HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V5) Part number: 5998-2024 Software version: CMW520-R2511 Document version: 6PW103-20140128
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents IP routing basics ··························································································································································· 1 Routing table ······································································································································································ 1 Dynamic routing protocols ······················································································································
Tuning and optimizing RIP networks ···························································································································· 28 Configuration prerequisites ·································································································································· 28 Configuring RIP timers··········································································································································· 28 Configuring split hori
Configuring the P2P network type for an interface ··························································································· 68 Configuring OSPF route control ··································································································································· 68 Configuration prerequisites ·································································································································· 68 Configuring OSPF route summarization ··
Terminology ························································································································································· 113 IS-IS address format············································································································································· 113 NET ······································································································································································· 114
Configuring BFD for IS-IS ···································································································································· 162 Configuring BGP ····················································································································································· 167 Overview······································································································································································· 16
Enabling trap ································································································································································ 212 Enabling logging of session state changes ··············································································································· 212 Configuring BFD for BGP ············································································································································ 213 Displa
Configuring local PBR ········································································································································· 264 Configuring interface PBR ·································································································································· 264 Displaying and maintaining PBR ································································································································ 264 PBR configuration examp
Enabling OSPFv3 ················································································································································ 297 Configuring OSPFv3 area parameters ······················································································································ 297 Configuration prerequisites ································································································································ 298 Configuring an OSPFv3 stub a
Configuring IPv6 BGP ············································································································································· 343 IPv6 BGP overview ······················································································································································· 343 IPv6 BGP configuration task list ·································································································································· 343 Con
IPv6 BGP IPsec policy configuration·················································································································· 374 Configuring BFD for IPv6 BGP ··························································································································· 379 Troubleshooting IPv6 BGP configuration ··················································································································· 383 IPv6 BGP peer relationship not established
IP routing basics IP routing directs the forwarding of IP packets on routers based on a routing table. This book focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A router maintains at least two routing tables: one global routing table and one forwarding information base (FIB). The FIB table contains only the optimal routes, and the global routing table contains all routes.
• Mask—Mask length of the IP address. • Pre—Preference of the route. Among routes to the same destination, the one with the highest preference is optimal. • Cost—When multiple routes to a destination have the same preference, the one with the smallest cost becomes the optimal route. • NextHop—Next hop. • Interface—Output interface. Dynamic routing protocols Dynamic routing protocols dynamically collect and report reachability information to adapt to topology changes.
Table 3 Route types and their default route preferences Routing type Preference Direct route 0 OSPF 10 IS-IS 15 Static route 60 RIP 100 OSPF ASE 150 OSPF NSSA 150 IBGP 255 EBGP 255 Unknown (route from an untrusted source) 256 Load sharing A routing protocol might find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing.
Displaying and maintaining a routing table Task Command Remarks Display the routing table. display ip routing-table [ vpn-instance vpn-instance-name ] [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display routes matching an IPv4 basic ACL. display ip routing-table [ vpn-instance vpn-instance-name ] acl acl-number [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display routes to the specified destination.
Task Command Remarks Display IPv6 routes with destination addresses in an IPv6 address range. display ipv6 routing-table [ vpn-instance vpn-instance-name ] ipv6-address1 prefix-length1 ipv6-address2 prefix-length2 [ verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display routing information permitted by an IPv6 prefix list.
Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. Configuring a static route Before you configure a static route, complete the following tasks: • Configure physical parameters for related interfaces.
Step Command Remarks Optional. 4. Delete all static routes, including the default route. delete [ vpn-instance vpn-instance-name ] static-routes all To delete one static route, use the undo ip route-static command. Configuring BFD for static routes Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium-, and protocol-independent fast failure detection mechanism.
Step Command Remarks • Method 1: 2. Configure a static route and enable BFD control packet mode for it.
Configuring static route FRR NOTE: Support for this feature depends on the device model. A link or router failure on a path can cause packet loss and even routing loop. Static route fast reroute (FRR) enables fast rerouting to minimize the impact of link or node failures. Figure 1 Network diagram for static route FRR As shown in Figure 1, upon a link failure, FRR designates a backup next hop by using a routing policy for routes matching the specified criteria.
