53-1003087-04 30 July 2014 FastIron Ethernet Switch Layer 3 Routing Configuration Guide Supporting FastIron Software Release 08.0.
© 2014, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron, HyperEdge, ICX, MLX, MyBrocade, NetIron, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and The Effortless Network and the On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands and product names mentioned may be trademarks of others.
Contents Preface...................................................................................................................................15 Document conventions....................................................................................15 Text formatting conventions................................................................ 15 Command syntax conventions............................................................ 15 Notes, cautions, and warnings.........................................
Reverse Address Resolution Protocol configuration.........................79 Configuring UDP broadcast and IP helper parameters.....................81 BootP and DHCP relay parameter configuration.............................. 83 DHCP Server.................................................................................... 85 Displaying DHCP Server information................................................ 94 DHCP Client-Based Auto-Configuration and Flash image update....
IPv6 CLI command support ..........................................................................168 IPv6 host address on a Layer 2 switch......................................................... 171 Configuring a global or site-local IPv6 address with a manually configured interface ID................................................................ 171 Configuring a link-local IPv6 address as a system-wide address for a switch...............................................................................
Displaying global IPv6 information.............................................................. 195 Displaying IPv6 cache information.................................................. 195 Displaying IPv6 interface information..............................................196 Displaying IPv6 neighbor information............................................. 198 Displaying the IPv6 route table ...................................................... 199 Displaying local IPv6 routers..............................
OSPFv2 feature support............................................................................... 243 OSPF overview............................................................................................. 244 OSPF point-to-point links.............................................................................. 246 Designated routers in multi-access networks................................................247 Designated router election in multi-access networks....................................
Specify types of OSPF Syslog messages to log............................. 289 Configuring an OSPF network type.................................................290 Configuring OSPF Graceful Restart................................................291 Configuring OSPF router advertisement......................................... 293 Configuring OSPF shortest path first throttling................................294 Displaying OSPF information......................................................................
Displaying OSPFv3 area information................................................ 348 Displaying OSPFv3 database information........................................ 349 Displaying IPv6 interface information................................................355 Displaying IPv6 OSPFv3 interface information................................. 356 Displaying OSPFv3 memory usage.................................................. 360 Displaying OSPFv3 neighbor information.........................................
Customizing BGP4 Multipath load sharing..................................... 414 Specifying a list of networks to advertise........................................ 415 Changing the default local preference............................................ 416 Using the IP default route as a valid next-hop for a BGP4 route.... 416 Changing the default MED (Metric) used for route redistribution.... 417 Enabling next-hop recursion...........................................................
Setting an administrative distance for a static BGP4 network...........473 Limiting advertisement of a static BGP4 network to selected neighbors.....................................................................................473 Route-map continue clauses for BGP4 routes..................................473 Specifying route-map continuation clauses.......................................474 Dynamic route filter update...............................................................
Displaying BGP4+ route information...............................................547 Displaying BGP4+ route-attribute entries........................................549 Displaying the BGP4+ running configuration.................................. 551 Displaying dampened BGP4+ paths............................................... 551 Displaying filtered-out BGP4+ routes..............................................552 Displaying route flap dampening statistics......................................
VRRP-E Extension for Server Virtualization..................................... 614 Suppressing default interface-level RA messages on an interface configured with IPv6 VRRP or VRRP-E...................................... 616 Suppression of interface level RA in a IPv6 VRRP/VRRP-E configured interface..................................................................... 617 Forcing a Master router to abdicate to a Backup router................................617 Displaying VRRP and VRRP-E information........
Step 3: Start OSPF process for each VRF......................................660 Step 4: Assign VRFs to each ve interfaces, and configure IP address and OSPF ................................................................... 660 Show IP OSPF neighbor and show ip route output for each VRF . 661 Layer 3 Routing Commands................................................................................................ 663 arp-internal-priority.....................................................................
Preface ● Document conventions....................................................................................................15 ● Brocade resources.......................................................................................................... 17 ● Contacting Brocade Technical Support...........................................................................17 ● Document feedback........................................................................................................
Notes, cautions, and warnings Convention Description value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. [] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets. {x|y|z} A choice of required parameters is enclosed in curly brackets separated by vertical bars. You must select one of the options.
Brocade resources Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.
Document feedback • Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider. Document feedback To send feedback and report errors in the documentation you can use the feedback form posted with the document or you can e-mail the documentation team.
About This Document ● Supported Hardware....................................................................................................... 19 ● What’s new in this document.......................................................................................... 19 ● How command information is presented in this guide.....................................................
How command information is presented in this guide TABLE 1 Summary of Enhancements in FastIron release 08.0.10d Feature Description Location DHCPv6 Relay Agent Prefix Delegation Notification DHCPv6 Relay Agent Prefix Delegation Notification allows a DHCPv6 server to dynamically delegate IPv6 prefixes to a DHCPv6 client using the DHCPv6 Prefix Delegation (PD) option.
IP Configuration ● Supported IP features..................................................................................................... 21 ● Basic IP configuration..................................................................................................... 22 ● IP configuration overview................................................................................................ 23 ● Basic IP parameters and defaults - Layer 3 Switches.....................................................
Basic IP configuration Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 GRE tunnel counters enhancement No No 08.0.01 No 08.0.01 No 08.0.10 Routing for directly connected IP subnets No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Virtual Interfaces: Up to 512 virtual interfaces No 08.0.012 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 31-bit subnet mask on point-to-point networks No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.
IP configuration overview If you are configuring a Layer 2 switch, refer to Configuring the management IP address and specifying the default gateway on page 105 to add an IP address for management access through the network and to specify the default gateway. The rest of this chapter describes IP and how to configure it in more detail. Use the information in this chapter if you need to change some of the IP parameters from their default values or you want to view configuration information or statistics.
Layer 3 switches Layer 3 switches Brocade Layer 3 switches allow you to configure IP addresses on the following types of interfaces: • • • • Ethernet ports Virtual routing interfaces (used by VLANs to route among one another) Loopback interfaces GRE tunnels Each IP address on a Layer 3 switch must be in a different subnet. You can have only one interface that is in a given subnet. For example, you can configure IP addresses 192.168.1.1/24 and 192.168.2.
IP packet flow through a Layer 3 switch IP packet flow through a Layer 3 switch FIGURE 1 IP Packet flow through a Brocade Layer 3 switch 1. When the Layer 3 switch receives an IP packet, the Layer 3 switch checks for filters on the receiving interface.3 If a deny filter on the interface denies the packet, the Layer 3 switch discards the packet and performs no further processing, except generating a Syslog entry and SNMP message, if logging is enabled for the filter. 2.
ARP cache and static ARP table makes an entry in the session table or the forwarding cache, and sends the route to a queue on the outgoing ports: • ‐ ‐ If the running-config contains an IP access policy for the packet, the software makes an entry in the session table. The Layer 3 switch uses the new session table entry to forward subsequent packets from the same source to the same destination.
IP route table Here is an example of a static ARP entry. Index 1 IP Address 10.95.6.111 MAC Address Port 0000.003b.d210 1/1 Each entry lists the information you specified when you created the entry. IP route table The IP route table contains paths to IP destinations. NOTE Layer 2 switches do not have an IP route table. A Layer 2 switch sends all packets addressed to another subnet to the default gateway, which you specify when you configure the basic IP information on the Layer 2 switch.
Layer 4 session table • If the cache contains an entry with the destination IP address, the device uses the information in the entry to forward the packet out the ports listed in the entry. The destination IP address is the address of the packet final destination. The port numbers are the ports through which the destination can be reached.
IP multicast protocols IP multicast protocols Brocade Layer 3 switches also support the following Internet Group Membership Protocol (IGMP) based IP multicast protocols: • Protocol Independent Multicast - Dense mode (PIM-DM) • Protocol Independent Multicast - Sparse mode (PIM-SM) For configuration information, refer to chapter "IP Multicast Protocols" in the FastIron Ethernet Switch IP Multicast Configuration Guide . NOTE Brocade Layer 3 switches support IGMP and can forward IP multicast packets.
Basic IP parameters and defaults - Layer 3 Switches Basic IP parameters and defaults - Layer 3 Switches IP is enabled by default.
IP Configuration TABLE 2 IP global parameters - Layer 3 Switches (Continued) Parameter Description Default IP address and mask notation Format for displaying an IP address and its network mask information. You can enable one of the following: Class-based • Class-based format; example: 192.168.1.1 255.255.255.0 • Classless Interdomain Routing (CIDR) format; example: 192.168.1.1/24 Router ID The value that routers use to identify themselves to other routers when exchanging route information.
IP Configuration TABLE 2 IP global parameters - Layer 3 Switches (Continued) Parameter Description Default Time to Live (TTL) The maximum number of routers (hops) through which a packet can pass before being discarded. Each router decreases a packet TTL by 1 before forwarding the packet. If decreasing the TTL causes the TTL to be 0, the router drops the packet instead of forwarding it.
IP Configuration TABLE 2 IP global parameters - Layer 3 Switches (Continued) Parameter Description Static RARP entries An IP address you place in the RARP table for RARP requests from hosts. Default No entries NOTE You must enter the RARP entries manually. The Layer 3 Switch does not have a mechanism for learning or dynamically generating RARP entries.
IP interface parameters - Layer 3 Switches TABLE 2 IP global parameters - Layer 3 Switches (Continued) Parameter Description Default Source interface The IP address the router uses as the source address for Telnet, RADIUS, or TACACS/TACACS+ packets originated by the router. The router can select the source address based on either of the following: The lowest-numbered IP address on the interface the packet is sent on. • The lowest-numbered IP address on the interface the packet is sent on.
Basic IP parameters and defaults - Layer 2 Switches TABLE 3 IP interface parameters - Layer 3 switches (Continued) Parameter Description Default ICMP Router Discovery Protocol (IRDP) Locally overrides the global IRDP settings. Disabled DHCP gateway stamp The router can assist DHCP/BootP Discovery packets from one subnet to reach DHCP/BootP servers on a different subnet by placing the IP address of the router interface that receives the request in the request packet Gateway field.
IP global parameters - Layer 2 switches NOTE Brocade Layer 2 switches also provide IP multicast forwarding, which is enabled by default. For information about this feature, refer to chapter "IP Multicast Traffic Reduction" in the FastIron Ethernet Switch IP Multicast Configuration Guide. IP global parameters - Layer 2 switches TABLE 4 IP global parameters - Layer 2 switches Parameter Description Default IP address and mask notation Format for displaying an IP address and its network mask information.
Interface IP parameters - Layer 2 switches TABLE 4 IP global parameters - Layer 2 switches (Continued) Parameter Description Default Time to Live (TTL) The maximum number of routers (hops) through which a packet can pass before being discarded. Each router decreases a packet TTL by 1 before forwarding the packet. If decreasing the TTL causes the TTL to be 0, the router drops the packet instead of forwarding it.
Configuring IP parameters - Layer 3 switches Configuring IP parameters - Layer 3 switches The following sections describe how to configure IP parameters. Some parameters can be configured globally while others can be configured on individual interfaces. Some parameters can be configured globally and overridden for individual interfaces.
Assigning an IP address to a loopback interface The ospf-ignore and ospf-passive parameters modify the Layer 3 switch defaults for adjacency formation and interface advertisement. Use one of these parameters if you are configuring multiple IP subnet addresses on the interface but you want to prevent OSPF from running on some of the subnets: • ospf-passive - This option disables adjacency formation with OSPF neighbors.
Assigning an IP address to a virtual interface The num parameter specifies the virtual interface number. You can specify from 1 to the maximum number of virtual interfaces supported on the device. To display the maximum number of virtual interfaces supported on the device, enter the show default values command. The maximum is listed in the System Parameters section, in the Current column of the virtual-interface row.
Deleting an IP address Configuration limitations and feature limitations for IP Follow on a virtual routing interface • When configuring IP Follow, the primary virtual routing interface should not have ACL or DoS Protection configured. It is recommended that you create a dummy virtual routing interface as the primary and use the IP-follow virtual routing interface for the network. • Global Policy Based Routing is not supported when IP Follow is configured. • IPv6 is not supported with IP Follow.
Configuring an IPv4 address with a 31-bit subnet mask broadcast support because any packet that is transmitted by one host is always received by the other host at the receiving end. Therefore, directed broadcast on a point-to-point interface is eliminated. IP-directed broadcast CLI configuration at the global level, or the per interface level, is not applicable on interfaces configured with a 31-bit subnet mask IP address.
Displaying information for a 31-bit subnet mask Routers B and C are connected by a regular 24-bit subnet. Router C can either be a switch with many hosts belonging to the 10.2.2.2/24 subnet connected to it, or it can be a router. Router A RouterA(config)# interface ethernet 1/1/1 RouterA(config-if-e1000-1/1/1)# ip address 10.1.1.0/31 Router B RouterB(config)# interface ethernet 1/1/1 RouterB(config-if-e1000-1/1/1)# ip address 10.1.1.
Defining DNS server addresses FIGURE 3 DNS resolution with one domain name Defining DNS server addresses You can configure the Brocade device to recognize up to four DNS servers. The first entry serves as the primary default address. If a query to the primary address fails to be resolved after three attempts, the next DNS address is queried (also up to three times). This process continues for each defined DNS address until the query is resolved.
Using a DNS name to initiate a trace route Using a DNS name to initiate a trace route Suppose you want to trace the route from a BrocadeLayer 3 switch to a remote server identified as NYC02 on domain newyork.com. Because the NYC02@ds1.newyork.com domain is already defined on the Layer 3 switch, you need to enter only the host name, NYC02, as noted in the following example.
Changing the MTU The entire IP packet, including the source and destination address and other control information and the data, is placed in the data portion of the Layer 2 packet. Typically, an Ethernet network uses one of two different formats of Layer 2 packet: • Ethernet II • Ethernet SNAP (also called IEEE 802.3) The control portions of these packets differ slightly. All IP devices on an Ethernet network must use the same format. BrocadeLayer 3 switches use Ethernet II by default.
IP Configuration • You cannot use this command to set Layer 2 maximum frame sizes per interface. The global jumbo command causes all interfaces to accept Layer 2 frames. • When you increase the MTU size of a port, the increase uses system resources. Increase the MTU size only on the ports that need it. For example, if you have one port connected to a server that uses jumbo frames and two other ports connected to clients that can support the jumbo frames, increase the MTU only on those three ports.
Changing the router ID ‐ 10,200 bytes - The maximum for Ethernet II encapsulation (Default MTU: 9216) ‐ 10,174 bytes - The maximum for SNAP encapsulation (Default MTU: 9216) • For ICX 6630, ICX 6630-C12, and ICX 6450 devices ‐ 10,178 bytes - The maximum for Ethernet II encapsulation (Default MTU: 9216) ‐ 10,174 bytes - The maximum for SNAP encapsulation (Default MTU: 9216) • For other devices ‐ ‐ 10,218 bytes - The maximum for Ethernet II encapsulation (Default MTU: 9216) 10,214 bytes - The maximum for SN
Specifying a single source interface for specified packet types addresses configured on the Layer 3 switch, regardless of the interfaces that connect the Layer 3 switches. This IP address is the router ID. NOTE Routing Information Protocol (RIP) does not use the router ID. NOTE If you change the router ID, all current BGP4 sessions are cleared.
IP Configuration • • • • • • TFTP RADIUS Syslog SNTP SSH SNMP traps You can configure the Layer 3 switch to always use the lowest-numbered IP address on a specific Ethernet, loopback, or virtual interface as the source addresses for these packets. When configured, the Layer 3 switch uses the same IP address as the source for all packets of the specified type, regardless of the ports that actually sends the packets.
IP Configuration TACACS/TACACS+ packets To specify the lowest-numbered IP address configured on a virtual interface as the device source for all TACACS/TACACS+ packets, enter commands such as the following. device(config)# interface ve 1 device(config-vif-1)# ip address 10.0.0.3/24 device(config-vif-1)# exit device(config)# ip tacacs source-interface ve 1 The commands in this example configure virtual interface 1, assign IP address 10.0.0.
IP Configuration Syslog packets To specify the lowest-numbered IP address configured on a virtual interface as the device source for all Syslog packets, enter commands such as the following. device(config)# interface ve 1 device(config-vif-1)# ip address 10.0.0.4/24 device(config-vif-1)# exit device(config)# ip syslog source-interface ve 1 The commands in this example configure virtual interface 1, assign IP address 10.0.0.
ARP parameter configuration The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then designate the interface as the source for all SSH packets from the Layer 3 switch. Syntax: no ip ssh source-interface ethernet { [slotnum/]portnum | loopback num | venum } The slotnum parameter is required on chassis devices. The portnum parameter is a valid port number. The num parameter is a loopback interface or virtual interface number.
Rate limiting ARP packets network route if the IP route table does not contain a route to the packet destination. In each case, the Layer 3 switch must encapsulate the packet and address it to the MAC address of a locally attached device, the next-hop router toward the IP packet destination.
Changing the ARP aging period To limit the number of ARP packets the device will accept each second, enter the rate-limit-arp command at the global CONFIG level of the CLI. device(config)# rate-limit-arp 100 This command configures the device to accept up to 100 ARP packets each second. If the device receives more than 100 ARP packets during a one-second interval, the device drops the additional ARP packets during the remainder of that one-second interval.
Creating static ARP entries 10.10.10.0/24 subnet cannot reach a device in the 10.20.20.0 subnet if the subnets are on different network cables, and thus is not answered. NOTE An ARP request from one subnet can reach another subnet when both subnets are on the same physical segment (Ethernet cable), because MAC-layer broadcasts reach all the devices on the segment. Proxy ARP is disabled by default on BrocadeLayer 3 switches. This feature is not supported on BrocadeLayer 2 switches.
IP Configuration Static entries are useful in cases where you want to pre-configure an entry for a device that is not connected to the Layer 3 switch, or you want to prevent a particular entry from aging out. The software removes a dynamic entry from the ARP cache if the ARP aging interval expires before the entry is refreshed. Static entries do not age out, regardless of whether the Brocade device receives an ARP request from the device that has the entry address.
ARP Packet Validation TABLE 6 Static ARP entry support (Continued) Default maximum Configurable minimum Configurable maximum ICX 6430 and ICX 6450 devices 256 64 1024 512 6000 ICX 6610 512 Enabling learning gratuitous ARP Learning gratuitous ARP enables Brocade Layer 3 devices to learn ARP entries from incoming gratuitous ARP packets from the hosts which are directly connected. This help achieve faster convergence for the hosts when they are ready to send traffic.
Ingress ARP packet priority The source MAC address in the Ethernet header and the sender hardware address in the ARP body must be the same. This validation is performed for the ARP request and response packets. When the source MAC validation is enabled, the packets with different MAC addresses are classified as invalid and are dropped. • ip Each ARP packet has a sender IP address and target IP address. The target IP address cannot be invalid or an unexpected IP address in the ARP response packet.
Changing the TTL threshold Changing the TTL threshold The time to live (TTL) threshold prevents routing loops by specifying the maximum number of router hops an IP packet originated by the Layer 3 switch can travel through. Each device capable of forwarding IP that receives the packet decrements (decreases) the packet TTL by one. If a device receives a packet with a TTL of 1 and reduces the TTL to zero, the device drops the packet. The default value for the TTL threshold is 64.
Disabling forwarding of IP source-routed packets Disabling forwarding of IP source-routed packets A source-routed packet specifies the exact router path for the packet. The packet specifies the path by listing the IP addresses of the router interfaces through which the packet must pass on its way to the destination. The Layer 3 switch supports both types of IP source routing: • Strict source routing - requires the packet to pass through only the listed routers.
Disabling ICMP messages To enable the Layer 3 switch for zero-based IP subnet broadcasts in addition to ones-based IP subnet broadcasts, enter the following command. device(config)# ip broadcast-zero device(config)# write memory device(config)# end device# reload NOTE You must save the configuration and reload the software to place this configuration change into effect.
Enabling ICMP Redirect Messages • Port - The destination host does not have the destination TCP or UDP port specified in the packet. In this case, the host sends the ICMP Port Unreachable message to the Brocade device, which in turn sends the message to the host that sent the packet. • Protocol - The TCP or UDP protocol on the destination host is not running.
Static routes configuration NOTE Some FSX devices do not generate ICMP redirect and network unreachable messages. NOTE The device forwards misdirected traffic to the appropriate router, even if you disable the redirect messages. By default, IP ICMP redirect over global level is disabled and a Brocade Layer 3 Switch does not send an ICMP redirect message to the source of a misdirected packet in addition to forwarding the packet to the appropriate router.
Static IP route parameters • Standard - the static route consists of the destination network address and network mask, and the IP address of the next-hop gateway. You can configure multiple standard static routes with the same metric for load sharing or with different metrics to provide a primary route and backup routes.
Configuring a static IP route This feature allows the Layer 3 switch to adjust to changes in network topology. The Layer 3 switch does not continue trying to use routes on unavailable paths but instead uses routes only when their paths are available. The static route is configured on Switch A, as shown in the CLI example following the figure. FIGURE 4 Example of a static route The following command configures a static route to 10.95.7.0, using 10.95.6.157 as the next-hop gateway.
Configuring a "Null" route The dest-ip-addr is the route destination. The dest-mask is the network mask for the route destination IP address. Alternatively, you can specify the network mask information by entering a forward slash followed by the number of bits in the network mask. For example, you can enter 10.0.0.0 255.255.255.0 as 10.0.0.0/.24. The next-hop-ip-addr is the IP address of the next-hop router (gateway) for the route.
Naming a static IP route To display the maximum value for your device, enter the show default values command. The maximum number of static IP routes the system can hold is listed in the ip-static-route row in the System Parameters section of the display. To change the maximum value, use the system-max ipstatic-route command at the global CONFIG level. The ip-addr parameter specifies the network or host address.
Changing the name of a static IP route The show run command displays the entire name of the static IP route. The show ip static route command displays an asterisk (*) after the first twelve characters if the assigned name is thirteen characters or more. The show ipv6 static route command displays an asterisk after the first two characters if the assigned name is three characters or more.
Configuring standard static IP routes and interface or null static routes to the same destination distance than other types of routes, unless you want those other types to be preferred over the static route. The steps for configuring the static routes are the same as described in the previous section. The following sections provide examples. To configure multiple static IP routes, enter commands such as the following. device(config)# ip route 10.128.2.69 255.255.255.0 10.157.22.
IP Configuration metric than the standard static route. The Layer 3 switch always prefers the static route with the lower metric. In this example, the Layer 3 switch always uses the standard static route for traffic to destination network 192.168.7.0/24, unless that route becomes unavailable, in which case the Layer 3 switch sends traffic to the null route instead. FIGURE 5 Standard and null static routes to the same destination network The next example shows another example of two static routes.
Configuring a default network route FIGURE 6 Standard and interface routes to the same destination network To configure a standard static IP route and a null route to the same network, enter commands such as the following. device(config)# ip route 192.168.7.0/24 192.168.6.157/24 1 device(config)# ip route 192.168.7.0/24 null0 3 The first command configures a standard static route, which includes specification of the next-hop gateway.
Configuring a default network route When the software uses the default network route, it also uses the default network route's next hop gateway as the gateway of last resort. This feature is especially useful in environments where network topology changes can make the next hop gateway unreachable. This feature allows the Layer 3 switch to perform default routing even if the default network route's default gateway changes. The feature thus differs from standard default routes.
Configuring IP load sharing Configuring IP load sharing The IP route table can contain more than one path to a given destination. When this occurs, the Layer 3 switch selects the path with the lowest cost as the path for forwarding traffic to the destination. If the IP route table contains more than one path to a destination and the paths each have the lowest cost, then the Layer 3 switch uses IP load sharing to select a path to the destination.
IP Configuration route table. For example, if the Layer 3 switch has a path learned from OSPF and a path learned from RIP for a given destination, only the path with the lower administrative distance enters the IP route table.
How IP load sharing works with a given cost for a given destination, the BGP4 route table cannot contain equal-cost paths to the destination. Consequently, the IP route table will not receive multiple equal-cost paths from BGP4. The load sharing state for all the route sources is based on the state of IP load sharing. Since IP load sharing is enabled by default on all BrocadeLayer 3 switches, load sharing for static IP routes, RIP routes, OSPF routes, and BGP4 routes also is enabled by default.
Changing the maximum number of ECMP (load sharing) paths Changing the maximum number of ECMP (load sharing) paths You can change the maximum number of paths the Layer 3 switch supports to a value from 2 through 8. TABLE 8 Maximum number of ECMP load sharing paths per device FSX 800 / FSX 1600 FCX ICX6450 / ICX6610 / ICX6650 / ICX7750 6 8 8 For optimal results, set the maximum number of paths to a value at least as high as the maximum number of equal-cost paths your network typically contains.
Enabling IRDP globally • Packet type - The Layer 3 switch can send Router Advertisement messages as IP broadcasts or as IP multicasts addressed to IP multicast group 224.0.0.1. The packet type is IP broadcast. • Maximum message interval and minimum message interval - When IRDP is enabled, the Layer 3 switch sends the Router Advertisement messages every 450 - 600 seconds by default.
Reverse Address Resolution Protocol configuration Advertisement message from the Layer 3 switch, the host resets the hold time for the Layer 3 switch to the hold time specified in the new advertisement. If the hold time of an advertisement expires, the host discards the advertisement, concluding that the router interface that sent the advertisement is no longer available. The value must be greater than the value of the maxadvertinterval parameter and cannot be greater than 9000.
Disabling RARP ‐ ‐ ‐ RARP requires the IP host to be directly attached to the Layer 3 switch. An IP host and the BootP/DHCP server can be on different networks and on different routers, so long as the routers are configured to forward ("help") the host boot request to the boot server. You can centrally configure other host parameters on the BootP/DHCP server, in addition to the IP address, and supply those parameters to the host along with its IP address.
Configuring UDP broadcast and IP helper parameters If your Layer 3 switch allows you to increase the maximum number of RARP entries, you can use a procedure in the same section to do so. NOTE You must save the configuration to the startup-config file and reload the software after changing the RARP cache size to place the change into effect. Configuring UDP broadcast and IP helper parameters Some applications rely on client requests sent as limited IP broadcasts addressed to the UDP application port.
Enabling forwarding for a UDP application Enabling forwarding for a UDP application If you want the Layer 3 switch to forward client requests for UDP applications that the Layer 3 switch does not forward by default, you can enable forwarding support for the port. To enable forwarding support for a UDP application, use the following method. You also can disable forwarding for an application using this method.
BootP and DHCP relay parameter configuration You can configure up to 16 helper addresses on each interface. You can configure a helper address on an Ethernet port or a virtual interface. To configure a helper address on interface 2 on chassis module 1, enter the following commands. device(config)# interface ethernet 1/2 device(config-if-1/2)# ip helper-address 1 10.95.7.6 The commands in this example change the CLI to the configuration level for port 1/2, then add a helper address for server 10.95.7.
Configuring an IP helper address field). When the server responds to the request, the server sends the response as a unicast packet to the IP address in the Gateway Address field. (If the client and server are directly attached, the Gateway ID field is empty and the server replies to the client using a unicast or broadcast packet, depending on the server.) By default, the Layer 3 switch uses the lowest-numbered IP address on the interface that receives the request as the Gateway address.
Changing the maximum number of hops to a BootP relay server Syntax: ip bootp-gatewayip-addr Changing the maximum number of hops to a BootP relay server Each BootP or DHCP request includes a field Hop Count field. The Hop Count field indicates how many routers the request has passed through.
Configuration notes for DHCP servers the requested time and tries to return the same network address each time the client makes a request. The period of time for which a network address is allocated to a client is called a lease. The client may extend the lease through subsequent requests. When the client is done with the address, they can release the address back to the server. By asking for an indefinite lease, clients may receive a permanent assignment.
Configuring DHCP Server on a device • Vendor Specific Information - Allows clients and servers to exchange vendor-specific information. • Boot File - Specifies a boot image to be used by the client • Next Bootstrap Server - Configures the IP address of the next server to be used for startup by the client. • TFTP Server - Configures the address or name of the TFTP server available to the client. A DHCP server assigns and manages IPv4 addresses from multiple address pools, using dynamic address allocation.
Default DHCP server settings 1. Enable DHCP Server by entering a command similar to the following. device(config)# ip dhcp-server enable 2. Create a DHCP Server address pool by entering a command similar to the following. device(config)# ip dhcp-server pool cabo 3. Configure the DHCP Server address pool by entering commands similar to the following. device(config-dhcp-cabo)# device(config-dhcp-cabo)# device(config-dhcp-cabo)# device(config-dhcp-cabo)# device(config-dhcp-cabo)# network 172.16.1.
IP Configuration TABLE 10 DHCP server optional parameters commands (Continued) Command Description option merit-dump Specifies the path name of a file into which the client’s core image should be placed in the event that the client crashes (the DHCP application issues an exception in case of errors such as division by zero). option root-path Specifies the name of the path that contains the client’s root filesystem in NFS notation.
Removing DHCP leases TABLE 11 DHCP Server CLI commands (Continued) Command Description show ip dhcp-server flash Displays the lease binding database that is stored in flash memory. show ip dhcp-server summary Displays a summary of active leases, deployed address pools, undeployed address pools, and server uptime. bootfile name Specifies a boot image to be used by the client. deploy Deploys an address pool configuration to the server.
Disabling DHCP Server on the management port Disabling DHCP Server on the management port By default, when DHCP Server is enabled, it responds to DHCP client requests received on the management port. If desired, you can prevent the response to DHCP client requests received on the management port, by disabling DHCP Server support on the port. When disabled, DHCP client requests that are received on the management port are silently discarded.
Enabling relay agent echo (Option 82) Enabling relay agent echo (Option 82) The ip dhcp-server relay-agent-echo enable command activates DHCP Option 82, and enables the DHCP server to echo relay agent information in all replies.
