53-1003246-01 July 2014 Brocade Virtual ADX Switch and Router Guide Supporting Brocade Virtual ADX version 03.1.
Copyright © 2010 Brocade Communications Systems, Inc. All Rights Reserved. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Contents Preface Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Text formatting conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . . . xii Notes, cautions, and warnings . . . . . . . . . . . . . . . . . . . . . . . . . . xii Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 3 Configuring Virtual LANs (VLANs) Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Types of VLANs supported. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 802.1q tagging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Virtual routing interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring IP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Configuring IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 Configuring Domain Name Server (DNS) resolver. . . . . . . . . . . 56 Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Specifying a single source interface for Telnet, TACACS/TACACS+, or RADIUS packets . . . . . . . . . . . . . . . . . . . . 62 Configuring ARP parameters . . . . . . .
Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 OSPF parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Enable OSPF on the router . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Assign OSPF areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 Assigning an area range (optional) . . . . . . . . .
Configuring OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152 Enabling OSPFv3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Assigning OSPFv3 areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153 Assigning interfaces to an area . . . . . . . . . . . . . . . . . . . . . . . .158 Changing the reference bandwidth for the cost on OSPFv3 interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Redistributing IBGP routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213 Enabling or disabling comparison of device IDs . . . . . . . . . . . . . . .213 Four-byte Autonomous System Numbers (AS4) . . . . . . . . . . . . . . .214 Enabling AS4 numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Specifying a maximum AS path length . . . . . . . . . . . . . . . . . . . . . .218 Setting a global maximum AS path limit . . . . . . . . . . . . . . . . .
Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Filtering AS-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Filtering communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .249 Defining and applying IP prefix lists . . . . . . . . . . . . . . . . . . . . .250 Defining neighbor distribute lists . . . . . . . . . . . . . . . . . . . . . . .251 Defining route maps . . . . . . . . . . . . . . . . . .
Displaying BGP4+ information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320 Displaying the BGP4+ route table. . . . . . . . . . . . . . . . . . . . . . .321 Displaying BGP4+ route information . . . . . . . . . . . . . . . . . . . .326 Displaying BGP4+ route-attribute entries. . . . . . . . . . . . . . . . .327 Displaying the BGP4+ running configuration. . . . . . . . . . . . . .329 Displaying dampened BGP4+ paths. . . . . . . . . . . . . . . . . . . . .
Preface Document conventions The document conventions describe text formatting conventions, command syntax conventions, and important notice formats used in Brocade technical documentation. Text formatting conventions Text formatting conventions such as boldface, italic, or Courier may be used in the flow of the text to highlight specific words or phrases.
Command syntax conventions Bold and italic text identify command syntax components. Delimiters and operators define groupings of parameters and their logical relationships. Convention Description bold text Identifies command names, keywords, and command options. italic text Identifies a variable. [] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets.
Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.
Document feedback • Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider. Document feedback To send feedback and report errors in the documentation you can use the feedback form posted with the document or you can e-mail the documentation team.
Chapter Configuring Basic Features 1 This chapter describes how to configure basic, non-protocol features on Brocade Virtual ADX devices using the CLI. Brocade devices are configured at the factory with default parameters that allow you to begin using the basic features of the system immediately. However, many of the advanced features such as VLANs or routing protocols must be enabled at the system (global) level before they can be configured.
1 Configuring basic system parameters The name, contact, and location each can be up to 32 alphanumeric characters. Here is an example of how to configure a Layer 3 Switch name, system contact, and location. Virtual ADX(config)# hostname home home(config)# snmp-server contact Suzy Sanchez home(config)# snmp-server location Centerville home(config)# end home# write memory Syntax: hostname string Syntax: snmp-server contact string Syntax: snmp-server location string The text strings can contain blanks.
Configuring basic system parameters 1 To add a trap receiver and encrypt the display of the community string, enter commands such as the following. To specify an SNMP trap receiver and change the UDP port that will be used to receive traps, enter a command such as the following. Virtual ADX(config)# # snmp-server host 10.2.2.
1 Configuring basic system parameters To specify a port, loopback interface, or virtual routing interface whose lowest-numbered IP address the Brocade device must use as the source for all SNMP traps sent by the device, use the following CLI method. To configure the device to send all SNMP traps from the first configured IP address on port 4/11, enter the following commands.
Configuring basic system parameters 1 NOTE The Privileged EXEC level is sometimes called the “Enable” level, because the command for accessing this level is enable. The feature is enabled by default.
1 Configuring basic system parameters To disable logging of CLI access, enter the following commands. Virtual Virtual Virtual Virtual ADX(config)# no logging enable user-login ADX(config)# write memory ADX(config)# end ADX# reload Syntax: [no] logging enable user-login Configuring SNMP version 3 traps Virtual ADX supports SNMP notifications in SMIv2 format. This allows notifications to be encrypted and sent to the target hosts in a secure manner.
Configuring basic system parameters 1 You can define a port that receives the SNMP v3 traps by entering a command such as the following. Virtual ADX(config)# snmp-server host 192.168.4.11 version v3 auth security-name port 165 Syntax: [no] snmp-server host ip-address version [v1 | v2c community-string | v3 auth | noauth | priv security-name] [port trap-UDP-port-number] The ip-address parameter specifies the IP address of the host that will receive the trap. For version, indicate one of the following.
1 Configuring basic system parameters The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then designate the interface as the source for all Telnet packets from the Layer 3 Switch. Syntax: ip telnet source-interface ethernet portnum | loopback num | ve num The following commands configure an IP interface on an Ethernet port and designate the address port as the source for all Telnet packets from the Layer 3 Switch.
Configuring basic system parameters 1 Setting a message of the day banner You can configure the Brocade device to display a message on a user’s terminal when he or she establishes a Telnet CLI session. For example, to display the message “Welcome to Brocade Virtual ADX!” when a Telnet CLI session is established. Virtual ADX(config)# banner motd $ (Press Return) Enter TEXT message, End with the character '$'.
1 Configuring basic port parameters To remove the banner, enter the no banner incoming command. Configuring terminal display You can configure and display the number of lines displayed on a terminal screen during the current CLI session. The terminal length command allows you to determine how many lines will be displayed on the screen during the current CLI session. This command is useful when reading multiple lines of displayed information, especially those that do not fit on one screen.
Configuring basic Layer 2 parameters 1 Assigning a port name A port name can be assigned to help identify interfaces on the network. You can assign a port name to physical ports, virtual routing interfaces, and loopback interfaces. To assign a name to a port, enter the following commands. Virtual ADX(config)# interface e 2 Virtual ADX(config-if-2)# port-name Marsha Markey Syntax: port-name text The text parameter is an alphanumeric string. The name can be 255 characters long. The name can contain blanks.
1 Configuring basic Layer 2 parameters Changing the MAC age time This parameter sets the aging period for ports on the device, defining how long a port address remains active in the address table. This parameter value can be 0 or a number from 67 – 65535 seconds. The zero value results in no address aging. The default value for this field is 300 (seconds). To change the aging period for MAC addresses from the default value of 300 seconds to 600 seconds, enter the following command.
Configuring basic Layer 2 parameters 1 NOTE The location of the static-mac-address command in the CLI depends on whether you configure port-based VLANs on the device. If the device does not have more than one port-based VLAN (VLAN 1, which is the default VLAN that contains all the ports), the static-mac-address command is at the global CONFIG level of the CLI. If the device has more than one port-based VLAN, then the static-mac-address command is not available at the global CONFIG level.
1 Configuring static MAC addresses NOTE The second command is optional and also creates the VLAN if the VLAN does not already exist. You can enter the first command after you enter the second command if you first exit to the global CONFIG level of the CLI. Assigning IEEE 802.1q tagging to a port When a port is tagged, it allows communication among the different VLANs to which it is assigned.
Configuring static MAC addresses 1 The portnum variable specifies the Ethernet port or ports that the MAC address is being assigned to. Use the to ethernet portnum option if you want to assign the MAC address to a range of ports. Using the priority option, you can assign a value to the number variable of 0 – 7. Displaying mac addresses You can display all MAC addresses learned or configured on a Virtual ADXas shown in the following.
1 Configuring system parameter settings Configuring system parameter settings Brocade devices have default table sizes for the following parameters. The table sizes determine the maximum number of entries the tables can hold.
Configuring system parameter settings TABLE 2 1 System parameters (Continued) System parameter Description ip-cache IP cache entries supported ip-filter-port Number of IP filter ports supported ip-filter-sys Number of IP filter entries supported ip-route Number of IP routes supported ip-static-arp Static ARP entries supported ip-static-route Number of IP static routes supported ip-subnet-port Number of IP subnets per port supported ip6-cache IPv6 cache entries supported ip6-neigh Numb
1 Configuring system parameter settings The num varaible specifies the maximum number for the system parameter. The minimum, maximum and default values for a system parameter are determined by the license that is active on your system. For actual values associated with your license, refer to the Brocade Virtual ADX Licensing Guide. To display the system parameters, and their defaults and maximum values, enter the show default values command at any level of the CLI.
Chapter Configuring Basic Layer 3 2 Configuring basic Layer 3 overview This chapter describes how to configure static IP in the Layer 3 software image. The Layer 2 with Layer 3 software image contains all the system-level features in the Layer 2 images, along with the following: • • • • • Static IP routes Routing between directly connected subnets The procedures in this chapter describe how to perform the following tasks: Add a static IP route. Add a static entry to the ARP table.
2 Disabling Layer 2 switching Disabling Layer 2 switching The Route Only feature allows a port to be configured in a mode that only packets meant for Layer-3 forwarding are forwarded by the system. All Layer-2 traffic arriving at the port that would have been switched is discarded. Packets destined to the switch itself are still sent to CPU for processing. Route Only can also be configured globally which applies the Route Only feature to all ports in the system.
Additional features 2 Additional features For information about the other IP configuration commands in the Virtual ADX router image, refer to “Configuring IP” on page 47.
2 22 Additional features Brocade Virtual ADX Switch and Router Guide 53-1003246-01
Chapter Configuring Virtual LANs (VLANs) 3 This chapter describes how to configure Virtual LANs (VLANs) on a Virtual ADX. The “Overview” section provides basic information about VLAN options available on a Virtual ADX. Following this section, other sections provide configuration procedures and examples. To display configuration information for VLANs, refer to “Displaying VLAN information” on page 44. Overview This section describes the Virtual ADX VLAN features.
3 Overview FIGURE 1 Brocade device containing user-defined Layer 2 port-based VLAN A port can belong to only one port-based VLAN, unless you apply 802.1q tagging to the port. 802.1q tagging allows the port to add a four-byte tag field, which contains the VLAN ID, to each packet sent on the port. You also can configure port-based VLANs that span multiple devices by tagging the ports within the VLAN. The tag enables each device that receives the packet to determine the VLAN the packet belongs to. 802.
Overview 3 Integrated Switch Routing (ISR) The Integrated Switch Routing (ISR) feature enables VLANs configured on Virtual ADX Layer 3 Switches to route Layer 3 traffic from one IP subnet to another. Normally, to route traffic from one IP subnet VLAN to another, you would need to forward the traffic to an external router. The VLANs provide Layer 3 broadcast domains for these protocols but do not in themselves provide routing services for these protocols.
3 Overview FIGURE 2 Default Layer 2 port-based VLAN When you configure a port-based VLAN, one of the configuration items you provide is the ports that are in the VLAN. When you configure the VLAN, the Virtual ADX automatically removes the ports that you place in the VLAN from DEFAULT-VLAN. By removing the ports from the default VLAN, the Virtual ADX ensures that each port resides in only one Layer 2 broadcast domain. NOTE Information for the default VLAN is available only after you define another VLAN.
Overview 3 • The default tag value is 8100 (hexadecimal). This value comes from the 802.1q specification. You can change this tag value on a global basis on a Virtual ADX if needed to be compatible with other vendors’ equipment. • The VLAN ID is determined by the VLAN on which the packet is being forwarded. Figure 3 shows the format of packets with and without the 802.1q tag. The tag format is vendor-specific.
3 Overview FIGURE 4 VLANs configured across multiple devices Virtual routing interfaces A virtual routing interface is a logical routing interface that Brocade Layer 3 Switches use to route Layer 3 protocol traffic between protocol VLANs. Brocade devices send Layer 3 traffic at Layer 2 within a VLAN. However, Layer 3 traffic from one VLAN to another must be routed.
Overview FIGURE 5 3 Use virtual routing interfaces for routing between IP subnet VLANs VLAN and virtual routing interface groups To simplify configuration, you can configure VLAN groups and virtual routing interface groups. When you create a VLAN group, the VLAN parameters you configure for the group apply to all the VLANs within the group.
3 Overview • Static ports You also can explicitly exclude ports. Dynamic ports Dynamic ports are added to a VLAN when you create the VLAN. However, if a dynamically added port does not receive any traffic for the VLAN’s IP subnet within ten minutes, the port is removed from the VLAN. However, the port remains a candidate for port membership. Thus, if the port receives traffic for the VLAN’s IP subnet, the Virtual ADX adds the port back to the VLAN.
Overview FIGURE 7 3 VLAN with dynamic ports—candidate ports become active again if they receive protocol traffic Static ports Static ports are permanent members of the IP subnet VLAN. The ports remain active members of the VLAN regardless of whether the ports receive traffic for the VLAN’s protocol. You must explicitly identify the port as a static port when you add it to the VLAN. Otherwise, the port is dynamic and is subject to aging out.
3 Routing between VLANs To "leak" Layer 3 broadcast traffic, an active port sends 1/8th of the Layer 3 broadcast traffic to the inactive (aged out) ports. Static ports do not age out and do not leak broadcast packets. Summary of VLAN configuration rules A hierarchy of VLANs exists between the Layer 2 and Layer 3 protocol-based VLANs: • Port-based VLANs are at the lowest level of the hierarchy. • IP subnet VLANs are at the top of the hierarchy.
Routing between VLANs 3 Bridging and routing the same protocol simultaneously on the same device Some configurations may require simultaneous switching and routing of the same single protocol across different sets of ports on the same router. When IP routing is enabled on a Brocade Layer 3 Switch, you can route these protocols on specific interfaces while bridging them on other interfaces. In this scenario, you can create two separate backbones for the same protocol, one bridged and one routed.
3 Routing between VLANs If you do not want the ports to have dynamic membership, you can add them statically. This eliminates the need to explicitly exclude the ports that you do not want to participate in a particular Layer 3 VLAN. Assigning a different VLAN ID to the default VLAN When you enable port-based VLANs, all ports in the system are added to the default VLAN. By default, the default VLAN ID is “VLAN 1”. The default VLAN is not configurable.
Routing between VLANs FIGURE 8 3 Port-based VLANs 222 and 333 To create the two port-based VLANs shown in Figure 8, use the following method.
3 Routing between VLANs Syntax: vlan vlan-id by port Syntax: untagged ethernet portnum [to portnum | ethernet portnum] Modifying a port-based VLAN You can make the following modifications to a port-based VLAN: • Add or delete a VLAN port. • Change its priority. • Enable or disable STP. Removing a port-based VLAN Suppose you want to remove VLAN 5 for example. To do so, use the following procedure. 1. Access the global CONFIG level of the CLI on by entering the following commands.
Configuring IP subnet VLANs 3 3. Enter the following commands. Virtual Virtual deleted Virtual ADX-A(config-vlan-4)# ADX-A(config-vlan-4)# no untag ethernet 3 port ethe 11 from port-vlan 4. ADX-A(config-vlan-4)# 4. Enter the following commands to exit the VLAN CONFIG mode and save the configuration to the system-config file on flash memory.
3 Configuring IP subnet VLANs FIGURE 9 Subnet based (Layer 3) VLANs To configure the VLANs shown in Figure 9, use the following procedure. 1. To permanently assign ports 23 and port 25 to IP subnet VLAN 10.1.1.0, enter the following commands. Virtual ADX en No password has been assigned yet... Virtual ADX# config t Virtual ADX(config)# Virtual ADX(config)# vlan 25 Virtual ADX(config-vlan-25)# ip-subnet 10.1.1.
Configuring the same IP subnet address on multiple port-based VLANs 3 Virtual ADX(config-ip-subnet)# ip-subnet 10.1.3.0/24 name Brown Virtual ADX(config-ip-subnet)# no dynamic Virtual ADX(config-ip-subnet)# static ethernet 24 to 25 Syntax: ip-subnet ip-addr ip-mask [name string] Configuring an IP subnet VLAN with dynamic ports To configure an IP subnet VLAN with dynamic ports, the following method.
3 Configuring the same IP subnet address on multiple port-based VLANs FIGURE 10 Multiple port-based VLANs with separate protocol addresses As shown in this example, each VLAN has a separate IP subnet address. If you need to conserve IPsubnet addresses, you can configure multiple VLANs with the same IP subnet address, as shown in Figure 11.