Displaying and maintaining static routes Task Command Remarks Display information of static routes. display ip routing-table protocol static [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Static route configuration examples Basic static route configuration example Network requirements Configure static routes in Figure 2 for interconnections between any two hosts. Figure 2 Network diagram Configuration procedure 1.
4. Verify the configuration: # Display the IP routing table of Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 7 Destination/Mask Proto 0.0.0.0/0 1.1.2.0/24 Routes : 7 Pre Cost NextHop Interface Static 60 0 1.1.4.2 Eth1/2 Direct 0 0 1.1.2.3 Eth1/1 1.1.2.3/32 Direct 0 0 127.0.0.1 InLoop0 1.1.4.0/30 Direct 0 0 1.1.4.1 Eth1/2 1.1.4.1/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.
C:\Documents and Settings\Administrator>tracert 1.1.2.2 Tracing route to 1.1.2.2 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 1.1.6.1 2 <1 ms <1 ms <1 ms 1.1.4.1 3 1 ms <1 ms <1 ms 1.1.2.2 Trace complete. BFD for static routes configuration example (direct next hop) Network requirements In Figure 3, configure a static route to subnet 120.1.1.0/24 on Router A, configure a static route to subnet 121.1.1.0/24 on Router B, and enable BFD for both routes.
[RouterA] ip route-static 120.1.1.0 24 ethernet 1/2 10.1.1.100 preference 65 [RouterA] quit # Configure static routes on Router B and enable BFD control packet mode for the static route through the Layer 2 switch. system-view [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] bfd min-transmit-interval 500 [RouterB-Ethernet1/1] bfd min-receive-interval 500 [RouterB-Ethernet1/1] bfd detect-multiplier 9 [RouterB-Ethernet1/1] quit [RouterB] ip route-static 121.1.1.0 24 ethernet 1/1 12.1.1.
debugging bfd event debugging bfd scm terminal debugging %Jul 27 10:18:18:672 2007 RouterA BFD/4/LOG:Sess[12.1.1.1/12.1.1.2, Ethernet1/1,Ctrl], Sta: UP->DOWN, Diag: 1 *Jul 27 10:18:18:672 2007 RouterA BFD/7/EVENT:Send sess-down Msg, [Src:12.1.1.1,Dst:12.1.1.2,Ethernet1/1,Ctrl], instance:0, protocol:STATIC *Jul 27 10:18:19:172 2007 RouterA BFD/7/EVENT:Receive Delete-sess, [Src:12.1.1.1,Dst:12.1.1.
Figure 4 Network diagram 121.1.1.0/24 Loop1 2.2.2.9/32 Loop1 1.1.1.9/32 120.1.1.0/24 Router D Eth1/1 Eth1/1 /2 h1 Et Router A Eth1/2 Et h1 /2 Eth1/1 BFD Eth1/1 Router B Eth1/2 Router C Device Interface IP address Device Interface IP address Router A Eth1/1 12.1.1.1/24 Router B Eth1/1 11.1.1.2/24 Eth1/2 10.1.1.102/24 Eth1/2 13.1.1.1/24 Loop1 1.1.1.9/32 Loop1 2.2.2.9/32 Eth1/1 10.1.1.100/24 Eth1/1 12.1.1.2/24 Eth1/2 13.1.1.2/24 Eth1/2 11.1.1.
[RouterC] ip route-static 121.1.1.0 24 ethernet 1/1 10.1.1.102 # Configure static routes on Router D. system-view [RouterD] ip route-static 120.1.1.0 24 ethernet 1/2 11.1.1.2 [RouterD] ip route-static 121.1.1.0 24 ethernet 1/1 12.1.1.1 3. Verify the configuration: The following operations are performed on Router A. The operations on Router B are similar. # Display the BFD session information.