Configuring the domain name for the client Configuring the domain name for the client The domain-name command configures the domain name for the client. device(config-dhcp-cabo)# domain-name sierra Syntax: domain-name domain Configuring the lease duration for the address pool The lease command specifies the lease duration for the address pool. The default is a one-day lease. device(config-dhcp-cabo)# lease 1 4 32 In this example, the lease duration has been set to one day, four hours, and 32 minutes.
Configuring the TFTP server Configuring the TFTP server The tftp-server command specifies the address or name of the TFTP server to be used by the DHCP clients. To configure a TFTP server by specifying its IP address, enter a command similar to the following. device(config-dhcp-cabo)# tftp-server 10.7.5.48 To configure a TFTP server by specifying its server name, enter a command similar to the following. device(config-dhcp-cabo)# tftp-server tftp.domain.
Displaying address-pool information TABLE 12 show ip dhcp-server binding output descriptions (Continued) Field Description Client ID/Hardware address The hardware address for the client Lease expiration The time when this lease will expire Type The type of lease Displaying address-pool information This show ip dhcp-server address-pool command displays information about a specific address pool, or for all address pools.
Displaying lease-binding information in flash memory TABLE 13 show ip dhcp-server address pools output descriptions (Continued) Field Description dhcp-server-router The address of the DHCP server router dns-server The address of the dns server domain-name The name of the domain lease The identifier for the lease netbios-name server The address of the netbios name server network The address of the network next-bootstrap-server The address of the next-bootstrap server tftp-server The address
Displaying summary DHCP server information Displaying summary DHCP server information The show ip dhcp-server summary command displays information about active leases, deployed address-pools, undeployed address-pools, and server uptime.
DHCP Client-Based Auto-Configuration and Flash image update DHCP Client-Based Auto-Configuration and Flash image update NOTE The DHCP Client-Based Auto-Configuration and Flash image update are platform independent and have no differences in behavior or configuration across all platforms (FSX, FCX, and ICX).
Configuration notes and feature limitations for DHCP client-based auto-configuration FIGURE 8 DHCP Client-Based Auto-Configuration Configuration notes and feature limitations for DHCP client-based auto-configuration • For Layer 3 devices, this feature is available for the default VLAN only. For Layer 2 devices, this feature is available for default VLANs and management VLANs. This feature is not supported on virtual interfaces (VEs), trunked ports, or LACP ports.
How DHCP Client-Based Auto-Configuration and Flash image update works • The DHCP option 067 bootfile name will be used for configuration download if it does not have the extension .bin . • If the DHCP option 067 bootfile name is not configured or does not have the extension .bin , then the auto-update image will not occur. How DHCP Client-Based Auto-Configuration and Flash image update works Auto-Configuration and Auto-update are enabled by default.
Step 1. Validate the IP address and lease negotiation Step 1. Validate the IP address and lease negotiation 1. At boot-up, the device automatically checks its configuration for an IP address. 2. If the device does not have a static IP address, it requests the lease of an address from the DHCP server: • If the server responds, it leases an IP address to the device for the specified lease period. • If the server does not respond (after four tries) the DHCP Client process is ended. 3.
The TFTP configuration download and update step TFTP server IP address (option 150), if it is available. If the TFTP server IP address is not available, the DHCP client requests the TFTP file from the DHCP server. The TFTP configuration download and update step NOTE This process only occurs when the client device reboots, or when Auto-Configuration has been disabled and then re-enabled. 1.
Configuration notes for DHCP servers • • • • • 006 - domain name server 012 - hostname (optional) 066 - TFTP server name (only used for Client-Based Auto Configuration) 067 - bootfile name 150 - TFTP server IP address (private option, datatype = IP Address) Configuration notes for DHCP servers • When using DHCP on a router, if you have a DHCP address for one interface, and you want to connect to the DHCP server from another interface, you must disable DHCP on the first interface, then enable DHCP on the
DHCP Log messages The following example shows output from the show ip address command for a Layer 2 device. device(config)# show ip address IP Address Type Lease Time 10.44.16.116 Dynamic 174 Interface 0/1/1 The following example shows output from the show ip address command for a Layer 3 device. device(config)# show ip address IP Address Type Lease Time 10.44.3.233 Dynamic 672651 10.0.0.
Configuring IP parameters - Layer 2 Switches 2d01h48m21s:I: DHCPC: Found static IP Address 10.1.1.1 subnet mask 255.255.255.0 on port 0/1/5 2d01h48m21s:I: DHCPC: Client service found no DHCP server(s) on 3 possible subnet 2d01h48m21s:I: DHCPC: changing 0/1/3 protocol from stopped to running Configuring IP parameters - Layer 2 Switches The following sections describe how to configure IP parameters on a Brocade Layer 2 switch.
Configuring Domain Name Server (DNS) resolver address belongs. Refer to "Designated VLAN for Telnet management sessions to a Layer 2 Switch" section in the FastIron Ethernet Switch Security Configuration Guide . Configuring Domain Name Server (DNS) resolver The Domain Name Server (DNS) resolver feature lets you use a host name to perform Telnet, ping, and traceroute commands. You can also define a DNS domain on a BrocadeLayer 2 switch or Layer 3 switch and thereby recognize all hosts within that domain.
Changing the TTL threshold To ABORT Trace Route, Please use stop-traceroute command. Traced route to target IP node 10.157.22.80: IP Address Round Trip Time1 Round Trip Time2 10.95.6.30 93 msec 121 msec NOTE In the previous example, 10.157.22.199 is the IP address of the domain name server (default DNS gateway address), and 10.157.22.80 represents the IP address of the NYC02 host. FIGURE 10 Querying a Host on the newyork.
DHCP Assist configuration To modify the TTL threshold to 25, enter the following commands. device(config)# ip ttl 25 device(config)# exit Syntax: ip ttlttl-threshold DHCP Assist configuration DHCP Assist allows a BrocadeLayer 2 switch to assist a router that is performing multi-netting on its interfaces as part of its DHCP relay function.
How DHCP Assist works In the example figure, a host from each of the four subnets supported on a Layer 2 switch requests an IP address from the DHCP server. These requests are sent transparently to the router. Because the router is unable to determine the origin of each packet by subnet, it assumes the lowest IP address or the ‘primary address’ is the gateway for all ports on the Layer 2 switch and stamps the request with that address.
IP Configuration NOTE When DHCP Assist is enabled on any port, Layer 2 broadcast packets are forwarded by the CPU. Unknown unicast and multicast packets are still forwarded in hardware, although selective packets such as IGMP, are sent to the CPU for analysis. When DHCP Assist is not enabled, Layer 2 broadcast packets are forwarded in hardware. NOTE The DHCP relay function of the connecting router must be turned on.
Configuring DHCP Assist NOTE When DHCP Assist is enabled on any port, Layer 2 broadcast packets are forwarded by the CPU. Unknown unicast and multicast packets are still forwarded in hardware, although selective packets such as IGMP are sent to the CPU for analysis. When DHCP Assist is not enabled, Layer 2 broadcast packets are forwarded in hardware. Configuring DHCP Assist You can associate a gateway list with a port.
IPv4 GRE tunnel overview IPv4 GRE tunnel overview Generic Routing Encapsulation is described in RFC 2784. Generally, GRE provides a way to encapsulate arbitrary packets (payload packet) inside of a transport protocol, and transmit them from one tunnel endpoint to another. The payload is encapsulated in a GRE packet. The resulting GRE packet is then encapsulated in a delivery protocol, then forwarded to the tunnel destination. At the tunnel destination, the packet is decapsulated to reveal the payload.
Path MTU Discovery (PMTUD) support FIGURE 15 GRE header format The GRE header has the following fields: • Checksum - 1 bit. This field is assumed to be zero in this version. If set to 1, this means that the Checksum (optional) and Reserved (optional) fields are present and the Checksum (optional) field contains valid information. • Reserved0 - 12 bits. If bits 1 - 5 are non-zero, then a receiver must discard the packet unless RFC 1701 is implemented.
Tunnel loopback ports for GRE tunnels • On FCX devices, only eight different MTU values can be configured over the whole system. When the SX-FI48GPP module is installed in the FastIron SX device, the maximum number of different MTU values that can be configured is 16. • On both FCX devices, and the SX-FI-24GPP, SX-FI48GPP, SX-FI-24HF, SX-FI-2XG, and SXFI-8XG modules, PMTUD will not be enabled on the device if the maximum number of MTU values has already been configured in the system.
Support for IPv4 multicast routing over GRE tunnels Support for IPv4 multicast routing over GRE tunnels PIM-DM and PIM-SM Layer 3 multicast protocols and multicast data traffic are supported over GRE tunnels. When a multicast protocol is enabled on both ends of a GRE tunnel, multicast packets can be sent from one tunnel endpoint to another.
Syslog messages related to GRE IP tunnels For FastIron SX devices only, traffic coming from a tunnel can be filtered by an ACL both before and after the tunnel is terminated and also redirected by PBR after tunnel is terminated. An ACL classifies and sets QoS for GRE traffic. If the ACL or PBR is applied to the tunnel loopback port, it would apply to the inner IP packet header (the payload packet) after the tunnel is terminated.
Configuration considerations for tunnel loopback ports Configuration considerations for tunnel loopback ports NOTE The configuration considerations for tunnel loopback ports are only required for Generation 2 modules supported on FSX devices. NOTE When a tunnel loopback port is configured, it is automatically added to the default vrf.
IP Configuration TABLE 17 Configuration tasks for GRE tunnels Configuration tasks Default behavior Required tasks Create a tunnel interface. Not assigned Configure the source address or source interface for the tunnel interface. Not assigned Configure the destination address of the tunnel interface. Not assigned Enable GRE encapsulation on the tunnel interface. Disabled NOTE Step 4 must be performed before step 6.
Creating a tunnel interface Creating a tunnel interface To create a tunnel interface, enter the following command at the Global CONFIG level of the CLI. device(config)# interface tunnel 1 device(config-tnif-1)# Syntax: [no] interface tunnel tunnel-number The tunnel-number is a numerical value that identifies the tunnel being configured. NOTE You can also use the port-name command to name the tunnel.
Deleting an IP address from an interface configured as a tunnel source Syntax: [no] tunnel source { ip-address | ethernet portnum | venumber | loopback number } The ip-address variable is the source IP address being configured for the specified tunnel. The ethernet portnum variable is the source slot (chassis devices only) and port number of the physical interface being configured for the specified tunnel, for example 3/1.
Configuring a tunnel loopback port for a tunnel interface Syntax: [no] tunnel mode gre ip • gre specifies that the tunnel will use GRE encapsulation (IP protocol 47). • ip specifies that the tunneling protocol is IPv4. NOTE Before configuring a new GRE tunnel, the system should have at least one slot available for adding the default tunnel MTU value to the system tables. Depending on the configuration, the default tunnel MTU range is ((1500 or 10218) - 24) .
Applying an ACL or PBR to a tunnel interface on the SX-FI48GPP interface module Applying an ACL or PBR to a tunnel interface on the SX-FI48GPP interface module To apply an ACL or PBR policy to a tunnel interface on the SX-FI48GPP interface module, enter commands such as the following: NOTE Configuration of tunnel loopback ports are not applicable on the SX-FI48GPP interface module.
Changing the maximum number of tunnels supported You can set an MTU value for packets entering the tunnel. Packets that exceed either the default MTU value of 1476/9192 bytes (for jumbo case) or the value that you set using this command, are fragmented and encapsulated with IP/GRE headers for transit through the tunnel (if they do not have the DF bit set in the IP header). All fragments will carry the same DF bit as the incoming packet.
Configuring Path MTU Discovery (PMTUD) does not have the ability to bring down the line protocol of either tunnel endpoint, if the far end becomes unreachable. Traffic sent on the tunnel cannot follow alternate paths because the tunnel is always UP. To avoid this scenario, enable GRE link keepalive, which will maintain or place the tunnel in an UP or DOWN state based upon the periodic sending of keepalive packets and the monitoring of responses to the packets.
Enabling IPv4 multicast routing over a GRE tunnel Syntax: [no] tunnel path-mtu-discovery disable Changing the age timer for PMTUD By default, when PMTUD is enabled on a tunnel interface, the path MTU is reset to its original value every 10 minutes. If desired, you can change the reset time (default age timer) to a value of up to 30 minutes. To do so, enter a command such as the following on the GRE tunnel interface.
Example point-to-point GRE tunnel configuration Enabling PIM-SM on a GRE tunnel To enable PIM-SM on a GRE tunnel interface, enter commands such as the following: device(config)# interface tunnel 10 device(config-tnif-10)# ip pim-sparse Syntax: [no] ip pim-sparse Use the no form of the command to disable PIM-SM on the tunnel interface.
Configuring point-to-point GRE tunnel for FastIron A Configuring point-to-point GRE tunnel for FastIron A device (config)# interface ethernet 3/1 device (config-if-e1000-3/1)# ip address 10.0.8.108/24 device (config)# exit device (config)# interface tunnel 1 device(config-tnif-1)# tunnel source 10.0.8.108 device(config-tnif-1)# tunnel destination 131.108.5.2 device(config-tnif-1)# tunnel mode gre ip device(config-tnif-1)# tunnel loopback 4/1 device(config-tnif-1)# ip address 10.10.3.
IP Configuration Total number of IP routes: 3, avail: 79996 (out of max 80000) B:BGP D:Connected R:RIP S:Static O:OSPF *:Candidate default Destination NetMask Gateway Port 1 10.1.1.0 255.255.255.0 0.0.0.0 7 2 10.1.2.0 255.255.255.0 10.1.1.3 7 1 S 3 10.34.3.0 255.255.255.0 0.0.0.0 tn3 Cost Type 1 D 1 D For field definitions, refer to Displaying the IP route table on page 140.
IP Configuration TABLE 18 show interface tunnel output descriptions (Continued) Field Definition MTU The configured path maximum transmission unit. encapsulation GRE GRE encapsulation is enabled on the port. Keepalive Indicates whether or not GRE link keepalive is enabled. Path MTU Discovery Indicates whether or not PMTUD is enabled. If PMTUD is enabled, the MTU value is also displayed. Path MTU The PMTU that is dynamically learned.
Displaying multicast protocols and GRE tunneling information TABLE 19 show ip tunnel traffic output descriptions Field Description Tunnel Status Indicates whether the tunnel is up or down. Possible values are: • Up/Up - The tunnel and line protocol are up. • Up/Down - The tunnel is up and the line protocol is down. • Down/Up - The tunnel is down and the line protocol is up. • Down/Down - The tunnel and line protocol are down.
Clearing GRE statistics Total number of neighbors: 1 on 1 ports Port Phy_p Neighbor Holdtime Age tn1 tn1:e2 10.1.1.20 180 60 UpTime 1740 Syntax: show ip pim nbr The following shows an example output of the show ip pim mcache command. device# show ip pim mcache 230.1.1.1 1 (10.10.10.1 230.1.1.
Displaying IP configuration information and statistics To reset a dynamically-configured MTU on a tunnel Interface back to the configured value, enter a command such as the following. device(config)#clear ip tunnel pmtud 3 Syntax: clear ip tunnel { pmtud tunnel-ID | stat tunnel-ID } Use the pmtud option to reset a dynamically-configured MTU on a tunnel Interface back to the configured value. Use the stat option to clear tunnel statistics. The tunnel-ID variable is a valid tunnel number or name.
Displaying global IP configuration information Displaying global IP configuration information To display IP configuration information, enter the following command at any CLI level. device# show ip Global Settings ttl: 64, arp-age: 10, bootp-relay-max-hops: 4 router-id : 10.95.11.
IP Configuration TABLE 20 CLI display of global IP configuration information - Layer 3 switch (Continued) Field Description Subnet Mask The network mask for the IP address. Next Hop Router The IP address of the router interface to which the Brocade router sends packets for the route. Metric The cost of the route. Usually, the metric represents the number of hops to the destination. Distance The administrative distance of the route.
Displaying IP interface information Displaying IP interface information To display IP interface information, enter the following command at any CLI level. device# show ip interface Interface IP-Address Ethernet 1/1 up up Ethernet 1/2 up up Loopback 1 10.2.3.4 OK? Method 10.95.6.173 Status YES NVRAM 10.3.3.3 YES YES NVRAM Protocol manual down down Syntax: show ip interface [ ethernet [slotnum/]portnum ] | [loopback num ] | [venum ] This display shows the following information.
Displaying ARP entries ICMP redirect: enabled proxy-arp: disabled ip arp-age: 10 minutes No Helper Addresses are configured. No inbound ip access-list is set No outgoing ip access-list is set Displaying ARP entries You can display the ARP cache and the static ARP table. The ARP cache contains entries for devices attached to the Layer 3 switch. The static ARP table contains the user-configured ARP entries. An entry in the static ARP table enters the ARP cache when the entry interface comes up.
IP Configuration NOTE The ip-mask parameter and mask parameter perform different operations. The ip-mask parameter specifies the network mask for a specific IP address, whereas the mask parameter provides a filter for displaying multiple MAC addresses that have specific values in common. The vrfvrf-name parameter lets you restrict the display to entries for a specific VRF. The num parameter lets you display the table beginning with a specific entry number.
IP Configuration TABLE 22 CLI display of ARP cache (Continued) Field Description Port The port on which the entry was learned. NOTE If the ARP entry type is DHCP, the port number will not be available until the entry gets resolved through ARP. Status The status of the entry, which can be one of the following: • Valid - This a valid ARP entry. • Pend - The ARP entry is not yet resolved.
Displaying the forwarding cache The num parameter lets you display the table beginning with a specific entry number. TABLE 23 CLI display of static ARP table Field Description Static ARP table size The maximum number of static entries that can be configured on the device using the current memory allocation. The range of valid memory allocations for static ARP entries is listed after the current allocation. Index The number of this entry in the table.
Displaying the IP route table TABLE 24 CLI display of IP forwarding cache - Layer 3 switch (Continued) Field Description MAC The MAC address of the destination. NOTE If the entry is type U (indicating that the destination is this Brocade device), the address consists of zeroes.
IP Configuration Syntax: show ip route [ ip-addr [ip-mask ] [longer ] [none-bgp ] ] {num | bgp | direct | ospf | rip | static } The ip-addr parameter displays the route to the specified IP address. The ip-mask parameter lets you specify a network mask or, if you prefer CIDR format, the number of bits in the network mask. If you use CIDR format, enter a forward slash immediately after the IP address, then enter the number of mask bits (for example: 10.157.22.0/24 for 10.157.22.0 255.255.255.0).
IP Configuration This example shows all the routes for networks beginning with 10.159. The mask value and longer parameter specify the range of network addresses to be displayed. In this example, all routes within the range 10.159.0.0 - 10.159.255.255 are listed. The summary option displays a summary of the information in the IP route table. The following is an example of the output from this command.
Clearing IP routes Clearing IP routes If needed, you can clear the entire route table or specific individual routes. To clear all routes from the IP route table, enter the following command. device# clear ip route To clear route 10.157.22.0/24 from the IP routing table, enter the clear ip route command. device# clear ip route 10.157.22.
IP Configuration TABLE 26 CLI display of IP traffic statistics - Layer 3 switch (Continued) Field Description filtered The total number of IP packets filtered by the device. fragmented The total number of IP packets fragmented by this device to accommodate the MTU of this device or of another device. reassembled The total number of fragmented IP packets that this device re-assembled. bad header The number of IP packets dropped by the device due to a bad packet header.
IP Configuration TABLE 26 CLI display of IP traffic statistics - Layer 3 switch (Continued) Field Description irdp advertisement The number of ICMP Router Discovery Protocol (IRDP) Advertisement messages sent or received by the device. irdp solicitation The number of IRDP Solicitation messages sent or received by the device. UDP statistics received The number of UDP packets received by the device. sent The number of UDP packets sent by the device.
Displaying IP information - Layer 2 Switches TABLE 26 CLI display of IP traffic statistics - Layer 3 switch (Continued) Field Description responses sent The number of responses this device has sent to another RIP router request for all or part of this device RIP routing table. responses received The number of responses this device has received to requests for all or part of another RIP router routing table. unrecognized This information is used by Brocade customer support.
Displaying ARP entries TABLE 27 CLI display of global IP configuration information - Layer 2 switch Field Description IP configuration Switch IP address The management IP address configured on the Layer 2 switch. Specify this address for Telnet access. Subnet mask The subnet mask for the management IP address. Default router address The address of the default gateway, if you specified one.
Displaying IP traffic statistics TABLE 28 CLI display of ARP cache (Continued) Syntax: show arp Description Field Mac The MAC address of the device. NOTE If the MAC address is all zeros, the entry is for the default gateway, but the Layer 2 switch does not have a link to the gateway. Port The port on which the entry was learned. Age The number of minutes the entry has remained unused. If this value reaches the ARP aging period, the entry is removed from the cache.
IP Configuration TABLE 29 CLI display of IP traffic statistics - Layer 2 switch Field Description IP statistics received The total number of IP packets received by the device. sent The total number of IP packets originated and sent by the device. fragmented The total number of IP packets fragmented by this device to accommodate the MTU of this device or of another device. reassembled The total number of fragmented IP packets that this device re-assembled.
IP Configuration TABLE 29 CLI display of IP traffic statistics - Layer 2 switch (Continued) Field Description timestamp reply The number of Timestamp Reply messages sent or received by the device. addr mask The number of Address Mask Request messages sent or received by the device. addr mask reply The number of Address Mask Replies messages sent or received by the device. irdp advertisement The number of ICMP Router Discovery Protocol (IRDP) Advertisement messages sent or received by the device.
Disabling IP checksum check TABLE 29 CLI display of IP traffic statistics - Layer 2 switch (Continued) Field Description input errors This information is used by Brocade customer support. in segments The number of TCP segments received by the device. out segments The number of TCP segments sent by the device.
IP Configuration NOTE This command only functions on the IPv4 platform.
Layer 3 Routing Protocols ● Supported Layer 3 routing protocols features............................................................... 153 ● Adding a static IP route................................................................................................. 154 ● Adding a static ARP entry............................................................................................. 157 ● Modifying and displaying Layer 3 system parameter limits...........................................
Adding a static IP route Adding a static IP route To configure an IP static route with a destination address of 192.0.0.0 255.0.0.0 and a next-hop router IP address of 195.1.1.1, enter the following. device(config)# ip route 192.0.0.0 255.0.0.0 195.1.1.1 To configure a default route, enter the following. device(config)# ip route 0.0.0.0 0.0.0.0 To configure a static IP route with an Ethernet port instead of a next-hop address, enter a command such as the following. device(config)# ip route 192.128.2.
Configuring a "null" route NOTE If you specify 16, RIP considers the metric to be infinite and thus also considers the route to be unreachable. The tag num parameter specifies the tag value of the route. Possible values: 0 - 4294967295. Default: 0. The distance num parameter specifies the administrative distance of the route.
Static route next hop resolution The distancenum parameter configures the administrative distance for the route. You can specify a value from 1 - 255. The default is 1. The value 255 makes the route unusable. The last three parameters are optional and do not affect the null route, unless you configure the administrative distance to be 255. In this case, the route is not used and the traffic might be forwarded instead of dropped.
Adding a static ARP entry Use the following command to configure static route resolve by default route. device(config)# ip route next-hop-enable-default Syntax: [no] ip route next-hop-enable-default NOTE This command can be independently applied on a per-VRF basis. This command works independently with the ip route next-hop-recursion and ip route next-hop commands.
Layer 3 configuration notes Layer 3 configuration notes • Changing the system parameters reconfigures the device memory. Whenever you reconfigure the memory on a Brocade device, you must save the change to the startup-config file, and then reload the software to place the change into effect. • The Layer 3 system parameter limits for FastIron IPv6 models are automatically adjusted by the system and cannot be manually modified.
Enabling or disabling routing protocols The following example shows output on a FastIron X Series with third generation modules. device#show default value sys log buffers:50 mac age time:300 sec ip arp age:10 min bootp relay max hops:4 ip addr per intf:24 igmp group memb.:140 sec igmp query:60 sec ospf dead:40 sec ospf hello:10 sec ospf transit delay:1 sec System Parameters Default Maximum Current ip-arp 4000 64000 4000 ip-static-arp 512 1024 512 some lines omitted for brevity....
Configuration notes and feature limitations for Layer 2 switching NOTE Consult your reseller or Brocade to understand the risks involved before disabling all Layer 2 switching operations. Configuration notes and feature limitations for Layer 2 switching • Enabling or disabling Layer 2 switching is supported in Layer 3 software images only. • FastIron X Series,Brocade FCX Series, and ICX devices support disabling Layer 3 switching at the interface configuration level as well as the global CONFIG level.
Layer 3 Routing Protocols The following example shows the creation and deployment of a dynamic LAG that is used for routing on a FastIron device with Layer 3 image.
Configuring a Layer 3 Link Aggregration Group (LAG) 162 FastIron Ethernet Switch Layer 3 Routing Configuration Guide 53-1003087-04
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches ● Supported IPv6 features on FastIron X Series, FCX, and ICX devices........................ 163 ● Full Layer 3 IPv6 feature support.................................................................................. 165 ● IPv6 addressing overview............................................................................................. 165 ● IPv6 CLI command support ........................................................................
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 IPv6 debug 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 IPv6 ping 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 IPv6 traceroute 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Network Time Protocol Version 4 (NTP) 08.0.01 08.0.01 08.0.01 (on the router code only) 08.0.01 No 08.0.018 08.0.
Full Layer 3 IPv6 feature support Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 DHCPv6 relay agent No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 DHCPv6 prefix delegation notification No No 08.0.
IPv6 address types FIGURE 17 IPv6 address format As shown in the above figure, HHHH is a 16-bit hexadecimal value, while H is a 4-bit hexadecimal value. The following is an example of an IPv6 address. 2001:0000:0000:0200:002D:D0FF:FE48:4672 Note that this IPv6 address includes hexadecimal fields of zeros. To make the address less cumbersome, you can do the following: • Omit the leading zeros; for example, 2001:0:0:200:2D:D0FF:FE48:4672.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches TABLE 30 IPv6 address types Address type Description Address structure Unicast An address for a single interface. A packet sent to a unicast address is delivered to the interface identified by the address. Depends on the type of the unicast address: • Aggregatable global address--An address equivalent to a global or public IPv4 address.
IPv6 stateless auto-configuration IPv6 stateless auto-configuration Brocade routers use the IPv6 stateless autoconfiguration feature to enable a host on a local link to automatically configure its interfaces with new and globally unique IPv6 addresses associated with its location. The automatic configuration of a host interface is performed without the use of a server, such as a Dynamic Host Configuration Protocol (DHCP) server, or manual configuration.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches TABLE 31 IPv6 CLI command support (Continued) IPv6 command Description clear ipv6 route Deletes all dynamic entries in the IPv6 route table. clear ipv6 traffic Resets all IPv6 packet counters. clear ipv6 tunnel Clears statistics for IPv6 tunnels copy tftp Downloads a copy of a Brocade software image from a TFTP server into the system flash using IPv6. X X debug ipv6 Displays IPv6 debug information.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches TABLE 31 IPv6 CLI command support (Continued) 170 IPv6 command Description Switch code Router code ipv6 route Configures an IPv6 static route. X ipv6 router Enables an IPv6 routing protocol. X ipv6 traffic-filter Applies an IPv6 ACL to an interface. ipv6 unicast-routing Enables IPv6 unicast routing. log host ipv6 Configures the IPv6 Syslog server. X X ping ipv6 Performs an ICMP for IPv6 echo test.
IPv6 host address on a Layer 2 switch IPv6 host address on a Layer 2 switch In a Layer 3 (router) configuration, each port can be configured separately with an IPv6 address. This is accomplished using the interface configuration process that is described in IPv6 configuration on each router interface on page 173.
Configuring the management port for an IPv6 automatic address configuration To override a link-local address that is automatically computed for the global interface with a manually configured address, enter a command such as the following. device(config)#ipv6 address FE80::240:D0FF:FE48:4672 link-local This command explicitly configures the link-local address FE80::240:D0FF:FE48:4672 for the global interface.
IPv6 configuration on each router interface IPv6 configuration on each router interface To forward IPv6 traffic on a router interface, the interface must have an IPv6 address, or IPv6 must be explicitly enabled. By default, an IPv6 address is not configured on a router interface. If you choose to configure a global or site-local IPv6 address for an interface, IPv6 is also enabled on the interface.
Configuring a link-local IPv6 address on an interface You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix-length parameter. To configure a /122 address on a VE enter commands similar to the following.
Configuring an IPv6 anycast address on an interface To override a link-local address that is automatically computed for an interface with a manually configured address, enter commands such as the following. device(config)#interface ethernet 3/1 device(config-if-e1000-3/1)#ipv6 address FE80::240:D0FF:FE48:4672 link-local These commands explicitly configure the link-local address FE80::240:D0FF:FE48:4672 for Ethernet interface 3/1.
IPv6 management (IPv6 host support) Syntax: ip address ip-address sub-net-mask [ secondary ] You must specify the ip-address parameter using 8-bit values in dotted decimal notation. You can specify the sub-net-mask parameter in either dotted decimal notation or as a decimal value preceded by a slash mark (/). The secondary keyword specifies that the configured address is a secondary IPv4 address. To remove the IPv4 address from the interface, enter the no form of this command.
Restricting SNMP access to an IPv6 node Restricting SNMP access to an IPv6 node You can restrict SNMP access to the device to the IPv6 host whose IP address you specify. To do so, enter a command such as the following. device(config)#snmp-client ipv6 2001:DB8:89::23 Syntax: snmp-client ipv6 ipv6-address The ipv6-address you specify must be in hexadecimal format using 16-bit values between colons as documented in RFC 2373.
Establishing a Telnet session from an IPv6 host To establish a Telnet connection to a remote host with the IPv6 address of 2001:DB8:3de2:c37::6, enter the following command. device#telnet 2001:DB8:3de2:c37::6 Syntax: telnet ipv6-address [ port-number | outgoing-interface ethernet port | ve number ] The ipv6-address parameter specifies the address of a remote host. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Defining an IPv6 DNS entry instead of the host name and its domain name. For example, you could enter either of the following commands to initiate the ping. device#ping ipv6 nyc01 device#ping ipv6 nyc01.newyork.com Defining an IPv6 DNS entry IPv6 defines new DNS record types to resolve queries for domain names to IPv6 addresses, as well as IPv6 addresses to domain names. Brocade devices running IPv6 software support AAAA DNS records, which are defined in RFC 1886.