Configuring the same IP subnet address on multiple port-based VLANs FIGURE 11 3 Multiple port-based VLANs with the same protocol address Each VLAN still requires a separate virtual routing interface. However, all three VLANs now use the same IP subnet address. In addition to conserving IP subnet addresses, this feature allows containment of Layer 2 broadcasts to segments within an IP subnet.
3 Configuring the same IP subnet address on multiple port-based VLANs NOTE If the Brocade device’s ARP table does not contain the requested host, the Brocade device forwards the ARP request on Layer 2 to the same VLAN as the one that received the ARP request. Then the device sends an ARP for the destination to the other VLANs that are using the same IP subnet address. • If the destination is in the same VLAN as the source, the Brocade device does not need to perform a proxy ARP.
Configuring a virtual routing interface and assigning an IP address on a port-based VLAN 3 Configuring a virtual routing interface and assigning an IP address on a port-based VLAN In the following example, a Virtual ADX uses the ISR functionality to Layer-2 switch packets within a VLAN while allowing Layer 3 switching across VLANs from one IP subnet to another. In this example, two hosts connected to port 1and port 2 in the same IP subnet can directly send IP packets to each other through VLAN 10.
3 Displaying VLAN information The num parameter indicates the maximum number of VLANs. Increasing the number of virtual routing interfaces you can configure By default, the number of virtual interfaces (a.k.a. VE interfaces) supported in layer 3 router code is 1024. Increasing the size of the virtual routing interface table, which determines how many virtual routing interfaces you can configure, allows you to raise this limit up to 4095.
Displaying VLAN information 3 Virtual ADX(config)# show vlans Total PORT-VLAN entries: 2 Maximum PORT-VLAN entries: 8 legend: [S=Slot] PORT-VLAN Untagged Untagged Untagged Untagged Tagged 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off Ports: (S2) 1 2 Ports: (S2) 3 Ports: (S4) 1 2 Ports: (S4) 3 Ports: None PORT-VLAN 10, Name IP_VLAN, Priority level0, Spanning tree Off Untagged Ports: (S1) 1 2 3 Tagged Ports: None IP-subnet VLAN 10.1.1.0 255.255.255.
3 Displaying VLAN information Virtual ADX(config)# show vlans e 7/1 Total PORT-VLAN entries: 3 Maximum PORT-VLAN entries: 8 legend: [S=Slot] PORT-VLAN 100, Name [None], Priority level0, Spanning tree Off Untagged Ports: (S7) 1 2 3 4 Tagged Ports: None IP-subnet VLAN 10.95.11.0 255.255.255.
Chapter Configuring IP 4 This chapter describes the Internet Protocol (IP) parameters on the Virtual ADX and how to configure them. Basic configuration IP is enabled by default. Basic configuration consists of adding IP addresses and enabling a route exchange protocol. Refer to “Configuring IP addresses” on page 54 to add IP addresses, then see one or more of the following to enable and configure the route exchange protocols: The rest of this chapter describes IP and how to configure it in more detail.
4 Overview • IP route table • IP forwarding cache The software enables you to display these tables. You also can change the capacity of the tables on an individual basis if needed by changing the memory allocation for the table. ARP cache and static ARP table The ARP cache contains entries that map IP addresses to MAC addresses. Generally, the entries are for devices that are directly attached to the Layer 3 Switch.
Overview 4 • A directly-connected destination, which means there are no router hops to the destination • A static IP route, which is a user-configured route The IP route table contains the best path to a destination. • When the software receives paths from more than one of the sources listed above, the software compares the administrative distance of each path and selects the path with the lowest administrative distance. The administrative distance is a protocol-independent value from 1 – 255.
4 Basic IP parameters and defaults IP Address 192.168.1.11 1 Next Hop DIRECT MAC 0000.0000.0000 Type PU Port n/a Vlan Pri 0 Each IP forwarding cache entry contains the IP address of the destination, and the IP address and MAC address of the next-hop router interface to the destination. If the destination is actually an interface configured on the Layer 3 Switch itself, as shown here, then next-hop information indicates this.
4 Basic IP parameters and defaults • To save the configuration changes using the Web management interface, select the Save link at the bottom of the dialog. Select Yes when prompted to save the configuration change to the startup-config file on the device’s flash memory. You also can access the dialog for saving configuration changes by clicking on Command in the tree view, then clicking on Save to File.
4 Basic IP parameters and defaults TABLE 3 IP global parameters (Continued) Parameter Description Default See page... Directed broadcast mode The packet format the router treats as a directed broadcast. The following formats can be directed broadcast: • All ones in the host portion of the packet’s destination address. • All zeroes in the host portion of the packet’s destination address. All ones Note: If you enable all-zeroes directed broadcasts, all-ones directed broadcasts remain enabled.
Basic IP parameters and defaults TABLE 3 4 IP global parameters (Continued) Parameter Description Default See page... Static route An IP route you place in the IP route table. No entries page 68 Source interface The IP address the router uses as the source address for Telnet, RADIUS, or TACACS/TACACS+ packets originated by the router. The router can select the source address based on either of the following: • The lowest-numbered IP address on the interface the packet is sent on.
4 Configuring IP parameters TABLE 4 IP interface parameters (Continued) Parameter Description Default See page... UDP broadcast forwarding The router can forward UDP broadcast packets for UDP applications such as BootP. By forwarding the UDP broadcasts, the router enables clients on one subnet to find servers attached to other subnets.
Configuring IP parameters 4 • To enter a classical network mask, enter the mask in IP address format. For example, enter “10.157.22.99 255.255.255.0” for an IP address with a Class-C subnet mask. • To enter a prefix network mask, enter a forward slash ( / ) and the number of bits in the mask immediately after the IP address. For example, enter “10.157.22.99/24” for an IP address that has a network mask with 24 significant bits (ones).
4 Configuring IP parameters NOTE The Virtual ADX uses the lowest MAC address on the device (the MAC address of port 1 or 1/1) as the MAC address for all ports within all virtual interfaces you configure on the device. To add a virtual interface to a VLAN and configure an IP address on the interface, enter commands such as the following. Virtual Virtual Virtual Virtual Virtual ADX(config)# vlan 2 name IP-Subnet_10.1.2.
Configuring IP parameters 4 The Brocade Layer 3 Switch qualifies the host name by appending a domain name. For example, mary.eng.company.com. This qualified name is sent to the DNS server for resolution. If there are four DNS servers configured, it is sent to the first DNS server. If the host name is not resolved, it is sent to the second DNS server. If a match is found, a response is sent back to the client with the host’s IP address. If no match is found, a “unknown host” message is returned.
4 Configuring IP parameters FIGURE 13 DNS resolution with host name in DNS Cache Table However, if “mary.eng.company.com” is not in the DNS cache table, as in Figure 14, the host name is resolved as follows. 1. A command to ping “mary” is entered at the client. 2. The Brocade device appends the first domain name to “mary” and sends the qualified host name “mary.facilities.company.com” to the DNS Cache table. 3. The DNS cache table does not have a “mary.facilities.company.
Configuring IP parameters FIGURE 14 4 DNS resolution with host name not in DNS Cache Table Over a period of time, there may be changes to the information in the DNS cache table. For example, a host’s IP address can change, making the entries in the DNS cache table to be invalid. The Brocade device polls each entry in the DNS cache table to determine if the information in the DNS cache table is still valid. By default, the Brocade device sends a ping to the host every 1 minute.
4 Configuring IP parameters Using a DNS name to initiate a trace route Suppose you want to trace the route from a Virtual ADX to a remote server identified as EX02 on domain example1.com. Because the example1.com domain is already defined on the Layer 3 Switch, you need to enter only the host name, EX02, as noted below.
Configuring IP parameters 4 Virtual ADX(config)# ip dns server-address 10.157.22.199 10.96.7.15 10.95.7.25 10.98.7.15 Syntax: [no] ip dns server-address ip-addr [ip-addr] [ip-addr] [ip-addr] In the example above, the first DNS server entered becomes the primary DNS server and all others are secondary servers. Because DNS IP address 10.98.7.15 is the last DNS server listed, it is also the last DNS server consulted to resolve a query.
4 Configuring IP parameters Specifying a single source interface for Telnet, TACACS/TACACS+, or RADIUS packets When the Layer 3 Switch originates a Telnet, TACACS/TACACS+, or RADIUS packet, the source address of the packet is the lowest-numbered IP address on the interface that sends the packet. You can configure the Layer 3 Switch to always the lowest-numbered IP address on a specific interface as the source addresses for these types of packets.
Configuring IP parameters Virtual Virtual Virtual Virtual 4 ADX(config)# interface ethernet 1 ADX(config-if-1)# ip address 10.157.22.110/24 ADX(config-if-1)# exit ADX(config)# ip telnet source-interface ethernet 1 TACACS/TACACS+ packets To specify the lowest-numbered IP address configured on a virtual interface as the device’s source for all TACACS/TACACS+ packets, enter commands such as the following. Virtual Virtual Virtual Virtual ADX(config)# int ve 1 ADX(config-vif-1)# ip address 10.0.0.
4 Configuring IP parameters The Virtual ADX encapsulates IP packets in Layer 2 packets regardless of whether the ultimate destination is locally attached or is multiple router hops away. Since the Virtual ADX’s IP route table and IP forwarding cache contain IP address information but not MAC address information, the Virtual ADX cannot forward IP packets based solely on the information in the route table or forwarding cache.
Configuring IP parameters 4 • Forwarding of source-routed packets • Ones-based and zero-based broadcasts All these parameters are global and thus affect all IP interfaces configured on the Virtual ADX running router code. To configure these parameters, use the procedures in the following sections. Changing the TTL threshold The TTL threshold prevents routing loops by specifying the maximum number of router hops an IP packet originated by the Virtual ADX can travel through.
4 Configuring IP parameters Disabling forwarding of IP source-routed packets A source-routed packet specifies the exact router path for the packet. The packet specifies the path by listing the IP addresses of the router interfaces through which the packet must pass on its way to the destination. The Virtual ADX running router code supports both types of IP source routing: • Strict source routing – requires the packet to pass through only the listed routers.
Configuring IP parameters 4 To enable the Layer 3 Switch for zero-based IP subnet broadcasts in addition to ones-based IP subnet broadcasts, enter the following command. Virtual ADX(config)# ip broadcast-zero Syntax: [no] ip broadcast-zero Disabling ICMP messages The Virtual ADX is enabled to reply to ICMP echo messages and send ICMP Destination Unreachable messages by default.
4 Configuring IP parameters Virtual ADX(config)# int e 3 Virtual ADX(config-if-e100-3)# no ip redirect Syntax: [no] ip redirect Configuring static routes The IP route table can receive routes from the following sources: • Directly-connected networks – When you add an IP interface, the Virtual ADX automatically creates a route for the network the interface is in.
Configuring IP parameters 4 • The route’s administrative distance – The value that the Virtual ADX uses to compare this route with routes from other route sources to the same destination before placing a route in the IP route table. This parameter does not apply to routes that are already in the IP route table. The default administrative distance for static IP routes is 1.
4 Configuring IP parameters When you configure a static IP route, you specify the destination address for the route and the next-hop gateway or Virtual ADX interface through which the Layer 3 Switch can reach the route. The Virtual ADX adds the route to the IP route table. In this case, Router A knows that 10.95.6.157 is reachable through port 1/2, and also assumes that local interfaces within that subnet are on the same port. Router A deduces that IP interface 10.95.7.188 is also on port 1/2.
Configuring IP parameters 4 NOTE The port or virtual interface you use for the static route’s next hop must have at least one IP address configured on it. The address does not need to be in the same subnet as the destination network. The metric parameter can be a number from 1 – 16. The default is 1. The distance num parameter specifies the administrative distance of the route.
4 Configuring IP parameters NOTE The last two parameters are optional and do not affect the null route, unless you configure the administrative distance to be 255. In this case, the route is not used and the traffic might be forwarded instead of dropped.
Configuring IP parameters 4 For complete syntax information, refer to “Configuring a static IP route” on page 70. Configuring standard static IP routes and interface or null static routes to the same destination You can configure a null0 or interface-based static route to a destination and also configure a normal static route to the same destination, so long as the route metrics are different.
4 Configuring IP parameters FIGURE 16 Standard and null static routes to the same destination network Figure 17 shows another example of two static routes. In this example, a standard static route and an interface-based static route are configured for destination network 192.168.6.0/24. The interface-based static route has a lower metric than the standard static route. As a result, the Virtual ADX always prefers the interface-based route when the route is available.
Configuring IP parameters FIGURE 17 4 Standard and interface routes to the same destination network To configure a standard static IP route and a null route to the same network as shown in Figure 16 on page 74, enter commands such as the following. Virtual ADX(config)# ip route 192.168.7.0/24 192.168.6.157/24 1 Virtual ADX(config)# ip route 192.168.7.0/24 null0 3 The first command configures a standard static route, which includes specification of the next-hop gateway.
4 Configuring IP parameters Configuring a default network route The Virtual ADX enables you to specify a candidate default route without the need to specify the next hop gateway. If the IP route table does not contain an explicit default route (for example, 0.0.0.0/0) or propagate an explicit default route through routing protocols, the software can use the default network route as a default route instead.
4 Configuring IP parameters Virtual ADX(config)# show ip route Total number of IP routes: 2 Start index: 1 B:BGP D:Connected S:Static O:OSPF *:Candidate default Destination NetMask Gateway Port Cost 1 10.157.20.0 255.255.255.0 0.0.0.0 lb1 1 2 10.157.22.0 255.255.255.0 0.0.0.0 4/11 1 Type D *D This example shows two routes. Both of the routes are directly attached, as indicated in the Type column. However, one of the routes is shown as type “*D”, with an asterisk (*).
4 Configuring IP parameters When the software receives multiple paths to the same destination and the paths are from different sources, the software compares the administrative distances of the paths and selects the path with the lowest distance. The software then places the path with the lowest administrative distance in the IP route table.
Configuring IP parameters TABLE 5 Default load sharing parameters for route sources Route source Default number of paths Default maximum number of paths Maximum number of paths See page... Static IP route 4 4 81 page 81 1. 4 This value depends on the value for IP load sharing, and is not separately configurable.
4 Configuring IP parameters FIGURE 18 Host-based IP load sharing – basic example As shown in this example, when the Virtual ADX receives traffic for a destination and the IP route table has multiple equal-cost paths to that destination, the Virtual ADX selects the next equal-cost path (next-hop router) in the rotation and assigns that path to destination. The path rotation is determined by the order in which the IP route table receives the paths.
Configuring IP parameters 4 Virtual ADX(config)# no ip load-sharing Syntax: [no] ip load-sharing Changing the maximum number of load sharing paths By default, IP load sharing allows IP traffic to be balanced across up to four equal paths. You can change the maximum number of paths the Virtual ADX supports to a value from 2 – 8. For optimal results, set the maximum number of paths to a value at least as high as the maximum number of equal-cost paths your network typically contains.
4 Configuring IP parameters NOTE The application names are the names for these applications that the Virtual ADX software recognizes, and might not match the names for these applications on some third-party devices. The numbers listed in parentheses are the UDP port numbers for the applications. The numbers come from RFC 1340. NOTE As shown above, forwarding support for BootP/DHCP is enabled by default.
Configuring IP parameters • • • • • • 4 netbios-ns (port 137) ntp (port 123) tacacs (port 65) talk (port 517) time (port 37) tftp (port 69) In addition, you can specify any UDP application by using the application’s UDP port number. The udp-port-num parameter specifies the UDP application port number. If the application you want to enable is not listed above, enter the application port number. You also can list the port number for any of the applications listed above.
4 Configuring IP parameters BootP/DHCP forwarding parameters The following parameters control the forwarding of BootP/DHCP requests for a Virtual ADX: • Helper address – The BootP/DHCP server’s IP address. You must configure the helper address on the interface that receives the BootP/DHCP requests from the client. The Virtual ADX cannot forward a request to the server unless you configure a helper address for the server.
Displaying IP configuration information and statistics 4 Syntax: ip bootp-gateway ip-addr Displaying IP configuration information and statistics To display IP information on a Virtual ADX, refer to “Displaying IP information” on page 85. Changing the network mask display to prefix format By default, the CLI displays network masks in classical IP address format (example: 255.255.255.0). You can change the displays to prefix format using the following CLI method.
4 Displaying IP configuration information and statistics Virtual ADX show ip Global Settings ttl: 64, arp-age: 10, bootp-relay-max-hops: 4 router-id : 10.95.11.128 enabled : UDP-Broadcast-Forwarding IRDP Proxy-ARP OSPF disabled: BGP4 Load-Sharing DVMRP VRRP Static Routes Index IP Address Subnet Mask Next Hop Router Metric Distance 1 0.0.0.0 0.0.0.0 10.157.23.2 1 1 Policies Index Action Source Destination Protocol Port Operator 1 deny 10.157.22.34 10.157.22.
