

*Nov 5 11:42:24:187 2009 FirewallB RM/6/RMDEBUG: BGP_BFD: Send DELETE msg to BFD,

Connection type DIRECT, Src IP 3002::2, Dst IP 3001::1, Instance ID 0.

# Display route 1200::0/64 on Firewall B, and you can see that Firewall A and Firewall B

communicate through Router B.

<FirewallB> display ipv6 routing-table 1200::0 64 verbose

Routing Table :

Summary Count : 1

Destination : 1200:: PrefixLength : 64

NextHop : 2001::1 Preference : 255

RelayNextHop : 2002::1 Tag : 0H

Neighbor : 2001::1 ProcessID : 0

Interface : GigabitEthernet1/2 Protocol : BGP4+

State : Active Adv Cost : 100

Tunnel ID : 0x0 Label : NULL

Age : 4635sec

The output shows that Firewall B has one route to reach network 1200::0/64, that is, Firewall

A<—>Router B<—>Firewall B.

Troubleshooting IPv6 BGP configuration

IPv6 BGP peer relationship not established

Symptom

Display BGP peer information by using the display bgp ipv6 peer command. The state of the connection

to the peer cannot become established.

Analysis

To become IPv6 BGP peers, any two routers must establish a TCP session using port 179 and exchange

open messages successfully.

Solution

1. Use the display current-configuration configuration bgp command to verify that the peer's AS

number is correct.

2. Use the display bgp ipv6 peer command to verify that the peer's IPv6 address is correct.

3. If a loopback interface is used, verify that the loopback interface is specified with the peer

connect-interface command.

4. If the peer is not directly connected, verify that the peer ebgp-max-hop command is configured.

5. If the peer ttl-security hops command is configured, verify that the command is configured on the

peer, and the hop-count values configured on them are greater than the number of hops between

them.

6. Verify that a valid route to the peer is available.

7. Use the ping command to verify the connectivity to the peer.

8. Use the display tcp ipv6 status command to verify the TCP connection.

9. Verify whether an ACL is applied to disable TCP port 179.