Configuring an IPv6 Syslog server • The timeout milliseconds parameter specifies how many milliseconds the router waits for a reply from the pinged device. You can specify a timeout from 1 - 4294967296 milliseconds. The default is 5000 (5 seconds). • The ttl number parameter specifies the maximum number of hops. You can specify a TTL from 1 255. The default is 64. • The size bytes parameter specifies the size of the ICMP data portion of the packet. This is the payload and does not include the header.
Disabling router advertisement and solicitation messages Location: Community(ro): ..... Traps Warm/Cold start: Link up: Link down: Authentication: Locked address violation: Power supply failure: Fan failure: Temperature warning: STP new root: STP topology change: vsrp: Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Total Trap-Receiver Entries: 4 Trap-Receiver IP-Address 1 10.147.201.100 162 ..... 2 3 Port-Number Community 2001:DB8::200 162 ..... 10.147.202.100 162 .
IPv6 ICMP feature configuration NOTE IPv6 is disabled by default in the router code and must be configured on each interface that will support IPv6. IPv6 ICMP feature configuration As with the Internet Control Message Protocol (ICMP) for IPv4, ICMP for IPv6 provides error and informational messages. Implementation of the stateless auto configuration, neighbor discovery, and path MTU discovery features use ICMP messages.
Enabling IPv6 ICMP redirect messages Enabling IPv6 ICMP redirect messages You can enable a Layer 3 switch to send an IPv6 ICMP redirect message to a neighboring host to inform it of a better first-hop router on a path to a destination. By default, the sending of IPv6 ICMP redirect messages by a Layer 3 switch is disabled. (For more information about how ICMP redirect messages are implemented for IPv6, refer to IPv6 neighbor discovery configuration on page 183.
IPv6 neighbor discovery configuration notes ‐ Prefixes advertised in router advertisement messages. ‐ Flags for host stateful autoconfiguration. • Amount of time during which an IPv6 node considers a remote node reachable (for use by all nodes on a given link). IPv6 neighbor discovery configuration notes NOTE For all solicitation and advertisement messages, Brocade uses seconds as the unit of measure instead of milliseconds.
Neighbor redirect messages Each configured router interface on a link sends out a router advertisement message, which has a value of 134 in the Type field of the ICMP packet header, periodically to the all-nodes link-local multicast address (FF02::1). A configured router interface can also send a router advertisement message in response to a router solicitation message from a node on the same link. This message is sent to the unicast IPv6 address of the node that sent the router solicitation message.
Setting IPv6 router advertisement parameters • The number of consecutive neighbor solicitation messages that duplicate address detection sends on an interface. By default, duplicate address detection sends three neighbor solicitation messages without any follow-up messages. • The interval in seconds at which duplicate address detection sends a neighbor solicitation message on an interface. By default, duplicate address detection sends a neighbor solicitation message every 1000 milliseconds.
Prefixes advertised in IPv6 router advertisement messages Syntax: [no] ipv6 nd ra-interval number | min-range-value max-range-value Syntax: [no] ipv6 nd ra-lifetime number Syntax: ipv6 nd ra-hop-limit number number is a value from 0 - 255. The default is 64. The ipv6 nd ra-interval number can be a value between 3 - 1800 seconds. The default is 200 seconds. The actual RA interval will be from .5 to 1.5 times the configured or default value.
Setting flags in IPv6 router advertisement messages For example, to advertise the prefix 2001:DB8:a487:7365::/64 in router advertisement messages sent out on Ethernet interface 3/1 with a valid lifetime of 1000 seconds, a preferred lifetime of 800 seconds, and the Onlink and Autoconfig flags set, enter the following commands.
Enabling and disabling IPv6 router advertisements Enabling and disabling IPv6 router advertisements If IPv6 unicast routing is enabled on an Ethernet interface, by default, this interface sends IPv6 router advertisement messages. However, by default, non-LAN interface types, for example, tunnel interfaces, do not send router advertisement messages. To disable the sending of router advertisement messages on an Ethernet interface, enter commands such as the following.
IPv6 MTU Syntax: [no] ipv6 nd reachable-time seconds For the seconds variable, specify a number from 0 through 3600 seconds. To restore the default time, use the no form of this command. NOTE The actual reachable time will be from 0.5 to 1.5 times the configured or default value. IPv6 MTU The IPv6 maximum transmission unit (MTU) is the maximum length of an IPv6 packet that can be transmitted on a particular interface.
Static neighbor entries configuration Syntax: [no] ipv6 mtu bytes For bytes, specify a value between 1280 - 1500, or 1280 - 10218 if jumbo mode is enabled. For ICX 6610 and ICX 6450 devices, you can specify a value between 1280 and 10200.If a non-default value is configured for an interface, router advertisements include an MTU option. NOTE IPv6 MTU cannot be configured globally. It is supported only on devices running Layer 3 software.
Limiting the number of hops an IPv6 packet can traverse Limiting the number of hops an IPv6 packet can traverse By default, the maximum number of hops an IPv6 packet can traverse is 64. You can change this value to between 0 - 255 hops. For example, to change the maximum number of hops to 70, enter the following command. device(config)#ipv6 hop-limit 70 Syntax: [no] ipv6 hop-limit number Use the no form of the command to restore the default value.
Allocating TCAM space for IPv4 routing information TABLE 32 TCAM space allocation on FCX and ICX devices (except ICX 6450) (Continued) GRE tunnels Default Maximum Minimum 16 64 16 Allocating TCAM space for IPv4 routing information For example, to allocate 13,512 IPv4 route entries, enter the following command: device(config)# system-max ip-route 13512 Syntax: system-max ip-route routes The routes parameter specifies how many IPv4 route entries get allocated.
Clearing the IPv6 cache Clearing the IPv6 cache You can remove all entries from the IPv6 cache or specify an entry based on the following: • IPv6 prefix. • IPv6 address. • Interface type. For example, to remove entries for IPv6 address 2000:e0ff::1, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
Clearing IPv6 routes from the IPv6 route table Clearing IPv6 routes from the IPv6 route table You can clear all IPv6 routes or only those routes associated with a particular IPv6 prefix from the IPv6 route table and reset the routes. For example, to clear IPv6 routes associated with the prefix 2000:7838::/32, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
Displaying IPv6 interface information 4 2001:DB8:46a::1 LOCAL ethe 3/2 5 2001:DB8::2e0:52ff:fe99:9737 LOCAL ethe 3/2 6 2001:DB8::ffff:ffff:feff:ffff LOCAL loopback 2 7 2001:DB8::c0a8:46a LOCAL tunnel 2 8 2001:DB8::c0a8:46a LOCAL tunnel 6 9 2001:DB8::1 LOCAL loopback 2 10 2001:DB8::2e0:52ff:fe99:9700 LOCAL ethe 3/1 Syntax: show ipv6 cache [ index-number | ipv6-prefix/prefix-length | ipv6-address | ethernet port | venumber | tunnel number ] The index-number parameter restricts the display to the entry for t
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches Ethernet Ethernet VE 4 VE 14 Loopback Loopback Loopback 3/17 3/19 1 2 3 up/up up/up down/down up/up up/up up/up up/up 2017::c017:101/64 2019::c019:101/64 2024::c060:101/64 ::1/128 2005::303:303/128 Syntax: show ipv6 interface [ interface [ port-number | number ] ] The interface parameter displays detailed information for a specified interface. For the interface, you can specify the Ethernet , loopback , tunnel , or VE keywords.
Displaying IPv6 neighbor information TABLE 35 Detailed IPv6 interface information fields Field Description Interface/line protocol status The status of interface and line protocol. If you have disabled the interface with the disable command, the status will be "administratively down". Otherwise, the status is either "up" or "down". IPv6 status/link-local address The status of IPv6. The status is either "enabled" or "disabled".
Displaying the IPv6 route table The interface parameter restricts the display to the entries for the specified router interface. For this parameter, you can specify the Ethernet or VE keywords. If you specify an Ethernet interface, also specify the port number associated with the interface. If you specify a VE interface, also specify the VE number. This display shows the following information.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches tunnel 6 1/1 C 2001:DB8:46a::/64 ethe 3/2 0/0 C 2001:DB8::1/128 loopback 2 0/0 O 2001:DB8::2/128 ethe 3/2 110/1 C 2001:DB8::/64 2 0/0 :: :: fe80::2e0:52ff:fe91:bb37 :: tunnel Syntax: show ipv6 route [ ipv6-address | ipv6-prefix/prefix-length | bgp | connect | ospf | rip | static | summary ] The ipv6-address parameter restricts the display to the entries for the specified IPv6 address.
Displaying local IPv6 routers 4 connected, 2 static, 0 RIP, 1 OSPF, 0 BGP Number of prefixes: /16: 1 /32: 1 /64: 3 /128: 2 The following table lists the information displayed by the show ipv6 route summary command. TABLE 38 IPv6 route table summary fields Field Description Number of entries The number of entries in the IPv6 route table. Number of route types The number of entries for each route type. Number of prefixes A summary of prefixes in the IPv6 route table, sorted by prefix length.
Displaying IPv6 TCP information TABLE 39 IPv6 local router information fields (Continued) Field Description Lifetime The amount of time (in seconds) that the router is useful as the default router. Reachable time The amount of time (in milliseconds) that a router assumes a neighbor is reachable after receiving a reachability confirmation. The reachable time value applies to the router for which you are displaying information and should be followed by IPv6 hosts attached to the router.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches TABLE 40 General IPv6 TCP connection fields (Continued) Field Description TCP state The state of the TCP connection. Possible states include the following: • LISTEN - Waiting for a connection request. • SYN-SENT - Waiting for a matching connection request after having sent a connection request. • SYN-RECEIVED - Waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches Receive: Receive: Receive: Receive: expected incoming sequence number = 740507227 received window = 16384 bytes in receive queue = 0 congestion window = 1459 Syntax: show ipv6 tcp status local-ip-address local-port-number remote-ip-address remote-portnumber The local-ip-address parameter can be the IPv4 or IPv6 address of the local interface over which the TCP connection is taking place.
Displaying IPv6 traffic statistics TABLE 41 Specific IPv6 TCP connection fields (Continued) Field Description Receive: expected incoming sequence number = number The incoming sequence number expected by the local router. Receive: received window = number The size of the local router’s receive window. Receive: bytes in receive queue = number The number of bytes in the local router’s receive queue. Receive: congestion window = number The size of the local router’s receive congestion window.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches 206 Field Description forwarded The total number of IPv6 packets received by the router and forwarded to other routers. delivered The total number of IPv6 packets delivered to the upper layer protocol. rawout This information is used by Brocade Technical Support. bad vers The number of IPv6 packets dropped by the router because the version number is not 6.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches Field Description ICMP6 statistics Some ICMP statistics apply to both Received and Sent, some apply to Received only, some apply to Sent only, and some apply to Sent Errors only. Applies to received and sent dest unreach The number of Destination Unreachable messages sent or received by the router. pkt too big The number of Packet Too Big messages sent or received by the router.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches Field Description error The number of Error messages sent by the router. can not send error The number of times the node encountered errors in ICMP error messages. too freq The number of times the node has exceeded the frequency of sending error messages. Applies to sent errors only unreach no route The number of Unreachable No Route errors sent by the router. admin The number of Admin errors sent by the router.
DHCP relay agent for IPv6 Field Description passive opens The number of TCP connections opened by the router in response to connection requests (TCP SYNs) received from other devices. failed attempts This information is used by Brocade Technical Support. active resets The number of TCP connections the router reset by sending a TCP RESET message to the device at the other end of the connection.
Enabling the interface-ID on the DHCPv6 relay agent messages Specify the ipv6-address as a destination address to which client messages are forwarded and which enables DHCPv6 relay service on the interface. You can configure up to 16 relay destination addresses on an interface. The outgoing-interface parameter is used when the destination relay address is a link-local or multicast address. Specify the interface-type as ethernet interface, tunnel interface, or VE interface.
Displaying the DHCPv6 Relay information for an interface TABLE 42 DHCPv6 relay configured destination information (Continued) Field Description Interface The interface specified (ethernet, tunnel, or VE interface) Destination The configured destination IPv6 address. OutgoingInterface The interface on which packets are relayed if the destination relay address is a local link or multicast address.
DHCPv6 Relay Agent Prefix Delegation Notification DHCPv6 Relay Agent Prefix Delegation Notification DHCPv6 Relay Agent Prefix Delegation Notification feature allows a DHCPv6 server to dynamically delegate IPv6 prefixes to a DHCPv6 client using the DHCPv6 Prefix Delegation (PD) option. DHCPv6 prefix delegation enables an Internet service provider (ISP) to automate the process of assigning prefixes to a customer premises equipment (CPE) network.
Upgrade and downgrade considerations • The PD notification fails when the DHCPv6 messages between a DHCPv6 server and a DHCPv6 client containing the PD option are not relayed via the DHCPv6 relay agent. • If the delegated prefix is released or renewed by the client at the time when the DHCPv6 relay agent is down or rebooting, then this release or renewal of the delegated prefix will not be detected by the relay agent.
Assigning the administrative distance to DHCPv6 static routes Syntax: [no] ipv6 dhcp-relay maximum-delegated-prefixes value The value parameter is used to limit the maximum number of prefixes that can be delegated. The range is from 0 to 512. The default value is 100. The sum of all the delegated prefixes that can be learned at the interface level is limited by the system max. Use the no ipv6 dhcp-relay maximum-delegated-prefixes command to set the parameter to the default value of the specified platform.
Displaying the DHCPv6 Relay configured destinations TABLE 44 Output from the show ipv6 dhcp-relay delegated-prefixes command (Continued) Field Description Client The IPv6 address of the client. Interface The interface on which the DHCPv6 messages are relayed to the client. ExpireTime The remaining lifetime of the delegated prefix.
Displaying the DHCPv6 Relay prefix delegation information TABLE 46 Output from the show ipv6 dhcp-relay options command Field Description Interface The interface name. Interface-Id The interface ID option. Yes or No indicates if the option is used or not. Remote-Id The remote ID option. Yes or No indicates if the option is used or not.
Clearing the DHCPv6 delegated prefixes Syntax: show ipv6 dhcp-relay interface interfacetype The interface type is interface type such as ethernet, POS, or VE and the specific port number. Table 48 describes the fields from the output of the show ipv6 dhcp-relay interface command. TABLE 48 Output from the show ipv6 dhcp-relay interface command Field Description Destinations The DHCPv6 relay destination configured on the interface. Options • Destination : The configured destination IPv6 address.
IPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches Syntax: clear ipv6 dhcp-relay statistics 218 FastIron Ethernet Switch Layer 3 Routing Configuration Guide 53-1003087-04
RIP ● RIP feature support....................................................................................................... 219 ● RIP Overview................................................................................................................ 219 ● RIP parameters and defaults........................................................................................ 220 ● Configuring RIP parameters..........................................................................................
RIP parameters and defaults RIP routers, including the Brocade device, also can modify a route cost, generally by adding to it, to bias the selection of a route for a given destination. In this case, the actual number of router hops may be the same, but the route has an administratively higher cost and is thus less likely to be used than other, lower-cost routes. A RIP route can have a maximum cost of 15. Any destination with a higher cost is considered unreachable.
RIP TABLE 49 RIP global parameters (Continued) Parameter Description Default Redistribution RIP can redistribute routes from other routing protocols such as OSPF and BGP4 into RIP. A redistributed route is one that a router learns through another protocol, then distributes into RIP. Disabled Redistribution metric RIP assigns a RIP metric (cost) to each external route redistributed from another routing protocol into RIP.
RIP interface parameters RIP interface parameters TABLE 50 RIP interface parameters Parameter Description Default RIP state and version The state of the protocol and the version that is supported on the interface. The version can be one of the following: Disabled • Version 1 only • Version 2 only • Version 1, but also compatible with version 2 NOTE You also must enable RIP globally. Metric A numeric cost the device adds to RIP routes learned on the interface.
Configuring metric parameters To enable RIP globally, enter the router rip command. device(config)# router rip Syntax: [no] router rip After globally enabling the protocol, you must enable it on individual interfaces. You can enable the protocol on physical interfaces as well as virtual routing interfaces. To enable RIP on an interface, enter commands such as the following.
Configuring redistribution Syntax: [no] distance number The number variable specifies a range from 1 through 255. Configuring redistribution You can configure the Brocade device to redistribute routes learned through Open Shortest Path First (OSPF) or Border Gateway Protocol version 4 (BGP4), connected into RIP, or static routes. When you redistribute a route from one of these other protocols into RIP, the Brocade device can use RIP to advertise the route to its RIP neighbors.
Matching based on RIP protocol type If the route map contains set statements, routes that are permitted by the route map’s match statements are modified according to the set statements. In RIP, the match statements are based on prefix lists and access control lists. Set statements are based on tag values and metric values. To configure redistribution filters, enter the following command.
Configuring route learning and advertising parameters The no form of this command disables RIP redistribution. You can redistribute BGP4, OSPF, or static routes into RIP. Configuring route learning and advertising parameters By default, a Brocade device learns routes from all its RIP neighbors and advertises RIP routes to those neighbors.
Changing the route loop prevention method To configure a RIP neighbor filters, enter the neighbor command. device(config-rip-router)# neighbor 1 deny any This command configures the Brocade device so that the device does not learn any RIP routes from any RIP neighbors. Syntax: [no] neighbor filter-num {permit | deny} {source-ip-address | any} The following commands configure the Brocade device to learn routes from all neighbors except 10.70.12.104.
Suppressing RIP route advertisement on a VRRP or VRRPE backup interface Syntax: [no] poison-local-routes Suppressing RIP route advertisement on a VRRP or VRRPE backup interface NOTE This section applies only if you configure the device for Virtual Router Redundancy Protocol (VRRP) or VRRP Extended (VRRPE). Normally, a VRRP or VRRPE Backup includes route information for the virtual IP address (the backed up interface) in RIP advertisements.
Setting RIP timers To apply a prefix list at the global level of RIP, enter commands such as the following. device(config-rip-router)# prefix-list list1 in Syntax: no prefix-list name {in | out} To apply prefix lists to a RIP interface, enter commands such as the following. device(config-if-e1000-1/1/2)# ip rip prefix-list list2 in device(config-if-e1000-1/1/2)# ip rip prefix-list list3 out Syntax: no ip rip prefix-list name {in | out} In is for Inbound filtering.
Displaying RIP Information The timeout-timer parameter sets the amount of time after which a route is considered unreachable. The possible value ranges from 9 - 65535. The default is 180 seconds. The hold-down-timer parameter sets the amount of time during which information about other paths is ignored. The possible value ranges from 0 - 65535. The default is 180 seconds. The garbage-collection-timer sets the amount of time after which a route is removed from the rip routing table.
RIP TABLE 51 CLI display of neighbor filter information (Continued) Field. Defiinition Action The action the Brocade device takes for RIP route packets to or from the specified neighbor: • deny - If the filter is applied to an interface’s outbound filter group, the filter prevents the Brocade device from advertising RIP routes to the specified neighbor on that interface.
Displaying CPU utilization statistics ip ospf area 0 ip ospf priority 0 ip rip v2-only ip address 10.1.1.2/24 ipv6 address 2000::1/32 ipv6 enable ! To display current running configuration for ve 10, enter the following command. device#show running-config interface ve 10 interface ve 10 bfd interval 50 min-rx 50 multiplier 3 ip ospf area 2 ip rip v1-compatible-v2 ip rip poison-reverse ip address 10.1.0.
RIPng ● RIPng feature support................................................................................................... 233 ● RIPng Overview............................................................................................................ 233 ● Configuring RIPng.........................................................................................................234 ● Clearing RIPng routes from IPv6 route table................................................................
Configuring RIPng NOTE Brocade IPv6 devices support up to 10,000 RIPng routes. ICX 6650 IPv6 devices support up to 2000 RIPng routes. Configuring RIPng To configure RIPng, you must enable RIPng globally on the Brocade device and on individual device interfaces.
Configuring RIPng timers Configuring RIPng timers TABLE 52 RIPng timers Timer Description Default Update Amount of time (in seconds) between RIPng routing updates. 30 seconds. Timeout Amount of time (in seconds) after which a route is considered unreachable. 180 seconds. Hold-down Amount of time (in seconds) during which information about other paths is ignored. 180 seconds. Garbage-collection Amount of time (in seconds) after which a route is removed from the routing table. 120 seconds.
Configuring default route learning and advertising • Learning and advertising of RIPng default routes. • Advertising of IPv6 address summaries. • Metric of routes learned and advertised on a Brocade device interface. Configuring default route learning and advertising By default, the device does not learn IPv6 default routes (::/0). You can originate default routes into RIPng, which causes individual Brocade device interfaces to include the default routes in their updates.
Changing the metric of routes learned and advertised on an interface Changing the metric of routes learned and advertised on an interface A device interface increases the metric of an incoming RIPng route it learns by an offset (the default is one). The device then places the route in the route table. When the device sends an update, it advertises the route with the metric plus the default offset of zero in an outgoing update message.
Configuring poison reverse parameters device(config)# ipv6 router rip device(config-ripng-router)# distribute-list prefix-list routesfor2001 out To deny prefix lengths greater than 64 bits in routes that have the prefix 2001:db8::/64 and allow all other routes received on tunnel interface 3/1, enter the following commands.
Clearing RIPng routes from IPv6 route table Clearing RIPng routes from IPv6 route table To clear all RIPng routes from the RIPng route table and the IPv6 main route table and reset the routes, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
Displaying RIPng routing table TABLE 53 show ipv6 rip output descriptions (Continued) Field Description Periodic updates/trigger updates The number of periodic updates and triggered updates sent by the RIPng Brocade device. Distribution lists The inbound and outbound distribution lists applied to RIPng. Redistribution The types of IPv6 routes redistributed into RIPng. The types can include the following: • STATIC - IPv6 static routes are redistributed into RIPng.
RIPng TABLE 54 show ipv6 rip route output descriptions (Continued) Field Description Interface The interface name. If "null" appears, the interface is originated locally. Source of route The source of the route information. The source can be one of the following: • RIP - routes learned by RIPng. • CONNECTED - IPv6 routes redistributed from directly connected networks. • STATIC - IPv6 static routes are redistributed into RIPng. • BGP - BGP4+ routes are redistributed into RIPng.
Displaying RIPng routing table 242 FastIron Ethernet Switch Layer 3 Routing Configuration Guide 53-1003087-04
OSPFv2 ● OSPFv2 feature support............................................................................................... 243 ● OSPF overview............................................................................................................. 244 ● OSPF point-to-point links.............................................................................................. 246 ● Designated routers in multi-access networks................................................................
OSPF overview Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 Graceful restart No 08.0.01 10 08.0.01 11 08.0.01 12 08.0.01 08.0.01 08.0.10 Graceful restart helper-mode No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Block outbound LSA flooding No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 OSPF route redistribution filters No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Filter OSPF routes into IP Route table No 08.0.01 08.0.
OSPFv2 OSPF is built upon a hierarchy of network components. The highest level of the hierarchy is the Autonomous System (AS) . An autonomous system is defined as a number of networks, all of which share the same routing and administration characteristics. An AS can be divided into multiple areas. Each area represents a collection of contiguous networks and hosts. Areas limit the area to which link-state advertisements are broadcast, thereby limiting the amount of flooding that occurs within the network.
OSPF point-to-point links FIGURE 19 OSPF operating in a network OSPF point-to-point links In an OSPF point-to-point network, where a direct Layer 3 connection exists between a single pair of OSPF routers, there is no need for Designated and Backup Designated Routers, as is the case in OSPF multi-access networks. Without the need for Designated and Backup Designated routers, a point-to-point network establishes adjacency and converges faster.
Designated routers in multi-access networks Designated routers in multi-access networks In a network that has multiple routers attached, OSPF elects one router to serve as the designated router (DR) and another router on the segment to act as the backup designated router (BDR).
OSPFv2 FIGURE 21 Backup designated router becomes designated router If two neighbors share the same priority, the router with the highest router ID is designated as the DR. The router with the next highest router ID is designated as the BDR. NOTE By default, the Brocade device’s router ID is the IP address configured on the lowest numbered loopback interface. If the device does not have a loopback interface, the default router ID is the lowest numbered IP address configured on the device.
OSPF RFC 1583 and 2328 compliance OSPF RFC 1583 and 2328 compliance Brocade devices are configured, by default, to be compliant with the RFC 1583 OSPF V2 specification. Brocade devices can also be configured to operate with the latest OSPF standard, RFC 2328. Reduction of equivalent AS external LSAs An OSPF ASBR uses AS External link advertisements (AS External LSAs) to originate advertisements of a route learned from another routing domain, such as a BGP4 or RIP domain.
Algorithm for AS external LSA reduction FIGURE 22 AS external LSA reduction Notice that both Router D and Router E have a route to the other routing domain through Router F. OSPF eliminates the duplicate AS External LSAs.
Support for OSPF RFC 2328 Appendix E ‐ ‐ A second ASBR comes on-line A second ASBR that is already on-line begins advertising an equivalent route to the same destination. In either case above, the router with the higher router ID floods the AS External LSAs and the other router flushes its equivalent AS External LSAs. For example, if Router D is offline, Router E is the only source for a route to the external routing domain.
OSPF graceful restart because the first network has 16 ones bits (255.255.0.0) whereas the second network has only 8 ones bits (255.0.0.0). • ‐ ‐ For the less specific network, use the networks address as the ID. For the more specific network, use the network’s broadcast address as the ID. The broadcast address is the network address, with all ones bits in the host portion of the address. For example, the broadcast address for network 10.0.0.0 255.255.0.0 is 10.0.255.255.
OSPF Shortest Path First throttling The feature is useful for avoiding a loss of traffic during short periods when adjacency failures are detected and traffic is rerouted. Using this feature, traffic can be rerouted before an adjacency failure occurs due to common services interruptions such as a router being shutdown for maintenance. The feature is also useful during router startup because it gives the router enough time to build up its routing table before forwarding traffic.
IETF RFC and internet draft support IETF RFC and internet draft support The implementation of OSPF Graceful Restart supports the following IETF RFC: • RFC 3623: Graceful OSPF Restart NOTE A secondary management module must be installed for the device to function as a graceful restart device. If the device functions as a graceful restart helper device only, there is no requirement for a secondary management module.
OSPF parameters OSPF parameters You can modify or set the following global and interface OSPF parameters. Global parameters The global OSPF parameters are as follows: • • • • • • • • • • • • • • • • • • Modify OSPF standard compliance setting. Assign an area. Define an area range. Define the area virtual link. Set global default metric for OSPF. Change the reference bandwidth for the default cost of OSPF interfaces. Disable or re-enable load sharing. Enable or disable default-information-originate.
Enable OSPF on the device Enable OSPF on the device When you enable OSPF on the device, the protocol is automatically activated. To enable OSPF on the device, use the following method. device(config)# router ospf device(config-ospf-router)# This command launches you into the OSPF router level where you can assign areas and modify OSPF global parameters.
Assign a totally stubby area When an NSSA contains more than one ABR, OSPF elects one of the ABRs to perform the LSA translation for NSSA. OSPF elects the ABR with the highest router ID. If the elected ABR becomes unavailable, OSPF automatically elects the ABR with the next highest router ID to take over translation of LSAs for the NSSA. The election process for NSSA ABRs is automatic. To set up the OSPF areas use the following method.
OSPFv2 NSSAs are especially useful when you want to summarize Type-5 External LSAs (external routes) before forwarding them into an OSPF area. The OSPF specification (RFC 2328) prohibits summarization of Type-5 LSAs and requires OSPF to flood Type-5 LSAs throughout a routing domain. When you configure an NSSA, you can specify an address range for aggregating the external routes that the NSSA's ABR exports into other areas. The implementation of NSSA is based on RFC 1587.
OSPFv2 Syntax: [no] area { num | ip-addr nssa cost [ no-summary ] | default-information-originate } The num and ip-addr parameters specify the area number, which can be a number or in IP address format. If you specify a number, the number can be from 0 - 2,147,483,647. The nssa cost and default-information-originate parameters specify that this is a Not-So-Stubby-Area (NSSA). The cost specifies an additional cost for using a route to or from this NSSA and can be from 1 16777215. There is no default.
Assigning an area range (optional) The ip-mask parameter specifies the portions of the IP address that a route must contain to be summarized in the summary route. In the example above, all networks that begin with 209.157 are summarized into a single route. The advertise and not-advertise parameters specify whether you want the device to send type 3 LSAs for the specified range in this area. The default is advertise .
Assigning interfaces to an area Modifies the address range status to advertise and a Type 3 summary link-state advertisement (LSA) can be generated for this address range. device(config)# router ospf device(config-ospf-router)#area 10 range 10.1.1.1 255.255.255.0 advertise Modifies the address range status to advertise and assign cost for this area range to 10. device(config)# router ospf device(config-ospf-router)#area 10 range 10.1.1.1 255.255.255.
Setting all OSPFv2 interfaces to the passive state To assign interface 1/8 of Router A to area 10.5.0.0 and then save the changes, enter the following commands. RouterA(config)# interface e 1/8 RouterA(config-if-e10000-1/8)# ip ospf area 10.5.0.0 RouterA(config-if-e10000-1/8)# write memory Setting all OSPFv2 interfaces to the passive state You can set all the Open Shortest Path First Version 2 (OSPFv2) interfaces to the default passive state using the default-passive-interface command.
OSPFv2 default authentication-change interval is 300 seconds (5 minutes). You change the interval to a value from 0 - 14400 seconds. • authentication-key string— By default, the authentication key is encrypted. If you want the authentication key to be in clear text, insert a 0 between authentication-key and string. For example: device(config-if-e10000-1/8)# ip ospf authentication-key 0 morningadmin The software adds a prefix to the authentication key string in the configuration.