Displaying IP configuration information and statistics TABLE 6 4 CLI display of global IP configuration information (Continued) This field... Displays... Metric The cost of the route. Usually, the metric represents the number of hops to the destination. Distance The administrative distance of the route. The default administrative distance for static IP routes in Brocade routers is 1. Index The policy number. This is the number you assigned the policy when you configured it.
4 Displaying IP configuration information and statistics Virtual ADX(config)# show ip interface Interface Ethernet 1/1 Ethernet 1/2 Loopback 1 IP-Address OK? Method 10.95.6.173YES NVRAM up 10.3.3.3 YES manual up 10.2.3.4 YES NVRAM down Status Protocol up up down Syntax: show ip interface [ethernet portnum] | [loopback num] | [ve num] This display shows the following information. TABLE 7 CLI display of interface IP configuration information This field... Displays...
Displaying IP configuration information and statistics TABLE 8 4 Web display of IP interface information This field... Displays... Port # The physical port number or virtual interface (VE) number. VEs are shown as “v num”, where num is the number you assigned to the VE when you configured it. For example, VE 1 is shown as “v1”. If a range of ports is listed in this field, the interface is a trunk group.
4 Displaying IP configuration information and statistics Displaying the ARP cache To display the contents of the ARP cache, enter the following command at any CLI level. Virtual ADX# show arp Total Age 1 2 3 4 5 6 6 number of ARP entries: 57 IP Address MAC Address Port 10.95.6.102 0800.5afc.ea21 Dynamic 0 10.95.6.18 00a0.24d2.04ed Dynamic 3 10.95.6.54 00a0.24ab.cd2b Dynamic 0 10.95.6.101 0800.207c.a7fa Dynamic 0 10.95.6.211 00c0.2638.ac9c Dynamic 0 10.1.21.2 0004.809e.2e15 Static None 10.1.21.2 0004.
Displaying IP configuration information and statistics TABLE 9 4 CLI display of ARP cache (Continued) This field... Displays... Type The type, which can be one of the following: • Dynamic – The Virtual ADX learned the entry from an incoming packet. • Static – The Virtual ADX loaded the entry from the static ARP table when the device for the entry was connected to the Virtual ADX. Age The number of minutes the entry has remained unused.
4 Displaying IP configuration information and statistics TABLE 10 CLI display of static ARP table This field... Displays... Static ARP table size The maximum number of static entries that can be configured on the device using the current memory allocation. The range of valid memory allocations for static ARP entries is listed after the current allocation. Index The number of this entry in the table. You specify the entry number when you create the entry. IP Address The IP address of the device.
4 Displaying IP configuration information and statistics TABLE 11 CLI display of IP forwarding cache (Continued) This field... Type Displays... The type of host entry, which can be one or more of the following: D – Dynamic P – Permanent F – Forward U – Us C – Complex Filter W – Wait ARP I – ICMP Deny K – Drop R – Fragment S – Snap Encap • • • • • • • • • • Port The port through which this device reaches the destination.
4 Displaying IP configuration information and statistics TABLE 12 CLI display of IP route table This field... Displays... Destination The destination network of the route. NetMask The network mask of the destination address. Gateway The next-hop router. Port The port through which this router sends packets to reach the route's destination. Cost The route's cost. Type The route type, which can be one of the following: • B – The route was learned from BGP.
Displaying IP configuration information and statistics 4 Virtual ADX show ip traffic IP Statistics 139 received, 145 sent, 0 forwarded 0 filtered, 0 fragmented, 0 reassembled, 0 bad header 0 no route, 0 unknown proto, 0 no buffer, 0 other errors ICMP Statistics Received: 0 total, 0 errors, 0 unreachable, 0 time exceed 0 parameter, 0 source quench, 0 redirect, 0 echo, 0 echo reply, 0 timestamp, 0 timestamp reply, 0 addr mask 0 addr mask reply, 0 irdp advertisement, 0 irdp solicitation Sent: 0 total, 0 erro
4 Displaying IP configuration information and statistics TABLE 13 CLI display of IP traffic statistics (Continued) This field... Displays... errors This information is used by Brocade customer support. unreachable The number of Destination Unreachable messages sent or received by the device. time exceed The number of Time Exceeded messages sent or received by the device. parameter The number of Parameter Problem messages sent or received by the device.
Chapter 5 Rate Limiting Overview The rate limiting feature on the Brocade Virtual ADX version 3.1 implements rate limiting on ingress traffic to the data ports of the Virtual ADX platform. The feature supports three types of rate limiting: • port-level rate limiting - allows users to perform rate limiting on ingress traffic on a specified data port of the Brocade Virtual ADX.
5 Overview Configuring rate limiting on ingress traffic To configure port-level rate limiting on a Brocade Virtual ADX physical port, provide average rate and maximum burst values as input by using the following command at the interface configuration mode as shown: Virtual ADX(config-if-e1000-1)# rate-limit input 104857600 157286400 Syntax: [no] rate-limit input average rate maximum burst The average rate parameter is a decimal value that specifies average rate for port-level rate limiting in bits per se
Overview 5 The portnum operand is used to specify the interface in order to display its rate limit statistics from the following counters: • packets forwarded - the total packets permitted by rate limiting • packets dropped - the total packets dropped by rate limiting as and when the traffic rate exceeds configured rate limiting values • bytes forward - the total bytes permitted by rate limiting • bytes dropped - the total bytes dropped by rate limiting as and when the traffic exceeds configured rate li
5 Overview Virtual ADX(config- vlan-10)# rate-limit input 104857600 157286400 Syntax: [no] rate-limit input average-rate maximum-burst average-rate is the maximum number of bits a VLAN can receive per second. It cannot exceed the interface line rate. maximum-burst is the maximum number of bits per second that the traffic can have above the average rate. It cannot be less than the average rate and cannot exceed the interface line rate.
Chapter Configuring OSPF 6 This chapter describes how to configure OSPF on Brocade Layer 3 Switches using the CLI and Web Management Interface. To display OSPF configuration information and statistics, refer to “Displaying OSPF information” on page 137. Overview of OSPF OSPF is a link-state routing protocol. The protocol uses link-state advertisements (LSA) to update neighboring routers regarding its interfaces and information on those interfaces.
6 Overview of OSPF An Autonomous System Boundary Router (ASBR) is a router that is running multiple protocols and serves as a gateway to routers outside an area and those operating with different protocols. The ASBR is able to import and translate different protocol routes into OSPF through a process known as redistribution. For more details on redistribution and configuration examples, refer to “Enable route redistribution” on page 127.
Overview of OSPF 6 Designated router election in multi-access networks In a network with no designated router and no backup designated router, the neighboring router with the highest priority is elected as the DR, and the router with the next largest priority is elected as the BDR, as shown in Figure 20 FIGURE 20 Designated and backup router election If the DR goes off-line, the BDR automatically becomes the DR. The router with the next highest priority becomes the new BDR.
6 Overview of OSPF When multiple routers on the same network are declaring themselves as DRs, then both priority and router ID are used to select the designated router and backup designated routers. When only one router on the network claims the DR role despite neighboring routers with higher priorities or router IDs, this router remains the DR. This is also true for BDRs.
Overview of OSPF FIGURE 22 6 AS External LSA reduction Notice that both Router D and Router E have a route to the other routing domain through Router F. Since both routers are flooding equivalent routes, Routers A, B, and C receive multiple routes with the same cost to the same destination (Router F). For Routers A, B, and C, either route to Router F (through Router D or through Router E) is equally good. OSPF eliminates the duplicate AS External LSAs.
6 Overview of OSPF Algorithm for AS External LSA reduction Figure 22 shows an example in which the normal AS External LSA reduction feature is in effect. The behavior changes under the following conditions: • There is one ASBR advertising (originating) a route to the external destination, but one of the following happens: • A second ASBR comes on-line • A second ASBR that is already on-line begins advertising an equivalent route to the same destination.
Configuring OSPF 6 Dynamic OSPF memory Virtual ADX dynamically allocates memory for Link State Advertisements (LSAs) and other OSPF data structures. So long as the Layer 3 Switch has free (unallocated) dynamic memory, OSPF can use the memory. Configuring OSPF To begin using OSPF on the router, perform the steps outlined below. 1. Enable OSPF on the router. 2. Assign the areas to which the router will be attached. 3. Assign individual interfaces to the OSPF areas. 4.
6 Configuring OSPF • • • • • • • • • • • Enable or disable default-information-originate. Modify Shortest Path First (SPF) timers Define external route summarization Define redistribution metric type. Define deny redistribution. Define permit redistribution. Enable redistribution. Change the LSA pacing interval. Modify OSPF Traps generated. Modify database overflow interval. Enable and configure graceful restart Interface parameters: • • • • • • • • • Assign interfaces to an area.
Configuring OSPF 6 Note regarding disabling OSPF If you disable OSPF, the Layer 3 Switch removes all the configuration information for the disabled protocol from the running-config. Moreover, when you save the configuration to the startup-config file after disabling one of these protocols, all the configuration information for the disabled protocol is removed from the startup-config file. The CLI displays a warning message such as the following.
6 Configuring OSPF Example To set up the OSPF areas shown in Figure 19 on page 102, use the following method. Virtual Virtual Virtual Virtual Virtual ADX(config-ospf-router)# area ADX(config-ospf-router)# area ADX(config-ospf-router)# area ADX(config-ospf-router)# area ADX(config-ospf-router) write 192.5.1.0 10.200.5.0 10.5.0.0 0.0.0.0 memory Syntax: area num | ip-addr The num | ip-addr parameter specifies the area number, which can be a number or in IP address format.
Configuring OSPF 6 NOTE You can assign one area on a router interface. For example, if the system or chassis module has 16 ports, 16 areas are supported on the chassis or module. Assign a Not-So-Stubby Area (NSSA) The OSPF Not So Stubby Area (NSSA) feature enables you to configure OSPF areas that provide the benefits of stub areas, but that also are capable of importing external route information.
6 Configuring OSPF The ABR translates the Type-7 LSAs into Type-5 LSAs. If an area range is configured for the NSSA, the ABR also summarizes the LSAs into an aggregate LSA before flooding the Type-5 LSA(s) into the backbone. Since the NSSA is partially “stubby” the ABR does not flood external LSAs from the backbone into the NSSA. To provide access to the rest of the Autonomous System (AS), the ABR generates a default Type-7 LSA into the NSSA. Configuring an NSSA To configure OSPF area 10.1.1.
Configuring OSPF 6 The range ip-addr parameter specifies the IP address portion of the range. The software compares the address with the significant bits in the mask. All network addresses that match this comparison are summarized in a single route advertised by the router. The ip-mask parameter specifies the portions of the IP address that a route must contain to be summarized in the summary route. In the example above, all networks that begin with 209.157 are summarized into a single route.
6 Configuring OSPF Port default values can be modified using the following CLI commands at the interface configuration level of the CLI: • • • • • • • • • • • ip ospf area ip-addr ip ospf auth-change-wait-time secs ip ospf authentication-key [0 | 1] string ip ospf cost num ip ospf dead-interval value ip ospf hello-interval value ip ospf md5-authentication key-activation-wait-time num | key-id num [0 | 1] key string ip ospf passive ip ospf priority value ip ospf retransmit-interval value ip ospf transmit
Configuring OSPF 6 Hello-interval: Represents the length of time between the transmission of hello packets. The value can be from 1 – 65535 seconds. The default is 10 seconds. MD5-authentication activation wait time: The number of seconds the Layer 3 Switch waits until placing a new MD5 key into effect. The wait time provides a way to gracefully transition from one MD5 key to another without disturbing the network. The wait time can be from 0 – 14400 seconds. The default is 300 seconds (5 minutes).
6 Configuring OSPF • 1 – Assumes that the password or authentication string you enter is the encrypted form, and decrypts the value before using it. NOTE If you want the software to assume that the value you enter is the clear-text form, and to encrypt display of that form, do not enter 0 or 1. Instead, omit the encryption option and allow the software to use the default behavior.
Configuring OSPF 6 NOTE For backward compatibility, the ip ospf md5-authentication key-activation-wait-time seconds command is still supported. Block flooding of outbound LSAs on specific OSPF interfaces By default, the Layer 3 Switch floods all outbound LSAs on all the OSPF interfaces within an area. You can configure a filter to block outbound LSAs on an OSPF interface. This feature is particularly useful when you want to block LSAs from some, but not all, of the interfaces attached to the area.
6 Configuring OSPF NOTE By default, the Brocade router ID is the IP address configured on the lowest numbered loopback interface. If the Layer 3 Switch does not have a loopback interface, the default router ID is the lowest numbered IP address configured on the device. For more information or to change the router ID, refer to “Changing the router ID” on page 61. NOTE When you establish an area virtual link, you must configure it on both of the routers (both ends of the virtual link).
Configuring OSPF 6 RouterC(config-ospf-router)# area 1 virtual-link 10.0.0.1 RouterC(config-ospf-router)# write memory Syntax: area ip-addr | num virtual-link router-id [authentication-key | dead-interval | hello-interval | retransmit-interval | transmit-delay value] The area ip-addr | num parameter specifies the transit area. The router-id parameter specifies the router ID of the OSPF router at the remote end of the virtual link.
6 Configuring OSPF MD5 Authentication Wait Time: This parameter determines when a newly configured MD5 authentication key is valid. This parameter provides a graceful transition from one MD5 key to another without disturbing the network. All new packets transmitted after the key activation wait time interval use the newly configured MD5 Key. OSPF packets that contain the old MD5 key are accepted for up to five minutes after the new MD5 key is in operation.
Configuring OSPF 6 Changing the reference bandwidth for the cost on OSPF interfaces Each interface on which OSPF is enabled has a cost associated with it. The Layer 3 Switch advertises its interfaces and their costs to OSPF neighbors. For example, if an interface has an OSPF cost of ten, the Layer 3 Switch advertises the interface with a cost of ten to other OSPF routers. By default, an interface’s OSPF cost is based on the port speed of the interface.
6 Configuring OSPF • The bandwidth for tunnel interfaces is 9 Kbps and is not affected by the auto-cost feature. Changing the reference bandwidth To change reference bandwidth, use the following CLI method. To change the reference bandwidth, enter a command such as the following at the OSPF configuration level of the CLI.
Configuring OSPF 6 NOTE Redistribution is permitted for all routes by default, so the permit redistribute 1 all command in the example above is shown for clarity but is not required. You also have the option of specifying import of just OSPF or static routes, as well as specifying that only routes for a specific network or with a specific cost (metric) be imported, as shown in the command syntax below.
6 Configuring OSPF Prevent specific OSPF routes from being installed in the IP route table By default, all OSPF routes in the OSPF route table are eligible for installation in the IP route table. You can configure a distribution list to explicitly deny specific routes from being eligible for installation in the IP route table. NOTE This feature does not block receipt of LSAs for the denied routes. The Layer 3 Switch still receives the routes and installs them in the OSPF database.
Configuring OSPF 6 The acl-name | acl-id parameter specifies the ACL name or ID. The in command applies the ACL to incoming route updates. The interface type parameter identifies the interface type (i.e., e (ethernet) or ve (virtual)) on which to apply the ACL. The interface number parameter specifies the interface number on which to apply the ACL. Enter only one valid interface number. If necessary, use the show interface brief command to display a list of valid interfaces.
6 Configuring OSPF Virtual ADX(config)# ip access-list extended no_ip Virtual ADX(config-ext-nacl)# deny ip 10.0.0.0 0.255.255.255 255.255.0.0 0.0.255.255 Virtual ADX(config-ext-nacl)# permit ip any any Virtual ADX(config-ext-nacl)# exit Virtual ADX(config)# router ospf Virtual ADX(config-ospf-router)# distribute-list no_ip in The first three commands configure an extended ACL that denies routes to any 10.x.x.x destination network with a 255.255.0.
Configuring OSPF 6 The destination-ip wildcard parameter specifies the destination address for the policy. Since this ACL is input to an OSPF distribution list, the destination-ip parameter actually is specifying the network mask of the destination. The wildcard parameter specifies the portion of the destination address to match against. If you want the policy to match on all network masks, enter any any.
6 Configuring OSPF The commands in this example configure some static IP routes, then configure a route map and use the route map for redistributing static IP routes into OSPF. The ip route commands configure the static IP routes. The route-map command begins configuration of a route map called “abc”. The number indicates the route map entry (called the “instance”) you are configuring. A route map can contain multiple entries.
Configuring OSPF 6 NOTE For an external route that is redistributed into OSPF through a route map, the metric value of the route remains the same unless the metric is set by a set metric command inside the route map. The default-metric num command has no effect on the route. This behavior is different from a route that is redistributed without using a route map. For a route redistributed without using a route map, the metric is set by the default-metric num command.
6 Configuring OSPF NOTE The Brocade router is not source routing in these examples. The router is concerned only with the paths to the next-hop routers, not the entire paths to the destination hosts. OSPF load sharing is enabled by default when IP load sharing is enabled. To configure IP load sharing parameters, refer to “Configuring IP load sharing” on page 77.