Static Routing table Status : Summary Count : 1 Destination/Mask Proto 120.1.1.0/24 Static 65 Pre Cost NextHop Interface 0 10.1.1.100 Eth1/2 Cost NextHop Interface 0 2.2.2.9 Static Routing table Status : Summary Count : 1 Destination/Mask Proto 120.1.1.
Configuring a default route A default route is used to forward packets that match no entry in the routing table. Without a default route, a packet that does not match any routing entries is discarded. A default route can be configured in either of the following ways: • The network administrator can configure a default route with both destination and mask being 0.0.0.0. For more information, see "Configuring static routing.
Configuring RIP Routing Information Protocol (RIP) is a distance-vector simple interior gateway protocol suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0. The hop count from a router to a directly connected router is 1. To limit convergence time, RIP restricts the metric range from 0 to 15.
• Split horizon—Disables RIP from sending routing information on the interface from which the information was learned to prevent routing loops and save bandwidth. • Poison reverse—Enables RIP to set the metric of routes received from a neighbor to 16 and sends back these routes to the neighbor so the neighbor can delete such information from its routing table to prevent routing loops.
• Because the periodic update delivery is canceled, an acknowledgement and retransmission mechanism is required to guarantee successful updates transmission on WANs. Message types RIP uses the following new types of message which are identified by the value of the command field: • Update request (Type-9)—Requests the needed routes from the neighbor. • Update response (Type-10)—Contains the routes requested by the neighbor. • Update Acknowledge (Type-11)—Acknowledges received update responses.
RIP configuration task list Task Remarks Configuring basic RIP Required. Configuring RIP route control Tuning and optimizing RIP networks Configuring BFD for RIP Configuring an additional routing metric Optional. Configuring RIPv2 route summarization Optional. Disabling host route reception Optional. Advertising a default route Optional. Configuring received/redistributed route filtering Optional. Configuring a preference for RIP Optional. Configuring RIP route redistribution Optional.
If you configure RIP settings in interface view before enabling RIP, the settings do not take effect until RIP is enabled. If a physical interface is attached to multiple networks, you cannot advertise these networks in different RIP processes. To enable RIP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable a RIP process and enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable RIP on the interface attached to the specified network.
With RIPv2 configured, a broadcast interface sends RIPv2 broadcasts and can receive RIPv1 unicasts, and broadcasts, and RIPv2 broadcasts, multicasts, and unicasts. To configure a RIP version: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A Optional. By default, if an interface has an interface-specific RIP version, the version takes precedence over the global one.
To configure additional routing metrics: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify an inbound additional routing metric. rip metricin [ route-policy route-policy-name ] value Optional. Specify an outbound additional routing metric. rip metricout [ route-policy route-policy-name ] value Optional. 4. The default setting is 0. The default setting is 1.
Step Command Remarks 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Disable RIPv2 automatic route summarization. undo summary By default, RIPv2 automatic route summarization is enabled. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Configure a summary route.
Step Command Remarks Optional. 6. Configure the RIP interface to advertise a default route. rip default-route { { only | originate } [ cost cost ] | no-originate } By default, a RIP interface can advertise a default route if the RIP process is configured with default route advertisement. NOTE: The router enabled to advertise a default route does not receive default routes from RIP neighbors.
Step Configure a preference for RIP. 3. Command Remarks preference [ route-policy route-policy-name ] value Optional. The default setting is 100. Configuring RIP route redistribution Perform this task to configure RIP to redistribute routes from other routing protocols, including OSPF, IS-IS, BGP, static, and direct routes. Only active routes can be redistributed. To display active routes, use the display ip routing-table protocol command.
Step Command Remarks Optional. By default: 3. Configure RIP timers. timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } * • The update timer is 30 seconds. • The timeout timer is 180 seconds. • The suppress timer is 120 seconds. • The garbage-collect timer is 120 seconds. Configuring split horizon and poison reverse The split horizon and poison reverse functions can prevent routing loops.
Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure the maximum number of ECMP routes. Optional. maximum load-balancing number By default, the maximum number is 8.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable source IP address check on incoming RIP messages. validate-source-address Optional. By default, this function is enabled. Configuring RIPv2 message authentication Perform this task to enable authentication on RIPv2 messages. This feature does not apply to RIPv1 because RIPv1 does not support authentication.
Configuring TRIP In a connection oriented network, a router can establish connections to multiple remote devices. In a WAN, links are created and removed as needed. In such applications, a link created between two nodes for data transmission is temporary and infrequently. TRIP should be enabled when it is necessary to exchange routing information through on-demand links or triggered RIP. If RIP is disabled, TRIP is also disabled. Enabling TRIP Step Command Remarks 1. Enter system view.
Step Command Remarks N/A 1. Enter system view. system-view 2. Bind RIP to MIB. rip mib-binding process-id Optional. By default, MIB is bound to RIP process 1. Configuring the RIP packet sending rate Perform this task to specify the interval for sending RIP packets and the maximum number of RIP packets that can be sent at each interval. This feature can avoid excessive RIP packets from affecting system performance and consuming too much bandwidth.
Step 3. Enter interface view. Command Remarks interface interface-type interface-number N/A By default, BFD for RIP is disabled. 4. Enable BFD for RIP. rip bfd enable This command and the rip bfd enable destination command are mutually exclusive and cannot be configured on a device at the same time. Enabling single-hop detection in BFD echo packet (for a specific destination) Configure this feature when the peer device does not support BFD.
Step Command Remarks 4. Enter interface view. interface interface-type interface-number N/A 5. Enable BFD on the RIP interface. rip bfd enable Disabled by default. NOTE: Because the undo peer command does not remove the neighbor relationship at once, executing the command cannot bring down the BFD session at once. Displaying and maintaining RIP Task Command Remarks Display RIP current status and configuration information.
Figure 5 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure basic RIP: # Configure Router A. system-view [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] network 3.0.0.0 [RouterA-rip-1] quit # Configure Router B. system-view [RouterB] rip [RouterB-rip-1] network 1.0.0.0 [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] quit # Display the RIP routing table on Router A.
P - Permanent, A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------------------Peer 1.1.1.2 on Ethernet1/1 Destination/Mask Nexthop Cost Tag Flags Sec 10.0.0.0/8 1.1.1.2 1 0 RA 87 10.1.1.0/24 1.1.1.2 1 0 RA 19 10.2.1.0/24 1.1.1.2 1 0 RA 19 The output shows that RIPv2 uses classless subnet mask. NOTE: After RIPv2 is configured, RIPv1 routes might still exist in the routing table until they are aged out.
[RouterB-rip-100] undo summary [RouterB-rip-100] quit [RouterB] rip 200 [RouterB-rip-200] network 12.0.0.0 [RouterB-rip-200] version 2 [RouterB-rip-200] undo summary [RouterB-rip-200] quit # Enable RIP 200 and configure RIPv2 on Router C. system-view [RouterC] rip 200 [RouterC-rip-200] network 12.0.0.0 [RouterC-rip-200] network 16.0.0.0 [RouterC-rip-200] version 2 [RouterC-rip-200] undo summary [RouterC-rip-200] quit # Display the routing table on Router C.
# On Router B, define ACL 2000 and reference it to a filtering policy to filter routes redistributed from RIP 100, making the route not advertised to Router C. [RouterB] acl number 2000 [RouterB-acl-basic-2000] rule deny source 10.2.1.1 0.0.0.255 [RouterB-acl-basic-2000] rule permit [RouterB-acl-basic-2000] quit [RouterB] rip 200 [RouterB-rip-200] filter-policy 2000 export rip 100 # Display the routing table on Router C.
[RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] version 2 [RouterA-rip-1] undo summary [RouterA-rip-1] quit # Configure Router B. system-view [RouterB] rip [RouterB-rip-1] network 1.0.0.0 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary # Configure Router C. system-view [RouterB] rip [RouterC-rip-1] network 1.0.0.0 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary # Configure Router D. system-view [RouterD] rip [RouterD-rip-1] network 1.0.0.