Rules for OSPF dead interval and hello interval timers • • • • NOTE This option affects all IP subnets configured on the interface. If you want to disable OSPF updates only on some of the IP subnets on the interface, use the ospf-ignore or ospf-passive parameter with the ip address command. active—When you configure an OSPFv2 interface to be active, that interface sends or receives all the control packets and forms the adjacency. By default, the ip ospf active command is disabled.
Block flooding of outbound LSAs on specific OSPF interfaces To change the authentication-change interval, enter a command such as the following at the interface configuration level of the CLI. device(config-if-e10000-2/5)# ip ospf auth-change-wait-time 400 Syntax: [no] ip ospf auth-change-wait-time secs The secs parameter specifies the interval and can be from 0 - 14400 seconds. The default is 300 seconds (5 minutes).
Assign virtual links The all-summary-external option directs the router to allow the following LSAs: Router, Network, Opq-Area-TE and Opq-Link-Graceful while it blocks all Type-3, Type-4 and Type-5 LSAs unless directed by one of the following keywords: allow-default - allows only Type-3 or Type-5 default LSAs. allow-default-and-type4 - allows Type-3 or Type-5 default LSAs and all Type 4 LSAs. All Type-7 LSAs are always filtered if the ip ospf database-filter command is enabled.
OSPFv2 FIGURE 24 Defining OSPF virtual links within a network The example shows an OSPF area border router, Device A, that is cut off from the backbone area (area 0). To provide backbone access to Device A, you can add a virtual link between Device A and Device C using area 1 as a transit area. To configure the virtual link, you define the link on the router that is at each end of the link. No configuration for the virtual link is required on the routers in the transit area.
Modify virtual link parameters Modify virtual link parameters OSPF has some parameters that you can modify for virtual links. Notice that these are the same parameters as the ones you can modify for physical interfaces.
Changing the reference bandwidth for the cost on OSPF interfaces md5authentication key string The MD5 key is a number from 1 - 255 and identifies the MD5 key that is being used. This parameter is required to differentiate among multiple keys defined on a router. When MD5 is enabled, the key-string is an alphanumeric password of up to 16 characters that is later encrypted and included in each OSPF packet transmitted.
Interface types to which the reference bandwidth does not apply • LAG group - The combined bandwidth of all the ports. • Virtual interface - The combined bandwidth of all the ports in the port-based VLAN that contains the virtual interface. The default reference bandwidth is 100 Mbps. You can change the reference bandwidth to a value from 1 - 4294967.
Define redistribution filters ports that are currently active. The following example enables cost calculation for currently active ports. device(config-ospf-router)# auto-cost use-active-ports The use-active-ports option enables cost calculation for currently active ports only. This option does not have any effect on non-VE or non-LAG interfaces. The default operation is for costs to be based on configured ports.
OSPFv2 FIGURE 25 Redistributing OSPF and static routes to RIP routes You also have the option of specifying import of just RIP, OSPF, BGP4, or static routes, as well as specifying that only routes for a specific network or with a specific cost (metric) be imported, as shown in the command syntax below. Syntax: [no] redistribute { bgp | connected | rip | static [ route-map map-name ] } NOTE Prior to software release 04.1.00, the redistribution command is used instead of redistribute .
Modify default metric for redistribution device(config-ospf-router)# redistribute static device(config-ospf-router)# write memory Modify default metric for redistribution The default metric is a global parameter that specifies the cost applied to all OSPF routes by default. The default value is 10. You can assign a cost from 1 - 65535. NOTE You also can define the cost on individual interfaces. The interface cost overrides the default cost.
OSPFv2 The match command in the route map matches on routes that have 5 for their metric value (cost). The set command changes the metric in routes that match the route map to 8. The redistribute static command enables redistribution of static IP routes into OSPF, and uses route map "abc" to control the routes that are redistributed.
Disable or re-enable load sharing Disable or re-enable load sharing Brocade devices can load share among up to eight equal-cost IP routes to a destination. By default, IP load sharing is enabled. The default is 4 equal-cost paths but you can specify from 2 - 8 paths. The router software can use the route information it learns through OSPF to determine the paths and costs.
Configure external route summarization Configure external route summarization When the device is an OSPF Autonomous System Boundary Router (ASBR), you can configure it to advertise one external route as an aggregate for all redistributed routes that are covered by a specified address range. When you configure an address range, the range takes effect immediately. All the imported routes are summarized according to the configured address range.
Configure default route origination Router OSPF: Enabled Nonstop Routing: Disabled Graceful Restart: Disabled Graceful Restart Helper: Enabled Graceful Restart Time: 120 Graceful Restart Notify Time: 0 Redistribution: Disabled Default OSPF Metric: 50 OSPF Auto-cost Reference Bandwidth: Disabled Default Passive Interface: Enabled OSPF Redistribution Metric: Type2 OSPF External LSA Limit: 1447047 OSPF Database Overflow Interval: 0 RFC 1583 Compatibility: Enabled Router id: 207.95.11.
OSPFv2 If default route origination is enabled and you disable it, the default route originated by the device is flushed. Default routes generated by other OSPF routers are not affected. If you re-enable the feature, the feature takes effect immediately and thus does not require you to reload the software. NOTE The ABR (device) will not inject the default route into an NSSA by default and the command described in this section will not cause the device to inject the default route into the NSSA.
Supported match and set conditions Supported match and set conditions The supported match and set conditions of a normal route-map configuration are as follows: TABLE 55 Match Conditions Match Conditions ip nexthop prefix-list prefixList ip nexthop accessList interface interfaceName metric metricValue tag routeTagValue protocol-type protocol route type and (or) sub-type value route-type route type (IS-IS sub-type values) TABLE 56 Set Conditions Set Conditions: metric metricValue metric-type
Synchronization of critical OSPF elements Synchronization of critical OSPF elements All types of LSAs and the neighbor information are synchronized to the standby module using the NSR synchronization library and IPC mechanism to transmit and receive packets. Link state database synchronization When the active management module fails, the standby management module takes over from the active management module with the identical OSPF link state database it had before the failure to ensure non-stop routing.
Limitations Limitations • If a neighbor router is inactive for 30 seconds, and if the standby module takes over in another 10 seconds, the neighbor router cannot be dropped. The inactivity timer starts again and takes another 40 seconds to drop the neighbor router. • In standby module, the valid neighbor states are LOADING, DOWN, 2WAY, and FULL.
Enabling and disabling NSR Enabling and disabling NSR To enable NSR for OSPF, enter the following commands: device(config)# router ospf device(config-ospf-router)# nonstop-routing To disable NSR for OSPF, enter the following commands: device(config)# router ospf device(config-ospf-router)# no nonstop-routing Syntax: [no] nonstop-routing If you enter the graceful-restart command when NSR is already enabled, the command is rejected with the following message: “Error - Please disable NSR before enabling Gra
OSPF distribute list The following commands with any or all of the options will remove the options from the defaultinformation-originate command if any of the options are configured: device(config-ospf-router)#no default-information-originate always device(config-ospf-router)#no default-information-originate always route-map test device(config-ospf-router)#no default-information-originate always route-map test metric 200 device(config-ospf-router)#no default-information-originate always route-map test metr
Configuring an OSPF distribution list using ACLs device still receives the routes and installs them in the OSPF database. The feature only prevents the software from installing the denied OSPF routes into the IP route table.
Configuring an OSPF distribution list using route maps Syntax: [no] distribute-list { acl-name | acl-number } in The distribute-list command is applied globally to all interfaces on the router where it is executed. Configuring an OSPF distribution list using route maps You can manage an OSPF Distribution List using route maps that apply match operations as defined by an ACL or an IP prefix list.
Modify SPF timers NOTE A Route Map used with the distribute-list command can use either the ip prefix-list command (as shown in the example) or an ACL to define the routes. The set distance command that is used in association with a route map configuration. Modify SPF timers The device uses the following timers when calculating the shortest path for OSPF routes: • SPF delay - When the device receives a topology change, the software waits before it starts a Shortest Path First (SPF) calculation.
Modify administrative distance The default is type2. Modify administrative distance The device can learn about networks from various protocols, including Border Gateway Protocol version 4 (BGP4), RIP, and OSPF. Consequently, the routes to a network may differ depending on the protocol from which the routes were learned. The default administrative distance for OSPF routes is 110. The router selects one route over another based on the source of the route information.
Configure OSPF group Link State Advertisement (LSA) pacing Configure OSPF group Link State Advertisement (LSA) pacing The device paces LSA refreshes by delaying the refreshes for a specified time interval instead of performing a refresh each time an individual LSA refresh timer expires. The accumulated LSAs constitute a group, which the device refreshes and sends out together in one or more packets.
Modify exit overflow interval • • • • interface-authentication-failure-trap - [MIB object: ospfIfAuthFailure] virtual-interface-authentication-failure-trap - [MIB object: ospfVirtIfAuthFailure] interface-receive-bad-packet-trap - [MIB object: ospfIfrxBadPacket] virtual-interface-receive-bad-packet-trap - [MIB object: ospfVirtIfRxBadPacket] The following traps are disabled by default.
Configuring an OSPF network type The log command has the following options: The all option causes all OSPF-related Syslog messages to be logged. If you later disable this option with the no log all command, the OSPF logging options return to their default settings. The adjacency option logs essential OSPF neighbor state changes, especially on error cases. This option is disabled by default.
Configuring OSPF Graceful Restart On a non-broadcast interface, the routers at either end of this interface must configure non-broadcast interface type and the neighbor IP address. There is no restriction on the number of routers sharing a non-broadcast interface (for example, through a hub/switch).
Configuring OSPF Graceful Restart per VRF Syntax: [no] graceful-restart restart-time seconds The seconds variable sets the maximum restart wait time advertised to neighbors. Possible values are 10 - 1800 seconds. The default value is 120 seconds. Disabling OSPF Graceful Restart helper mode for the global instance By default, a router supports other restarting routers as a helper. You can prevent your router from participating in OSPF Graceful Restart by using the following command.
Configuring OSPF router advertisement Syntax: [no] graceful-restart helper-disable This command disables OSPF Graceful Restart helper mode. The default behavior is to help the restarting neighbors. Configuring OSPF router advertisement You can configure OSPF router advertisement in the router ospf mode orrouter ospf vrf mode as shown in the following examples.
Examples 0xFFFFFFFF). The default value is 4294967295 (Hex: 0xFFFFFFFF). This parameter only applies to the default instance of OSPF. Examples The following examples of the command max-metric router-lsa command demonstrate how it can be used: The following command indicates that OSPF is being shutdown and that all links in the router LSA should be advertised with the value 0xFFFF and the metric value for all external and summary LSAs is set to 0xFF0000 until OSPF is restarted.
Command replacement NOTE The hold time values that you specify are rounded up to the next highest 100 ms value. For example, any value between 0 and 99 will be configured as 100 ms. Command replacement This command overlaps in functionality with the timer throttle spf command which will be phased out. To use this command to replicate the exact functionality of the timer throttle spf command configure it as shown in the following.
Displaying general OSPF configuration information • • • • • ABR and ASBR information Trap state information OSPF Point-to-Point Links OSPF Graceful Restart information OSPF Router Advertisement information Displaying general OSPF configuration information To display general OSPF configuration information, enter the following command at any CLI level.
OSPFv2 TABLE 57 show ip ospf config output descriptions (Continued) Field Description Graceful Restart Shows whether or not the graceful restart is enabled. Graceful Restart Helper Shows whether or not the OSPF graceful restart helper mode is enabled. Graceful Restart Time Shows the maximum restart wait time advertised to neighbors. Graceful Restart Notify Time Shows the graceful restart notification time. Redistribution Shows whether or not the redistribution is enabled.
Displaying OSPF area information TABLE 57 show ip ospf config output descriptions (Continued) Field Description Area-ID Shows the area ID of the interface. Area-Type Shows the area type, which can be one of the following: • nssa • normal • stub Cost Shows the cost of the area. Ethernet Interface Shows the OSPF interface. ip ospf md5-authentication-keyactivation-wait-time Shows the wait time of the device until placing a new MD5 key into effect.
Displaying OSPF neighbor information TABLE 58 show ip ospf area output descriptions (Continued) This field Displays SPFR The SPFR value. ABR The ABR number. ASBR The ABSR number. LSA The LSA number. Chksum(Hex) The checksum for the LSA packet. The checksum is based on all the fields in the packet except the age field. The device uses the checksum to verify that the packet is not corrupted.
OSPFv2 TABLE 59 show ip ospf neighbor output descriptions (Continued) Field Description State The state of the conversation between the device and the neighbor. This field can have one of the following values: • Down - The initial state of a neighbor conversation. This value indicates that there has been no recent information received from the neighbor. • Attempt - This state is only valid for neighbors attached to non-broadcast networks.
Displaying OSPF interface information Displaying OSPF interface information To display OSPF interface information, enter the following command at any CLI level. device# show ip ospf interface ethernet 1/11 Ethernet 1/11 admin up, oper up IP Address 15.1.1.15, Area 0 Database Filter: Not Configured State active(default passive), Pri 1, Cost 1, Options 2,Type broadcast Events 2 Timers(sec): Transmit 1, Retrans 5, Hello 10, Dead 40 DR: Router ID 192.168.254.1 Interface Address 15.1.1.1 BDR: Router ID 10.0.0.
OSPFv2 TABLE 60 show ip ospf interface output descriptions (Continued) This field Displays State The state of the interface. Possible states include the following: • DR - The interface is functioning as the Designated Router for OSPFv2. • BDR - The interface is functioning as the Backup Designated Router for OSPFv2. • Loopback - The interface is functioning as a loopback interface. • P2P - The interface is functioning as a point-to-point interface.
Displaying OSPF interface brief information TABLE 60 show ip ospf interface output descriptions (Continued) This field Displays Events OSPF Interface Event: • Interface_Up = 0x00 • Wait_Timer = 0x01 • Backup_Seen = 0x02 • Neighbor_Change = 0x03 • Loop_Indication = 0x04 • Unloop_Indication = 0x05 • Interface_Down = 0x06 • Interface_Passive = 0x07 Timer intervals The interval, in seconds, of the transmit-interval, retransmit-interval, hello-interval, and deadinterval timers.
Displaying OSPF route information TABLE 61 show ip ospf interface brief output descriptions (Continued) This field Displays State The state of the conversation between the router and the neighbor. This field can have one of the following values: • • • • • • • • Nbrs(F/C) Down - The initial state of a neighbor conversation. This value indicates that there has been no recent information received from the neighbor. Attempt - This state is only valid for neighbors attached to non-broadcast networks.
OSPFv2 10.65.0.0 255.255.0.0 Adv_Router Link_State 10.1.10.1 0.0.0.0 Paths Out_Port Next_Hop 1 1/1 0.0.0.0 OSPF Regular Routes 208: Destination Mask 10.1.10.0 255.255.255.252 Adv_Router Link_State 10.1.10.1 10.1.10.2 Paths Out_Port Next_Hop 1 v10 0.0.0.0 Destination Mask 10.1.11.0 255.255.255.252 Adv_Router Link_State 10.1.10.1 10.1.11.2 Paths Out_Port Next_Hop 1 v11 0.0.0.
Displaying the routes that have been redistributed into OSPF TABLE 62 show ip ospf routes output descriptions (Continued) This field Displays Tag The external route tag. Flags State information for the route entry. This information is used by Brocade technical support. Paths The number of paths to the destination. Out_Port The router port through which the device reaches the next hop for this route path. Next_Hop The IP address of the next-hop router for this path.
Displaying OSPF external link state information Done 6 0.0.0.200 Net 192.213.111.213 192.168.98.213 8000002d 1683 0x17bc Done Syntax: show ip ospf database TABLE 63 show ip ospf databaseoutput descriptions This field Displays Index ID of the entry Area ID ID of the OSPF area Type Link state type of the route. LS ID The ID of the link-state advertisement from which the router learned this route. Adv Rtr ID of the advertised route. Seq(Hex) The sequence number of the LSA.
Displaying OSPF database-summary information The extensive option displays the LSAs in decrypted format. NOTE You cannot use the extensive option in combination with other display options. The entire database is displayed. The link-state-id ip-addr parameter displays the External LSAs for the LSA source specified by ipaddr. The router-id ip-addr parameter shows the External LSAs for the specified OSPF router.
Displaying OSPF database link state information TABLE 65 show ip ospf database database-summary output descriptions (Continued) This field Displays Network The number of network link state advertisements in that area. Sum-Net The number of summary link state advertisements in that area. Sum-ASBR The number of summary autonomous system boundary router (ASBR) link state advertisements in that area NSSA-Ext The number of not-so-stubby Opq-area the number of Type-10 (area-scope) Opaque LSA.
Displaying OSPF ABR and ASBR information The router-id ip-addr parameter shows the LSAs for the specified OSPF router. The sequence-number num parameter displays the LSA entries for the specified hexadecimal LSA sequence number. The self-originate option shows self-originated LSAs.
Displaying OSPF trap status TABLE 67 show ip ospf border-routersoutput descriptions (Continued) This field Displays Router ID ID of the OSPF router Router type Type of OSPF router: ABR or ASBR Next hop router ID of the next hop router Outgoing interface ID of the interface on the router for the outgoing route. Area ID of the OSPF area to which the OSPF router belongs Displaying OSPF trap status All traps are enabled by default when you enable OSPF.
Displaying OSPF virtual neighbor and link information TABLE 68 show ip ospf interfaceoutput descriptions This field Displays IP Address The IP address of the interface. OSPF state The OSPF state of the interface. Pri The router priority. Cost The configured output cost for the interface.
OSPFv2 ver V2.2.1T143 module 1 rx-bi-1g-24-port-fiber module 2 rx-bi-10g-4-port module 6 rx-bi-10g-4-port module 7 rx-bi-1g-24-port-copper ! ! no spanning-tree ! vlan 1 name DEFAULT-VLAN ! ! clock summer-time clock timezone us Pacific hostname R11-RX8 router ospf area 2 area 1 area 1 virtual-link 10.1.1.
Displaying OSPF virtual neighbor Displaying OSPF virtual neighbor Use the show ip ospf virtual neighbor command to display OSPF virtual neighbor information. device# show ip ospf virtual neighbor Indx Transit Area Router ID Neighbor address options 1 1 131.1.1.10 135.14.1.10 2 Port Address state events count 6/2/3 27.11.1.27 FULL 5 0 Syntax: show ip ospf virtual neighbor [ num ] The num parameter displays the table beginning at the specified entry number.
Displaying OSPF Router Advertisement information TABLE 69 show ip ospf database grace-link-state output descriptions This field Displays Area The OSPF area that the interface configured for OSPF graceful restart is in. Interface The interface that is configured for OSPF graceful restart. Adv Rtr ID of the advertised route. Age The age of the LSA in seconds. Seq(Hex) The sequence number of the LSA. The OSPF neighbor that sent the LSA stamps the LSA with a sequence number.
Clearing OSPF information The show ip ospf command displays LSAs that have been configured with a maximum metric. Clearing OSPF information You can use the clear ip ospf commands to clear OSPF data on an router as described in the following: • Neighbor information • Reset the OSPF process • Clear and re-add OSPF routes Clearing OSPF neighbors You can use the following command to delete and relearn all OSPF neighbors, all OSPF neighbors for a specified interface or a specified OSPF neighbor.
OSPFv3 ● OSPFv3 feature support............................................................................................... 317 ● OSPFv3 overview......................................................................................................... 318 ● Link-state advertisement types for OSPFv3..................................................................318 ● Configuring OSPFv3.....................................................................................................
OSPFv3 overview OSPFv3 overview Open Shortest Path First (OSPF) is a link-state routing protocol. OSPF uses link-state advertisements (LSAs) to update neighboring routers about its interfaces and information on those interfaces. The device floods LSAs to all neighboring routers to update them about the interfaces. Each router maintains an identical database that describes its area topology to help a router determine the shortest path between it and any neighboring router.
Configuring OSPFv3 Configuring OSPFv3 To configure OSPFv3, you must perform the following steps. • Enable OSPFv3 globally. • Assign OSPF areas. • Assign device interfaces to an OSPF area. The following configuration tasks are optional: • Configure a virtual link between an Area Border Router (ABR) without a physical connection to a backbone area and the device in the same area with a physical connection to the backbone area. • Change the reference bandwidth for the cost on OSPFv3 interfaces.
Disabling OSPFv3 in a VRF Disabling OSPFv3 in a VRF To disable OSPFv3 for a default Virtual Routing and Forwarding (VRF), enter a command such as the following. device(config-ospf6-router)# no ipv6 router ospf vrf red Syntax: [no] ipv6 router ospf vrf vrf-name The vrf-name parameter specifies the name of the VRF in which OSPFv3 is being initiated. If you disable OSPFv3, the device removes all the configuration information for the disabled protocol from the running-configuration file.
Assigning a totally stubby area When an NSSA contains more than one ABR, OSPFv3 elects one of the ABRs to perform the LSA translation for NSSA. OSPF elects the ABR with the highest router ID. If the elected ABR becomes unavailable, OSPFv3 automatically elects the ABR with the next highest router ID to take over translation of LSAs for the NSSA. The election process for NSSA ABRs is automatic. For example, to set up OSPFv3 areas 10.70.12.10, 10.70.12.11, 10.70.12.12, and 10.70.12.
Assign a Not-So-Stubby Area (NSSA) Assign a Not-So-Stubby Area (NSSA) The OSPF Not So Stubby Area (NSSA) feature enables you to configure OSPF areas that provide the benefits of stub areas, but that also are capable of importing external route information. OSPF does not flood external routes from other areas into an NSSA, but does translate and flood route information from the NSSA into other areas such as the backbone.
OSPFv3 The following example deletes the NSSA area 100. device(config-ospf6-router)#no area 100 Syntax: [no] area area-id nssa [[stub-metric] [default-information-originate [metric metric-value | metric-type type-value]] [no-summary] [no-redistribution] [translator-always] [translator-interval stability-interval]] The area-id parameter specifies the area number, which can be a number or in IP address format. If you specify a number, the number can be from 0 to 2,147,483,647.
Assigning an area cost for OSPFv3 (optional parameter) The ipv6-subnet-mask parameter specifies the portions of the IPv6 address that a route must contain to be summarized in the summary route. In the example above, all networks that begin with 2001:DB8:: are summarized into a single route. The advertise and not-advertise parameters specify whether you want the device to send type 3 LSAs for the specified range in this area. The default is advertise.
Assigning interfaces to an area NOTE This command does not work in incremental fashion. So both the optional parameters have to be configured each time. Otherwise it will take the default value. Syntax: [no] area {num | ipv6-addr} range ipv6-addr/ipv6-subnet-mask [advertise | not-advertise] [cost cost-value] The num and ipv6-addr parameters specify the area number, which can be in IP address format. The range ipv6-addr parameter specifies the IP address portion of the range.
Configuring virtual links The point-to-point parameter specifies that the OSPF interface will support point-to-point networking. This is the default setting for tunnel interfaces. The broadcast parameter specifies that the OSPF interface will support broadcast networking. This is the default setting for Ethernet and VE interfaces. The no form of the command disables the command configuration. Configuring virtual links All ABRs must have either a direct or indirect link to an OSPF backbone area (0.0.0.
Changing the reference bandwidth for the cost on OSPFv3 interfaces • Dead-interval: The number of seconds that a neighbor router waits for a hello packet from the device before declaring the router is down. The range is from 1 through 65535 seconds. The default is 40 seconds. • Hello-interval: The length of time between the transmission of hello packets. The range is from 1 through 65535 seconds. The default is 10 seconds.
Redistributing routes into OSPFv3 The interfaces that consist of more than one physical port is calculated as follows: • LAG group- The combined bandwidth of all the ports. • Virtual (Ethernet) interface - The combined bandwidth of all the ports in the port-based VLAN that contains the virtual interface. You can change the default reference bandwidth from 100 Mbps to a value from 1 through 4294967.
Configuring route redistribution into OSPFv3 Configuring route redistribution into OSPFv3 You can configure the device to redistribute routes from the following sources into OSPFv3: • • • • IPv6 static routes Directly connected IPv6 networks BGP4+ RIPng You can redistribute routes in the following ways: • By route types, for example, the Brocade device redistributes all IPv6 static and RIPng routes.
Modifying default metric for routes redistributed into OSPF Version 3 static IPv6 route to be redistributed into OSPF only if the route has a metric of 5, and changes the metric to 8 before placing the route into the OSPF route redistribution table. Syntax: [no] redistribute {bgp | connected | rip | static [route-map map-name]} The bgp, connected, isis, ip, and static keywords specify the route source. The route-map map-name parameter specifies the route map name.
Modifying metric type for routes redistributed into OSPFv3 To restore the default metric to the default value, use the no form of this command. Modifying metric type for routes redistributed into OSPFv3 The device uses the metric-type parameter by default for all routes redistributed into OSPFv3 unless you specify a different metric type for individual routes using the redistribute command. A type 1 route specifies a small metric (two bytes), while a type 2 route specifies a big metric (three bytes).
Filtering OSPFv3 routes To configure the summary address 2001:db8::/24 for routes redistributed into OSPFv3, enter the following command. device(config-ospf6-router)# summary-address 2001:db8::/24 In this example, the summary prefix 2001:db8::/24 includes addresses 2001:db8::/1 through 2001:db8::/24. Only the address FEC0::/24 is advertised in an external link-state advertisement.
OSPFv3 To specify an IPv6 prefix list called filterOspfRoutes that denies route 2001:db8:2::/64, enter the following commands. device(config)# ipv6 prefix-list filterOspfRoutes seq 5 deny 2001:db8:2::/64 device(config)# ipv6 prefix-list filterOspfRoutes seq 7 permit ::/0 ge 1 le 128 Syntax: ipv6 prefix-list name [seq seq-value] [description string] {deny | permit} ipv6-addr/mask-bits [ge ge-value] [ le le-value] To configure a distribution list that applies the filterOspfRoutes prefix list globally.
OSPFv3 Configuring an OSPFv3 distribution list using a route map as input The following commands configure a route map that matches internal routes. device(config)# route-map allowInternalRoutes permit 10 device(config-routemap allowInternalRoutes)# match route-type internal The following commands configure a distribution list that applies the allowInternalRoutes route map globally to OSPFv3 routes.
Configuring default route origination Configuring default route origination When the Brocade device is an OSPFv3 Autonomous System Boundary Router (ASBR), you can configure it to automatically generate a default external route into an OSPFv3 routing domain. This feature is called "default route origination" or "default information origination." By default, the Brocade device does not advertise the default route into the OSPFv3 domain.
Modifying administrative distance the SPF delay to a value from 0 through 65535 seconds. If you set the SPF delay to 0 seconds, the software immediately begins the SPF calculation after receiving a topology change. • SPF hold time - The device waits a specific amount of time between consecutive SPF calculations. By default, it waits 10 seconds. You can configure the SPF hold time to a value from 0 through 65535 seconds.
Configuring the OSPFv3 LSA pacing interval • Intra-area routes • Inter-area routes • External routes The default for all of these OSPFv3 route types is 110. NOTE This feature does not influence the choice of routes within OSPFv3. For example, an OSPF intra-area route is always preferred over an OSPF inter-area route, even if the intra-area route’s distance is greater than the inter-area route’s distance.
Modifying exit overflow interval Modifying exit overflow interval If a database overflow condition occurs on the Brocade device, the device eliminates the condition by removing entries that originated on the device. The exit overflow interval allows you to set how often a device checks to see if the overflow condition has been eliminated. The default value is 0. If the configured value of the database overflow interval is 0, then the device never leaves the database overflow condition.
Disabling or re-enabling event logging • cost: Indicates the overhead required to send a packet across an interface. You can modify the cost to differentiate between 100 Mbps and 1000 Mbps (1 Gbps) links. The command syntax is ipv6 ospf cost number. The default cost is calculated by dividing 100 million by the bandwidth. For 10 Mbps links, the cost is 10. The cost for both 100 Mbps and 1000 Mbps links is 1, because the speed of 1000 Mbps was not in use at the time the OSPF cost formula was devised.
IPsec for OSPFv3 IPsec for OSPFv3 This section describes the implementation of Internet Protocol Security (IPsec) for securing OSPFv3 traffic. IPsec is available for OSPFv3 traffic only and only for packets that are "for-us." A for-us packet is addressed to one of the IPv6 addresses on the device or to an IPv6 multicast address. Packets that are just forwarded by the line card do not receive IPsec scrutiny.
General considerations • • • • • • • • ESP security protocol Authentication HMAC-SHA1-96 authentication algorithm Security parameter index (SPI) A 40-character key using hexadecimal characters An option for not encrypting the keyword when it appears in show command output Key rollover timer Specifying the key add remove timer NOTE In the current release, certain keyword parameters must be entered even though only one keyword choice is possible for that parameter.
Considerations for IPsec on virtual links If you configure IPsec for an area, all interfaces that utilize the area-wide IPsec (where interfacespecific IPsec is not configured) nevertheless receive an SPD entry (and SPDID number) that is unique for the interface. The area-wide SPI that you specify is a constant for all interfaces in the area that use the area IPsec, but the use of different interfaces results in an SPDID and an SA that are unique to each interface.
Configuring IPsec on a interface Syntax: [no] ipv6 ospf authentication ipsec key-add-remove-interval range The no form of this command sets the key-add-remove-interval back to a default of 300 seconds. The ipv6 command is available in the configuration interface context for a specific interface. The ospf keyword identifies OSPFv3 as the protocol to receive IPsec security. The authentication keyword enables authentication. The ipsec keyword specifies IPsec as the authentication protocol.
Configuring IPsec for an area The sha1 keyword specifies the HMAC-SHA1-96 authentication algorithm. This mandatory parameter can be only the sha1 keyword in the current release. Including the optional no-encrypt keyword means that when you display the IPsec configuration, the key is displayed in its unencrypted form and also saved as unencrypted. The key variable must be 40 hexadecimal characters. To change an existing key, you must also specify a different SPI value.