Configuring OSPF 6 Syntax: summary-address ip-addr ip-mask The ip-addr parameter specifies the network address. The ip-mask parameter specifies the network mask. To display the configured summary addresses, enter the following command at any level of the CLI. Virtual ADX(config-ospf-router)# show ip ospf config OSPF Redistribution Address Ranges currently defined: Range-Address Subnetmask 10.0.0.0 255.0.0.0 10.0.1.0 255.255.255.0 10.0.2.0 255.255.255.
6 Configuring OSPF To disable the feature, enter the following command. Virtual ADX(config-ospf-router)# no default-information-originate Syntax: [no] default-information-originate [always] [metric value] [metric-type type] The always parameter advertises the default route regardless of whether the router has a default route. This option is disabled by default. The metric value parameter specifies a metric for the default route. If this option is not used, the default metric is used for the route.
Configuring OSPF 6 Modify redistribution metric type The redistribution metric type is used by default for all routes imported into OSPF unless you specify different metrics for individual routes using redistribution filters. Type 2 specifies a big metric (three bytes). Type 1 specifies a small metric (two bytes). The default value is type 2. To modify the default value to type 1, enter the following command.
6 Configuring OSPF The external | inter-area | intra-area parameter specifies the route type for which you are changing the default administrative distance. The distance parameter specifies the new distance for the specified route type. Unless you change the distance for one of the route types using commands such as those shown above, the default is 110. To reset the administrative distance to its system default (110), enter a command such as the following.
Configuring OSPF 6 To later re-enable the trap feature, enter snmp-server trap ospf. To disable a specific OSPF trap, enter the command as no snmp-server trap ospf ospf-trap. These commands are at the OSPF router Level of the CLI.
6 Configuring OSPF NOTE The command no rfc1583-compatibility is valid on the Virtual ADX device only when it is running the Layer 3 router image. Modify exit overflow interval If a database overflow condition occurs on a router, the router eliminates the condition by removing entries that originated on the router. The exit overflow interval allows you to set how often a Layer 3 Switch checks to see if the overflow condition has been eliminated. The default value is 0.
Displaying OSPF information 6 Displaying OSPF information You can use CLI commands and Web management options to display the following OSPF information: • Trap, area, and interface information – refer to “Displaying general OSPF configuration information” on page 137. • • • • • • CPU utilization statistics – refer to “Displaying CPU utilization statistics” on page 138. Area information – refer to “Displaying OSPF area information” on page 140.
6 Displaying OSPF information Virtual ADX show ip ospf config Router OSPF: Enabled Redistribution: Disabled Default OSPF Metric: 10 OSPF Redistribution Metric: Type2 OSPF External LSA Limit: 25000 OSPF Database Overflow Interval: 0 RFC 1583 Compatibility: Enabled Router id: 10.95.11.
Displaying OSPF information Virtual ADX# show process cpu Process Name 5Sec(%) 1Min(%) ARP 0.01 0.03 BGP 0.04 0.06 GVRP 0.00 0.00 ICMP 0.00 0.00 IP 0.00 0.00 OSPF 0.03 0.06 STP 0.00 0.00 5Min(%) 0.09 0.08 0.00 0.00 0.00 0.09 0.00 15Min(%) 0.22 0.14 0.00 0.00 0.00 0.12 0.00 6 Runtime(ms) 9 13 0 0 0 11 0 If the software has been running less than 15 minutes (the maximum interval for utilization statistics), the command indicates how long the software has been running. Here is an example.
6 Displaying OSPF information Displaying OSPF area information To display OSPF area information, enter the following command at any CLI level. Virtual ADX show ip ospf area Indx Area Type Cost SPFR ABR ASBR LSA Chksum(Hex) 1 0.0.0.0 normal 0 1 0 0 1 0000781f 2 10.147.60.0 normal 0 1 0 0 1 0000fee6 3 10.147.80.0 stub 1 1 0 0 2 000181cd Syntax: show ip ospf area [area-id] | [num] The area-id parameter shows information for the specified area.
Displaying OSPF information 6 Virtual ADX# show ip ospf neighbor detail Port Address 9/1 10.2.0.2 Second-to-dead:39 10/1 10.3.0.2 Second-to-dead:36 1/1-1/8 10.5.0.1 Second-to-dead:33 2/1-2/2 10.2.0.1 Second-to-dead:33 1 Pri State Neigh Address FULL/DR 10.2.0.1 10.2.2.2 Neigh ID 6 2 0 1 FULL/BDR10.3.0.1 10.3.3.3 1 FULL/DR 10.5.0.2 10.16.16.16 6 2 0 1 FULL/DR 10.2.0.2 10.15.15.
6 Displaying OSPF information TABLE 15 142 CLI display of OSPF neighbor information (Continued) Field Description State The state of the conversation between the Layer 3 Switch and the neighbor. This field can have one of the following values: • Down – The initial state of a neighbor conversation. This value indicates that there has been no recent information received from the neighbor. • Attempt – This state is only valid for neighbors attached to non-broadcast networks.
Displaying OSPF information 6 Displaying OSPF interface information To display OSPF interface information, enter the following command at any CLI level. Virtual ADX# show ip ospf interface 192.168.1.1 Ethernet 1,OSPF enabled IP Address 192.168.1.1, Area 0 OSPF state ptr2ptr, Pri 1, Cost 1, Options 2, Type pt-2-pt Events 1 Timers(sec): Transit 1, Retrans 5, Hello 10, Dead 40 DR: Router ID 0.0.0.0 Interface Address 0.0.0.0 BDR: Router ID 0.0.0.0 Interface Address 0.0.0.
6 Displaying OSPF information TABLE 16 Output of the show ip ospf interface command This field Displays Adjacent Neighbor Count The number of adjacent neighbor routers. Neighbor: The neighbor router’s ID. Displaying OSPF route information To display OSPF route information, enter the following command at any CLI level. Virtual ADX show ip ospf routes Index Destination Mask Path_Cost Type2_Cost Path_Type 1 10.95.7.0 255.255.255.0 1 0 Intra Adv_Router Link_State Dest_Type State Tag Flags 10.35.1.
Displaying OSPF information TABLE 17 6 CLI display of OSPF route information (Continued) This field... Dest_Type Displays... The destination type, which can be one of the following: ABR – Area Border Router ASBR – Autonomous System Boundary Router Network – the network • • • State The route state, which can be one of the following: Changed Invalid Valid This information is used by Brocade technical support. Tag The external route tag. Flags State information for the route entry.
6 Displaying OSPF information Virtual ADX show ip ospf database external-link-state Ospf ext link-state by router ID 10.130.130.241 are in the following: Area ID 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 Aging 279 278 279 284 285 286 296 LS ID 10.132.75.48 10.132.88.112 10.132.81.208 10.132.46.224 10.132.40.64 10.132.33.160 10.131.241.16 Router 10.130.130.241 10.130.130.241 10.130.130.241 10.130.130.241 10.140.140.243 10.150.150.245 10.150.150.
Displaying OSPF information 6 Displaying OSPF link state information To display link state information, enter the following command at any CLI level.
6 Displaying OSPF information • show ip ospf database external-link-state advertise num – This command displays the data in the packet for the specified external LSA. For example, to determine an external LSA's index number, enter the following command. Virtual ADX show ip ospf database external-link-state Index Aging LS ID Router Seq(hex) Chksum 1 1332 10.132.81.208 10.130.130.241 80000002 000085ae 2 1325 10.132.116.192 10.130.130.241 80000002 0000a37d 3 1330 10.132.88.112 10.130.130.
Displaying OSPF information 6 To display the state of each OSPF trap, enter the following command at any CLI level.
6 150 Displaying OSPF information Brocade Virtual ADX Switch and Router Guide 53-1003246-01
Chapter Configuring OSPFv3 7 This chapter describes how to configure OSPFv3 on a Virtual ADX system. Overview Open Shortest Path First (OSPF) is a link-state routing protocol. OSPF uses link state advertisements (LSAs) to update neighboring routers about its interfaces and information on those interfaces. The switch floods LSAs to all neighboring routers to update them about the interfaces.
7 Link state advertisement types for OSPFv3 Link state advertisement types for OSPFv3 OSPFv3 supports the following types of LSAs: • • • • • • • Router LSAs (Type 1) Network LSAs (Type 2) Interarea-prefix LSAs for ABRs (Type 3) Interarea-router LSAs for ASBRs (Type 4) Autonomous system external LSAs (Type 5) Link LSAs (Type 8) Intra-area prefix LSAs (Type 9) For more information about these LSAs, refer to RFC 2740.
Enabling OSPFv3 7 Enabling OSPFv3 Before enabling the Brocade device to run OSPFv3, you must do the following: • Enable the forwarding of IPv6 traffic on the Brocade device using the ipv6 unicast-routing command. • Enable IPv6 on each interface over which you plan to enable OSPFv3. You enable IPv6 on an interface by configuring an IPv6 address or explicitly enabling IPv6 on that interface. • Make sure one of the following is configured: - A router ID using the ip router-id command.
7 Enabling OSPFv3 • normal – OSPF routers within a normal area can send and receive External Link State Advertisements (LSAs). • stub – OSPF routers within a stub area cannot send or receive External LSAs. In addition, OSPF routers in a stub area must use a default route to the area’s Area Border Router (ABR) or Autonomous System Boundary Router (ASBR) to send traffic out of the area. • NSSA – The ASBR of an NSSA can import external route information into the area.
Enabling OSPFv3 7 As the NSSA is partially “stubby”, the ABR does not flood external LSAs from the backbone into the NSSA. To provide access to the rest of the Autonomous System (AS), the ABR generates a default Type 7 LSA into the NSSA. Configuring an NSSA Using the area area-id nssa command, you can block the generation of Type 3 and Type 7 LSAs into an NSSA. This command also provides an option to configure the NSSA translator role.
7 Enabling OSPFv3 The no-redistribution parameter prevents an NSSA ABR from generating an external (Type 7) LSA into an NSSA area. This is used when an ASBR generates a Type 5 LSA into normal areas and does not generate a Type 7 LSA into an NSSA. By default, redistribution is enabled in an NSSA. Assigning an area cost for OSPFv3 (optional parameter) You can assign a cost for an area, but it is not required.
Enabling OSPFv3 7 Syntax: [no] area num | ipv6-addr range ip-addr ip-mask [ advertise | not-advertise] cost cost-value The num | ipv6-addr parameter specifies the area number, which can be in IP address format. The range ipv6-addr parameter specifies the IP address portion of the range. The software compares the address with the significant bits in the mask. All network addresses that match this comparison are summarized in a single route advertised by the router.
7 Enabling OSPFv3 The stub metric parameter specifies an additional cost for using a route to or from this area and can be from 1 through 16,777,215. There is no default. Normal areas do not use the cost parameter. The no-summary parameter applies only to stub areas and disables summary LSAs from being sent into the area. Assigning interfaces to an area After you define OSPFv3 areas, you must assign router interfaces to the areas.
Enabling OSPFv3 7 You can change the default reference bandwidth from 100 Mbps to a value from 1 through 4,294,967 Mbps. If a change to the reference bandwidth results in a cost change to an interface, the Brocade device sends a link state update to update the costs of interfaces advertised by the Brocade device. NOTE If you specify the cost for an individual interface, the cost you specify overrides the cost calculated by the software.
7 Enabling OSPFv3 • IPv6 static routes • Directly connected IPv6 networks You can redistribute routes in the following ways: • By route types, for example, the Brocade device redistributes all IPv6 static routes. • By using a route map to filter which routes to redistribute, for example, the Brocade device redistributes specified IPv6 static routes only.
Enabling OSPFv3 7 The connected | static keywords specify the route source. The route-map map-name parameter specifies the route map name. The following match parameters are valid for OSPFv3 redistribution: • match metric number The following set parameters are valid for OSPF redistribution: • set metric [+ | - ] number | none • set metric-type type-1 | type-2 NOTE You must configure the route map before you configure a redistribution filter that uses the route map.
7 Enabling OSPFv3 Modifying metric type for routes redistributed into OSPF version 3 The Brocade device uses the metric-type parameter by default for all routes redistributed into OSPFv3 unless you specify a different metric type for individual routes using the redistribute command. (For more information about using the redistribute command, refer to “Redistributing routes into OSPFv3” on page 159).
Enabling OSPFv3 7 To configure the summary address 2001:db8:2201::/24 for routes redistributed into OSPFv3, enter the following command: Virtual ADX(config-ospf6-router)#summary-address 2001:db8:2201::/24 In this example, the summary prefix 2001:db8:2201::/24 includes addresses 2001:db8:2201::/1 through 2001:db8:2201::/24. Only the address fc00::/7 is advertised in an external link-state advertisement.
7 Enabling OSPFv3 Configuring an OSPFv3 distribution list using a route map as input The following commands configure a route map that matches internal routes: Virtual ADX(config)# route-map allowInternalRoutes permit 10 Virtual ADX(config-routemap allowInternalRoutes)# match route-type internal Refer to “Policy-Based Routing” for information on configuring route maps.
Enabling OSPFv3 7 For example, to create and advertise a default route with a metric of 2 and as a Type 1 external route, enter the following command: Virtual ADX(config-ospf6-router)#default-information-originate always metric 2 metric-type type1 Syntax: [no] default-information-originate [always] [metric value] [metric-type type] The always keyword originates a default route regardless of whether the device has learned a default route. This option is disabled by default.
7 Enabling OSPFv3 Virtual ADX(config-ospf6-router)#timers spf 10 20 Syntax: timers spf delay hold-time For the delay and hold-time parameters, specify a value from 0 through 65535 seconds. To set the timers back to their default values, enter the no version of this command. Modifying administrative distance By default, the administrative distance for OSPFv3 routes is 110. The device selects one route over another based on the source of the route information.
Enabling OSPFv3 7 Configuring the OSPFv3 LSA pacing interval The Brocade device paces OSPFv3 LSA refreshes by delaying the refreshes for a specified time interval instead of performing a refresh each time an individual LSA refresh timer expires. The accumulated LSAs constitute a group, which the Brocade device refreshes and sends out together in one or more packets.
7 Enabling OSPFv3 For example, to change the maximum number entries from the default of 2000 to 3000, enter the following command. Virtual ADX(config-ospf6-router)# external-lsdb-limit 3000 Syntax: external-lsdb-limit entries The entries parameter can be a numerical value from 500 through8000 seconds. To reset the maximum number of entries to its system default, enter the no form of this command. Modifying OSPFv3 interface defaults OSPFv3 has interface parameters that you can configure.
Enabling OSPFv3 7 • Retransmit-interval: The time between retransmissions of LSAs to adjacent routers for an interface. The command syntax is ipv6 ospf retransmit-interval seconds. The value can be from 0 through3600 seconds. The default is 5 seconds. • Transmit-delay: The time it takes to transmit Link State Update packets on this interface. The command syntax is ipv6 ospf transmit-delay seconds. The value can be from 0 through 3600 seconds. The default is 1 second.
7 Enabling OSPFv3 IPsec for OSPFv3 This section describes the implementation of Internet Protocol Security (IPsec) for securing OSPFv3 traffic. For background information and configuration steps, refer to “Configuring IPsec for OSPFv3” on page 171. IPsec is available for OSPFv3 traffic only and only for packets that are “for-us.
Enabling OSPFv3 7 Configuring IPsec for OSPFv3 This section describes how to configure IPsec for an interface. It also describes how to change the key rollover timer if necessary and how to disable IPsec on a particular interface for special purposes. By default, OSPFv3 IPSec authentication is disabled.
7 Enabling OSPFv3 • IPSec authentication for OSPFv3 requires the use of multiple SPDs, one for each interface. A virtual link has a separate, global SPD. The authentication configuration on a virtual link must be different from the authentication configuration for an area or interface, as required by RFC4552. The interface number is used to generate a non-zero security policy database identifier (SPDID), but for the global SPD for a virtual link, the system-generated SPDID is always zero.
Enabling OSPFv3 7 The authentication keyword enables authentication. The ipsec keyword specifies IPsec as the authentication protocol. The spi keyword and the spinum variable specify the security parameter that points to the security association. The near-end and far-end values for spinum must be the same. The range for spinum is decimal 256 through 4,294,967,295. The mandatory esp keyword specifies ESP (rather than authentication header) as the protocol to provide packet-level security.
7 Enabling OSPFv3 Changing the key rollover timer Configuration changes for authentication takes effect in a controlled manner through the key rollover procedure as specified in RFC 4552, Section 10.1. The key rollover timer controls the timing of the configuration changeover. The key rollover timer can be configured in the IPv6 router OSPF context, as the following example illustrates.
Enabling OSPFv3 7 Showing IPsec security association information The show ipsec sa command displays the IPSec security association databases, as follows.
7 Enabling OSPFv3 TABLE 19 IPsec policy information This field... Displays... PType This field contains the policy type. Of the existing policy types, only the “use” policy type is supported, so each entry can have only “use.” Dir The direction of traffic flow to which the IPsec policy is applied. Each direction has its own entry. Proto The only possible routing protocol for the security policy in the current release is OSPFv3.