1.1.2.0/24, cost 0, nexthop 1.1.2.1, Rip-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 The output shows that only one RIP route reaches network 1.1.5.0/24, with the next hop as Router B (1.1.1.2) and a cost of 2. Configuring RIP to advertise a summary route Network requirements As shown in Figure 8, Router A and Router B run OSPF; Router D runs RIP; and Router C runs OSPF and RIP.
system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit 3. Configure basic RIP: # Configure Router C. [RouterC] rip 1 [RouterC-rip-1] network 11.3.1.0 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary # Configure Router D. system-view [RouterD] rip 1 [RouterD-rip-1] network 11.0.0.
Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/8 RIP 100 1 11.3.1.1 Eth1/1 11.3.1.0/24 Direct 0 0 11.3.1.2 Eth1/1 11.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0 11.4.1.0/24 Direct 0 0 11.4.1.2 Eth1/2 11.4.1.2/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
[RouterA-rip-1] network 192.168.1.0 [RouterA-rip-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] rip bfd enable [RouterA-Ethernet1/1] quit [RouterA] rip 2 [RouterA-rip-2] network 192.168.2.0 [RouterA-rip-2] quit # Configure Router B. system-view [RouterB] rip 1 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C.
Protocol: RIP Process ID: 1 Preference: 100 Cost: 1 IpPrecedence: QosLcId: NextHop: 192.168.1.2 BkNextHop: 0.0.0.0 Interface: Ethernet1/1 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.1.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h00m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.2.2 BkNextHop: 0.0.0.0 Interface: Ethernet1/2 BkInterface: RelyNextHop: 0.0.
IpPrecedence: NextHop: 192.168.2.2 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 QosLcId: Interface: Ethernet1/2 BkInterface: Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h18m40s Tag: 0 Configuring BFD for RIP (single-hop echo detection for a specified destination) Network requirements As shown in Figure 10: • Ethernet 1/2 of Router A and Ethernet 1/1 of Router B run RIP process 1. Ethernet 1/2 of Router B and Router C runs RIP process 1.
[RouterA-rip-1] network 192.168.2.0 [RouterA-rip-1] import-route static [RouterA-rip-1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] rip bfd enable destination 192.168.2.2 [RouterA-Ethernet1/2] quit # Configure Router B. system-view [RouterB] rip 1 [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C. system-view [RouterC] rip 1 [RouterC-rip-1] network 192.168.3.
Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h02m47s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1 Preference: 100 Cost: 4 IpPrecedence: QosLcId: NextHop: 192.168.3.2 Interface: Ethernet1/2 BkNextHop: 0.0.0.0 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Inactive Adv Age: 00h05m50s Tag: 0 # Enable RIP event debugging on Router A.
Tag: 0 Configuring BFD for RIP (bidirectional control detection) Network requirements As shown in Figure 11, Ethernet 1/2 of Router A and Ethernet 1/1 of Router C run RIP process 1. Ethernet 1/1 on Router A runs RIP process 2. Ethernet 1/2 on Router C, and Ethernet 1/1 and Ethernet 1/2 on Router D run RIP process 1. Configure a static route destined for 100.1.1.0/24 on Router A, configure a static route destined for 101.1.1.
[RouterA-rip-1] network 101.1.1.0 [RouterA-rip-1] peer 192.168.2.2 [RouterA-rip-1] undo validate-source-address [RouterA-rip-1] import-route static [RouterA-rip-1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] rip bfd enable [RouterA-Ethernet1/2] quit [RouterA] rip 2 [RouterA-rip-2] version 2 [RouterA-rip-2] undo summary [RouterA-rip-2] network 192.168.3.0 [RouterA-rip-2] quit # Configure Router C.
# Configure Router B. system-view [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ip address 192.168.1.2 24 [RouterB-Ethernet1/2] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ip address 192.168.2.1 24 # Configure Router C. [RouterC] bfd session init-mode active [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ip address 192.168.2.