Configuring IPsec for a virtual link If no-encrypt is not entered, then the key will be encrypted. This is the default. The system adds the following in the configuration to indicate that the key is encrypted: • encrypt = the key string uses proprietary simple cryptographic 2-way algorithm • encryptb64 = the key string uses proprietary base64 cryptographic 2-way algorithm The configuration in the preceding example results in the configuration for area 2 that is illustrated in the following.
Disabling IPsec on an interface Disabling IPsec on an interface For the purpose of troubleshooting, you can operationally disable IPsec on an interface by using the ipv6 ospf authentication ipsec disable command in the CLI context of a specific interface. This command disables IPsec on the interface whether its IPsec configuration is the area’s IPsec configuration or is specific to that interface. The output of the show ipv6 ospf interface command shows the current setting for the disable command.
Configuring OSPFv3 Graceful Restart Helper mode Configuring OSPFv3 Graceful Restart Helper mode To enable the graceful restart (GR) helper capability, use the graceful-restart helper command in the OSPFv6 interface mode. Graceful restart for OSPFv3 helper mode is enabled by default. device(config-ospf6-router)# graceful-restart helper strict-lsa-checking Syntax: [no] graceful-restart helper {disable | strict-lsa-checking} The disable keyword is used to disable the graceful-restart helper capability.
Displaying OSPFv3 information Displaying OSPFv3 information You can display the information for the following OSPFv3 parameters: • • • • • • • • • • • • Areas Link state databases Interfaces Memory usage Neighbors Redistributed routes Routes SPF Virtual links Virtual neighbors IPsec key-add-remove interval General OSPFv3 configuration information To indicate whether the Brocade device is operating as ASBR or not, enter the following command at any CLI level.
Displaying OSPFv3 database information Router: 1 Network: 0 Maximum of Hop count to nodes: 0 Syntax: show ipv6 ospf area [area-id] You can specify the area-id parameter in the following formats: • As an IPv4 address, for example, 192.168.1.1. • As a numerical value from 0 through 2,147,483,647. The area-id parameter restricts the display to the specified OSPF area. TABLE 71 show ipv6 ospf area output descriptions This field Displays Area The area number.
OSPFv3 0.0.0.200 0.0.0.200 0.0.0.200 N/A Rtr Net Net Extn 0 1156 136 0000021d 192.168.98.213 192.168.98.111 192.168.98.111 10.223.223.
OSPFv3 TABLE 72 show ipv6 ospf database output descriptions (Continued) This field Displays Chksum A checksum for the LSA packet. The checksum is based on all the fields in the packet except the age field. The device uses the checksum to verify that the packet is not corrupted. Len The length, in bytes, of the LSA. Sync Sync status with the slave management processor (MP). To display the show ipv6 ospf database advr command output, enter the following command at any CLI level.
OSPFv3 LSA Key - Rtr:Router Net:Network Inap:InterPrefix Inar:InterRouter Extn:ASExternal Grp:GroupMembership Typ7:Type7 Link:Link Iap:IntraPrefix Grc:Grace Area ID Type LS ID Adv Rtr Seq(Hex) Age Cksum Len 0.0.0.200 Link 897 192.168.98.
OSPFv3 TABLE 73 OSPFv3 detailed database information fields (Continued) This field Displays Metric The cost of using this router interface for outbound traffic. Interface ID The ID assigned to the router interface. Neighbor Interface ID The interface ID that the neighboring router has been advertising in hello packets sent on the attached link. Neighbor Router ID The router ID (IPv4 address) of the neighboring router that advertised the route.
OSPFv3 TABLE 73 OSPFv3 detailed database information fields (Continued) This field Displays Options A 24-bit field that enables IPv6 OSPF routers to support the optional capabilities. When set, the following bits indicate the following: V6 - The device should be included in IPv6 routing calculations. E - The device floods AS-external-LSAs as described in RFC 2740. MC - The device forwards multicast packets as described in RFC 1586. N - The device handles type 7 LSAs as described in RFC 1584.
Displaying IPv6 interface information TABLE 73 OSPFv3 detailed database information fields (Continued) This field Displays Prefix Options An 8-bit field of capabilities that serve as input to various routing calculations: Prefix • NU - The prefix is excluded from IPv6 unicast calculations. • LA - The prefix is an IPv6 interface address of the advertising router. • MC - The prefix is included in IPv6 multicast routing calculations.
Displaying IPv6 OSPFv3 interface information TABLE 74 show ipv6 interface output descriptions Field Description Type Codes Shows the routing protocol enabled on the interface. The routing protocol can be one of the following: • R - RIP • O - OSPF Interface Shows the type, slot, and port number of the interface. Stat/Prot Shows the status of the link and the protocol for the interface.
Displaying IPv6 OSPFv3 interface information in full mode TABLE 75 show ipv6 ospf interface brief output descriptions (Continued) This field Displays Status The status of the link and the protocol. Possible status include the following: Type • Up. • Down. The type of OSPFv3 circuit running on the interface.
OSPFv3 Outbound: None Inbound: None DR:192.168.98.111 BDR:192.168.98.213 Number of I/F scoped LSAs is 2 DRElection: 1 times, DelayedLSAck: 23 times Neighbor Count = 1, Adjacent Neighbor Count= 1 Neighbor: 192.168.98.
OSPFv3 TABLE 76 show ipv6 ospf interface output descriptions (Continued) This field Displays Instance ID An identifier for an instance of OSPFv3. Router ID The IPv4 address of the device. By default, the router ID is the IPv4 address configured on the lowest numbered loopback interface. If the device does not have a loopback interface, the default router ID is the lowest numbered IPv4 address configured on the device.
Displaying OSPFv3 memory usage TABLE 76 show ipv6 ospf interface output descriptions (Continued) This field Displays Adjacent Neighbor The number of neighbors with which the interface has formed an active adjacency. Count Neighbor The router ID (IPv4 address) of the neighbor. This field also identifies the neighbor as a DR or BDR, if appropriate.
Displaying OSPFv3 neighbor information MTYPE_OSPF6_OTHER MTYPE_THREAD_MASTER 0 84 0 1 0 1 0 0 Syntax: show ipv6 ospf memory TABLE 77 show ipv6 ospf memory output descriptions This field Displays Total Dynamic Memory Allocated A summary of the amount of dynamic memory allocated, in bytes, to OSPFv3. Memory Type The type of memory used by OSPFv3. (This information is for use by Brocade technical support in case of a problem.) Size The size of a memory type.
OSPFv3 TABLE 78 show ipv6 ospf neighbor output descriptions (Continued) Field Description State The state between the device and the neighbor. The state can be one of the following: • Down • Attempt • Init • 2-Way • ExStart • Exchange • Loading • Full DR The router ID (IPv4 address) of the DR. BDR The router ID (IPv4 address) of the BDR. Interface [State] The interface through which the router is connected to the neighbor.
OSPFv3 Number of LSAs in Number of LSAs in Number of LSAs in Number of LSAs in SeqnumMismatch OnewayReceived DbDescRetrans LSUpdateRetrans LSAReceived DbDesc retransmitting: 0 SummaryList: 0 RequestList: 0 RetransList: 0 0 times, BadLSReq 0 times, InactivityTimer 0 times, LSReqRetrans 3 times 317 times, LSUpdateReceived 0 times 0 times 0 times 262 times TABLE 79 show ipv6 ospf neighbor router-id output descriptions Field Description Router ID The IPv4 address of the neighbor.
OSPFv3 TABLE 79 show ipv6 ospf neighbor router-id output descriptions (Continued) 364 Field Description DbDesc bit The Database Description packet, which includes 3 bits of information: • The first bit can be "i" or "-". "i" indicates the inet bit is set. "-" indicates the inet bit is not set. • The second bit can be "m" or "-". "m" indicates the more bit is set. "-" indicates the more bit is not set. • The third bit can be "m" or "s". An "m" indicates the master. An "s" indicates standby.
Displaying routes redistributed into OSPFv3 Displaying routes redistributed into OSPFv3 You can display all IPv6 routes or a specified IPv6 route that the device has redistributed into OSPFv3. To display all IPv6 routes that the device has redistributed into OSPFv3, enter the following command at any level of the CLI.
OSPFv3 Current Route count: 309 Intra: 304 Inter: 4 External: 1 (Type1 0/Type2 1) Equal-cost multi-path: 56 OSPF Type: IA- Intra, OA - Inter, E1 - External Type1, E2 - External Type2 Destination Cost E2Cost Tag Flags Dis E2 ::/0 2 1 0 00000003 110 Next_Hop_Router Outgoing_Interface Adv_Router fe80::768e:f8ff:fe3e:1800 e 4/3/1 192.168.98.111 fe80::768e:f8ff:fe3e:1800 ve 17 192.168.98.
Displaying OSPFv3 SPF information TABLE 81 OSPFv3 route information (Continued) This field Displays E2 Cost The type 2 cost of this route. Tag The route tag for this route. Flags Flags associated with this route. Dis Administrative Distance for this route. Next-Hop Router The IPv6 address of the next router a packet must traverse to reach a destination. Outgoing Interface The router interface through which a packet must traverse to reach the nexthop router.
OSPFv3 child nodes: 192.168.98.61:5 192.168.98.190:1551 192.168.98.112:643 SPF node 192.168.98.61:5, cost: 2, hops: 2 nexthops to node: 5100::192:113:111:111 VLink 1 parent nodes: 192.168.98.111:0 child nodes: 192.168.98.61:0 SPF node 192.168.98.190:1551, cost: 2, hops: 2 nexthops to node: 5100::192:113:111:111 VLink 1 --More--, next page: Space, next line: Return key, For example, to display information about SPF nodes in area 0, enter the show ipv6 ospf spf node area command at any level of the CLI.
OSPFv3 R 192.168.98.111 --V-B V6E---RN 192.168.98.111[136] ----- V6E---RN 192.168.98.111[1156 ----- V6E---RSPF table for Area 400 Destination Bits Options SPF table for Area 0.0.0.0 Destination Bits Options R 192.168.98.71 ---E- V6E---RD R 192.168.98.71 ---E- V6E---RD R 192.168.98.190 ---E- V6E---RR 192.168.98.
Displaying OSPFv3 GR Helper mode information For example, to display the SPF tree for area 0, enter the following command at any level of the CLI. device# show ipv6 ospf spf tree area 0 SPF tree for Area 0 +- 10.223.223.223 cost 0 +- 10.223.223.223:88 cost 1 +- 10.1.1.1:0 cost 1 Syntax: show ipv6 opsf spf tree area area-id The tree keyword displays the SPF table. The area area-id parameter specifies a particular area.
Displaying IPv6 OSPF virtual link information Displaying IPv6 OSPF virtual link information To display OSPFv3 virtual link information on a Brocade device, enter the show ipv6 ospf virtual-link command at any level of the CLI. device# show ipv6 ospf virtual-link Transit Area ID Router ID Interface Address State 0.0.0.200 192.168.98.
IPsec examples TABLE 85 show ipv6 ospf virtual-neighbor output descriptions This field Displays Index An index number associated with the virtual neighbor. Router ID IPv4 address of the virtual neighbor. Address The IPv6 address to be used for communication with the virtual neighbor. State The state between the device and the virtual neighbor.
Showing IPsec policy IPSEC Security Association Database(Entries:8) SPDID(vrf:if) Dir Encap SPI Destination 1:ALL in ESP 512 2001:db8:1::1 1:e1/1 out ESP 302 :: 1:e1/1 in ESP 302 FE80:: 1:e1/1 out ESP 512 2001:db8:1::2 2:ALL in ESP 512 2001:db8:1::1 2:e1/2 out ESP 302 :: 2:e1/2 in ESP 302 FE80:: 2:e1/2 out ESP 512 2001:db8:1::2 AuthAlg sha1 sha1 sha1 sha1 sha1 sha1 sha1 sha1 EncryptAlg Null Null Null Null Null Null Null Null Syntax: show ipsec sa Showing IPsec policy The show ipsec policy command displ
Showing IPsec statistics TABLE 86 show ipsec policy output descriptions (Continued) This field Displays Dir The direction of traffic flow to which the IPsec policy is applied. Each direction has its own entry. Proto The only possible routing protocol for the security policy in the current release is OSPFv3. Source The source address consists of the IPv6 prefix and the TCP or UDP port identifier. Destination The destination address consists of the IPv6 prefix.
Displaying IPsec configuration for an area secAuthenticationErrors secReplayErrors: secOtherReceiveErrors: secAuthenticationErrors secReplayErrors: secOtherReceiveErrors: secUnknownSpiErrors: 0 0 0 0 0 0 0 ipsecPolicyErrors: ipsecSendErrors: 13 0 ipsecPolicyErrors: ipsecSendErrors: 13 0 Syntax: show ipsec statistics This command takes no parameters. Displaying IPsec configuration for an area The show ipv6 ospf area command includes information about IPsec for one area or all areas.
Displaying IPsec for an interface TABLE 88 show ipv6 ospf area output descriptions (Continued) This field Displays Current Shows current SPI, authentication algorithm (currently ESP only), encryption algorithm (currently SHA1 only), and the current key. New Shows new SPI (if changed), authentication algorithm (currently ESP only), encryption algorithm (currently SHA1 only), and the new key.
OSPFv3 TABLE 89 show ipv6 ospf interface output descriptions (Continued) This field Displays KeyRolloverTime The number of seconds between each initiation of a key rollover. This field shows the configured and current times. KeyRolloverState Can be: Not active: key rollover is not active. Active phase 1: rollover is in its first interval. Active phase 2: rollover is in its second interval.
Displaying IPv6 OSPF information for a VRF Changing a key In this example, the key is changed. Note that the SPI value is changed from 300 to 310 to comply with the requirement that the SPI is changed when the key is changed. Initial configuration command. device(config-if-e10000-1/3)#ipv6 ospf auth ipsec spi 300 esp sha1 no-encrypt 12345678900987655431234567890aabbccddef Command for changing the key.
OSPFv3 clear commands Area 1: Authentication: Not Configured Interface attached to this area: eth 1/1 Number of Area scoped LSAs is 6 Sum of Area LSAs Checksum is 00046630 Statistics of Area 1: SPF algorithm executed 3 times SPF last updated: 302 sec ago Current SPF node count: 3 Router: 2 Network: 1 Maximum of Hop count to nodes: 2 Global IPv6 Address used by Virtual Links in this area:10:1:1::2 Area 0.0.0.
Clearing OSPFv3 data in a VRF Clearing OSPFv3 data in a VRF You can use the clear ipv6 ospf vrf command to clear anything in a specific vrf as shown in the following. device# clear ipv6 ospf vrf abc all device# clear ipv6 ospf vrf abc traffic Syntax: clear ipv6 ospf vrf vrfname Clearing all OSPFv3 packet counters You can use the clear ipv6 ospf traffic command to clear all OSPFv3 packet counters as shown in the following.
Clearing OSPFv3 counters Clearing OSPF neighbors attached to a specified interface You can use the clear ipv6 ospf neighbor interface command to delete and relearn the OSPF neighbors attached to a specified interface, as shown in the following. device# clear ipv6 ospf neighbor interface ethernet 1/1 Syntax: clear ipv6 ospf neighbor interface [ethernet slot/port | ve port-no | tunnel tunnel-port] [nbrid] Specify the interface options as shown in the following options.
OSPFv3 Specify the interface options as shown in the following options. ethernet slot/port - clears OSPFv3 counters for OSPFv3 neighbors on the specified Ethernet interface. ve port-no - clears OSPFv3 counters for OSPFv3 neighbors on the specified virtual interface. tunnel tunnel-port - clears OSPFv3 counters for OSPFv3 neighbors on the specified tunnel interface. Using an nbr-id value limits the displayed output to an individual OSPFv3 neighbor attached to the interface.
Configuring BGP4 (IPv4) ● Supported BGP4 features ............................................................................................ 383 ● BGP4 overview............................................................................................................. 385 ● Implementation of BGP4............................................................................................... 390 ● BGP4 restart..................................................................................................
Configuring BGP4 (IPv4) Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 BGP4 No No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 BGP4 Restart No 08.0.01 14 08.0.01 08.0.01 No 08.0.01 No BGP4 Restart helper mode No 08.0.01 14 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Redistributing IBGP routes No 08.0.01 14 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Client-to-Client Routes No 08.0.01 14 08.0.01 08.0.01 08.0.01 08.0.01 08.0.
BGP4 overview Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 BGP4 AS4 Confederation Error Checking No 08.0.0114 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 RTM Scalability Enhancement No 08.0.0114 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Static BGP4 Networks No 08.0.0114 08.0.01 08.0.01 08.0.01 08.0.01 08.0.
How BGP4 selects a path for a route (BGP best path selection algorithm) communication. When you configure the device for BGP4, one of the configuration tasks you perform is to identify the device’s BGP4 neighbors. Although a device’s BGP4 route table can have multiple routes to the same destination, the BGP4 protocol evaluates the routes and chooses only one to send to the IP route table. The route that BGP4 chooses and sends to the IP route table is the preferred route .
Configuring BGP4 (IPv4) 4. Prefer the route that was originated locally (by this BGP4 device). 5. If the local preferences are the same, prefer the path with the shortest AS-path. An AS-SET counts as 1. A confederation path length, if present, is not counted as part of the path length. NOTE This step can be skipped if BGP4-as-path-ignore is configured. 6. If the AS-path lengths are the same, prefer the path with the lowest origin type.
BGP4 message types 13.If the route is a BGP4 VRF instance, prefer the route with the smallest RD value. 14.Prefer the route that comes from the lowest BGP4 neighbor address. BGP4 message types BGP4 devices communicate with neighbors (other BGP4 devices) using the following types of messages: • • • • • OPEN UPDATE KEEPALIVE NOTIFICATION ROUTE REFRESH OPEN message After a BGP4 device establishes a TCP connection with a neighboring BGP4 device, the devices exchange OPEN messages.
KEEPALIVE message and the length of the network portion of the number. For example, an UPDATE message with the NLRI entry 10.215.129.0/18 indicates a route to IP network 10.215.129.0 with network mask 255.255.192.0. The binary equivalent of this mask is 18 consecutive one bits, thus "18" in the NLRI entry. • Path attributes - Parameters that indicate route-specific information such as Autonomous System path information, route preference, next hop values, and aggregation information.
Implementation of BGP4 NOTE RIB-out peer grouping is not shared between different VRFs or address families. Implementation of BGP4 BGP4 is described in RFC 1771 and the latest BGP4 drafts. The Brocade BGP4 implementation fully complies with RFC 1771.
BGP4 Peer notification during a management module switchover NOTE BGP4 restart is supported in FSX 800, FSX 1600 devices with dual management modules, FCX switches in a stack and ICX switches in a stack. If the switch will function as a restart helper device only, a secondary management module is not required. NOTE A second management module must be installed for the device to function as a restart device.
BGP4 neighbor local AS FIGURE 29 Management module switchover behavior for BGP4 peer notification If the active management module fails due to a fault, the management module does not have the opportunity to reset BGP4 sessions with neighbors as described for intentional failovers. In this situation the management module will reboot, or the standby management module becomes the new active management module.
Basic configuration and activation for BGP4 FIGURE 30 Example of customer connected to two ISPs In the next example, ISP-A has purchased ISP-B. The AS associated with ISP-B changes to AS 100. If Customer C cannot or does not want to change their configuration or peering relationship with ISP-B, a peer with Local-AS configured with the value 200 can be established on ISP-B. FIGURE 31 Example of Local AS configured on ISP-B A Local AS is configured using the BGP4 neighbor command.
Disabling BGP4 1. Enable the BGP4 protocol. 2. Set the local AS number. NOTE You must specify the local AS number for BGP4 to become functional. 3. Add each BGP4 neighbor (peer BGP4 device) and identify the AS the neighbor is in. 4. Save the BGP4 configuration information to the system configuration file. For example, enter commands such as the following. device> enable device# configure terminal device(config)# router bgp BGP4: Please configure 'local-as' parameter in order to enable BGP4.
BGP4 parameters NOTE To disable BGP4 without losing the BGP4 configuration information, remove the local AS (for example, by entering the no local-as command). When you remove the local AS, BGP4 retains the other configuration information but will not become operational until you reset the local AS. BGP4 parameters You can modify or set the following BGP4 parameters: • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Optional - Define the router ID.
Parameter changes that take effect immediately NOTE When using the CLI, you set global level parameters at the BGP CONFIG level of the CLI. You can reach the BGP CONFIG level by entering the router bgp command at the global CONFIG level. Some parameter changes take effect immediately while others do not take full effect until the device sessions with its neighbors are reset. Some parameters do not take effect until the device is rebooted.
Parameter changes that take effect after disabling and re-enabling redistribution Parameter changes that take effect after disabling and re-enabling redistribution The following parameter change takes effect only after you disable and then re-enable redistribution: • Change the default MED (metric). Memory considerations BGP4 can handle a very large number of routes and therefore requires a lot of memory.
Basic configuration tasks required for BGP4 Basic configuration tasks required for BGP4 The following sections describe how to perform the configuration tasks that are required to use BGP4 on the Brocade device. Enabling BGP4 on the device When you enable BGP4 on the device, BGP4 is automatically activated. To enable BGP4 on the device, enter the following commands. device>enable device#configure terminal device(config)#router bgp BGP4: Please configure 'local-as' parameter in order to enable BGP4.
Setting the local AS number Setting the local AS number The local autonomous system number (ASN) identifies the AS in which the Brocade BGP4 device resides. To set the local AS number, enter commands such as the following. device(config)# router bgp BGP4: Please configure 'local-as' parameter in order to enable BGP4. device(config-bgp)# local-as 10 device(config-bgp)# write memory Syntax: [no] local-as num The num parameter specifies a local AS number in the range 1 through 4294967295. It has no default.
Adding a loopback interface Adding a loopback interface You can configure the device to use a loopback interface instead of a specific port or virtual routing interface to communicate with a BGP4 neighbor. A loopback interface adds stability to the network by working around route flap problems that can occur due to unstable links between the device and neighbors. Loopback interfaces are always up, regardless of the states of physical interfaces.
Configuring BGP4 (IPv4) The neighbor command has additional parameters, as shown in the following syntax: Syntax: no neighbor {ip-addr | peer-group-name} {[activate] [advertisement-interval seconds [allowas-in num] [capability as4 [enable | disable]] [capability orf prefixlist [send | receive]] [default-originate [route-map map-name]] [description string] [distribute-list in | out num,num,...
Configuring BGP4 (IPv4) filters. The device applies the filters in the order in which you list them and stops applying the filters in the distribute list when a match is found. To use an IP ACL instead of a distribute list, you can specify distribute-listACL-numin | out . In this case, ACL-num is an IP ACL. NOTE By default, if a route does not match any of the filters, the device denies the route. To change the default behavior, configure the last filter as permit any any .
Configuring BGP4 (IPv4) maximum-prefix num specifies the maximum number of IP network prefixes (routes) that can be learned from the specified neighbor or peer group . You can specify a value from 0 through 4294967295. The default is 0 (unlimited). • The num parameter specifies the maximum number. The range is 0 through 4294967295. The default is 0 (unlimited).
Removing route dampening from suppressed routes remove-private-as configures the device to remove private AS numbers from update messages the device sends to this neighbor. The device will remove AS numbers 64512 through 65535 (the wellknown BGP4 private AS numbers) from the AS-path attribute in update messages the device sends to the neighbor. This option is disabled by default.
Encrypting BGP4 MD5 authentication keys 2 10.1.44.0/24 AS_PATH: 10.2.0.1 1 101 32768 BLS In this example, the aggregate-address command configures an aggregate address of 10.1.0.0 255.255.0.0. and the summary-only parameter prevents the device from advertising more specific routes contained within the aggregate route. Entering a show ip bgp route command for the aggregate address 10.1.0.0/16 shows that the more specific routes aggregated into 10.1.0.0/16 have been suppressed.
Configuring BGP4 (IPv4) When encryption of the authentication string is enabled, the string is encrypted in the CLI regardless of the access level you are using. When you save the configuration to the startup configuration file, the file contains the new BGP4 command syntax and encrypted passwords or strings. NOTE Brocade recommends that you save a copy of the startup configuration file for each device you plan to upgrade.
Displaying neighbor information By default, password is encrypted. If you want the password to be in clear text, insert a 0 between password and string. device(config-bgp)# neighbor 10.157.22.26 password admin Displaying the authentication string To display the authentication string, enter the following commands.
Clearing IPv6 route information The ip-address parameter is the neighbor IP address. The following sub-parameters are available for the ip-address parameter: [advertised routes} [flap-statistics] [last-packet-with-error] [received] [received-routes] [rib-outroutes] [routes][routes-summary] The advertised-routes parameter displays routes advertised to a neighbor. The flap-statistics parameter displays flap statistics for a neighbor.
Peer group configuration rules explicitly configured for the neighbor. If you do not set a neighbor parameter in the peer group and the parameter also is not set for the individual neighbor, the neighbor uses the default value. Peer group configuration rules The following rules apply to peer group configuration: • You must configure a peer group before you can add neighbors to the peer group.
Applying a peer group to a neighbor The peer-group-name parameter specifies the name of the group and can be up to 80 characters long. The name can contain special characters and internal blanks. If you use internal blanks, you must use quotation marks around the name. For example, the command neighbor "My Three Peers" peergroup is valid, but the command neighbor My Three Peers peer-group is not valid.
Optional BGP4 configuration tasks The software also contains an option to end the session with a BGP4 neighbor and clear the routes learned from the neighbor. Unlike this clear option, the option for shutting down the neighbor can be saved in the startup configuration file and can prevent the device from establishing a BGP4 session with the neighbor even after reloading the software.
Changing the BGP4 next-hop update timer Changing the BGP4 next-hop update timer By default, the device updates the BGP4 next-hop tables and affected BGP4 routes five seconds after IGP route changes. You can change the update timer to a value from 1 through 30 seconds. To change the BGP4 update timer value to 15 seconds, for example, enter the update-time command at the BGP configuration level of the CLI.
How Multipath load sharing affects route selection • Enable IP load sharing if it is disabled. • Set the maximum number of BGP4 load sharing paths. The default maximum number is 1, which means no BGP4 load sharing takes place by default. NOTE The maximum number of BGP4 load sharing paths cannot be greater than the maximum number of IP load sharing paths.
Changing the maximum number of shared BGP4 paths Changing the maximum number of shared BGP4 paths To change the maximum number of BGP4 shared paths, enter commands such as the following. device(config)# router bgp device(config-bgp-router)# maximum-paths 4 device(config-bgp-router)# write memory Syntax: [no] maximum-paths num | use-load-sharing The number parameter specifies the maximum number of paths across which the device can balance traffic to a given BGP4 destination.
Specifying a list of networks to advertise To set the number of equal-cost multipath IBGP routes or paths that will be selected, enter commands such as the following. device(config)# router bgp device(config-bgp)# maximum-paths ibgp Syntax: [no] maximum-paths ibgp number The number variable specifies the number of equal-cost multipath IBGP routes that will be selected. The range is 2 to 8. If the value is set to 1, BGP4 level equal-cost multipath is disabled for IBGP routes.
Changing the default local preference To configure a route map, and use it to set or change route attributes for a network you define for BGP4 to advertise, enter commands such as the following. device(config)# route-map set_net permit 1 device(config-routemap set_net)# set community no-export device(config-routemap set_net)# exit device(config)# router bgp device(config-bgp)# network 10.100.1.
Changing the default MED (Metric) used for route redistribution Changing the default MED (Metric) used for route redistribution The Brocade device can redistribute directly connected routes, static IP routes, RIP routes, and OSPF routes into BGP4. The MED (metric) is a global parameter that specifies the cost that will be applied to all routes by default when they are redistributed into BGP4. When routes are selected, lower metric values are preferred over higher metric values.
Enabling recursive next-hop lookups Enabling recursive next-hop lookups The recursive next-hop lookups feature is disabled by default. To enable recursive next-hop lookups, enter the following command at the BGP4 configuration level of the CLI. device(config-bgp-router)# next-hop-recursion Syntax: [no] next-hop-recursion Example when recursive route lookups are disabled The output here shows the results of an unsuccessful next-hop lookup for a BGP4 route.
Changing administrative distances 3 4 5 10.40.0.0/24 10.1.0.2 0 AS_PATH: 65001 4355 701 1 189 10.0.0.0/24 10.0.0.1 1 AS_PATH: 65001 4355 3356 7170 1455 10.25.0.0/24 10.157.24.1 1 AS_PATH: 65001 4355 701 100 0 100 BI 0 100 BI 0 I The first lookup results in an IBGP route, to network 10.0.0.0/24. device# show ip route 10.0.0.1 Total number of IP routes: 38 Network Address NetMask 10.0.0.0 255.255.255.0 AS_PATH: 65001 4355 1 Gateway 10.0.0.1 Port 1/1 Cost 1 Type B Since the route to 10.0.0.
Requiring the first AS to be the neighbor AS When selecting a route from among different sources (BGP4, OSPF, RIP, static routes, and so on), the software compares the routes on the basis of the administrative distance for each route. If the administrative distance of the paths is lower than the administrative distance of paths from other sources (such as static IP routes, RIP, or OSPF), the BGP4 paths are installed in the IP route table.
Disabling or re-enabling comparison of the AS-Path length group. If neither configuration exists, enforcement is simply that of the global configuration (which is disabled by default). To enable this feature globally, enter the enforce-first-as command at the BGP4 configuration level of the CLI. device(config-bgp-router)# enforce-first-as Syntax: [no] enforce-first-as To enable this feature for a specific neighbor, enter the following command at the BGP4 configuration level.