Enabling OSPFv3 Virtual ADX#show ipsec statistics IPSecurity Statistics secEspCurrentInboundSAs 1 ipsecEspTotalInboundSAs: secEspCurrentOutboundSA 1 ipsecEspTotalOutboundSAs: IPSecurity Packet Statistics secEspTotalInPkts: 19 ipsecEspTotalInPktsDrop: secEspTotalOutPkts: 83 IPSecurity Error Statistics secAuthenticationErrors 0 secReplayErrors: 0 ipsecPolicyErrors: secOtherReceiveErrors: 0 ipsecSendErrors: secAuthenticationErrors 0 secReplayErrors: 0 ipsecPolicyErrors: secOtherReceiveErrors: 0 ipsecSendError
7 Enabling OSPFv3 TABLE 21 Area configuration of IPsec This field... Displays... Authentication This field shows whether or not authentication is configured. If this field says “Not Configured,” the IPsec-related fields (bold in example screen output) are not displayed at all. KeyRolloverTime The number of seconds between each initiation of a key rollover. This field shows the configured and current times.
Enabling OSPFv3 7 Virtual ADX#show ipv6 ospf interface eth 1 is down, type BROADCAST Interface is disabled eth 1 is up, type BROADCAST IPv6 Address: 2001:db8:18:18:18:18::1/64 2001:db8:18:18:18::/64 Instance ID 255, Router ID 1.1.1.
7 Enabling OSPFv3 TABLE 22 Area configuration of IPsec (Continued) This field... Displays... Old (Inbound or Outbound) Shows old SPI (if changed), authentication algorithm (currently ESP only), encryption algorithm (currently SHA1 only), and the old key. OSPF messages dropped Shows the number of packets dropped because the packets failed authentication (for any reason).
Displaying OSPFv3 information 7 Displaying OSPFv3 information You can display the information for the following OSPFv3 parameters: • • • • • • • • • • Areas Link state databases Interfaces Memory usage Neighbors Redistributed routes Routes SPF Virtual links Virtual neighbors Displaying OSPFv3 area information To display global OSPFv3 area information for the Brocade device, enter the following command at any CLI level: Virtual ADX# show ipv6 ospf area Area 0: Interface attached to this area: loopback 2
7 Displaying OSPFv3 information TABLE 23 OSPFv3 area information fields (Continued) This Field... Displays... SPF last updated The interval in seconds that the SPF algorithm was last executed within the area. Current SPF node count The current number of SPF nodes in the area. Router Number of router LSAs in the area. Network Number of network LSAs in the area. Indx The row number of the entry in the router’s OSPF area table. Area The area number. Maximum hop count to nodes.
Displaying OSPFv3 information 7 The network number displays detailed information about the network LSAs only. The router number displays detailed information about the router LSAs only. The scope area-id parameter displays detailed information about the LSAs for a specified area, The as parameter displays detailed information about the AS LSAs. The link parameter displays detailed information about the link LSAs.
7 Displaying OSPFv3 information For example, to display detailed information about all LSAs in the database, enter the following command at any CLI level: Virtual ADX# show ipv6 ospf database extensive Area ID Type LS ID Adv Rtr Seq(Hex) Age 0 Link 00000031 1.1.1.1 80000001 35 Router Priority: 1 Options: V6E---R-LinkLocal Address: fe80::1 Number of Prefix: 1 Prefix Options: Prefix: 2001:db8:3002::/64 ... Area ID Type LS ID Adv Rtr Seq(Hex) Age 0 Iap 00000159 223.223.223.
Displaying OSPFv3 information 7 The fields that display depend upon the LSA type as shown in the following: TABLE 25 OSPFv3 detailed database information fields This Field... Displays... Router LSA (Type 1) (Rtr) Fields Capability Bits A bit that indicates the capability of the Brocade device. The bit can be set to one of the following: • B – The device is an area border router. • E – The device is an AS boundary router. • V – The device is a virtual link endpoint.
7 Displaying OSPFv3 information TABLE 25 OSPFv3 detailed database information fields (Continued) This Field... Displays... Network LSA (Type 2) (Net) Fields Options A 24-bit field that enables IPv6 OSPF routers to support the optional capabilities. When set, the following bits indicate the following: V6 – The device should be included in IPv6 routing calculations. E – The device floods AS-external-LSAs as described in RFC 2740. MC – The device forwards multicast packets as described in RFC 1586.
Displaying OSPFv3 information TABLE 25 7 OSPFv3 detailed database information fields (Continued) This Field... Displays... Prefix Options An 8-bit field of capabilities that serve as input to various routing calculations: NU – The prefix is excluded from IPv6 unicast calculations. LA – The prefix is an IPv6 interface address of the advertising router. MC – The prefix is included in IPv6 multicast routing calculations • • • Prefix The IPv6 prefix included in the LSA.
7 Displaying OSPFv3 information TABLE 26 This Field... Status State Area Summary of OSPFv3 interface information (Continued) Displays... The status of the link. Possible status include the following: Up Down • • The state of the interface. Possible states includes the following: DR – The interface is functioning as the Designated Router for OSPFv3. BDR – The interface is functioning as the Backup Designated Router for OSPFv3. • Loopback – The interface is functioning as a loopback interface.
Displaying OSPFv3 information 7 This display shows the following information: TABLE 27 Detailed OSPFv3 interface information This Field... Interface status Displays... The status of the interface. Possible status includes the following: Up Down • • Type The type of OSPFv3 circuit running on the interface. Possible types include the following: • BROADCAST • POINT TO POINT UNKNOWN IPv6 Address The IPv6 address(es) assigned to the interface. Instance ID An identifier for an instance of OSPFv3.
7 Displaying OSPFv3 information TABLE 27 Detailed OSPFv3 interface information (Continued) This Field... Displays... Adjacent Neighbor Count The number of neighbors with which the interface has formed an active adjacency. Neighbor The router ID (IPv4 address) of the neighbor. This field also identifies the neighbor as a DR or BDR, if appropriate.
Displaying OSPFv3 information 7 Syntax: show ipv6 ospf memory This display shows the following information: TABLE 28 OSPFv3 memory usage information This Field... Displays... Total Static Memory Allocated A summary of the amount of static memory allocated, in bytes, to OSPFv3. Total Dynamic Memory Allocated A summary of the amount of dynamic memory allocated, in bytes, to OSPFv3. Memory Type The type of memory used by OSPFv3.
7 Displaying OSPFv3 information TABLE 29 Summary of OSPFv3 neighbor information (Continued) Field Description BDR The router ID (IPv4 address) of the BDR. Interface [State] The interface through which the router is connected to the neighbor. The state of the interface can be one of the following: • DR – The interface is functioning as the Designated Router for OSPFv3. • BDR – The interface is functioning as the Backup Designated Router for OSPFv3.
Displaying OSPFv3 information TABLE 30 7 Detailed OSPFv3 neighbor information (Continued) Field Description DbDesc bit... The Database Description packet, which includes 3 bits of information: • The first bit can be “i” or “-”. “i” indicates the inet bit is set. “-” indicates the inet bit is not set. • The second bit can be “m” or “-”. “m” indicates the more bit is set. “-” indicates the more bit is not set. • The third bit can be “m” or “s”. An “m” indicates the master. An “s” indicates standby.
7 Displaying OSPFv3 information To display all IPv6 routes that the device has redistributed into OSPFv3, enter the following command at any level of the CLI: Virtual ADX# show ipv6 ospf redistribute route Id Prefix snIpAsPathAccessListStringRegExpression 1 2001:db8:2002::/16 2 2001:db8:2002:1234::/32 Protocol Metric Type Metric Static Static Type-2 Type-2 1 1 Syntax: show ipv6 ospf redistribute route [ipv6-prefix] The ipv6-prefix parameter specifies an IPv6 network prefix.
Displaying OSPFv3 information 7 To display the entire OSPFv3 route table for the device, enter the following command at any level of the CLI: Virtual ADX# show ipv6 ospf routes Current Route count: 4 Intra: 4 Inter: 0 External: 0 (Type1 0/Type2 0) Equal-cost multi-path: 0 Destination Options Area Next Hop Router Outgoing Interface *IA 2001:db8:2000:4::/64 V6E---R-- 0.0.0.0 :: ethe 3 *IA 2001:db8:2002:c0a8:46a::/64 V6E---R-- 0.0.0.0 :: ethe 3 *IA 2001:db8:2999::1/128 --------- 0.0.0.
7 Displaying OSPFv3 information TABLE 32 OSPFv3 route information (Continued) This Field... Displays... Options A 24-bit field that enables IPv6 OSPF routers to support the optional capabilities. When set, the following bits indicate the following: V6 – The device should be included in IPv6 routing calculations. E – The device floods AS-external-LSAs as described in RFC 2740. MC – The device forwards multicast packets as described in RFC 1586.
Displaying OSPFv3 information 7 • As an IPv4 address; for example, 192.168.1.1. • As a numerical value from 0 through 2,147,483,647. This display shows the following information: TABLE 33 OSPFv3 SPF node information This Field... Displays... SPF node Each SPF node is identified by its router ID (IPv4 address). If the node is a child node, it is additionally identified by an interface on which the node can be reached appended to the router ID in the format router-id:interface-id.
7 Displaying OSPFv3 information This display shows the following information: TABLE 34 OSPFv3 SPF Table This Field... Displays... Destination The destination of a route, which is identified by the following: • “R”, which indicates the destination is a router. “N”, which indicates the destination is a network. • An SPF node’s router ID (IPv4 address).
Chapter Configuring BGP4 (IPv4) 8 This chapter provides details on how to configure Border Gateway Protocol version 4 (BGP4). Overview of BGP4 BGP4 is the standard Exterior Gateway Protocol (EGP) used on the Internet to route traffic between Autonomous Systems (AS) and to maintain loop-free routing. An autonomous system is a collection of networks that share the same routing and administration characteristics.
8 Overview of BGP4 • AS-path – A list of the other ASs through which a route passes. BGP4 devices can use the AS-path to detect and eliminate routing loops. For example, if a route received by a BGP4 device contains the AS that the device is in, the device does not add the route to its own BGP4 table. (The BGP4 RFCs refer to the AS-path as “AS_PATH”, and RFC 4893 uses “AS4_PATH” in relation to AS4s.) • Additional path attributes – A list of additional parameters that describe the route.
Overview of BGP4 8 • INCOMPLETE is highest. 7. If the paths have the same origin type, prefer the path with the lowest MED. For a definition of MED, refer to “Configuring the device to always compare Multi-Exit Discriminators” on page 212”. • device compares the MEDs of two otherwise equivalent paths if and only if the routes were learned from the same neighboring AS. This behavior is called deterministic MED. Deterministic MED is always enabled and cannot be disabled.
8 Overview of BGP4 • • • • • OPEN UPDATE KEEPALIVE NOTIFICATION ROUTE REFRESH OPEN message After a BGP4 device establishes a TCP connection with a neighboring BGP4 device, the devices exchange OPEN messages. An open message indicates the following: • BGP4 version – Indicates the version of the protocol that is in use on the device. BGP4 version 4 supports Classless Interdomain Routing (CIDR) and is the version most widely used in the Internet. Version 4 also is the only version supported on the device.
Overview of BGP4 8 • Path attributes – Parameters that indicate route-specific information such as AS path information, route preference, next hop values, and aggregation information. BGP4 uses path attributes to make filtering and routing decisions. • Unreachable routes – A list of routes that have been in the sending device BGP4 table but are no longer feasible. The UPDATE message lists unreachable routes in the same format as new routes: IP address/CIDR prefix.
8 Implementation of BGP4 Implementation of BGP4 BGP4 is described in RFC 1771 and the latest BGP4 drafts.
Implementation of BGP4 8 In the example shown in Figure 27, ISP-A has purchased ISP-B. The AS associated with ISP-B changes to AS 100. If Customer C cannot or does not want to change their configuration or peering relationship with ISP-B, a peer with Local-AS configured with the value 200 can be established on ISP-B. FIGURE 27 Example of Local AS configured on ISP-B A Local AS is configured using the BGP4 neighbor command, as described in “Configuring BGP4 neighbors” on page 228.
8 Configuring BGP4 Figure 28 shows a topology for a null0 routing application example. FIGURE 28 SAMPLE null0 routing application Refer to “Configuring BGP4 null0 routing” on page 275 for an example of how to configure a null0 routing application to stop denial of service attacks from remote hosts on the Internet Configuring BGP4 Once you activate BGP4, you can configure the BGP4 options. There are two configuration levels: global and address family.
Configuring BGP4 FIGURE 29 8 BGP4 configuration levels Table 35 shows the commands that are available at the various BGP4 configuration levels.
8 Configuring BGP4 TABLE 35 IPv4 BGP4 commands for different configuration levels (Continued) Command Global (iPv4 and IPv6) multipath IPv4 address See family unicast x “Configuring paths without MEDs as the least favorable” on page 228 x “Configuring BGP4 neighbors” on page 228 network x “Specifying a list of networks to advertise” on page 237 next-hop-enable-default x “Using the IP default route as a valid next-hop for a BGP4 route” on page 238 next-hop-recursion x “Enabling next-hop re
Enabling and disabling BGP4 8 • Add, change, or negate redistribution parameters (except changing the default MED; see below). • Add, change, or negate route maps (when used by the network command or a redistribution command). • Aggregate routes. • Apply maximum AS path limit settings for UPDATE messages.
8 Enabling and disabling BGP4 NOTE By default, the Virtual ADX device ID is the IP address configured on the lowest numbered loopback interface. If the device does not have a loopback interface, the default device ID is the lowest numbered IP interface address configured on the device. For more information, refer to “Changing the device ID” on page 244. If you change the device ID, all current BGP4 sessions, OSPF adjacencies, and OSPFv3 adjacencies are cleared.
Entering and exiting the address family configuration level 8 Entering and exiting the address family configuration level The BGP4 address family contains a unicast sub-level. To go to the IPv4 BGP4 unicast address family configuration level, enter the following command. Virtual ADX(config-bgp)# address-family ipv4 unicast Virtual ADX(config-bgp-router)# NOTE The CLI prompt for the global BGP4 level and the BGP4 address-family IPv4 unicast level is the same.
8 Configuring the device to always compare Multi-Exit Discriminators The attribute-map map-name parameter configures the device to set attributes for the aggregate routes based on the specified route map. NOTE For the suppress-map, advertise-map, and attribute-map parameters, the route map must already be defined. Refer to ““Defining route maps” on page 252 for information on defining a route map.
Disabling or re-enabling comparison of the AS-Path length 8 Disabling or re-enabling comparison of the AS-Path length AS-Path comparison is Step 5 in the algorithm that BGP4 uses to select the next path for a route. Comparison of the AS-Path length is enabled by default. To disable it, enter the following command at the BGP4 configuration level of the CLI. Virtual ADX(config-bgp)# as-path-ignore Syntax: [no] as-path-ignore This command disables comparison of the AS-Path lengths of otherwise equal paths.
8 Four-byte Autonomous System Numbers (AS4) Virtual ADX(config-bgp)# compare-routerid Syntax: [no] compare-routerid For more information, refer to “How BGP4 selects a path for a route” on page 200. Four-byte Autonomous System Numbers (AS4) This section describes the reasons for enabling four-byte autonomous system numbers (AS4s). AS4s are supported by default. You can specify and view AS4s by default and using the enable facility described in this section.
Four-byte Autonomous System Numbers (AS4) 8 The no form of the capability command deletes the announcement and negotiation configuration of AS4s (if it has been enabled) at the global level. Using the regular form of the command with the disable keyword has the same effect on the global configuration. Disabling or using the no form of the command does not affect the configuration at the level of a peer or neighbor.
8 Four-byte Autonomous System Numbers (AS4) NOTE If the AS path for a route map has prepended ASNs and you want to use the no form of the command to delete the configuration, you must include the prepended ASNs in the no set as-path entry. For example, if 70000 and 70001 have been prepended to a route map, enter no set as-path prepend 70000 70001.
Four-byte Autonomous System Numbers (AS4) 8 NOTE Use soft-outbound only if the outbound policy is changed. The soft-outbound parameter updates all outbound routes by applying the new or changed filters. However, the device sends to the neighbor only the existing routes that are affected by the new or changed filters.
8 Specifying a maximum AS path length To specify asdot notation before displaying IP BGP4 information, use the as-format command. Virtual ADX(config)# router bgp Virtual ADX(config-bgp-router)# as-format asdot Virtual ADX(config)# show ip bgp Total number of BGP Routes: 1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, S stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.1.1.0/24 192.168.1.5 1 100 0 1.
BGP4 max-as error messages 8 NOTE Maxas-limit is checked against the received AS_PATH and AS4_PATH attributes. BGP routers check for and, if configured, apply the maxas-limit in setting in the following order: 1. Neighbor value 2. Peer group value 3.