NextHop: 192.168.2.2 BkNextHop: 0.0.0.0 Interface: Ethernet1/2 BkInterface: RelyNextHop: 192.168.1.2 Neighbor : 192.168.2.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv GotQ Age: 00h04m02s Tag: 0 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 Preference: 100 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.3.2 BkNextHop: 0.0.0.0 Interface: Ethernet1/1 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.
RelyNextHop: 0.0.0.0 Neighbor : 192.168.3.2 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Active Adv Age: 00h10m35s Tag: 0 Troubleshooting RIP No RIP updates received Symptom No RIP updates are received when the links work correctly. Analysis After enabling RIP, use the network command to enable corresponding interfaces. Make sure no interfaces are disabled from handling RIP messages.
Configuring OSPF This chapter describes how to configure OSPF. Overview Open Shortest Path First (OSPF) is a link state interior gateway protocol developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. Unless otherwise stated, OSPF refers to OSPFv2 throughout this document. OSPF has the following features: • Wide scope—Supports various network sizes and up to several hundred routers in an OSPF routing domain.
LSA types OSPF advertises routing information in Link State Advertisements (LSAs). The following describes some commonly used LSAs: • Router LSA—Type-1 LSA, originated by all routers and flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. • Network LSA—Type-2 LSA, originated for broadcast and NBMA networks by the designated router, and flooded throughout a single area only. This LSA contains the list of routers connected to the network.
Figure 12 Area based OSPF network partition Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF requires the following: • All non-backbone areas must maintain connectivity to the backbone area. • The backbone area must maintain connectivity within itself. In practice, the requirements might not be satisfied due to lack of physical links.
Figure 14 Virtual link application 2 The virtual link between the two ABRs acts as a point-to-point connection. You can configure interface parameters, such as hello interval, on the virtual link as they are configured on a physical interface. The two ABRs on the virtual link unicast OSPF packets to each other, and the OSPF routers in between convey these OSPF packets as normal IP packets.
Router types OSPF classifies routers into the following types based on their positions in the AS: • Internal router—All interfaces on an internal router belong to one OSPF area. • Area Border Router (ABR)—Belongs to more than two areas, one of which must be the backbone area. An ABR connects the backbone area to a non-backbone area. An ABR and the backbone area can be connected through a physical or logical link.
A Type-2 external route has low credibility. OSPF considers the cost from the ASBR to the destination of a Type-2 external route is much greater than the cost from the ASBR to an OSPF internal router. The cost from the internal router to the destination of the Type-2 external route = the cost from the ASBR to the destination of the Type-2 external route.
• DR—Elected to advertise routing information among other routers. If the DR fails, routers on the network must elect another DR and synchronize information with the new DR. Using this mechanism alone is time-consuming and prone to route calculation errors. • BDR—Elected along with the DR to establish adjacencies with all other routers. When the DR fails, the BDR immediately becomes the new DR, and other routers elect a new BDR. Routers other than the DR and BDR are called "DROthers.
• RFC 3630, Traffic Engineering Extensions to OSPF Version 2 • RFC 4811, OSPF Out-of-Band LSDB Resynchronization • RFC 4812, OSPF Restart Signaling • RFC 4813, OSPF Link-Local Signaling OSPF configuration task list To run OSPF in a routing domain, you must first enable OSPF on the routers. Make a proper configuration plan to avoid wrong settings that can result in route blocking and routing loops. Complete the following tasks to configure OSPF: Task Remarks Enabling OSPF Required.
Task Configuring OSPF GR Remarks Enabling compatibility with RFC 1583 Optional. Logging neighbor state changes Optional. Configuring OSPF network management Optional. Enabling message logging Optional. Enabling the advertisement and reception of opaque LSAs Optional. Configuring OSPF to give priority to receiving and processing hello packets Optional. Configuring the LSU transmit rate Optional. Enabling OSPF ISPF Optional. Configuring the OSPF GR helper Optional.