Enabling or disabling comparison of device IDs This command disables comparison of the AS-Path lengths of otherwise equal paths. When you disable AS-Path length comparison, the BGP4 algorithm shown in How BGP4 selects a path for a route (BGP best path selection algorithm) on page 386 skips from Step 4 to Step 6. Enabling or disabling comparison of device IDs Device ID comparison is Step 10 in the algorithm BGP4 uses to select the next path for a route.
Treating missing MEDs as the worst MEDs NOTE MED comparison is not performed for internal routes originated within the local AS or confederation unless the compare-med-empty-aspath command is configured. To configure the device to always compare MEDs, enter the following command. device(config-bgp-router)# always-compare-med Syntax: [no] always-compare-med The following BGP4 command directs BGP4 to take the MED value into consideration even if the route has an empty as-path path attribute.
Configuring BGP4 (IPv4) cluster must be in the same AS. The cluster ID can be any number from 1 - 4294967295, or an IP address. The default is the device ID expressed as a 32-bit number. NOTE If the cluster contains more than one route reflector, you need to configure the same cluster ID on all the route reflectors in the cluster. The cluster ID helps route reflectors avoid loops within the cluster.
Support for RFC 4456 Support for RFC 4456 Route reflection on Brocade devices is based on RFC 4456. This updated RFC helps eliminate routing loops that are possible in some implementations of the older specification, RFC 1966. These instances include: • The device adds the route reflection attributes only if it is a route reflector, and only when advertising IBGP route information to other IBGP neighbors. The attributes are not used when communicating with EBGP neighbors.
Disabling or re-enabling client-to-client route reflection Disabling or re-enabling client-to-client route reflection By default, the clients of a route reflector are not required to be fully meshed. Routes from a client are reflected to other clients. However, if the clients are fully meshed, route reflection is not required between clients. If you need to disable route reflection between clients, enter the no client-to-client-reflection command.
Configuring a BGP4 confederation FIGURE 33 Example BGP4 confederation In this example, four devices are configured into two sub-autonomous systems, each containing two of the devices. The sub-autonomous systems are members of confederation 10. Devices within a sub-AS must be fully meshed and communicate using IBGP. In this example, devices A and B use IBGP to communicate. devices C and D also use IBGP. However, the sub-autonomous systems communicate with one another using EBGP.
Configuring BGP4 (IPv4) Commands for device A deviceA(config)# router bgp deviceA(config-bgp-router)# deviceA(config-bgp-router)# deviceA(config-bgp-router)# deviceA(config-bgp-router)# local-as 64512 confederation identifier 10 confederation peers 64512 64513 write memory Syntax: [no] local-as num The num parameter with the local-as command indicates the AS number for the BGP4 devices within the sub-AS. You can specify a number in the range 1 - 4294967295.
Aggregating routes advertised to BGP4 neighbors Aggregating routes advertised to BGP4 neighbors By default, the device advertises individual routes for all networks. The aggregation feature allows you to configure the device to aggregate routes from a range of networks into a single network prefix. For example, without aggregation, the device will individually advertise routes for networks 10.95.1.0/24, 10.95.2.0/24, and 10.95.3.0/24.
Configuring BGP4 Restart for a VRF Configuring BGP4 Restart for a VRF Use the following command to enable the BGP4 Restart feature for a specified VRF.
BGP4 null0 routing BGP4 null0 routing BGP4 considers the null0 route in the routing table (for example, static route) as a valid route, and can use the null0 route to resolve the next hop. If the next hop for BGP4 resolves into a null0 route, the BGP4 route is also installed as a null0 route in the routing table.
Configuration examples 6. To configure a route-map perform the following step. • On device 1, (the device facing the Internet), configure a null0 route matching the next-hop address in the route-map (ip route 10.199.1.1/32 null0). 7. Repeat step 3 for all devices interfacing with the Internet (edge corporate devices). In this case, device 2 has the same null0 route as device 1. 8. On device 6, configure the network prefixes associated with the traffic you want to drop.
Show commands for BGP4 null 0 routing The following configuration defines a null0 route to the specific next hop address. The next hop address 10.199.1.1 points to the null0 route, which gets blocked. device(config)# ip route 10.199.1.
Modifying redistribution parameters The show ip route output for device 1 and device 2 shows "drop" under the Port column for the network prefixes you configured with null0 routing device#show ip route Total number of IP routes: 133 Type Codes - B:BGP D:Connected S:Static R:RIP O:OSPF; Cost - Dist/Metric Destination Gateway Port Cost Type 1 10.0.1.24/32 DIRECT loopback 1 0/0 D 2 10.0.1.0/24 DIRECT eth 2/7 0/0 3 10.0.1.1/24 DIRECT eth 2/1 0/0 D . 13 10.0.0.6/31 10.0.1.3 eth 2/2 20/1 B 14 10.0.0.16/30 10.0.
Redistributing connected routes Redistributing connected routes To configure BGP4 to redistribute directly connected routes, enter the following command. device(config-bgp-router)# redistribute connected Syntax: [no] redistribute connected [metric num] [route-map map-name] The connected parameter indicates that you are redistributing routes to directly attached devices into BGP4. The metric num parameter changes the metric. You can specify a value from 0 through 4294967295. The default is not assigned.
Redistributing static routes NOTE If you do not enter a value for the match parameter, (for example, you enter redistribute ospf only) then only internal OSPF routes will be redistributed. The metric num parameter changes the metric. You can specify a value from 0 through 4294967295. The default is not assigned. The route-map map-name parameter specifies a route map to be consulted before adding the OSPF route to the BGP4 route table.
Filtering Filtering This section describes the following: • • • • • • • AS-path filtering Route-map continue clauses for BGP4 routes Defining and applying IP prefix lists Defining neighbor distribute lists Defining route maps Router-map continue clauses for BGP4 routes Configuring cooperative BGP4 route filtering AS-path filtering You can filter updates received from BGP4 neighbors based on the contents of the AS-path list accompanying the updates. For example, to deny routes that have the AS 10.3.2.
Using regular expressions The software interprets the entries in an AS-path list in numerical order, beginning with the lowest sequence number. The deny and permit parameters specify the action the software takes if the AS-path list for a route matches a match clause in this ACL. To configure the AS-path match clauses in a route map, use the match as-path command.
Configuring BGP4 (IPv4) TABLE 91 BGP4 special characters for regular expressions (Continued) Character Operation + The plus sign matches on one or more sequences of a pattern. For example, the following regular expression matches on an AS-path that contains a sequence of "g"s, such as "deg", "degg", "deggg", and so on: deg+ ? The question mark matches on zero occurrences or one occurrence of a pattern.
BGP4 filtering communities TABLE 91 BGP4 special characters for regular expressions (Continued) Character Operation | A vertical bar (sometimes called a pipe or a "logical or") separates two alternative values or sets of values. The AS-path can match one or the other value. For example, the following regular expression matches on an AS-path that contains either "abc" or "defg": (abc)|(defg) NOTE The parentheses group multiple characters to be treated as one value.
Defining a community ACL NOTE Once you define a filter or ACL, the default action for communities that do not match a filter or ACL is deny . To change the default action to permit , configure the last filter or ACL entry as permit any any . Community filters or ACLs can be referred to by match clauses in a route map. Defining a community ACL To configure community ACL 1, enter a command such as the following. This command configures a community ACL that permits routes that contain community 123:2.
Defining neighbor distribute lists These commands configure an IP prefix list named Routesfor20, which permits routes to network 10.20.0.0/24. The neighbor command configures the device to use IP prefix list Routesfor20 to determine which routes to send to neighbor 10.10.10.1. The device sends routes that go to 10.20.x.x to neighbor 10.10.10.1 because the IP prefix list explicitly permits these routes to be sent to the neighbor.
Defining route maps To configure a distribute list that uses ACL 1, enter a command such as the following. device(config-bgp)# neighbor 10.10.10.1 distribute-list 1 in This command configures the device to use ACL 1 to select the routes that the device will accept from neighbor 10.10.10.1. Syntax: [no] neighbor ip-addr distribute-list name-or-num in | out The ip-addr parameter specifies the neighbor. The name-or-num parameter specifies the name or number of a standard or named ACL.
Entering the route map into the software • Prepend AS numbers to the front of the route AS-path. By adding AS numbers to the AS-path, you can cause the route to be less preferred when compared to other routes based on the length of the AS-path. • Add a user-defined tag an automatically calculated tag to the route. • Set the community attributes. • Set the local preference. • Set the MED (metric). • Set the IP address of the next-hop device. • Set the origin to IGP or INCOMPLETE. • Set the weight.
Specifying the match conditions Specifying the match conditions Use the following command to define the match conditions for instance 1 of the route map GET_ONE. This instance compares the route updates against BGP4 address filter 11.
Configuring BGP4 (IPv4) The string parameter specifies an AS-path ACL and can be a number from 1 through 199. You can specify up to five AS-path ACLs. Matching based on community ACL To construct a route map that matches based on community ACL 1, enter the following commands. device(config)# ip community-list 1 permit 123:2 device(config)# route-map CommMap permit 1 device(config-routemap CommMap)# match community 1 Syntax: [no] match community string The string parameter specifies a community list ACL.
Configuring BGP4 (IPv4) device(config)# route-map bgp1 permit 1 device(config-routemap bgp1)# match ip route-source 10 The first command configures an IP ACL that matches on routes received from 192.168.6.0/24. The remaining commands configure a route map that matches on all BGP4 routes advertised by the BGP4 neighbors whose addresses match addresses in the IP prefix list. You can add a set clause to change a route attribute in the routes that match.
Setting parameters in the routes The match protocol bgp external option will match the eBGP routes. The match protocol bgp internal option will match the iBGP routes. The match protocol bgp static-network option will match the static-network BGP4 route, applicable at BGP4 outbound policy only. Matching based on interface The match option has been added to the route-map command that distributes any routes that have their next hop out one of the interfaces specified.
Configuring BGP4 (IPv4) The comm-list parameter deletes a community from the community attributes field for a BGP4 route. The community parameter sets the community attribute for the route to the number or well-known type you specify. The dampening [half-life reuse suppress max-suppress-time ] parameter sets route dampening parameters for the route. The half-life parameter specifies the number of minutes after which the route penalty becomes half its value.
Configuring BGP4 (IPv4) device(config)# route-map bgp4 permit 1 device(config-routemap bgp4)# match ip address 1 device(config-routemap bgp4)# set metric-type internal The first command configures an ACL that matches on routes with destination network 192.168.9.0. The remaining commands configure a route map that matches on the destination network in ACL 1, then sets the metric type for those routes to the same value as the IGP metric of the BGP4 next-hop route.
Using a table map to set the tag value Using a table map to set the tag value Route maps that contain set statements change values in routes when the routes are accepted by the route map. For inbound route maps (route maps that filter routes received from neighbors), the routes are changed before they enter the BGP4 route table. For tag values, if you do not want the value to change until a route enters the IP route table, you can use a table map to change the value.
Enabling cooperative filtering as outbound filters when it sends routes to the device. Likewise, the device uses the ORFs it receives from the neighbor as outbound filters when sending routes to the neighbor. • Reset the BGP4 neighbor session to send and receive ORFs. • Perform these steps on the other device. NOTE If the device has inbound filters, the filters are still processed even if equivalent filters have been sent as ORFs to the neighbor.
Displaying cooperative filtering information NOTE Make sure cooperative filtering is enabled on the device and on the neighbor before you send the filters. To reset a neighbor session and send ORFs to the neighbor, enter a command such as the following. device# clear ip bgp neighbor 10.2.3.4 This command resets the BGP4 session with neighbor 10.2.3.4 and sends the ORFs to the neighbor. If the neighbor sends ORFs to the device, the device accepts them if the send capability is enabled.
Four-byte Autonomous System Numbers (AS4) seq seq seq seq 5 permit 10.10.0.0/16 ge 18 le 28 10 permit 10.20.10.0/24 15 permit 10.0.0.0/8 le 32 20 permit 10.10.0.0/16 ge 18 Syntax: show ip bgp neighbor ip-addr received prefix-filter Four-byte Autonomous System Numbers (AS4) This section describes the reasons for enabling four-byte autonomous system numbers (AS4s). AS4s are supported by default. You can specify and view AS4s by default and using the enable facility described in this section.
Configuring BGP4 (IPv4) You can enable AS4s on a device, a peer group, and a neighbor. For global configuration, the capability command in the BGP4 configuration context enables or disables AS4 support. For a peer group or a neighbor, capability is a keyword for the neighbor command.
Specifying the local AS number Specifying the local AS number The local autonomous system number (ASN) identifies the autonomous system where the BGP4 device resides. Normally, AS4s are sent only to a device, peer group, or neighbor that is similarly configured for AS4s.
AS4 notation The peer-group-name specifies all neighbors in a specific peer group. The as-num parameter specifies all neighbors within the specified AS. After choosing one mandatory parameter, you can choose an optional parameter. The soft in and soft out parameters determine whether to refresh the routes received from the neighbor or the routes sent to the neighbor.
BGP4 AS4 attribute errors NOTE Remember that autonomous system path matching that uses regular expression is based on the configured autonomous system format. The following command sequences show how to enable the different notations for AS4s and how these notations appear in the output display. To see ASNs in asplain, use the show ip bgp command.
Configuring route flap dampening NOTE Logging of errors is rate-limited to not more than one message for every two minutes. Some errors may be lost due to this rate-limiting. Sample log messages for various attribute errors are shown here. Attribute length error (ignore the AS4_PATH) SYSLOG: Sep 9 19:02:03:<11>mu2, BGP: From Peer 192.168.1.
Globally configuring route flap dampening The route flap dampening mechanism is based on penalties. When a route exceeds a configured penalty value, the device stops using that route and stops advertising it to other devices. The mechanism also allows route penalties to reduce over time if route stability improves. The route flap dampening mechanism uses the following parameters: • Suppression threshold - Specifies the penalty value at which the device stops using the route.
Using a route map to configure route flap dampening for a specific neighbor This example shows how to change the dampening parameters. device(config-bgp-router)# dampening 20 200 2500 40 This command changes the half-life to 20 minutes, the reuse threshold to 200, the suppression threshold to 2500, and the maximum number of minutes a route can be dampened to 40. NOTE To change any of the parameters, you must specify all the parameters with the command.
Removing route dampening from a route to neighbor 10.10.10.1. Since the second route map does not contain match clauses for specific routes, the route map enables dampening for all routes received from the neighbor. Removing route dampening from a route You can un-suppress routes by removing route flap dampening from the routes. The device allows you to un-suppress all routes at once or un-suppress individual routes.
Clearing route flap dampening statistics The as-path-filternum parameter specifies one or more filters. Only the routes that have been dampened and that match the specified filter or filters are displayed. TABLE 92 show ip bgp flap-statistics output descriptions This field Displays Total number of flapping routes The total number of routes in the BGP4 route table that have changed state and have been marked as flapping routes.
Generating traps for BGP4 Generating traps for BGP4 You can enable and disable SNMP traps for BGP4. BGP4 traps are enabled by default. To enable BGP4 traps after they have been disabled, enter the following command. device(config)# snmp-server enable traps bgp Syntax: [no] snmp-server enable traps bgp Use the no form of the command to disable BGP4 traps. Configuring BGP4 Once you activate BGP4, you can configure the BGP4 options. There are two configuration levels: global and address family.
Configuring BGP4 (IPv4) TABLE 93 IPv4 BGP4 commands for different configuration levels (Continued) Command Global (iPv4 and IPv6) IPv4 address family unicast dampening x default-information-originate x default-local-preference x default-metric x distance x enforce-first-as x exit-address-family x fast-external-fallover x x graceful-restart x install-igp-cost x local-as x log-dampening-debug x maxas-limit x maximum-paths x med-missing-as-worst x multipath neighbor x x x
Entering and exiting the address family configuration level TABLE 93 IPv4 BGP4 commands for different configuration levels (Continued) Command Global (iPv4 and IPv6) update-time IPv4 address family unicast x Entering and exiting the address family configuration level The BGP4 address family contains a unicast sub-level. To go to the IPv4 BGP4 unicast address family configuration level, enter the following command.
Configuring BGP route reflector NOTE The always-propagate command and the rib-route-limit command are supported. Configuring BGP route reflector The always-propagate command enables a device to mark a preferred BGP4 route not installed in the RTM as the best route, and advertise the route to other BGP4 neighbors. The same process for outbound route policy continues to apply to all best BGP4 routes.
Displaying configuration for BGP route reflector If the rib-route-limit command is configured to a value that is below the number of BGP4 routes already installed in the RTM, the following warning message is displayed on the console. device(config-bgp)# rib-route-limit 250 The new limit is below the current bgp rib route count. Please use Clear ip bgp routes command to remove bgp rib routes.
Specifying a maximum AS path length NOTE Traffic loss on a BGP4 route occurs when a device is advertising preferred BGP4 routes not installed in the RTM as part of the forwarding path. Because the BGP4 route 10.12.0.0/24 is not considered as the best BGP4 route, the route is not advertised to other BGP4 neighbors. device(config-bgp)# show ip bgp route 10.12.0.
Setting a global maximum AS path limit If a route from a peer exceeds the configured Maximum AS path limit, the device also removes the same route from that peer, if it exists, from its own RIB. After a maximum AS path length is configured, the maximum AS path limit applies to all new inbound routes. To update previously stored routes, you must perform an inbound soft reset for all of the address families activated for that particular BGP neighbor session.
BGP4 max-as error messages To configure a peer group named "PeerGroup1" and set a maximum AS path value of 7, enter the following commands: device(config-bgp)# neighbor PeerGroup1 peer-group device(config-bgp)# neighbor PeerGroup1 maxas-limit in 7 BGP4 max-as error messages This section lists error log messages that you might see when the device receives routes that exceed the configured AS segment limit or the internal memory limit. The log messages can contain a maximum of 30 ASNs.
Changing the default metric used for route cost Changing the default metric used for route cost By default, BGP4 uses the BGP MED value as the route cost when adding the route to the RTM. However, you can configure BGP4 to use the IGP cost instead. NOTE It is recommended that you change the default to IGP cost only in mixed-vendor environments, and that you change it on all Brocade devices in the environment.
Setting an administrative distance for a static BGP4 network Setting an administrative distance for a static BGP4 network When a static BGP4 network route is configured, its type is local BGP4 route and has a default administrative distance value of 200. To change the administrative distance value, change the value of all local BGP4 routes using the distance command at the router bgp level of the CLI, and set a new value for local routes.
Specifying route-map continuation clauses This feature supports a more programmable route map configuration and route filtering scheme for BGP4 peering. It can also execute additional instances in a route map after an instance is executed with successful match clauses. You can configure and organize more modular policy definitions to reduce the number of instances that are repeated within the same route map. This feature currently applies to BGP4 routes only.
Dynamic route filter update The num parameter specifies the instance of the route map defined in the route-map context that the CLI enters. Routes are compared to the instances in ascending numerical order. For example, a route is compared to instance 1, then instance 2, and so on. Syntax: [no] continue [ instance-number ] The continue command is entered in the context of a route-map instance. The no form of the command deletes the continue clause specified by instance-number .
Filter update delay and BGP When a route filter is changed (created, modified or deleted) by a user, the filter change notification will be sent to all relevant protocols, so that protocols can take appropriate actions. For example if BGP4 is using a route-map (say MapX) to control the routes advertised to a particular peer, the change of route-map (MapX) will cause BGP4 to re-evaluate the advertised routes, and make the appropriate advertisements or withdrawals according to the new route-map policy.
BGP4 policy processing order BGP4 policy processing order The order of application of policies when processing inbound and outbound route advertisements on the device is: 1. lp prefix-list 2. Outbound Ip prefix-list ORF, if negotiated 3. Filter-list (using As-path access-list) 4. Distribute list (using IP ACL - IPv4 unicast only) 5. Route-map Generalized TTL Security Mechanism support The device supports the Generalized TTL Security Mechanism (GTSM) as defined in RFC 3682.
Displaying summary BGP4 information • Active route maps (the route map configuration information in the running configuration) • BGP4 graceful restart neighbor Information • AS4 support and asdot notation Displaying summary BGP4 information You can display the local AS number, the maximum number of routes and neighbors supported, and some BGP4 statistics.
Configuring BGP4 (IPv4) TABLE 95 show ip bgp summary output descriptions (Continued) This field Displays Number of Neighbors Configured The number of BGP4 neighbors configured on this device, and currently in established state. Number of Routes Installed The number of BGP4 routes in the device BGP4 route table and the route or path memory usage.
Configuring BGP4 (IPv4) TABLE 95 show ip bgp summary output descriptions (Continued) This field Displays State The state of device sessions with each neighbor. The states are from this perspective of the device, not the neighbor. State values are based on the BGP4 state machine values described in RFC 1771 and can be one of the following for each device: • IDLE - The BGP4 process is waiting to be started. Usually, enabling BGP4 or establishing a neighbor session starts the BGP4 process.
Displaying the active BGP4 configuration TABLE 95 show ip bgp summary output descriptions (Continued) This field Displays Filtered The routes or prefixes that have been filtered out: • If soft reconfiguration is enabled, this field shows how many routes were filtered out (not placed in the BGP4 route table) but retained in memory. • If soft reconfiguration is not enabled, this field shows the number of BGP4 routes that have been filtered out.
Configuring BGP4 (IPv4) BEST Routes not Installed in IP Forwarding Table:0 Unreachable Routes (no IGP Route for NEXTHOP):0 History Routes:0 NLRIs Received in Update Message:24, Withdraws:0 (0), Replacements:1 NLRIs Discarded due to Maximum Prefix Limit:0, AS Loop:0 Invalid Nexthop:0, Invalid Nexthop Address:0.0.0.
Displaying BGP4 neighbor information TABLE 96 show ip bgp neighbors route-summary output descriptions (Continued) This field Routes Advertised Displays The number of routes the device has advertised to this neighbor: • • NLRIs Sent in Update Message The number of NLRIs for new routes the device has sent to this neighbor in UPDATE messages: • • Peer Out of Memory Count for To be Sent - The number of routes queued to send to this neighbor.
Configuring BGP4 (IPv4) Received: 1 8 1 0 Last Update Time: NLRI Withdraw Tx: 0h0m59s --Rx: Last Connection Reset Reason:Unknown Notification Sent: Unspecified Notification Received: Unspecified TCP Connection state: ESTABLISHED Local host: 10.4.0.1, Local Port: 179 Remote host: 10.4.0.
Configuring BGP4 (IPv4) The routes-summary option displays a summary of the following information: • Number of routes received from the neighbor • Number of routes accepted by this device from the neighbor • Number of routes this device filtered out of the UPDATES received from the neighbor and did not accept • Number of routes advertised to the neighbor • Number of attribute entries associated with routes received from or advertised to the neighbor.
Configuring BGP4 (IPv4) TABLE 97 show ip bgp neighbor output descriptions (Continued) This field Displays. State The state of the session with the neighbor. The states are from the device perspective, not the neighbor perspective. The state values are based on the BGP4 state machine values described in RFC 1771 and can be one of the following for each device: • IDLE - The BGP4 process is waiting to be started. Usually, enabling BGP4 or establishing a neighbor session starts the BGP4 process.
Configuring BGP4 (IPv4) TABLE 97 show ip bgp neighbor output descriptions (Continued) This field Displays. Multihop-EBGP Whether this option is enabled for the neighbor. RouteReflectorClient Whether this option is enabled for the neighbor. SendCommunity Whether this option is enabled for the neighbor. NextHopSelf Whether this option is enabled for the neighbor. DefaultOriginate Whether this option is enabled for the neighbor.
Configuring BGP4 (IPv4) TABLE 97 show ip bgp neighbor output descriptions (Continued) This field Displays. Last Connection Reset Reason The reason the previous session with this neighbor ended. The reason can be one of the following: Reasons described in the BGP4 specifications: Last Connection Reset Reason (cont.
Configuring BGP4 (IPv4) TABLE 97 show ip bgp neighbor output descriptions (Continued) This field Displays. Notification Sent If the device receives a NOTIFICATION message from the neighbor, the message contains an error code corresponding to one of the following errors. Some errors have subcodes that clarify the reason for the error. Where applicable, the subcode messages are listed underneath the error code messages.
Configuring BGP4 (IPv4) TABLE 97 show ip bgp neighbor output descriptions (Continued) This field Displays. TCP Connection state The state of the connection with the neighbor. The connection can have one of the following states: • LISTEN - Waiting for a connection request. • SYN-SENT - Waiting for a matching connection request after having sent a connection request. • SYN-RECEIVED - Waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
Displaying route information for a neighbor TABLE 97 show ip bgp neighbor output descriptions (Continued) This field Displays. ReTrans The number of sequence numbers that the device retransmitted because they were not acknowledged. UnAckSeq The current acknowledged sequence number. IRcvSeq The initial receive sequence number for the session. RcvNext The next sequence number expected from the neighbor. SendWnd The size of the send window.
Configuring BGP4 (IPv4) You also can enter a specific route. device# show ip bgp neighbors 192.168.4.211 advertised 10.1.1.0/24 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST I:IBGP L:LOCAL Network Next Hop Metric LocPrf Weight Status 1 10.200.1.0/24 192.168.2.102 0 32768 BL Syntax: show ip bgp neighbor ip-addr advertised-routes [ ip-addr/prefix ] For information about the fields in this display, refer to Displaying summary route information on page 493.
Displaying peer group information Displaying peer group information To display peer-group information, enter a command such as the following at the Privileged EXEC level of the CLI.
Displaying VRF instance information TABLE 98 show ip bgp routes output descriptions (Continued) This field Displays BEST routes not installed in IP forwarding table Number of BGP4 routes that are the best BGP4 routes to their destinations but were not installed in the IP route table because the device received better routes from other sources (such as OSPF, RIP, or static IP routes).
Displaying the best BGP4 routes The ip-addr option displays routes for a specific network. The network keyword is optional. You can enter the network address without entering network in front of it. The num option specifies the table entry with which you want the display to start. For example, if you want to list entries beginning with table entry 100, specify 100. The age secs parameter displays only the routes that have been received or updated more recently than the number of seconds you specify.
Displaying the best BGP4 routes that are not in the IP route table 1 2 3 4 5 Prefix 10.3.0.0/8 AS_PATH: 65001 10.4.0.0/8 AS_PATH: 65001 10.60.212.0/22 AS_PATH: 65001 10.6.0.0/8 AS_PATH: 65001 10.2.0.0/16 AS_PATH: 65001 Next Hop MED 192.168.4.106 4355 701 80 192.168.4.106 4355 1 192.168.4.106 4355 701 1 189 192.168.4.106 4355 3356 7170 1455 192.168.4.
Displaying information for a specific route Displaying information for a specific route To display BGP4 network information by specifying an IP address within the network, enter a command such as the following at any level of the CLI. device# show ip bgp 10.3.4.0 Number of BGP Routes matching display condition : 1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.3.4.0/24 192.168.4.
Configuring BGP4 (IPv4) TABLE 99 show ip bgp route output descriptions (Continued) This field Displays LocPrf The degree of preference for this route relative to other routes in the local AS. When the BGP4 algorithm compares routes on the basis of local preferences, the route with the higher local preference is chosen. The preference can have a value from 0 - 4294967295. Weight The value that this device associates with routes from a specific neighbor.
Displaying route details TABLE 99 show ip bgp route output descriptions (Continued) This field Displays Status The route status, which can be one or more of the following: • A - AGGREGATE.The route is an aggregate route for multiple networks. • B - BEST. BGP4 has determined that this is the optimal route to the destination. NOTE If the "b" is lowercase, the software was not able to install the route in the IP route table. • b - NOT-INSTALLED-BEST.
Configuring BGP4 (IPv4) TABLE 100 show ip bgp routes detail output descriptions This field Displays Total number of BGP4 Routes The number of BGP4 routes. Status codes A list of the characters that indicate route status. The status code is appears in the left column of the display, to the left of each route. The status codes are described in the command’s output. Prefix The network prefix and mask length. Status The route status, which can be one or more of the following: • A - AGGREGATE.
Configuring BGP4 (IPv4) TABLE 100 show ip bgp routes detail output descriptions (Continued) This field Displays Local_Pref The degree of preference for this route relative to other routes in the local AS. When the BGP4 algorithm compares routes on the basis of local preferences, the route with the higher local preference is chosen. The preference can have a value from 0 through 4294967295. MED The route metric. If the route does not have a metric, this field is blank.
Displaying BGP4 route-attribute entries Displaying BGP4 route-attribute entries The route-attribute entries table lists the sets of BGP4 attributes stored in device memory. Each set of attributes is unique and can be associated with one or more routes. In fact, the device typically has fewer route attribute entries than routes. To display the IP route table, enter the following command.
Displaying the routes BGP4 has placed in the IP route table TABLE 101 show ip bgp attribute-entries output descriptions (Continued) This field Displays Atomic Whether the network information in this set of attributes has been aggregated and this aggregation has resulted in information loss. • TRUE - Indicates information loss has occurred • FALSE - Indicates no information loss has occurred NOTE Information loss under these circumstances is a normal part of BGP4 and does not indicate an error.
Displaying route flap dampening statistics Displaying route flap dampening statistics To display route dampening statistics or all the dampened routes, enter the following command at any level of the CLI. device# show ip bgp flap-statistics Total number of flapping routes: 414 Status Code >:best d:damped h:history *:valid Network From Flaps Since Reuse h> 10.50.206.0/23 10.90.213.77 1 0 :0 :13 0 :0 :0 h> 10.255.192.0/20 10.90.213.77 1 0 :0 :13 0 :0 :0 h> 10.252.165.0/24 10.90.213.
Displaying the active route map configuration TABLE 102 show ip bgp flap-statistics output descriptions (Continued) This field Displays Path The AS-path information for the route. You can display all dampened routes by entering the show ip bgp dampened-paths command.
Displaying AS4 details .... Displaying AS4 details This section describes the use of the following show commands, which produce output that includes information about AS4s. • • • • • • show ip bgp neighbor shows whether the AS4 capability is enabled. show ip bgp attribute-entries shows AS4 path values. show ip bgp shows the route entries with two and AS4 path information. show route-map shows the presence of any AS4 configuration data.