8 Configuring route flap dampening Memory limit error SYSLOG: <11Jan 1 00:00:00 mu1, BGP: From Peer 192.168.1.2 received Long AS_PAT H= AS_CONFED_SET(4) 1 2 3 AS_CONFED_SEQUENCE(3) 4 AS_SET(1) 5 6 7 AS_SEQ(2) 8 9 attribute length (9) Exceeded internal memory limit NOTE The router generates a log message one time every two minutes. Because of this rate limit, it is possible that some errors might not appear in the log.
Originating the default route 8 Originating the default route By default, the device does not originate and advertise a default route using BGP4. A BGP4 default route is the IP address 0.0.0.0 and the route prefix 0 or network mask 0.0.0.0. For example, 0.0.0.0/0 is a default route. NOTE The device checks for the existence of an IGP route for 0.0.0.0/0 in the IP route table before creating a local BGP4 route for 0.0.0.0/0.
8 Changing the default metric used for redistribution Changing the default metric used for redistribution The device can redistribute directly connected routes, static IP routes, and OSPF routes into BGP4. By default, BGP4 uses zero (0) for direct connected routes and the metric (MED) value of IGP routes in the IP route table. The MED is a global parameter that specifies the cost that will be applied to all routes, if assigned, when they are redistributed into BGP4.
Requiring the first AS to be the neighbor AS 8 When selecting a route from among different sources (BGP4, OSPF, static routes, and so on), the software compares the routes on the basis of the administrative distance for each route. If the administrative distance of the paths is lower than the administrative distance of paths from other sources (such as static IP routes or OSPF), the BGP4 paths are installed in the IP route table.
8 Requiring the first AS to be the neighbor AS The hierarchy for enforcement of this feature is: a neighbor will try to use the enforce-first-as value if one is configured; if none is configured, enforcement is simply that of the global configuration (which is disabled by default). To enable this feature globally, enter the enforce-first-as command at the BGP4 configuration level of the CLI.
Setting the local AS number 8 To enable fast external fallover, enter the following command. Virtual ADX(config-bgp-router)# fast-external-fallover To disable fast external fallover again, enter the following command. Virtual ADX(config-bgp-router)# no fast-external-fallover Syntax: [no] fast-external-fallover Setting the local AS number The local autonomous system number (ASN) identifies the AS in which the BGP4 device resides. To set the local AS number, enter commands such as the following.
8 Configuring BGP4 multipath load sharing To enable load sharing of EBGP paths only, enter the following command at the BGP4 configuration level of the CLI. Virtual ADX(config-bgp-router)# multipath ebgp To enable load sharing of paths from different neighboring ASs, enter the following command at the BGP4 configuration level of the CLI.
Configuring BGP4 multipath load sharing 8 Configuring a static BGP4 network This feature allows you to configure a static network in BGP4, creating a stable BGP4 network in the core. While a route configured with this feature will never flap unless it is manually deleted, a “static” BGP4 network will not interrupt the normal BGP4 decision process on other learned routes being installed into the RTM (Routing Table Manager).
8 Configuring paths without MEDs as the least favorable Configuring paths without MEDs as the least favorable During MED comparison, by default, the device favors a lower MED over a higher MED. Since the device assigns the value 0 to a route path MED if the MED value is missing, the default MED comparison results in the device favoring the route paths that do not have MEDs.
Configuring BGP4 neighbors 8 [filter-list access-list-name [ in | out ]] [local-as as-num [no-prepend] ] [maxas-limit in [num |disable] [maximum-prefix num [ threshold ] [teardown] [next-hop-self] [password string] [prefix-list string in | out] [remote-as as-number] [remove-private-as] [route-map in | out map-name] [send-community] [shutdown [generate-rib-out] ] [soft-reconfiguration inbound] [static-network-edge] [timers keep-alive num hold-time num] [unsuppress-map map-name] [update-source ip-addr | eth
8 Configuring BGP4 neighbors NOTE By default, if a route does not match any of the filters, the device denies the route. To change the default behavior, configure the last filter as permit any. NOTE The address filter must already be configured. Refer to “Defining and applying IP prefix lists” on page 250. ebgp-multihop [num] specifies that the neighbor is more than one hop away and that the session type with the neighbor is EBGP-multihop. This option is disabled by default.
Configuring BGP4 neighbors 8 • The threshold parameter specifies the percentage of the value you specified for the maximum-prefix num, at which you want the software to generate a Syslog message. You can specify a value from 1 (one percent) to 100 (100 percent). The default is 100. • The teardown parameter tears down the neighbor session if the maximum-prefix limit is exceeded.
8 Configuring BGP4 neighbors shutdown administratively shuts down the session with this neighbor. Shutting down the session lets you configure the neighbor and save the configuration without actually establishing a session with the neighbor. When a peer is put into the shutdown state, ribout routes are not produced for that peer. You can elect to produce ribout routes using the generate-rib-out option. This option is disabled by default.
Configuring BGP4 neighbors 8 Virtual ADX(config)# router bgp Virtual ADX(config-bgp-router)# no auto-shutdown-new-neighbors Syntax: [no] auto-shutdown-new-neighbors The default state for auto shutdown of BGP4 neighbors is disabled. NOTE When the auto-shutdown-new-neighbors value is changed, the value of the shutdown parameter for any of the existing configured neighbors is not changed.
8 Configuring BGP4 neighbors Virtual ADX(config-bgp-router)# show ip bgp routes 10.1.44.0/24 Number of BGP Routes matching display condition : 1 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED F:FILTERED Prefix Next Hop Metric LocPrf Weight Status 1 10.1.44.0/24 10.2.0.
Configuring BGP4 neighbors 8 The software also contains an option to end the session with a BGP4 neighbor and clear the routes learned from the neighbor. Unlike this clear option, the option for shutting down the neighbor can be saved in the startup configuration file and can prevent the device from establishing a BGP4 session with the neighbor even after reloading the software.
8 Configuring BGP4 neighbors The BGP4 configuration commands appear in the following format as a result of the show ip bgp configuration command. . Virtual ADX(config-bgp-router)# show ip bgp config Current BGP configuration: router bgp local-as 2 neighbor ip-address neighbor ip-address password 2 $b24tbw== neighbor 10.10.200.102 remote-as 1 neighbor 10.10.200.
Specifying a list of networks to advertise 8 Specifying a list of networks to advertise By default, the device sends BGP4 routes only for the networks you either identify with the network command or are redistributed into BGP4 from OSPF or connected routes. NOTE The exact route must exist in the IP route table before the device can create a local BGP4 route. To configure the device to advertise network 10.157.22.0/24, enter the following command. Virtual ADX(config-bgp-router)# network 10.157.22.0 255.
8 Using the IP default route as a valid next-hop for a BGP4 route The route-map map-name parameter specifies the name of the route map you want to use to set or change BGP4 attributes for the network you are advertising. The route map must already be configured. For information about the other parameters, refer to ““Defining route maps” on page 252. Using the IP default route as a valid next-hop for a BGP4 route By default, the device does not use a default route to resolve a BGP4 next-hop route.
Enabling next-hop recursion 8 Example when recursive route lookups are disabled The output here shows the results of an unsuccessful next-hop lookup for a BGP4 route. In this case, next-hop recursive lookups are disabled. This example is for the BGP4 route to network 10.0.0.0/24. Virtual ADX# show ip bgp route Total number of BGP Routes: 5 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED Prefix Next Hop Metric LocPrf Weight Status 1 0.
8 Enabling next-hop recursion Virtual ADX# show ip bgp route Total number of BGP Routes: 5 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED Prefix Next Hop Metric LocPrf Weight Status 1 0.0.0.0/0 10.1.0.2 0 100 0 BI AS_PATH: 65001 4355 701 80 2 10.0.0.0/24 10.0.0.1 1 100 0 BI AS_PATH: 65001 4355 1 3 10.0.0.0/24 10.1.0.2 0 100 0 BI AS_PATH: 65001 4355 701 1 189 4 10.0.0.0/24 10.0.0.1 1 100 0 BI AS_PATH: 65001 4355 3356 7170 1455 5 10.0.
Modifying redistribution parameters 8 Virtual ADX# show ip route 10.0.0.0/2 Total number of IP routes: 38 Start index: 1 B:BGP Be:EBGP Bi:IBGP D:Connected S:Static O:OSPF IA:Inter area IR:Intra area E1:External type 1 E2:External type 2 (N): Don't advertise *:Candi-default Destination NetMask Gateway Port Cost Type -------------------------------------------------------------------------1 10.0.0.0 255.255.255.0 10.0.0.
8 Modifying redistribution parameters Virtual ADX(config-bgp)# redistribute connected Syntax: [no] redistribute connected [metric num] [route-map map-name] The connected parameter indicates that you are redistributing routes to directly attached devices into BGP4. The metric num parameter changes the metric. You can specify a value from 0 – 4294967295. The default is not assigned. The route-map map-name parameter specifies a route map to be consulted before adding to the BGP4 route table.
Using a table map to set the tag value 8 The static parameter indicates that you are redistributing static routes into BGP4. The metric num parameter changes the metric. You can specify a value from 0 – 4294967295. The default is 0. The route-map-name parameter specifies a route map to be consulted before adding the static route to the BGP4 route table. NOTE The route map you specify must already be configured on the device.
8 Changing the BGP4 next-hop update timer NOTE Generally, you should set the Hold Time to three times the value of the Keep Alive Time. NOTE You can override the global Keep Alive Time and Hold Time on individual neighbors. Refer to “Configuring BGP4 neighbors” on page 228. To change the Keep Alive Time to 30 and Hold Time to 90, enter the following command.
Adding a loopback interface 8 NOTE A device uses the same device ID for both OSPF and BGP4. If the device is already configured for OSPF, you may want to use the device ID that already assigned to the device rather than set a new one. To display the current device ID, enter the show ip CLI command at any CLI level. To change the device ID, enter a command such as the following. Virtual ADX(config)# ip router-id 10.157.22.
8 Filtering To configure the device to perform BGP4 load sharing: • Enable IP load sharing if it is disabled. • Set the maximum number of BGP4 load sharing paths. The default maximum number is 1, which means no BGP4 load sharing takes place by default. Refer to “Configuring BGP4 multipath load sharing” on page 225. NOTE The maximum number of BGP4 load sharing paths cannot be greater than the maximum number of IP load sharing paths.
Filtering 8 AS-path filters or AS-path ACLs can be referred to by the filter list number of a BGP4 neighbor as well as by match clauses in a route map. Defining an AS-path ACL To configure an AS-path list that uses “acl 1”, enter a command such as the following. Virtual ADX(config)# ip as-path access-list acl1 permit 100 Virtual ADX(config)# router bgp Virtual ADX(config-bgp)# neighbor 10.10.10.
8 Filtering Special characters When you enter a single-character expression or a list of characters, you also can use the special characters listed in Table 36. The description for each character includes an example. Some special characters must be placed in front of the characters they control and others must be placed after the characters they control. The examples show where to place the special character. TABLE 36 BGP4 special characters for regular expressions Character Operation .
Filtering TABLE 36 8 BGP4 special characters for regular expressions (Continued) Character Operation | A vertical bar (sometimes called a pipe or a “logical or”) separates two alternative values or sets of values. The AS-path can match one or the other value. For example, the following regular expression matches on an AS-path that contains either “abc” or “defg”: (abc)|(defg) NOTE: The parentheses group multiple characters to be treated as one value.
8 Filtering Defining a community ACL To configure community ACL 1, enter a command such as the following. This command configures a community ACL that permits routes that contain community 123:2. NOTE Refer to “Matching based on community ACL” on page 255 for information about how to use a community list as a match condition in a route map.
Filtering 8 Virtual ADX(config-bgp)# neighbor 10.10.10.1 prefix-list Routesfor20 out These commands configure an IP prefix list named Routesfor20, which permits routes to network 10.20.0.0/24. The neighbor command configures the device to use IP prefix list Routesfor20 to determine which routes to send to neighbor 10.10.10.1. The device sends routes that go to 10.20.x.x to neighbor 10.10.10.1 because the IP prefix list explicitly permits these routes to be sent to the neighbor.
8 Filtering The name-or-num parameter specifies the name or number of a standard, extended, or named ACL. The in | out parameters specify whether the distribute list applies to inbound or outbound routes: • in – controls the routes the device will accept from the neighbor. • out – controls the routes sent to the neighbor.
Filtering 8 • Prepend AS numbers to the front of the route AS-path. By adding AS numbers to the AS-path, you can cause the route to be less preferred when compared to other routes based on the length of the AS-path. • • • • • • • • Add a user-defined tag an automatically calculated tag to the route. Set the community value. Set the local preference. Set the MED (metric). Set the IP address of the next-hop device. Set the origin to IGP or INCOMPLETE. Set the weight. Set a BGP4 static network route.
8 Filtering Virtual ADX(config)# no route-map Map1 permit 10 This command deletes the specified instance from the route map but leaves the other instances of the route map intact. Specifying the match conditions Use the following command to define the match conditions for instance 1 of the route map GET_ONE. This instance compares the route updates against BGP4 address filter 11.
Filtering 8 The protocol bgp static-network parameter matches on BGP4 static network routes. The protocol bgp external parameter matches on eBGP (external) routes. The protocol bgp internal parameter matches on iBGP (internal) routes. The following sections contain examples of how to configure route maps that include match statements that match on ACLs. Matching based on AS-path ACL To construct a route map that matches based on AS-path ACL 1, enter the following commands.
8 Filtering Matching based on next-hop device You can use the results of an IP ACL or an IP prefix list as the match condition. To construct a route map that matches based on the next-hop device, enter commands such as the following.
Filtering 8 The acl parameter specifies the name of a community list ACL. You can specify up to five ACLs. Separate the ACL names or IDs with spaces. Virtual ADX(config)# ip community-list standard std_2 permit 23:45 56:78 Virtual ADX(config)# route-map bgp3 permit 1 Virtual ADX(config-routemap bgp3)# match community std_1 std_2 exact-match These commands configure an additional community ACL, std_2, that contains community numbers 23:45 and 57:68.
8 Filtering To configure the match-interface option, use the following command. Virtual ADX(config)# route-map test-route permit 99 Virtual ADX(config-routemap test-route)# match interface ethernet 1/1 Virtual ADX(config-routemap test-route)# exit Syntax: [no] match interface interface interface... The interface variable specifies the interface that you want to use with the match interface command.
Filtering 8 The dampening [half-life reuse suppress max-suppress-time] parameter sets route dampening parameters for the route. The half-life parameter specifies the number of minutes after which the route penalty becomes half its value. The reuse parameter specifies how low a route penalty must become before the route becomes eligible for use again after being suppressed. The suppress parameter specifies how high a route penalty can become before the device suppresses the route.
8 Filtering Virtual Virtual Virtual Virtual ADX(config)# access-list 1 permit 192.168.9.0 0.0.0.255 ADX(config)# route-map bgp4 permit 1 ADX(config-routemap bgp4)# match ip address 1 ADX(config-routemap bgp4)# set metric-type internal The first command configures an ACL that matches on routes with destination network 192.168.9.0.
Filtering 8 Dynamic route filter update Routing protocols use various route filters to control the distribution of routes. Route filters are used to filter routes received from and advertised to other devices. Protocols also use route-map policies to control route redistribution from other routing protocols. In addition, route filter policies are used to select routes to be installed in the routing tables, and used by forwarding engine to forward traffic.
8 Filtering Protocols are automatically notified when a route filter is created, deleted or modified. In addition, when a protocol is notified of a filter change, appropriate steps are taken to apply the new or updated filter to existing routes. Commands for dynamic route filter updating In order to allow multiple filter updates to be processed together by applications, the device waits 10 seconds by default before notifying applications of the filter change.
Filtering 8 BGP4 policy processing order The order of application of policies when processing inbound and outbound route advertisements on the device is: 1. lp prefix-list 2. Filter-list (using As-path access-list) 3. Distribute list (using IP ACL - ipv4 unicast only) 4. Route-map Configuring route flap dampening A route flap is a change in the state of a route, from up to down or down to up. A route state change causes changes in the route tables of the devices that support the route.
8 Filtering • Maximum suppression time – Specifies the maximum number of minutes a route can be suppressed regardless of how unstable the route has been before this time. You can set the parameter to a value from 1 – 20000 minutes. The default is four times the half-life. When the half-life value is set to its default (15 minutes), the maximum suppression time defaults to 60 minutes. You can configure route flap dampening globally or for individual routes using route maps.
Filtering 8 The third and fourth commands configure a second route map that explicitly enables dampening. Notice that the route map does not contain a match clause. The route map implicitly applies to all routes. Since the route map will be applied to a neighbor at the BGP4 configuration level, the route map will apply to all routes associated with the neighbor. Although the second route map enables dampening, the first route map is still required.