Configuring BGP4 (IPv4) TTL check: 0, value: 0, rcvd: 64 Byte Sent: 148, Received: 203 Local host: 192.168.1.2, Local Port: 179 Remote host: 192.168.1.
Configuring BGP4 (IPv4) TABLE 103 show ip bgp neighbors output descriptions (Continued) Field Description State Shows the state of the device session with the neighbor. The states are from the device’s perspective of the session, not the neighbor’s perspective. The state can be one of the following values: • IDLE - The BGP4 process is waiting to be started. Usually, enabling BGP4 or establishing a neighbor session starts the BGP4 process.
Configuring BGP4 (IPv4) TABLE 103 show ip bgp neighbors output descriptions (Continued) Field Description Messages Sent and Received Shows the number of messages this device has sent to and received from the neighbor.
Configuring BGP4 (IPv4) TABLE 103 show ip bgp neighbors output descriptions (Continued) Field Description Last Connection Reset Reason • Reasons described in the BGP specifications (continued): (continued) ‐ Optional Attribute Error ‐ Invalid Network Field ‐ Malformed AS_PATH ‐ Hold Timer Expired ‐ Finite State Machine Error ‐ Rcv Notification ‐ Reset All Peer Sessions ‐ User Reset Peer Session ‐ Port State Down ‐ Peer Removed ‐ Peer Shutdown ‐ Peer AS Number Change ‐ Peer AS
Configuring BGP4 (IPv4) TABLE 103 show ip bgp neighbors output descriptions (Continued) Field Description Notification Sent Shows an error code corresponding to one of the following errors if the device sends a Notification message from the neighbor. Some errors have subcodes that clarify the reason for the error. The subcode messages are listed underneath the error code messages, wherever applicable.
Configuring BGP4 (IPv4) TABLE 103 show ip bgp neighbors output descriptions (Continued) Field Description Neighbor AS4 Capability Negotiation Shows the state of the device’s AS4 capability negotiation with the neighbor. The states can be one of the following: • Peer negotiated AS4 capability • Peer configured for AS4 capability As-path attribute count Shows the count of the AS-path attribute. Outbound Policy Group Shows the ID and the count used in the outbound policy group.
Attribute entries TABLE 103 show ip bgp neighbors output descriptions (Continued) Field Description ISentSeq Shows the initial send sequence number for the session. SendNext Shows the next sequence number to be sent. TotUnAck Shows the count of sequence numbers sent by the device that have not been acknowledged by the neighbor. TotSent Shows the count of the sequence numbers sent to the neighbor.
Running configuration Address: 0x10e4e062 Hash:545 (0x0301e8f6), PeerIdx 0 Links: 0x00000000, 0x00000000, nlri: 0x10f47ff0 Reference Counts: 1:0:1, Magic: 49 Syntax: show ip bgp attribute-entries Running configuration AS4s appear in the display of a running configuration, as shown. device# show ip bgp config Current BGP configuration: router bgp local-as 7701000 confederation identifier 120000 confederation peers 80000 neighbor 192.168.1.
Configuring BGP4 (IPv4) This example is a simple illustration of route-map continue clauses. If the match clause of either route map instance 5 or 10 matches, the route map traversal continues at instance 100.
Configuring BGP4 (IPv4) set metric 20 continue 3 route-map test permit 3 set community 10:20 continue 4 route-map test permit 4 set community 30:40 continue 5 route-map test permit 5 set as-path prepend 300 continue 6 route-map test permit 6 set as-path prepend 100 continue 7 route-map test permit 7 set community none set local-preference 70 continue 8 route-map test deny 8 match metric 60 set metric 40 continue 9 device(config-routemap test)# show ip bgp route Total number of BGP Routes: 1 Status A:AGGREG
Updating route information and resetting a neighbor session Updating route information and resetting a neighbor session The following sections describe how to update route information with a neighbor, reset a session with a neighbor, and close a session with a neighbor. Any change to a policy (ACL, route map, and so on) is automatically applied to outbound routes that are learned from a BGP4 neighbor or peer group after the policy change occurs.
Placing a policy change into effect NOTE The syntax related to soft reconfiguration is shown. Placing a policy change into effect To place policy changes into effect, enter a command such as the following. device(config-bgp)# clear ip bgp neighbor 10.10.200.102 soft in This command updates the routes by comparing the route policies against the route updates that the device has stored. The command does not request additional updates from the neighbor or otherwise affect the session with the neighbor.
Displaying all the routes received from the neighbor The prefix-list string parameter specifies an IP prefix list. Only routes permitted by the prefix list are displayed. If you also use the optional longer-prefixes parameter, then all statistics for routes that match the specified route or have a longer prefix than the specified route are displayed. For example, if you specify 10.157.0.0 longer, then all routes with the prefix 10.157 or that have a longer prefix (such as 10.157.22) are displayed.
Dynamically refreshing routes • RFC 2842. This RFC specifies the Capability Advertisement, which a BGP4 device uses to dynamically negotiate a capability with a neighbor. • RFC 2858 for Multi-protocol Extension. • RFC 2918, which describes the dynamic route refresh capability The dynamic route refresh capability is enabled by default and cannot be disabled.
Displaying dynamic refresh information NOTE The soft-outbound parameter updates all outbound routes by applying the new or changed filters, but sends only the existing routes affected by the new or changed filters to the neighbor. The soft out parameter updates all outbound routes, then sends the entire BGP4 route table for the device (Adj-RIBOut) to the neighbor, after changing or excluding the routes affected by the filters. Use soft-outbound if only the outbound policy is changed.
Closing or resetting a neighbor session Notification Sent: Unspecified Notification Received: Unspecified TCP Connection state: ESTABLISHED Byte Sent: 115, Received: 492 Local host: 10.4.0.1, Local Port: 179 Remote host: 10.4.0.
Clearing traffic counters Clearing traffic counters You can clear the counters (reset them to 0) for BGP4 messages. To clear the BGP4 message counter for all neighbors, enter the following command. device# clear ip bgp traffic Syntax: clear ip bgp traffic To clear the BGP4 message counter for a specific neighbor, enter a command such as the following. device# clear ip bgp neighbor 10.0.0.
Configuring BGP4 (IPv4) The The all , ip-addr , peer-group-name , and as-num parameters specify the neighbor. The ip-addr parameter specifies a neighbor by its IP interface with the device. The peer-group-name specifies all neighbors in a specific peer group. The as-num parameter specifies all neighbors within the specified AS. The all parameter specifies all neighbors.
Configuring BGP4+ ● Supported BGP4+ features........................................................................................... 525 ● BGP4+ overview........................................................................................................... 525 ● Address family configuration level.................................................................................526 ● Configuring BGP4+.......................................................................................................
Address family configuration level NOTE The implementation of BGP4+ supports the advertising of routes among different address families. However, it supports BGP4+ unicast routes only; it does not currently support BGP4+ multicast routes. Address family configuration level The implementation of BGP4+ includes a new configuration level: address family. For IPv6, Brocade devices currently support the BGP4+ unicast address family configuration levels.
Enabling BGP4+ For more information on performing these configuration tasks, refer to FastIron Ethernet Switch Administration Guide. To configure BGP4+, you must do the following: • Enable BGP4+. • Configure BGP4+ neighbors using one of the following methods: ‐ ‐ ‐ Add one neighbor at a time (neighbor uses global or site-local IPv6 address). Add one neighbor at a time (neighbor uses a link-local IPv6 address). Create a peer group and add neighbors individually.
Configuring BGP4+ neighbors using global or site-local IPv6 addresses Configuring BGP4+ neighbors using global or site-local IPv6 addresses To configure BGP4+ neighbors using global or link-local IPv6 addresses, you must add the IPv6 address of a neighbor in a remote autonomous system to the BGP4+ neighbor table of the local device. You must repeat this procedure for each neighbor that you want to add to a local device.
Identifying a neighbor interface Identifying a neighbor interface To specify Ethernet interface 3/1 as the neighbor interface over which the neighbor and local device will exchange prefixes, enter the following command: device(config-bgp-router)# neighbor fe80:4398:ab30:45de::1 update-source ethernet 3/1 Syntax: neighbor ipv6-address update-source ipv6-address | ethernet slot | port | loopback number | ve number The ipv6-address parameter specifies the IPv6 link-local address of the neighbor.
Configuring a BGP4+ peer group Syntax: set ipv6 next-hop ipv6-address The ipv6-address parameter specifies the IPv6 global address of the next-hop router. You must specify the ipv6-address parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. Configuring a BGP4+ peer group If a peer group has multiple neighbors with similar attributes, you can configure a peer group, then add neighbors to the group instead of configuring neighbors individually for all parameters.
Assigning IPv6 neighbor to peer group The as-number parameter indicates the number of the autonomous system in which the neighbor resides. To delete the neighbor from the BGP4+ neighbor table, enter the no form of this command.
Importing routes into BGP4+ You can enable the BGP4+ device to advertise the default BGP4+ route by specifying the defaultinformation-originate command at the BGP4+ unicast address family configuration level. Before entering this command, the default route ::/0 must be present in the IPv6 route table.
Aggregating routes advertised to BGP4 neighbors • • • • Static IPv6 routes Directly connected IPv6 networks OSPFv3 RIPng You can redistribute routes in the following ways: • By route types, for example, the device redistributes all IPv6 static and RIPng routes. • By using a route map to filter which routes to redistribute, for example, the device redistributes specified IPv6 static and RIPng routes only.
Using route maps The advertise-map map-name parameter configures the device to advertise the more specific routes in the specified route map. The attribute-map map-name parameter configures the device to set attributes for the aggregate routes based on the specified route map. NOTE For the suppress-map, advertise-map, and attribute-map parameters, the route map must already be defined. To remove an aggregate route from a BGP4 neighbor advertisement, use the no form of this command without any parameters.
Enabling recursive next-hop lookups IPv6 route table. Otherwise, the device performs another lookup on the next-hop IPv6 address of the next-hop for the next-hop gateway, and so on, until one of the lookups results in an IGP route. You must configure a static route or use an IGP to learn the route to the EBGP multihop peer. Enabling recursive next-hop lookups The recursive next-hop lookups feature is disabled by default.
Using the IPv6 default route as a valid next-hop for a BGP4+ route 2 3 4 AS_PATH: 2001:db8::/64 2001:ab::1 AS_PATH: 65000 65001 2007:7002:17::/64 2071:34::1 AS_PATH: 60750 2007:7002:17::/64 2071:33::1 AS_PATH: 60750 100 0 BI 0 100 0 BE 0 100 0 I The first lookup results in an IBGP route, to network 2001:ab::1/128 device# show ipv6 route 2001:ab::1 Type Codes - B:BGP C:Connected I:ISIS L:Local O:OSPF R:RIP S:Static BGP Codes - i:iBGP e:eBGP OSPF Codes - i:Inter Area 1:External Type 1 2:External
Clearing BGP4+ information In some cases, such as when the device is acting as an edge device, you can allow the device to use the default route as a valid next-hop. To do so, enter the following command at the BGP4+ address family configuration level of the CLI. Brocade(config-bgp-ipv6u)# next-hop-enable-default Syntax:[no] next-hop-enable-default Clearing BGP4+ information This section contains information about clearing the following for BGP4+: • • • • • Route flap dampening.
Clearing BGP4+ local route information NOTE Clearing the dampening statistics for a route does not change the dampening status of the route. To clear all the route dampening statistics, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
Resetting a BGP4+ neighbor session to send and receive ORFs To clear these buffers for neighbor 2000:db8::1, enter the following commands at the Privileged EXEC level or any of the Config levels of the CLI.
Clearing BGP4+ neighbor traffic counters applies the filters and route maps you have configured to the list of routes. If the filters or route maps result in changes to the list of routes, the sends updates to advertise, change, or even withdraw routes on the neighbor as needed. This ensures that the neighbor receives only the routes you want it to contain.
Clearing and resetting BGP4+ routes in the IPv6 route table To clear all of the route flap dampening statistics for a neighbor, enter a command such as the following at the Privileged EXEC level or any of the Config levels of the CLI. device# clear ipv6 bgp neighbor 2001:db8:47::1 flap-statistics Syntax: clear ipv6 bgp neighbor ipv6-address flap-statistics The ipv6-address parameter specifies a neighbor by its IPv6 address.
Displaying the BGP4+ route table NOTE The show commands implemented for BGP4+ correspond to the show commands implemented for IPv4 BGP. For example, you can specify the show ipv6 bgp command for IPv6 and the show ip bgp command for IPv4. Also, the displays for the IPv4 and IPv6 versions of the show commands are similar except where relevant, IPv6 neighbor addresses replace IPv4 neighbor addresses, IPv6 prefixes replace IPv4 prefixes, and IPv6 next-hop addresses replace IPv4 next-hop addresses.
Configuring BGP4+ TABLE 104 show ipv6 bgp routes output descriptions (Continued) Field Description Weight The value that this device associates with routes from a specific neighbor. For example, if the receives routes to the same destination from two BGP4+ neighbors, the prefers the route from the neighbor with the larger weight. Status The route’s status, which can be one or more of the following: • A - AGGREGATE. The route is an aggregate route for multiple networks. • B - BEST.
Configuring BGP4+ The as-path-access-list name parameter filters the display using the specified AS-path ACL. The as-path-filter number parameter filters the display using the specified AS-path filter. The best keyword displays the routes received from neighbors that the device selected as the best routes to their destinations. The cidr-only keyword lists only the routes whose network masks do not match their class network length.
Configuring BGP4+ LOCAL_PREF: 400, MED: 0, ORIGIN: incomplete, Weight: 0 AS_PATH: 65005 65010 Adj_RIB_out count: 1, Admin distance 200 4 Prefix: 2001:db8:400:400::/64, Status: BL, Age: 5h43m14s NEXT_HOP: ::, Learned from Peer: Local Router LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 32768 AS_PATH: Adj_RIB_out count: 3, Admin distance 1 TABLE 105 show ipv6 bgp route detail output descriptions Field Description Number of BGP4+ Routes advertised to specified neighbor (appears only in display for all rout
Configuring BGP4+ TABLE 105 show ipv6 bgp route detail output descriptions (Continued) Field Description Origin The source of the route information. The origin can be one of the following: • A - AGGREGATE. The route is an aggregate route for multiple networks. • B - BEST. BGP4+ has determined that this is the optimal route to the destination.
Displaying BGP4+ route information in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix-length parameter. The table-entry-number parameter specifies the table entry with which you want the display to start. For example, if you specify 100, the display shows entry 100 and all entries subsequent to entry 100.
Configuring BGP4+ Status codes: s suppressed, d damped, h history, * valid, stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop MED LocPrf *> 2001:db8:10:10::/64 :: 1 100 *> 2001:db8:113:113::/64 :: 1 100 *> 2001:db8:400:400::/64 ::1 0 100 *i 2001:db8:400:400::/64 2001:db8:400:400::2 0 400 *>i 2001:db8:824:824::/64 2001:db8:400:400::2 0 400 > best, i internal, S Weight Path 32768 ? 32768 i 32768 i 0 65005 65010 ? 0 65005 65010 i Syntax: show ipv6 bgp ipv6-prefix/prefix-length [ l
Displaying BGP4+ route-attribute entries TABLE 106 show ipv6 bgp output descriptions (Continued) This field... Displays... Number of BGP Routes The number of routes that matched the display parameters you entered. This is the matching display condition number of routes displayed by the command. (appears in display that matches specified and longer prefixes) Status codes A list of the characters the display uses to indicate the route’s status.
Configuring BGP4+ NOTE Portions of this display are truncated for brevity. The purpose of this display is to show all possible fields that might display rather than to show complete output. Syntax: show ipv6 bgp attribute-entries TABLE 107 show ipv6 bgp attribute-entries output descriptions This field... Displays... Total number of BGP Attribute Entries The number of entries contained in the device’s BGP4+ route-attribute entries table.
Displaying the BGP4+ running configuration TABLE 107 show ipv6 bgp attribute-entries output descriptions (Continued) This field... Displays... AS Path The ASs through which routes with this set of attributes have passed. The local AS is shown in parentheses. Address For debugging purposes only. Hash For debugging purposes only. Links For debugging purposes only. Reference Counts For debugging purposes only.
Displaying filtered-out BGP4+ routes TABLE 108 show ipv6 bgp dampened-paths output descriptions This field... Displays... Status codes A list of the characters the display uses to indicate the path’s status. The status code appears in the left column of the display, to the left of each route. The status codes are described in the command’s output. The status column displays a "d" for each dampened route. Network The destination network of the route. From The IPv6 address of the advertising peer.
Configuring BGP4+ colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix-length parameter. The longer-prefixes keyword allows you to display routes that match a specified or longer IPv6 prefix. For example, if you specify 2001:db8::/16 longer-prefixes , then all routes with the prefix 2001:db8::/16 or that have a longer prefix (such as 2001:db8::/32) are displayed.
Configuring BGP4+ TABLE 109 show ipv6 bgp filtered-routes output descriptions (Continued) This field... Displays... Status The route’s status, which can be one or more of the following: • A - AGGREGATE - The route is an aggregate route for multiple networks. • B - BEST - BGP4+ has determined that this is the optimal route to the destination.
Configuring BGP4+ LOCAL_PREF: 100, MED: 0, ORIGIN: incomplete, Weight: 0 AS_PATH: 100 Syntax: show ipv6 bgp filtered-routes detail [ ipv6-prefix/prefix-length [ longer-prefixes ] | [ as-pathaccess-list name ] | [ prefix-list name ] The ipv6-prefix and prefix-length parameters display the specified IPv6 prefix of the destination network only. You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Displaying route flap dampening statistics TABLE 110 show ipv6 bgp filtered-routes detail output descriptions (Continued) This field... Displays... Origin The source of the route information. The origin can be one of the following: • A - AGGREGATE - The route is an aggregate route for multiple networks. • B - BEST - BGP4+ has determined that this is the optimal route to the destination.
Displaying BGP4+ neighbor information documented in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix-length parameter. The longer-prefixes keyword allows you to display statistics for routes that match a specified or longer IPv6 prefix.
Displaying IPv6 neighbor configuration information and statistics • • • • • • • • • Router advertisements. Route-attribute entries. Route flap dampening statistics. The last packet containing an error. Received Outbound Route Filters (ORFs). Routes received from a neighbor. BGP4+ Routing Information Base (RIB). Received best, not installed best, and unreachable routes. Route summary.
Configuring BGP4+ The ipv6-address parameter allows you to display information for a specified neighbor only. You must specify the ipv6-address parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. TABLE 112 show ipv6 bgp neighbor output descriptions This field... Displays... IP Address The IPv6 address of the neighbor. AS The AS in which the neighbor resides.
Configuring BGP4+ TABLE 112 show ipv6 bgp neighbor output descriptions (Continued) This field... Displays... State The state of the device’s session with the neighbor. The states are from the perspective of the session, not the neighbor’s perspective. The state values can be one of the following: • IDLE - The BGP4+ process is waiting to be started. Usually, enabling BGP4 or establishing a neighbor session starts the BGP4+ process.
Configuring BGP4+ TABLE 112 show ipv6 bgp neighbor output descriptions (Continued) This field... Displays... Messages Sent and Received The number of messages this device has sent to and received from the neighbor.
Configuring BGP4+ TABLE 112 show ipv6 bgp neighbor output descriptions (Continued) This field... Displays... Last Connection Reset Reason (cont.
Configuring BGP4+ TABLE 112 show ipv6 bgp neighbor output descriptions (Continued) This field... Displays... Notification Received See above. Neighbor NLRI Negotiation The state of the device’s NLRI negotiation with the neighbor. The states can include the following: • Peer negotiated IPv6 unicast capability. • Peer configured for IPv6 unicast routes. • Peer negotiated IPv4 unicast capability. • TCP Connection state Peer negotiated IPv4 multicast capability.
Displaying routes advertised to a BGP4+ neighbor TABLE 112 show ipv6 bgp neighbor output descriptions (Continued) This field... Displays... ISentSeq The initial send sequence number for the session. SendNext The next sequence number to be sent. TotUnAck The number of sequence numbers sent by the device that have not been acknowledged by the neighbor. TotSent The number of sequence numbers sent to the neighbor.
Configuring BGP4+ The ipv6-address parameter displays routes advertised to a specified neighbor. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. The detail keyword displays detailed information about the advertised routes. If you do not specify this keyword, a summary of the advertised routes displays. The ipv6-prefix and prefix-length parameters display the specified route advertised to the neighbor only.
Configuring BGP4+ For example, to display details about all routes a device has advertised to neighbor 2001:db8::110, enter the following command at any level of the CLI..
Displaying route flap dampening statistics for a BGP4+ neighbor TABLE 114 show ipv6 bgp neighbor advertised-routes detail output descriptions (Continued) This field... Displays... AS-PATH The AS-path information for the route. Adj RIB out count The number of routes in the device’s current BGP4+ Routing Information Base (Adj-RIB-Out) for a specified neighbor. Admin distance The administrative distance of the route.
Displaying last error packet from a BGP4+ neighbor You also can display all the dampened routes by using the show ipv6 bgp dampened-paths command. For more information, refer to Displaying dampened BGP4+ paths on page 551. Displaying last error packet from a BGP4+ neighbor You can display information about the last packet that contained an error from any of a device’s neighbors. The displayed information includes the error packet's contents decoded in a humanreadable format.
Configuring BGP4+ For example, to display a summary of the route information received in route updates from neighbor 2001:db8::10, enter the following command at any level of the CLI. Brocade# show ipv6 bgp neighbor 2001:db8:400:400::2 received-route There are 4 received routes from neighbor 2001:db8:400:400::2 Searching for matching routes, use ^C to quit...
Configuring BGP4+ TABLE 117 show ipv6 bgp neighbor received-routes output descriptions (Continued) This field... Displays... Status The advertised route’s status, which can be one or more of the following: A - AGGREGATE. The route is an aggregate route for multiple networks. B - BEST. BGP4+ has determined that this is the optimal route to the destination.
Displaying the Adj-RIB-Out for a BGP4+ neighbor TABLE 118 show ipv6 bgp neighbor received-routes detail output descriptions This field... Displays... Number of BGP4+ routes received from a neighbor For information about this field, refer to the table above. Status codes For information about this field, refer to the table above. Prefix For information about this field, refer to the table above. Status For information about this field, refer to the table above.
Configuring BGP4+ The RIB contains the routes that the device either has most recently sent to the neighbor or is about to send to the neighbor. For example, to display a summary of all routes in a device’s RIB for neighbor 2001:db8::110, enter the following command at any level of the CLI.
Configuring BGP4+ TABLE 119 show ipv6 bgp neighbor rib-out-routesoutput descriptions (Continued) This field... Displays... Weight The value that this device associates with routes from a specific neighbor. For example, if the receives routes to the same destination from two BGP4+ neighbors, the prefers the route from the neighbor with the larger weight. Status The RIB route’s status, which can be one or more of the following: • A - AGGREGATE. The route is an aggregate route for multiple networks.
Displaying the best and unreachable routes received from a BGP4+ neighbor TABLE 120 show ipv6 bgp neighbor rib-out-routes detail output descriptions (Continued) This field... Displays... LOCAL_PREF For information about this field, refer to the table above. MED The value of the RIB route’s MED attribute. If the route does not have a metric, this field is blank. Origin The source of the route information.
Configuring BGP4+ The detail keyword displays detailed information about the routes. If you do not specify this parameter, a summary of the routes displays. This display shows the following information. TABLE 121 show ipv6 bgp neighbor routes best output descriptions This field... Displays... Number of accepted routes from a specified neighbor The number of routes displayed by the command. Status codes A list of the characters the display uses to indicate the route’s status.
Configuring BGP4+ TABLE 121 show ipv6 bgp neighbor routes best output descriptions (Continued) This field... Displays... Status The route’s status, which can be one or more of the following: • A - AGGREGATE. The route is an aggregate route for multiple networks. • B - BEST. BGP4+ has determined that this is the optimal route to the destination. • C - CONFED_EBGP.
Displaying IPv6 neighbor route summary information TABLE 122 show ipv6 bgp neighbor routes detail bestoutput descriptions (Continued) This field... Displays... Status codes For information about this field, refer to the table above. Prefix For information about this field, refer to the table above. Status For information about this field, refer to the table above. Age The age of the route, in seconds. Next Hop For information about this field, refer to the table above.
Configuring BGP4+ Receiving Update Messages:0, Accepting Routes(NLRI):0 Attributes:0, Outbound Routes(RIB-out):0 Outbound Routes Holder:0 Syntax: show ipv6 bgp neighbor [ ipv6-address ] routes-summary TABLE 123 show ipv6 bgp neighbor routes-summary output descriptions This field... Displays...
Displaying BGP4+ peer group configuration information TABLE 123 show ipv6 bgp neighbor routes-summary output descriptions (Continued) This field... Displays... NLRIs Sent in Update Message The number of NLRIs for new routes the device has sent to this neighbor in UPDATE messages: • Withdraws - The number of routes the device has sent to the neighbor to withdraw.
Displaying BGP4+ summary Displaying BGP4+ summary To view summary BGP4+ information for the device, enter the following command at any level of the CLI. device# show ipv6 bgp summary BGP4 Summary Router ID: 113.1.1.
Configuring BGP4+ TABLE 124 show ipv6 bgp summary output descriptions (Continued) This field... Displays... State The state of this neighbor session with each neighbor. The states are from this perspective of the session, not the neighbor’s perspective. The state values can be one of the following for each: • IDLE - The BGP4+ process is waiting to be started. Usually, enabling BGP4+ or establishing a neighbor session starts the BGP4+ process.
Configuring BGP4+ graceful restart TABLE 124 show ipv6 bgp summary output descriptions (Continued) This field... Displays... ToSend The number of routes the has queued to send to this neighbor. Configuring BGP4+ graceful restart BGP4+ Graceful Restart (GR) can be configured for a global routing instance. The following sections describe how to enable the BGP4+ Graceful Restart feature. BGP4+ Graceful Restart can be executed in IPv6 address families.
Displaying BGP4+ graceful restart neighbor information Configuring BGP4+ graceful restart stale routes timer Use the following command to specify the maximum amount of time a helper device will wait for an endof-RIB message from a peer before deleting routes from that peer. device(config-bgp)# graceful-restart stale-routes-time 120 Syntax: [no] graceful-restart stale-routes-time seconds The seconds variable sets the maximum time before a helper device cleans up stale routes.
Displaying BGP4+ graceful restart neighbor information 584 FastIron Ethernet Switch Layer 3 Routing Configuration Guide 53-1003087-04
VRRP and VRRP-E ● VRRP and VRRP-E Feature Table............................................................................... 585 ● Overview....................................................................................................................... 586 ● VRRP and VRRP-E overview....................................................................................... 586 ● Comparison of VRRP and VRRP-E..............................................................................
Overview Overview This chapter describes how to configure Brocade Layer 3 switch with the following router redundancy protocols: • Virtual Router Redundancy Protocol (VRRP) - The standard router redundancy protocol described in RFC 2338. The FastIron devices support VRRP version 2 (v2) and VRRP version 3 (v3). VRRP v2 supports the IPv4 environment, and VRRP v3 supports the IPv4 and IPv6 environments. Configuring VRRPv3 for IPv4 enables the code for a version compatible with RFC 5798.
VRRP and VRRP-E FIGURE 35 Switch 1 is the Host1 default gateway but is a single point of failure Switch 1 is the host default gateway out of the subnet. If this interface goes down, Host1 is cut off from the rest of the network. Switch 1 is thus a single point of failure for Host1’s access to other networks. If Switch 1 fails, you could configure Host1 to use Switch 2. Configuring one host with a different default gateway might not require too much extra administration.
Virtual router ID FIGURE 36 Switch 1 and Switch 2 configured as VRRP virtual routers for redundant network access for Host1 The dashed box represents a VRRP virtual router. When you configure a virtual router, one of the configuration parameters is the virtual router ID (VRID), which can be a number from 1 through 255. In this example, the VRID is 1. NOTE You can provide more redundancy by also configuring a second VRID with Switch 2 as the Owner and Switch 1 as the Backup.
Virtual router IP address 192.53.5.1. Hosts use the virtual router MAC address in routed traffic they send to their default IP gateway (in this example, 192.53.5.1). Virtual router IP address VRRP does not use virtual IP addresses. Thus, there is no virtual IP address associated with a virtual router. Instead, you associate the virtual router with one or more real interface IP addresses configured on the router that owns the real IP addresses.
Hello messages Hello messages Virtual routers use Hello messages for negotiation to determine the Master router. Virtual routers send Hello messages to IP Multicast address 224.0.0.18. The frequency with which the Master sends Hello messages is the Hello interval. Only the Master sends Hello messages. However, a Backup router uses the Hello interval you configure for the Backup router if it becomes the Master.
Suppression of RIP advertisements for backed-up interfaces feature, make sure the track priorities are always lower than the VRRP priorities. The default track priority for the router that owns the VRID IP addresses is 2. The default track priority for Backup routers is 1. If you change the track port priorities, make sure you assign a higher track priority to the Owner of the IP addresses than the track priority you assign on the Backup routers.
VRRP and VRRP-E ‐ VRRP has an Owner and one or more Backup routers for each VRID. The Owner is the router on which the VRID's IP address is also configured as a real address. All the other routers supporting the VRID are Backup routers. ‐ VRRP-E does not use Owners. All routers are Backup routers for a given VRID. The router with the highest priority becomes the Master. If there is a tie for highest priority, the router with the highest IP address becomes the Master.
ARP behavior with VRRP-E FIGURE 37 Switch 1 and Switch 2 are configured to provide dual redundant network access for the host In this example, Switch 1 and Switch 2 use VRRP-E to load share as well as provide redundancy to the hosts. The load sharing is accomplished by creating two VRRP-E groups. Each group has its own virtual IP addresses. Half of the clients point to VRID 1's virtual IP address as their default gateway and the other half point to VRID 2's virtual IP address as their default gateway.