8 Filtering Syntax: show ip bgp flap-statistics [regular-expression regular-expression | address mask [longer-prefixes] | neighbor ip-addr] The regular-expression regular-expression parameter is a regular expression. Regular expressions are the same ones supported for BGP4 AS-path filters. Refer to “Using regular expressions” on page 247. The address mask parameters specify a particular route.
Filtering 8 NOTE The clear ip bgp damping command not only clears statistics but also un-suppresses the routes. Refer to “Configuring route flap dampening” on page 220. Updating route information and resetting a neighbor session The following sections describe how to update route information with a neighbor, reset a session with a neighbor, and close a session with a neighbor.
8 Filtering Enabling soft reconfiguration To configure a neighbor for soft reconfiguration, enter a command such as the following. Virtual ADX(config-bgp-router)# neighbor 10.10.200.102 soft-reconfiguration inbound This command enables soft reconfiguration for updates received from 10.10.200.102. The software dynamically resets the session with the neighbor, then retains all route updates from the neighbor following the reset.
Filtering 8 The routes displayed are the routes that were filtered out by the BGP4 policies on the device. The device did not place the routes in the BGP4 route table, but did keep the updates. If a policy change causes these routes to be permitted, the device does not need to request the route information from the neighbor, but instead uses the information in the updates.
8 Filtering Dynamically requesting a route refresh from a BGP4 neighbor You can easily apply changes to filters that control BGP4 routes received from or advertised to a neighbor, without resetting the BGP4 session between the device and the neighbor. For example, if you add, change, or remove a BGP4 IP prefix list that denies specific routes received from a neighbor, you can apply the filter change by requesting a route refresh from the neighbor.
Filtering 8 • If you did not enable soft reconfiguration, soft in requests the entire BGP4 route table for the neighbor (Adj-RIB-Out), then applies the filters to add, change, or exclude routes. • If a neighbor does not support dynamic refresh, soft in resets the neighbor session. • soft out updates all outbound routes, then sends the entire BGP4 router table for the device (Adj-RIB-Out) to the neighbor, after changing or excluding the routes affected by the filters.
8 Filtering Virtual ADX(config-bgp)# show ip bgp neighbor 10.4.0.2 1 IP Address: 10.4.0.2, AS: 5 (EBGP), RouterID: 10.0.0.1 Description: neighbor 10.4.0.
Filtering 8 To close a neighbor session and thus flush all the routes exchanged by the device and the neighbor, enter the following command. Virtual ADX# clear ip bgp neighbor all Syntax: clear ip bgp neighbor all | ip-addr | as-num [soft-outbound | soft [in | out]] The all | ip-addr | as-num parameters specify the neighbor. The ip-addr parameter specifies a neighbor by its IP interface with the device. The as-num parameter specifies all neighbors within an AS and has a range of 1 – 4294967295.
8 Filtering The parameters are the same as those for the show ip bgp flap-statistics command (except the longer-prefixes option is not supported). Refer to “Displaying route flap dampening statistics” on page 303. NOTE The clear ip bgp damping command not only clears statistics but also un-suppresses the routes. Refer to “Displaying route flap dampening statistics” on page 303. Removing route flap dampening You can un-suppress routes by removing route flap dampening from the routes.
8 Filtering Syntax: clear ip bgp neighbor all | ip-addr | as-num last-packet-with-error | notification-errors The all | ip-addr | as-num parameters specify the neighbor. The ip-addr parameter specifies a neighbor by its IP interface with the device. The as-num parameter specifies all neighbors within the specified AS. The all parameter specifies all neighbors. Configuring BGP4 null0 routing BGP4 null0 routing is described in “BGP4 null0 routing” on page 205.
8 Filtering Virtual Virtual Virtual Virtual ADX(config-bgp-router)# ADX(config-bgp-router)# ADX(config-bgp-router)# ADX(config-bgp-router)# neighbor remote-as 100 neighbor remote-as 100 redistribute static route-map blockuser exit The following configuration defines the specific next hop address and sets the local preference to preferred.
8 Filtering Virtual ADX# show ip route static Type Codes - B:BGP D:Connected S:Static O:OSPF; Cost - Dist/Metric Destination Gateway Port Cost Type 1 10.0.0.40/29 DIRECT eth 3/7 1/1 S 2 10.0.0.192/27 DIRECT eth 3/7 1/1 S 3 10.0.14.0/23 DIRECT eth 3/7 1/1 S Virtual ADX# Device 1 and 2 Show ip route static output for device 1 and device 2. Virtual ADX# show ip route static Type Codes - B:BGP D:Connected S:Static O:OSPF; Cost - Dist/Metric Destination Gateway Port Cost Type 1 192.168.0.
8 Displaying BGP4 information Device 1 and 2 The show ip route output for device 1 and device 2 shows “drop” under the Port column for the network prefixes you configured with null0 routing .
Displaying BGP4 information 8 Displaying summary BGP4 information You can display the local AS number, the maximum number of routes and neighbors supported, and some BGP4 statistics. You can also display BGP4 memory usage for: • BGP4 routes installed • Routes advertising to all neighbors • Attribute entries installed The show ip bgp summary command output has the following limitations: • If a BGP4 peer is not configured for an address-family, the peer information is not displayed.
8 Displaying BGP4 information TABLE 39 280 BGP4 summary information (Continued) This field... Displays... Number of Routes Installed The number of BGP4 routes in the device BGP4 route table and the route or path memory usage. Number of Routes Advertising to All Neighbors The total of the RtSent and RtToSend columns for all neighbors, the total number of unique ribout group entries, and the amount of memory used by these groups.
Displaying BGP4 information TABLE 39 8 BGP4 summary information (Continued) This field... Displays... State The state of device sessions with each neighbor. The states are from this perspective of the device, not the neighbor. State values are based on the BGP4 state machine values described in RFC 1771 and can be one of the following for each device: • IDLE – The BGP4 process is waiting to be started. Usually, enabling BGP4 or establishing a neighbor session starts the BGP4 process.
8 Displaying BGP4 information TABLE 39 BGP4 summary information (Continued) This field... Displays... Sent The number of BGP4 routes the device has sent to the neighbor. ToSend The number of routes the device has queued to advertise and withdraw to a neighbor. Displaying the active BGP4 configuration To view the active BGP4 configuration information contained in the running configuration without displaying the entire running configuration, enter the following command at any level of the CLI.
Displaying BGP4 information 8 Virtual ADX(config-bgp)# show ip bgp neighbor 192.168.4.211 routes-summary 1 IP Address: 192.168.4.
8 Displaying BGP4 information TABLE 40 BGP4 route summary information for a neighbor (Continued) This field... Displays... NLRIs Discarded due to Indicates the number of times the device discarded an NLRI for the neighbor due to the following reasons: • Maximum Prefix Limit – The configured maximum prefix amount had been reached. • AS Loop – An AS loop occurred. An AS loop occurs when the BGP4 AS-path attribute contains the local AS number.
Displaying BGP4 information 8 Virtual ADX(config-bgp)# show ip bgp neighbor 10.4.0.2 Total number of BGP neighbors: 1 IP Address: 10.4.0.2, AS: 5 (EBGP), RouterID: 10.0.0.1 Description: neighbor 10.4.0.
8 Displaying BGP4 information The attribute-entries option shows the attribute-entries associated with routes received from the neighbor. The flap-statistics option shows the route flap statistics for routes received from or sent to the neighbor. The last-packet-with-error option displays the last packet from the neighbor that contained an error. The packet contents are displayed in decoded (human-readable) format.
Displaying BGP4 information TABLE 41 8 BGP4 neighbor information (Continued) This field... Displays... Description The description you gave the neighbor when you configured it on the device. Local AS The value (if any) of the Local AS configured. State The state of the session with the neighbor. The states are from the device perspective, not the neighbor perspective.
8 Displaying BGP4 information TABLE 41 BGP4 neighbor information (Continued) This field... Displays... RefreshCapability Whether this device has received confirmation from the neighbor that the neighbor supports the dynamic refresh capability. Distribute-list Lists the distribute list parameters, if configured. Filter-list Lists the filter list parameters, if configured. Prefix-list Lists the prefix list parameters, if configured. Route-map Lists the route map parameters, if configured.
Displaying BGP4 information TABLE 41 8 BGP4 neighbor information (Continued) This field... Displays... Last Connection Reset Reason (cont.
8 Displaying BGP4 information TABLE 41 290 BGP4 neighbor information (Continued) This field... Displays... TCP Connection state The state of the connection with the neighbor. The connection can have one of the following states: • LISTEN – Waiting for a connection request. • SYN-SENT – Waiting for a matching connection request after having sent a connection request. • SYN-RECEIVED – Waiting for a confirming connection request acknowledgment after having both received and sent a connection request.
Displaying BGP4 information TABLE 41 8 BGP4 neighbor information (Continued) This field... Displays... SendQue The number of sequence numbers in the send queue. RcvQue The number of sequence numbers in the receive queue. CngstWnd The number of times the window has changed. Displaying route information for a neighbor You can display routes based on the following criteria: • A summary of the routes for a specific neighbor.
8 Displaying BGP4 information TABLE 42 BGP4 route summary information for a neighbor This field... Displays... Routes Received How many routes the device has received from the neighbor during the current BGP4 session: • Accepted or Installed – Indicates how many of the received routes the device accepted and installed in the BGP4 route table. • Filtered – Indicates how many of the received routes the device did not accept or install because they were denied by filters on the device.
Displaying BGP4 information TABLE 42 8 BGP4 route summary information for a neighbor (Continued) This field... Displays... NLRIs Sent in Update Message The number of NLRIs for new routes the device has sent to this neighbor in UPDATE messages: • Withdraws – The number of routes the device has sent to the neighbor to withdraw. • Replacements – The number of routes the device has sent to the neighbor to replace routes the neighbor already has.
8 Displaying BGP4 information Displaying the Adj-RIB-Out for a neighbor To display the current BGP4 Routing Information Base (Adj-RIB-Out) for a specific neighbor and a specific destination network, enter a command such as the following at any level of the CLI. Virtual ADX(config-bgp)# show ip bgp neighbor 192.168.4.211 rib-out-routes 192.168.1.0/24 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST I:IBGP L:LOCAL Prefix Next Hop Metric LocPrf Weight Status 1 10.1.1.0/24 0.0.0.
Displaying BGP4 information TABLE 43 8 BGP4 summary route information (Continued) This field... Displays... BEST routes not installed in IP forwarding table Number of BGP4 routes that are the best BGP4 routes to their destinations but were not installed in the IP route table because the device received better routes from other sources (such as OSPF or static IP routes).
8 Displaying BGP4 information The best parameter displays the routes received from the neighbor that the device selected as the best routes to their destinations. The cidr-only option lists only the routes whose network masks do not match their class network length. The community option lets you display routes for a specific community. You can specify local-as, no-export, no-advertise, internet, or a private community number.
Displaying BGP4 information 8 . Virtual ADX(config-bgp)# show ip bgp routes best Searching for matching routes, use ^C to quit... Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED F:FILTERED Prefix Next Hop Metric LocPrf Weight Status 1 10.0.0.0/8 192.168.4.106 100 0 BE AS_PATH: 65001 4355 701 80 2 10.0.0.0/8 192.168.4.106 100 0 BE AS_PATH: 65001 4355 1 3 10.60.212.0/22 192.168.4.106 100 0 BE AS_PATH: 65001 4355 701 1 189 4 10.
8 Displaying BGP4 information Syntax: show ip bgp [route] ip-addr/prefix [longer-prefixes] | ip-addr If you use the route option, the display for the information is different, as shown in the following example. . Virtual ADX(config-bgp)# show ip bgp route 10.3.4.0 Number of BGP Routes matching display condition : 1 Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH S:SUPPRESSED F:FILTERED Prefix Next Hop Metric LocPrf Weight Status 1 10.3.4.
Displaying BGP4 information TABLE 44 8 BGP4 network information (Continued) This field... Displays... Origin code A character that indicates the route origin. The origin code appears to the right of the AS path (Path field). The origin codes are described in the command output. NOTE: This field appears only if you do not enter the route option. Status The route status, which can be one or more of the following: A – AGGREGATE.The route is an aggregate route for multiple networks. • B – BEST.
8 Displaying BGP4 information These displays show the following information. TABLE 45 BGP4 route information This field... Displays... Total number of BGP4 Routes The number of BGP4 routes. Status codes A list of the characters that indicate route status. The status code is appears in the left column of the display, to the left of each route. The status codes are described in the command’s output. Prefix The network prefix and mask length.
Displaying BGP4 information TABLE 45 8 BGP4 route information (Continued) This field... Displays... Origin The source of the route information. The origin can be one of the following: • EGP – The routes with these attributes came to BGP4 through EGP. • IGP – The routes with these attributes came to BGP4 through IGP. • INCOMPLETE – The routes came from an origin other than one of the above. For example, they may have been redistributed from OSPF.
8 Displaying BGP4 information Virtual ADX# show ip bgp attribute-entries Total number of BGP Attribute Entries: 7753 1 Next Hop :192.168.11.1 Metric :0 Originator:0.0.0.0 Cluster List:None Aggregator:AS Number :0 Router-ID:0.0.0.0 Local Pref:100 Communities:Internet AS Path :(65002) 65001 4355 2548 3561 5400 6669 5548 2 Next Hop :192.168.11.1 Metric :0 Originator:0.0.0.0 Cluster List:None Aggregator:AS Number :0 Router-ID:0.0.0.
8 Displaying BGP4 information Displaying the routes BGP4 has placed in the IP route table The IP route table indicates the routes it has received from BGP4 by listing “BGP” as the route type. To display the IP route table, enter the following command. Virtual ADX# show ip route Syntax: show ip route [ip-addr | num | bgp | ospf] This example shows the information displayed by this command. Notice that most of the routes in this example have type “B”, indicating that their source is BGP4.
8 Displaying BGP4 information The filter-list num parameter specifies one or more filters. Only routes that have been dampened and that match the specified filters are displayed. This display shows the following information. TABLE 47 Route flap dampening statistics This field... Displays... Total number of flapping routes The total number of routes in the BGP4 route table that have changed state and have been marked as flapping routes.
Displaying BGP4 information 8 route-map setcomm permit 1 set community 1234:2345 no-export This example shows the active configuration for a route map named “setcomm“. Syntax: show route-map [map-name] Displaying AS4 details This section describes the use of the following show commands, which produce output that includes information about AS4s. Information that reflects AS4s appears in bold. • • • • • • show ip bgp neighbor shows whether the AS4 capability is enabled.
8 Displaying BGP4 information . Virtual ADX-mu2#show ip bgp neighbors neighbors Details on TCP and BGP neighbor connections Total number of BGP Neighbors: 1 1 IP Address: 192.168.1.1, AS: 7701000 (IBGP), RouterID: 192.168.1.
Displaying BGP4 information Virtual ADX-mu2#show ip bgp attribute-entries Total number of BGP Attribute Entries: 18 (0) 1 Next Hop :192.168.1.6 Metric :1 Originator:0.0.0.0 Cluster List:None Aggregator:AS Number :0 Router-ID:0.0.0.0 Local Pref:100 Communities:Internet AS Path :90000 80000 (length 11) Address: 0x10e4e0c4 Hash:489 (0x03028536), PeerIdx 0 Links: 0x00000000, 0x00000000, nlri: 0x10f4804a Reference Counts: 1:0:1, Magic: 51 2 Next Hop :192.168.1.5 Metric :1 Originator:0.0.0.
8 Displaying BGP4 information . Virtual ADX-mu2# show ip as-path-access-lists ip as-path access list abc: 1 entries seq 10 permit _75000_ ip as-path access list def: 1 entries seq 5 permit _80000_ Formats of AS4s in show command output To display the asdot and asdot+ notation for AS4s, enter the as-format asdot or as-format asdot+ commands before you enter the show ip bgp command. .
Chapter Configuring BGP4+ 9 The implementation of IPv6 supports multi protocol BGP (MBGP) extensions, which allow IPv6 BGP (known as BGP4+) to distribute routing information for protocols such as IPv4 BGP. The supported protocols are identified by address families. The extensions allow a set of BGP4+ peers to exchange routing information for multiple address families and sub-address families.
9 Configuring BGP4+ To exit from the IPv6 unicast address family configuration level, enter the following command: Virtual ADX(config-bgp-ipv6u)# exit-address-family Virtual ADX(config-bgp)# Entering this command returns you to the global BGP configuration level. Configuring BGP4+ Before enabling BGP4+ on a Virtual ADX device, you must enable IPv6 on at least one interface by configuring an IPv6 address or explicitly enabling IPv6 on that interface.
Configuring BGP4+ 9 NOTE The example above adds IPv6 neighbors at the BGP4+ unicast address family configuration level. These neighbors, by default, are enabled to exchange BGP4+ unicast prefixes.
9 Configuring BGP4+ Adding BGP4+ neighbor To add the IPv6 link-local address fe80:4398:ab30:45de::1 of a neighbor in remote AS 1000 to the BGP4+ neighbor table of a Virtual ADX device, enter the following commands: Virtual ADX(config-bgp)# address-family ipv6 unicast Virtual ADX(config-bgp-ipv6u)# neighbor fe80:4398:ab30:45de::1 remote-as 1000 Syntax: neighbor ipv6-address remote-as as-number NOTE The example above adds an IPv6 neighbor at the BGP4+ unicast address family configuration level.
Configuring BGP4+ Virtual ADX(config-bgp-ipv6u)# next-hop Virtual ADX(config-bgp-ipv6u)# Virtual ADX(config)# route-map Virtual ADX(config-route-map)# Virtual ADX(config-route-map)# 9 neighbor fe80:4398:ab30:45de::1 route-map out exit next-hop permit 10 match ipv6 address prefix-list next-hop-ipv6 set ipv6 next-hop 2001:db8:e0ff:3764::34 This route map applies to the BGP4+ unicast address family under which the neighbor route-map command is entered.
9 Configuring BGP4+ You can also enable the BGP4+ device to send the default route to a particular neighbor by specifying the neighbor ipv6-address default-originate command at the BGP4+ unicast address family configuration level. This command does not require the presence of the default route ::/0 in the IPv6 route table.
Configuring BGP4+ 9 • By using a route map to filter which routes to redistribute, for example, the Virtual ADX device redistributes specified IPv6 static routes only.
9 Clearing BGP4+ information The attribute-map map-name parameter configures the device to set attributes for the aggregate routes based on the specified route map. NOTE For the suppress-map, advertise-map, and attribute-map parameters, the route map must already be defined. To remove an aggregate route from a BGP4 neighbor advertisement, use the no form of this command without any parameters. Using route maps You can use a route map to filter and change values in BGP4+ routes.
Clearing BGP4+ information 9 Virtual ADX# clear ipv6 bgp dampening Syntax: clear ipv6 bgp dampening [ipv6-prefix/prefix-length] You must specify the ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix-length parameter. To un-suppress a specific route, enter a command such as the following.
9 Clearing BGP4+ information • • • • Clear diagnostic buffers. Close a session, or reset a session and resend or receive an update. Clear traffic counters. Clear route flap dampening statistics. Clearing BGP4+ neighbor diagnostic buffers You can clear the following BGP4+ neighbor diagnostic information in buffers: • The first 400 bytes of the last packet that contained an error. • The last NOTIFICATION message either sent or received by the neighbor.
Clearing BGP4+ information 9 that the neighbor receives only the routes you want it to contain. Even if the neighbor already contains a route learned from the Virtual ADX that you later decided to filter out, using the soft-outbound option removes that route from the neighbor. If no change is detected from the previously sent routes, an update is not sent.
9 Displaying BGP4+ information The ipv6-address parameter specifies a neighbor by its IPv6 address. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. Specify the flap-statistics keyword to clear route flap dampening statistics for the specified neighbor.
Displaying BGP4+ information 9 NOTE The show commands implemented for BGP4+ correspond to the show commands implemented for IPv4 BGP. For example, you can specify the show ipv6 bgp command for IPv6 and the show ip bgp command for IPv4. Also, the displays for the IPv4 and IPv6 versions of the show commands are similar except where relevant, IPv6 neighbor addresses replace IPv4 neighbor addresses, IPv6 prefixes replace IPv4 prefixes, and IPv6 next-hop addresses replace IPv4 next-hop addresses.
9 Displaying BGP4+ information TABLE 1 This field... Status Summary of BGP4+ routes (Continued) Displays... The route’s status, which can be one or more of the following: A – AGGREGATE. The route is an aggregate route for multiple networks. B – BEST. BGP4+ has determined that this is the optimal route to the destination.
Displaying BGP4+ information 9 The cidr-only keyword lists only the routes whose network masks do not match their class network length. The community number parameter lets you display routes for a specific community. You can specify local-as, no-export, no-advertise, internet, or a private community number. You can specify the community number as either two five-digit integer values of up to 1– 65535, separated by a colon (for example, 12345:6789) or a single long integer value.
9 Displaying BGP4+ information TABLE 2 Detailed BGP4+ route information This field... Displays... Number of BGP4+ Routes advertised to specified neighbor (appears only in display for all routes) For information about this field, refer to Table 1 on page 321. Status codes For information about this field, refer to Table 1 on page 321. Prefix For information about this field, refer to Table 1 on page 321. Status For information about this field, refer to Table 1 on page 321.
Displaying BGP4+ information 9 Syntax: show ipv6 bgp routes detail [ipv6-prefix/prefix-length | table-entry-number | age seconds | as-path-access-list name | as-path-filter number | best | cidr-only | [community number | no-export | no-advertise | internet | local-as] | community-access-list name | community-filter number | local | neighbor ipv6-address | nexthop ipv6-address | no-best | prefix-list name | regular-expression regular-expression | route-map name | summary | unreachable] You can use the foll
9 Displaying BGP4+ information The route-map name parameter filters the display using the specified route map. The software displays only the routes that match the match statements in the route map. The software disregards the route map’s set statements. The summary keyword displays summary information for the routes. The unreachable keyword displays the routes that are unreachable because the Virtual ADX device does not have a valid OSPFv3 or static IPv6 route to the next hop.
Displaying BGP4+ information Virtual ADX# show ipv6 bgp 2001:db8:2002::/16 longer-prefixes Number of BGP Routes matching display condition : 3 Status codes: s suppressed, d damped, h history, * valid, > best, i Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2001:db8:2002::/16 :: 1 100 32768 *> 2001:db8:2002:1234::/32 :: 1 100 32768 *> 2001:db8:2002:e0ff::/32 :: 1 100 32768 Route is advertised to 1 peers: 2001:db8:2000:4::110(65002) 9 internal ? ? ? These di
9 Displaying BGP4+ information Virtual ADX# show ipv6 bgp attribute-entries Total number of BGP Attribute Entries: 378 1 Next Hop ::: Metric :1 Origin:INCOMP Originator:0.0.0.0 Aggregator:AS Number :0 Router-ID:0.0.0.0 Atomic:None Local Pref:100 Communities:Internet AS Path :(65002) 65001 4355 2548 3561 5400 6669 5548 Address: 0x27a4cdb0 Hash:877 (0x03000000) Reference Counts: 2:0:2 ... NOTE Portions of this display are truncated for brevity.
Displaying BGP4+ information TABLE 4 9 BGP4+ route-attribute entries information (Continued) This field... Displays... AS Path The ASs through which routes with this set of attributes have passed. The local AS is shown in parentheses. Address For debugging purposes only. Hash For debugging purposes only. Reference Counts For debugging purposes only.
9 Displaying BGP4+ information This display shows the following information. TABLE 5 Dampened BGP4+ path information This field... Displays... Status codes A list of the characters the display uses to indicate the path’s status. The status code appears in the left column of the display, to the left of each route. The status codes are described in the command’s output. The status column displays a “d” for each dampened route. Network The destination network of the route.
Displaying BGP4+ information 9 The longer-prefixes keyword allows you to display routes that match a specified or longer IPv6 prefix. For example, if you specify 2001:db8:2002::/16 longer-prefixes, then all routes with the prefix 2001:db8:2002::/16 or that have a longer prefix (such as 2001:db8:2002:e016::/32) are displayed. The as-path-access-list name parameter specifies an AS-path ACL. Specify an ACL name. Only the routes permitted by the AS-path ACL are displayed.
9 Displaying BGP4+ information TABLE 6 Summary of filtered-out BGP4+ route information (Continued) This field... Displays... Weight The value that this Virtual ADX device associates with routes from a specific neighbor. For example, if the Virtual ADX receives routes to the same destination from two BGP4+ neighbors, the Virtual ADX prefers the route from the neighbor with the larger weight.
Displaying BGP4+ information 9 To display detailed information about the routes that have been filtered out by BGP4+ route policies, enter the following command at any level of the CLI.
9 Displaying BGP4+ information TABLE 7 Detailed filtered-out BGP4+ route information (Continued) This field... Displays... Status For information about this field, refer to Table 6 on page 331. Age The age of the route, in seconds. Next hop For information about this field, refer to Table 6 on page 331. Learned from peer The IPv6 address of the neighbor from which this route is learned. “Local Router” indicates that the Virtual ADX device itself learned the route.
Displaying BGP4+ information 9 Displaying route flap dampening statistics To display route dampening statistics for all dampened routes, enter the following command at any level of the CLI.
9 Displaying BGP4+ information TABLE 8 Route flap dampening statistics This field... Displays... Flaps The number of flaps (state changes) the route has experienced. Since The amount of time (in hh:mm:ss) since the first flap of this route. Reuse The amount of time (in hh:mm:ss) after which the path is again available. Path The AS path of the route. You also can display all the dampened routes by using the show ipv6 bgp dampened-paths command.
Displaying BGP4+ information 9 Displaying IPv6 neighbor configuration information and statistics To display BGP4+ neighbor configuration information and statistics, enter the following command at any level of the CLI. Virtual ADX# show ipv6 bgp neighbor 2001:db8:2000:4::110 1 IP Address: 2001:db8:2000:4::110, AS: 65002 (EBGP), RouterID: 10.1.1.
9 Displaying BGP4+ information This display shows the following information. TABLE 9 BGP4+ neighbor configuration information and statistics This field... Displays... IP Address The IPv6 address of the neighbor. AS The AS in which the neighbor resides. EBGP or IBGP Whether the neighbor session is an IBGP session or an EBGP session: • EBGP – The neighbor is in another AS. • IBGP – The neighbor is in the same AS. RouterID The neighbor’s router ID.
Displaying BGP4+ information TABLE 9 9 BGP4+ neighbor configuration information and statistics (Continued) This field... Displays... Last Update Time Lists the last time updates were sent and received for the following: • NLRIs • Withdraws Last Connection Reset Reason The reason the previous session with this neighbor ended. The reason can be one of the following: • No abnormal error has occurred.
9 Displaying BGP4+ information TABLE 9 340 BGP4+ neighbor configuration information and statistics (Continued) This field... Displays... Notification Sent If the Virtual ADX device receives a NOTIFICATION message from the neighbor, the message contains an error code corresponding to one of the following errors. Some errors have subcodes that clarify the reason for the error. Where applicable, the subcode messages are listed underneath the error code messages.
Displaying BGP4+ information TABLE 9 9 BGP4+ neighbor configuration information and statistics (Continued) This field... Displays... TCP Connection state The state of the connection with the neighbor. The connection can have one of the following states: • LISTEN – Waiting for a connection request. • SYN-SENT – Waiting for a matching connection request after having sent a connection request.
9 Displaying BGP4+ information TABLE 9 BGP4+ neighbor configuration information and statistics (Continued) This field... Displays... RcvQue The number of sequence numbers in the receive queue. CngstWnd The number of times the window has changed. Displaying routes advertised to a BGP4+ neighbor You can display a summary or detailed information about the following: • All routes a Virtual ADX device has advertised to a neighbor. • A specified route a Virtual ADX device has advertised to a neighbor.
Displaying BGP4+ information TABLE 10 9 Summary of route information advertised to a BGP4+ neighbor (Continued) This field... Displays... LocPrf The degree of preference for the advertised route relative to other routes in the local AS. When the BGP4+ algorithm compares routes on the basis of local preferences, the route with the higher local preference is chosen. The preference range is 0 – 4294967295. Weight The value that this Virtual ADX device associates with routes from a specific neighbor.
9 Displaying BGP4+ information TABLE 11 Detailed route information advertised to a BGP4+ neighbor (Continued) This field... Displays... Next Hop For information about this field, refer to Table 10 on page 342. Learned from Peer The IPv6 address of the neighbor from which this route is learned. “Local Router” indicates that the Virtual ADX device itself learned the route. LOCAL_PREF For information about this field, refer to Table 10 on page 342.
Displaying BGP4+ information 9 This display shows the following information. TABLE 12 BGP4+ neighbor route-attribute entries information This field... Displays... Total number of BGP Attribute Entries The number of route attribute entries for the specified neighbor. Next Hop The IPv6 address of the next hop router for routes that have this set of attributes. Metric The cost of the routes that have this set of attributes. Origin The source of the route information.
9 Displaying BGP4+ information Syntax: show ipv6 bgp neighbor ipv6-address flap-statistics The ipv6-address parameter displays the route flap dampening statistics for a specified neighbor. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. This display shows the following information. TABLE 13 Route flap dampening statistics for a BGP4+ neighbor This field... Displays...
Displaying BGP4+ information 9 Displaying routes received from a BGP4+ neighbor You can display a summary or detailed route information received in route updates from a specified BGP4+ neighbor since you enabled the soft reconfiguration feature. For example, to display a summary of the route information received in route updates from neighbor 2001:db8:2000:4::10, enter the following command at any level of the CLI.
9 Displaying BGP4+ information TABLE 15 Summary of route information received from a BGP4+ neighbor (Continued) This field... Displays... Weight The value that this Virtual ADX associates with routes from a specific neighbor. For example, if the Virtual ADX receives routes to the same destination from two BGP4+ neighbors, the Virtual ADX refers the route from the neighbor with the larger weight. Status The advertised route’s status, which can be one or more of the following: A – AGGREGATE.
Displaying BGP4+ information 9 Virtual ADX# show ipv6 bgp neighbor 2001:db8:2000:1:1::1 received-routes detail There are 4 received routes from neighbor 2001:db8:2000:1:1::1 Searching for matching routes, use ^C to quit...
9 Displaying BGP4+ information TABLE 16 Detailed route information received from a BGP4+ neighbor (Continued) This field... Displays... Adj RIB out count The number of routes in the Virtual ADX device’s current BGP4+ Routing Information Base (Adj-RIB-Out) for a specified neighbor. Admin distance The administrative distance of the route.
Displaying BGP4+ information 9 This display shows the following information. TABLE 17 Summary of RIB route information for a BGP4+ neighbor This field... Displays... Number of RIB_out routes for a specified neighbor (appears only in display for all RIB routes) The number of RIB routes displayed by the command. Status codes A list of the characters the display uses to indicate the route’s status. The status code appears in the Status column of the display.
9 Displaying BGP4+ information This display shows the following information. TABLE 18 Detailed RIB route information for a BGP4+ neighbor This field... Displays... Number of RIB_out routes for a specified neighbor (appears only in display for all routes) For information about this field, refer to Table 17 on page 351. Status codes For information about this field, refer to Table 17 on page 351. Prefix For information about this field, refer to Table 17 on page 351.
Displaying BGP4+ information 9 Syntax: show ipv6 bgp neighbor ipv6-address routes best | detail [best | unreachable] | unreachable The ipv6-address parameter displays the routes for a specified neighbor. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. The best keyword displays the “best” routes, which are installed in the IPv6 route table.
9 Displaying BGP4+ information TABLE 19 This field... Status Summary of best and unreachable routes from a BGP4+ neighbor (Continued) Displays... The route’s status, which can be one or more of the following: A – AGGREGATE. The route is an aggregate route for multiple networks. B – BEST. BGP4+ has determined that this is the optimal route to the destination. • D – DAMPED. This route has been dampened (by the route dampening feature), and is currently unusable. • E – EBGP.
Displaying BGP4+ information TABLE 20 9 Detailed best and unreachable routes from a BGP4+ neighbor (Continued) This field... Displays... Age The age of the route, in seconds. Next Hop For information about this field, refer to Table 19 on page 353. Learned from Peer The IPv6 address of the neighbor from which this route is learned. “Local Router” indicates that the Virtual ADX device itself learned the route. LOCAL_PREF For information about this field, refer to Table 19 on page 353.
9 Displaying BGP4+ information Syntax: show ipv6 bgp neighbor [ipv6-address] routes-summary This display shows the following information. TABLE 21 BGP4+ neighbor route summary information This field... Displays...
Displaying BGP4+ information TABLE 21 9 BGP4+ neighbor route summary information (Continued) This field... Displays... NLRIs Sent in Update Message The number of NLRIs for new routes the Virtual ADX device has sent to this neighbor in UPDATE messages: • Withdraws – The number of routes the Virtual ADX device has sent to the neighbor to withdraw. • Replacements – The number of routes the Virtual ADX device has sent to the neighbor to replace routes the neighbor already has.
9 Displaying BGP4+ information TABLE 22 BGP4+ summary information (Continued) This field... Displays... Number of Routes Installed The number of BGP4+ routes in the Virtual ADX device’s BGP4+ route table. To display the BGP4+ route table, refer to “Displaying the BGP4+ route table” on page 321. Number of Routes Advertising to All Neighbors The total of the RtSent and RtToSend columns for all neighbors.
Displaying BGP4+ information TABLE 22 9 BGP4+ summary information (Continued) This field... Displays... Sent The number of BGP4+ routes that the Virtual ADX has sent to the neighbor. ToSend The number of routes the Virtual ADX has queued to send to this neighbor.
9 360 Displaying BGP4+ information Brocade Virtual ADX Switch and Router Guide 53-1003246-01