Comparison of VRRP and VRRP-E Comparison of VRRP and VRRP-E This section compares router redundancy protocols. VRRP VRRP is a standards-based protocol, described in RFC 2338. The Brocade implementation of VRRP contains the features in RFC 2338.
Master and Backup routers Master and Backup routers • VRRP - The "Owner" of the IP address of the VRID is the default Master and has the highest priority (255). The precedence of the Backup routers is determined by their priorities. The default Master is always the Owner of the IP address of the VRID. • VRRP-E - The Master and Backup routers are selected based on their priority. You can configure any of the Layer 3 switches to be the Master by giving it the highest priority. There is no Owner.
VRRP and VRRP-E TABLE 125 VRRP and VRRP-E parameters (Continued) Parameter Description Default Authentication type The type of authentication the VRRP or VRRP-E interfaces use to validate VRRP or VRRP-E packets. No authentication • No authentication - The interfaces do not use authentication. This is the VRRP default. • Simple - The interface uses a simple text-string as a password in packets sent on the interface.
VRRP and VRRP-E TABLE 125 VRRP and VRRP-E parameters (Continued) Parameter Description Default Dead interval The number of seconds or milliseconds a Backup waits for a Hello message from the Master for the VRID before determining that the Master is no longer active.
Note regarding disabling VRRP or VRRP-E TABLE 125 VRRP and VRRP-E parameters (Continued) Parameter Description Default Backup preempt mode Prevents a Backup with a higher VRRP priority from taking control of the VRID from another Backup that has a lower priority but has already assumed control of the VRID. Enabled Timer scale Adjusts the timers for the Hello interval, Dead interval, Backup Hello 1 interval, and Hold-down interval. NOTE The timer scale is not supported for IPv6 VRRP v3.
Basic VRRP parameter configuration Basic VRRP parameter configuration To implement a simple VRRP configuration using all the default values, enter the commands shown in the following sections. Configuration rules for VRRP • The interfaces of all routers in a VRID must be in the same IP subnet. • The IP addresses associated with the VRID must already be configured on the router that will be the Owner. • An IP address associated with the VRID must be on only one router.
Configuring the Owner for IPv6 VRRP The track-priority value option changes the track-port priority for this interface and the VRID from the default (255) to a value from 1 through 254. The version num specifies the version - v3 or v2. Configuring the Owner for IPv6 VRRP To configure the VRRP Owner router for IPv6, enter the following commands on the router. NOTE You must first configure the ipv6 unicast-routing command at the global configuration level to enable IPv6 VRRP on the router.
Configuring a Backup for IPv6 VRRP Syntax: [no] ip-address ip-address Syntax: [no] ip vrrp vrrp vrid num Syntax: [no] backup [ priority value] [ track-priority value ] Syntax: [no] hello-interval [ value] Syntax: [no] advertise backup Syntax: [no] version num Syntax: [no] activate The ip-address variable specifies the IP address of the Backup router, the router interface on which you are configuring the VRID must have a unique IP address that is in the same subnet as the address associated with the VRID of
Assigning an auto-generated link-local IPv6 address for a VRRPv3 cluster By default, Backup routers do not send Hello messages to advertise themselves to the Master. The advertise backup command is used to enable a Backup router to send Hello messages to the Master.
Enabling accept mode in VRRP non-Owner Master router Enabling accept mode in VRRP non-Owner Master router To configure a non-Owner Master router to respond to ping, traceroute, and Telnet packets destined for the virtual IPv4 or IPv6 address of a VRRP cluster, use the accept-mode command in the VRRP configuration mode. The following example shows the configuration of accept mode on an IPv6 Backup router.
Configuring IPv4 VRRP-E • The Hello interval must be set to the same value with in the same VRID. • The dead interval must be set to the same value with in the same VRID. • The track priority for a VRID must be lower than the VRRP-E priority. Configuring IPv4 VRRP-E VRRP-E is configured at the interface level. To implement a simple IPv4 VRRP-E configuration using all the default values, enter commands such as the following on each Layer 3 switch.
Additional VRRP and VRRP-E parameter configuration Brocade(config)# ipv6 router vrrp-extended Brocade(config-ipv6-VRRP-E-router)# interface ethernet 1/5 Brocade(config-if-e10000-1/5)# ipv6-address 2001:DB8::2/64 Brocade(config-if-e10000-1/5)# ipv6 vrrp-extended vrid 1 Brocade(config-if-e10000-1/5-vrid-1)# backup priority 50 track-priority 10 Brocade(config-if-e10000-1/5-vrid-1)# ipv6-address 2001:DB8::99 Brocade(config-if-e10000-1/5-vrid-1)# activate Syntax: [no] ipv6 unicast-routing Syntax: [no] ipv6 rou
VRRP and VRRP-E authentication types • • • • Backup preempt mode Timer scale VRRP-E slow start timer VRRP-E extension for server virtualization (short-path forwarding) VRRP and VRRP-E authentication types This section describes VRRP and VRRP-E authentication parameters. Configuring authentication type The Brocade implementation of VRRP and VRRP-E supports the following authentication types for authenticating VRRP and VRRP-E traffic: • No authentication - The interfaces do not use authentication.
Syslog messages for VRRP-E HMAC-MD5-96 authentication Syntax: ip vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [ 0 |1 ] key For IPv6 VRRP-E: Syntax: ipv6 vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [ 0 | 1 ] key The values for the no-auth and simple-text-auth auth-data options are the same as for VRRP. The md5-auth option configures the interface to use HMAC-MD5-96 for VRRP-E authentication.
Configuring Router 1 as VRRP VRID Owner NOTE The Owner type is not applicable to VRRP-E. NOTE For VRRP, the IP address you associate with the Owner must be real IP address on the interface where the VRIS is configured. To configure a Backup router, the interface must have a real IP address that is in the same subnet the Owner. The address must be unique. Configuring Router 1 as VRRP VRID Owner To configure Router1 as a VRRP VRID Owner, enter the following commands.
Suppression of RIP advertisements Suppression of RIP advertisements NOTE Suppression of RIPng advertisements on Backup routers for the backup interface is not supported by IPv6 VRRP v3 and IPv6 VRRP-E v3. Normally, a VRRP or VRRP-E Backup includes route information for the virtual IP address (the backedup interface) in RIP advertisements.
Dead interval configuration The milliseconds variable can be 100 milliseconds interval only. The default is 1000 milliseconds, and the range is 100 to 40900 milliseconds. To change the Hello interval on the Master to 200 milliseconds for IPv4 VRRPv3, enter the following commands.
Track port configuration device(config)#interface ethernet 1/6 device(config-if-1/6)#ip vrrp vrid 1 device(config-if-1/6-vrid-1)#backup-hello-interval 180 Syntax: [no] backup-hello-interval num The num variable specifies the message interval and can be from 60 through 3600 seconds. The default is 60 seconds. The syntax is the same for VRRP v2 and IPv6 VRRP v3, and VRRP-E v2 and IPv6 VRRP-E v3. Track port configuration NOTE Track port is not supported by VRRP v3.
Backup preempt configuration Backup preempt configuration By default, a Backup that has a higher priority than another Backup that has become the Master can preempt the Master, and take over the role of Master. If you want to prevent this behavior, disable preemption. Preemption applies only to Backups and takes effect only when the Master has failed and a Backup has assumed ownership of the VRID.
VRRP-E slow start timer TABLE 126 Time scale values (Continued) Timer Backup Hello interval Hold-down interval Timer scale Timer value 2 1.5 seconds 1 60 seconds 2 30 seconds 1 2 seconds 2 1 second If you configure the device to receive its timer values from the Master, the Backup also receives the timer scale value from the Master. To change the timer scale, enter a command such as the following at the global CONFIG level of the CLI.
VRRP-E Extension for Server Virtualization If the Master subsequently comes back up again, the amount of time specified by the VRRP-E slow start timer elapses (in the IPv4 example, 30 seconds) before the Master takes over from the Backup. The VRRP-E slow start timer is effective only if the VRRP-E Backup router detects another VRRP-E Master (Standby) router. It is not effective during the initial bootup.
VRRP-E Extension for short-path forwarding example FIGURE 38 VRRP-E Extension for short-path forwarding VRRP-E Extension for short-path forwarding example Under the VRRP-E VRID configuration level, there is an option to enable short-path forwarding. To enable short-path forwarding , enter the following commands. device device device device device device device device (config)# router vrrp-extended (config)# interface ve 10 (config-vif-10)# ip-address 10.10.10.
Displaying short-path forwarding combinations lowered by the number specified in the track-port command. When the current priority is lower than the threshold, the SPF behavior is temporarily suspended and reverts back to the pre-SPF VRRP-E forwarding behavior. The value range is from 1 through 255.
Suppression of interface level RA in a IPv6 VRRP/VRRP-E configured interface To avoid this, you can disable the default interface-level IPv6 RA messages on an interface configured with IPv6 VRRP or VRRP-E. To disable the default IPv6 RA messages and allow the interface to send only IPv6 VRRP or VRRPE RA messages, use the ipv6 nd skip-interface-ra command in interface configuration mode.
Displaying VRRP and VRRP-E information To change the Master priority, enter commands such as the following. device(config)# interface ethernet 1/6 device(config-if-1/6)# ip vrrp vrid 1 device(config-if-1/6-vrid-1)# owner priority 99 Syntax: [no] owner priority num The num variable specifies the new priority and can be a number from 1 through 254. When the command is enabled, the software changes the priority of the Master to the specified priority.
Displaying summary information Syntax: show ipv6 vrrp [ brief | [ stat | [ statistics ] [ vrid num ] ] [ ethernet stack/slotnum/portnum | ve num ] ] Syntax for IPv4 and IPv6 VRRP-E: Syntax: show ip vrrp-extended [ brief | [ stat | [ statistics ] [ vrid num ] ] [ ethernet stack/slotnum/ portnum | ve num ] ] Syntax: show ipv6 vrrp-extended [ brief | [ stat | [ statistics ] [ vrid num ] ] [ ethernet stack/slotnum/ portnum | ve num ] ] The brief option displays the summary information.
Displaying detailed information The table shows a description of the output for the show ip vrrp brief and show ip vrrp-extended brief commands. TABLE 127 Output description for VRRP or VRRP-E summary information Field Description Total number of VRRP (or VRRPExtended) routers defined The total number of VRIDs configured on this Layer 3 switch. Interface The interface on which VRRP or VRRP-E is configured.
VRRP and VRRP-E version v3 mode owner priority 255 current priority 255 track-priority 150 hello-interval 1000 msec ip-address 172.21.3.1 virtual mac address 0000-5E00-0103 advertise backup: disabled next hello sent in 00:00:00.7 backup router 172.21.3.2 expires in 00:02:41.3 track-port 3/14(up) The following example is for a VRRP Backup.
VRRP and VRRP-E current dead-interval 3100 msec preempt-mode true virtual ip address 10.201.201.5 virtual mac address 0000.00d7.82c9 advertise backup: enabled next hello sent in 00:00:00.1 backup router 10.201.201.4 expires in 00:02:45.2 backup router 10.201.201.3 expires in 00:02:47.6 track-port 1/1/25*2/1/24(up) To display information for an IPv6 VRRP Owner, enter the show ipv6 vrrp command at any level of the CLI.
VRRP and VRRP-E TABLE 128 Output description for VRRP-E detailed information (Continued) Field Description state This Layer 3 switch VRRP, VRRP v3, VRRP-E, or IPv6 VRRP-E state for the VRID. The state can be one of the following: • initialize - The VRID is not enabled (activated). If the state remains "initialize" after you activate the VRID, make sure that the VRID is also configured on the other routers and that the routers can communicate with each other.
VRRP and VRRP-E TABLE 128 Output description for VRRP-E detailed information (Continued) Field Description dead interval The configured value for the dead interval. This is the amount of time, in milliseconds, that a Backup waits for a Hello message from the Master for the VRID before determining that the Master is no longer active. If the Master does not send a Hello message before the dead interval expires, the Backups negotiate (compare priorities) to select a new Master for the VRID.
Displaying detailed information for an individual VRID TABLE 128 Output description for VRRP-E detailed information (Continued) Field Description backup router ipaddr expires in time The IP addresses of Backups that have advertised themselves to this Master by sending Hello messages. The time value indicates how long before the Backup expires. A Backup expires if you disable the advertise backup option on the Backup or the Backup becomes unavailable.
VRRP and VRRP-E dead-interval 0 msec current dead-interval 3600 msec preempt-mode true ip-address 10.1.1.5 virtual mac address 0000.0000.0102 advertise backup: disabled next hello sent in 00:00:01.0 To display information about the settings configured for a specified IPv6 VRRP VRID, enter the show ipv6 vrrp vrid command.
Displaying statistics TABLE 129 show ip vrrp vrid output description (Continued) Field Description current dead interval The current value of the dead interval. This value is equal to the value configured for the dead interval. If the value for the dead interval is not configured, then the current dead interval is equal to three times the Hello interval plus Skew time (where Skew time is equal to 256 minus priority divided by 256). NOTE This field does not apply to VRRP Owners.
VRRP and VRRP-E total number of vrrp packets sent = 105 backup advertisements sent = 10 The following example displays the output of the show ipv6 vrrp-extended stat ve command: device# show ipv6 vrrp-extended stat ve 30 Interface ethernet v30 rxed vrrp header error count = 0 rxed vrrp auth error count = 0 rxed vrrp auth passwd mismatch error count = 0 rxed vrrp vrid not found error count = 0 VRID 11 rxed arp packet drop count = 0 rxed ip packet drop count = 0 rxed vrrp port mismatch count = 0 rxed vrrp i
Displaying summary of key statistics TABLE 130 Output field descriptions (Continued) Field Description rxed vrrp priority zero from master count Indicates that the current Master has resigned. rxed vrrp higher priority count The number of VRRP or VRRP-E packets received by the interface that had a higher backup priority for the VRID than this Layer 3 switch backup priority for the VRID.
VRRP and VRRP-E 0 v226 VR226 0 v227 VR227 0 v228 VR228 0 v229 VR229 0 v311 0 0 0 0 0 0 0 0 0 46772 1559 0 93542 1559 0 93542 1559 1 93543 1559 0 (output truncated) To display a summary of the VRRP-E statistics on a device, enter the following command at any level of the CLI: device# show ip vrrp-extended statistics Total number of VRRP-Extended routers defined: 2 RX master adv TX master adv adv TX backup adv VR Errors v20 0 VR 20 0 801 8 12 v30 0 VR101 150 104 0 14 0 RX backup Port E
Clearing VRRP or VRRP-E statistics TABLE 131 Output field descriptions (Continued) Field Description TX master adv The number of VRRP or VRRP-E advertisement packets sent by this router for a VRID on a specific interface. This is the same as the "total number of vrrp/vrrp-extended packets sent" output of the stat option. RX backup adv The number of VRRP backup advertisement packets received for a VRID on a specific interface.
VRRP example VRRP example To implement the VRRP configuration shown in "VRRP Overview," use the following method. Configuring Switch 1 To configure VRRP Switch 1, enter the following commands. device device device device device device device device Switch1(config)#router vrrp Switch1(config)#interface ethernet 1/6 Switch1(config-if-1/6)#ip address 192.53.5.
VRRP-E example Syntax: ip vrrp vridvrid Syntax: owner [ track-priorityvalue] Syntax: backup [ priorityvalue][track-priorityvalue] Syntax: track-port ethernet [slotnum/]portnum|venum Syntax: ip-addressip-addr Syntax: activate VRRP-E example To implement the VRRP-E configuration shown in "VRRP-E Overview," use the following CLI method. Configuring Switch 1 To configure VRRP Switch 1 in "VRRP-E Overview," enter the following commands.
VRRP and VRRP-E The backup command specifies that this router is a VRRP-E Backup for virtual router VRID1. The IP address entered with the ip-address command is the same IP address as the one entered when configuring Switch 1. In this case, the IP address cannot also exist on Switch 2, but the interface on which you are configuring the VRID Backup must have an IP address in the same subnet.
Configuring Multi-VRF ● Supported Multi-VRF features ......................................................................................635 ● Supported devices, interface modules, and protocols.................................................. 636 ● Multi-VRF Overview...................................................................................................... 637 ● Configuring Multi-VRF...................................................................................................
Supported devices, interface modules, and protocols Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 PIM-SM/DM for IPv4 No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 PIM-SM for IPv6 No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 18 08.0.10 MSDP for IPv4 No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 PIM Anycast RP IPv4 and IPv6 No 08.0.01 08.0.01 08.0.01 08.0.01 17 08.0.01 08.0.10 Multicast over GRE for IPv4 No 08.0.01 08.0.01 08.0.
Multi-VRF Overview TABLE 132 FSX interface modules supporting Multi-VRF (Continued) FSX Interface Modules Multi-VRF Support SX-FI-24HF Yes SX-FI-2XG Yes SX-FI-8XG Yes SX-FI-48GPP Yes TABLE 133 Routing Protocols and VRF Support VRF Graceful Restart Helper Mode Graceful Restart Non-Stop Routing RIP Yes No No No RIPng No No No No OSPFv2 Yes Yes Yes Yes OSPFv3 Yes Yes No Yes BGP4 Yes Yes Yes No BGP4+ No Yes Yes No Multi-VRF Overview Virtual routing and forwarding (VR
Configuring Multi-VRF FIGURE 39 Typical Multi-VRF topology NOTE Some vendors also use the terms Multi-VRF CE or VRF-Lite for this technology. Configuring Multi-VRF A Multi-VRF instance can be configured on: • Untagged physical ports -Only applies to SX chassis-based systems. It is recommended that these ports be configured route-only to prevent leaking of switching traffic if two interfaces in the same vlan are configured with different VRFs.
Configuring VRF-related system-max values Configuring VRF-related system-max values Before configuring a VRF instance, VRF-related system-max values must be modified. The default FastIron configuration does not allow space for VRF routing tables.
Configuring Multi-VRF ip-route and ip6-route values changed. ip-route: 10000 ip6-route: 1408 Warning: Please reconfigure system-max for ip-route-default-vrf and ip-route-vrf (if required). Reload required. Please write memory and then reload or power cycle. Brocade# This step will also modify the ip6-route system-max parameter and is intended for FCX/ICX6610 only (not FSX.
Configuring maximum routes per VRF TABLE 134 Configuration limits for system-max (Continued) Configuration SX Min FCX/ICX 6610 Default Max Min Default Max ip-route-default-vrf (system-max IPv4 routes configuration for default-VRF) 1024 262144 524288 1024 12000 15168 ip-route-vrf (Default system-max IPv4 routes per non-defaultVRF instances) 1024 65536 524288 128 1024 15168 ip6-route-default-vrf (system-max IPv6 routes configuration for 1024 32768 default-VRF) 65536 64 908 2884 ip6-route-vr
Configuring VRF instances For example: Brocade(config)# vrf blue6 Brocade(config-vrf-blue6)# rd 1:106 Brocade(config-vrf-blue6)# address-family ipv4 Error: has reached maximum system limit of maximum number of IPv4 routes Brocade(config-vrf-blue6)# Configuring VRF instances A FastIron device can be configured with more than one VRF instance. You should define each VRF instance before assigning an L3 interface to the VRF instance.
Configuring routing protocols for new Multi-VRF instance While configuring an AF, you can optionally configure the maximum routes that are associated with the AF. If the max-route is not configured, the default value of maximum routes will be configured for the VRF instance based on the system-max value of ip-route-vrf or ip6-route-vrf . To configure address families, enter the following commands: Brocade(config)# vrf customer-1 Brocade(config-vrf-customer-1)# rd 1.1.1.
Removing a Multi-VRF instance When configuring a VRF, a warning message is generated specifying that any configuration existing on the interface is deleted. When assigning a VRF instance to a static or dynamic Trunk, the following constraints exists: • If the trunk is deployed, the primary port can be assigned to a non-default VRF. • The dynamic trunk must be configured before assigning any of its ports to a non-default VRF routing instance, and all members of the trunk must be in the default VRF.
Configuring Management VRFs Example: Brocade(config)# no vrf customer1 Warning: All IPv4 and IPv6 addresses (including link-local) from all interfaces in VRF customer1 have been removed Configuring Management VRFs The management VRF is used to provide secure management access to the device by sending inbound and outbound management traffic through the VRF specified as a global management VRF and through the out-of-band management port, thereby isolating management traffic from the network data traffic.
Supported management applications Supported management applications This section explains the management VRF support provided by the management applications. SNMP server When the management VRF is configured, the SNMP server receives SNMP requests and sends SNMP responses only through the ports belonging to the management VRF and through the out-ofband management port. Any change in the management VRF configuration becomes immediately effective for the SNMP server.
RADIUS client To configure the VRF name in outbound Telnet sessions, enter the following command at the privileged EXEC level: device(config)# telnet vrf red 10.157.22.39 Syntax: telnet vrf vrf-name IPv4address | ipv6 IPv6address The vrf-name variable specifies the name of the pre-configured VRF.
Syslog Syslog When the management VRF is configured, the Syslog module sends log messages only through the ports belonging to the management VRF and the out-of-band management port. Any change in the management VRF configuration will be immediately effective for Syslog. NOTE The Syslog source interface configuration command ip syslog source-interface must be compatible with the management VRF configuration.
Configuration notes Configuration notes Consider the following configuration notes: • If there is a management VRF already configured, you must remove the existing management VRF configuration before configuring a new one. If not, the system displays the following error message. device(config)# management-vrf red Error - VRF mvrf already configured as management-vrf • If you try to delete a management VRF that was not configured, the system displays the following error message.
Configuring Multi-VRF TABLE 135 show vrf output descriptions (Continued) This field Displays IP Router-Id The 32-bit number that uniquely identifies the router. Number of Unicast Routes The number of Unicast routes configured on this VRF. The show who command displays information about the management VRF from which the Telnet and SSH connection has been established.
Configuring sFlow with Multi-VRFs Traps SysLogs - TCP Connection rejects: Telnet : SSH (Strict): TACACS+ Client : 0 0 0 685 0 Syntax: show management-vrf TABLE 136 show management-vrf output descriptions This field Displays Management VRF name Displays the configured management VRF name. Management Application Displays the management application names. Rx Drop Pkts Displays the number of packets dropped in the inbound traffic.
Configuring static-ARP for Multi-VRFs To distinguish collected packets in different VRFs, refer to the in vlan and out vlan data fields for each captured ingress packet. For example, in the case of two collected packets from different VRFs but with the same source/destination IP, and same incoming/outgoing port, the VLAN fields is different between the two samples. A VLAN/VE can only belong to one VRF.
Configuring static-ARP on default VRFs Configuring static-ARP on default VRFs This command is used to configure static-ARP entries on default VRFs. The command is backward compatible, and all static-ARP entries configured in previous releases are supported by the default VRF. Brocade(config)# arp 192.168.1.100 0000.2344.2441 eth 7/1 Syntax:[no] arp ip-address mac-address ethernet port Configuring static-ARP on non-default VRFs This command is used to configure static-ARP entries on a VRF interface.
Configuring DAI to support a Multi-VRF instance Configuring DAI to support a Multi-VRF instance Dynamic ARP Inspection (DAI) enables the Brocade device to intercept and examine all ARP request and response packets in a subnet and discard those packets with invalid IP to MAC address bindings. DAI can prevent common man-in-the-middle (MiM) attacks such as ARP cache poisoning, and disallow mis-configuration of client IP addresses.
Configuring static-neighbor on non-default VRFs Configuring static-neighbor on non-default VRFs This command configures static-neighbor entries on a VRF interface. The command is specific to VRF AF mode, and is enabled when IPv6 AF is configured. For example: Brocade(config)# Brocade(config)# vrf customer-1 Brocade(config-vrf-customer-1)# address-family ipv6 Brocade(config-vrf-customer-1-ipv4)# ipv6 neighbor 2000::1 eth 7/1 0.0.
View all configured VRFs in summary mode View all configured VRFs in summary mode To see all configured VRFs in summary mode, enter the show vrf command. The following is an example of the output.
View DHCPv6 snooping status and ports View DHCPv6 snooping status and ports To see DHCPv6 snooping status and ports, enter the show ipv6 dhcp6 snooping vlan command. The following is an example of the output.
Step 1: System-max configuration FIGURE 40 Multi-VRF topology example This topology is a network owned by an enterprise. Normal corporate traffic must pass through the firewall so that company policy can be enforced. However, a secondary Internet connection has been added to this network: an unrestricted internet access designated for guests visiting the corporate campus. The 172.16.0.0/16 network is used for Corporate traffic, and 192.168.0.0/16 is used for Guest traffic.
Configuring Multi-VRF ip arp age:10 min ip addr per intf:24 : : System Parameters ip-arp ip-static-arp pim-mcache : : ip-route ip-static-route : : ip-vrf ip-route-default-vrf ip6-route-default-vr ip-route-vrf ip6-route-vrf R1(config)# bootp relay max hops:4 ip ttl:64 hops Default 4000 512 1024 Maximum 64000 6000 4096 Current 4000 512 1024 Configured 4000 512 1024 12000 64 15168 2048 12000 64 12000 64 16 12000 908 1024 100 16 15168 2884 15168 2884 16 12000 908 1024 100 16 12000 908 1024 100 I
Step 2: Configuring VRFs Step 2: Configuring VRFs The following illustrates configuring the VRF R1. R1(config)#vrf corporate R1(config-vrf-corporate)#rd 11:11 R1(config-vrf-corporate)#ip router-id 1.1.1.1 R1(config-vrf-corporate)#address-family ipv4 R1(config-vrf-corporate-ipv4)# R1(config-vrf-corporate-ipv4)#exit R1(config)#vrf guest R1(config-vrf-guest)#rd 10:10 R1(config-vrf-corporate)#ip router-id 1.1.1.
Show IP OSPF neighbor and show ip route output for each VRF been removed R1(config-vif-30)#ip add 192.168.3.1/30 R1(config-vif-30)#ip ospf area 0 R1(config-vif-30)#exit R1(config)#interface ve 31 R1(config-vif-31)#vrf forwarding corporate Warning: All IPv4 and IPv6 addresses (including link-local) on this interface have been removed R1(config-vif-31)#ip address 172.16.3.
Configuring Multi-VRF 7 662 192.168.5.0/30 192.168.6.0/30 192.168.4.2 192.168.4.
Layer 3 Routing Commands ● arp-internal-priority........................................................................................................ 664 ● ipv6 nd router-preference..............................................................................................665 ● ipv6-address auto-gen-link-local................................................................................... 666 ● use-v2-checksum...........................................................................................
arp-internal-priority arp-internal-priority Configures the priority of ingress ARP packets. Syntax Command Default Parameters arp-internal-priority priority-value The default priority of ingress ARP packets is 4. priority-value Specifies the priority value of the ingress ARP packets. It can take a value in the inclusive range of 0 to 7, where 7 is the highest priority.
ipv6 nd router-preference ipv6 nd router-preference Enables IPv6 router advertisement preference Enables IPv6 router advertisement (RA) messages to communicate default router preferences from IPv6 routers to IPv6 hosts in network topologies where the host has multiple routers on its Default Router List. The no form disables IPv6 router preference.
ipv6-address auto-gen-link-local ipv6-address auto-gen-link-local Generates a virtual link-local IPv6 address and assigns it as the virtual IPv6 address for a VRRPv3 instance. The no form of this command deletes the auto-generated virtual link-local IPv6 address for the VRRP v3 instance.
use-v2-checksum use-v2-checksum Enables the v2 checksum computation method for VRRPv3. The no form of this command enables the default v3 checksum computation method in VRRPv3. Syntax use-v2-checksum no use-v2-checksum Command Default Modes VRRPv3 uses v3 checksum computation method. VRRP configuration mode Usage Guidelines Some non-Brocade devices only use the v2 checksum computation method in VRRPv3.
accept-mode accept-mode Enables the non-Owner Master router to respond to ping, traceroute, and Telnet packets destined for the virtual IPv4 or IPv6 address of a VRRP cluster. Syntax accept-mode no accept-mode Command Default Modes Usage Guidelines A VRRP non-Owner Master router does not respond to any packet destined for the virtual IPv4 or IPv6 address.
ipv6 nd skip-interface-ra ipv6 nd skip-interface-ra Disables the default interface-level IPv6 RA messages on an interface configured with IPv6 VRRP or VRRP-E. The no form of this command enables the default interface-level IPv6 RA messages on an interface configured with IPv6 VRRP or VRRP-E. Syntax ipv6 nd skip-interface-ra no ipv6 nd skip-interface-ra Command Default Parameters Modes The IPv6-enabled interface sends the default IPv6 Router Advertisement (RA) messages.
hello-interval hello-interval Specifies the hello-interval configuration. Specifies the hello-interval in milliseconds or seconds for IPv4 VRRP and IPv6 VRRP. Syntax hello-interval [seconds] hello-interval [milliseconds] hello-interval msec [milliseconds] [no] hello-interval Command Default Parameters The hello-interval is not set. seconds Specifies the hello-interval in seconds from 1 through 40 seconds for IPv4 VRRP, IPv4 VRRPv3, VRRP-E, and IPv6 VRRP-E. The default is 1 second.
version version Allows you to select either version 2 or version 3 of VRRP. Allows you to select either version 2 or version 3 of the VRRP. Syntax version {v2 |v3} [no] version v3 Command Default Parameters The default is VRRP version 2. v2 Selects version 2 of VRRP. v3 Selects version 3 of VRRP. Modes Usage Guidelines Examples VRRP virtual router ID configuration. You can choose either version 2 or version 3 of IPv4 VRRP. The default IPv4 VRRP configuration is VRRPv2.
ip arp inspection validate ip arp inspection validate Validates the ARP packet destination MAC, ARP Packet IP address and source MAC address. Syntax Command Default Parameters ip arp inspection validate [dst-mac | ip | src-mac] The IP ARP packet validation is disabled. dst-mac Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body for ARP responses. When enabled, packets with different MAC addresses are classified as invalid and are dropped.