Configuration procedure To enable OSPF: Step 1. Enter system view. Command Remarks system-view N/A Optional. Not configured by default. 2. Configure a global router ID. router id router-id 3. Enable an OSPF process and enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * 4. Configure a description for the OSPF process. description description 5. Configure an OSPF area and enter OSPF area view. area area-id 6. Configure a description for the area.
flooded within the stub area. The ABR generates a default route into the stub area so all packets destined outside of the AS are sent through the default route. To further reduce the routing table size and routing information exchanged in the stub area, you can configure it as a totally stub area by using the stub no-summary command on the ABR. AS external routes and inter-area routes are not distributed into the area. All the packets destined outside of the area are sent to the ABR for forwarding.
Step 3. 4. Command Remarks Enter area view. area area-id N/A Configure the area as an NSSA area. nssa [ default-route-advertise | no-import-route | no-summary | translate-always | translator-stability-interval value ] * Not configured by default. Optional. Specify a cost for the default route advertised to the NSSA area. 5. The default cost is 1. default-cost cost The default-cost command takes effect only on the ABR/ASBR of an NSSA area and a totally NSSA area.
• NBMA—When the link layer protocol is Frame Relay, ATM, or X.25, OSPF considers the network type as NBMA by default. • P2P—When the link layer protocol is PPP, LAPB, or HDLC, OSPF considers the network type as P2P by default. Follow these guidelines when you change the network type of an interface: • When an NBMA network becomes fully meshed (any two routers in the network have a direct virtual circuit in between), change the network type to broadcast to avoid manual configuration of neighbors.
The router priority configured with the ospf dr-priority command is for actual DR election. The priority configured with the peer command indicates whether a neighbor has the election right or not. If you configure the router priority for a neighbor as 0, the local router will assume the neighbor has no election right, and thus send no hello packets to this neighbor. However, if the local router is the DR or BDR, it still sends hello packets to the neighbor with priority 0 for neighborship establishment.
Step Command Remarks Optional. Specify a neighbor and its router priority. 6. peer ip-address [ cost value | dr-priority dr-priority ] By default, no neighbor is specified. This step must be performed if the network type is P2MP unicast, and is optional if the network type is P2MP. Configuring the P2P network type for an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enter OSPF area view. area area-id N/A 4. Configure ABR route summarization. abr-summary ip-address { mask | mask-length } [ advertise | not-advertise ] [ cost cost ] Not configured by default. The command is available on an ABR only.
Step 2. 3. Command Remarks Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A Configure inbound route filtering. filter-policy { acl-number [ gateway ip-prefix-name ] | gateway ip-prefix-name | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] | route-policy route-policy-name } import Not configured by default. Configuring ABR Type-3 LSA filtering You can configure an ABR to filter Type-3 LSAs advertised to an area.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Configure a bandwidth reference value. bandwidth-reference value Optional. The value defaults to 100 Mbps. Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks 1. Enter system view. system-view N/A 2.
Configuring OSPF to redistribute routes from other routing protocols On a router running OSPF and other routing protocols, you can configure OSPF to redistribute routes from other protocols such as RIP, IS-IS, BGP, static routes, and direct routes, and advertise them in Type-5 LSAs or Type-7 LSAs. In addition, you can filter redistributed routes so that OSPF advertises only permitted routes in Type-5 LSAs or Type-7 LSAs. To configure OSPF route redistribution: Step Command Remarks 1. Enter system view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A Optional. Configure the default parameters for redistributed routes (cost, upper limit, tag, and type). 3. default { cost cost | limit limit | tag tag | type type } * The default cost is 1, the default maximum number of routes redistributed per time is 1000, the default tag is 1, and default type of redistributed routes is Type-2.
• Poll timer—Interval for sending hello packets to a neighbor that is down on the NBMA network. The poll interval is at least four times the hello interval. • Dead timer—Interval within which if the interface receives no hello packet from the neighbor, it declares the neighbor is down. The dead interval must be at least four times the hello interval on an interface.
Step 3. Command Specify the LSA transmission delay. ospf trans-delay seconds Remarks Optional. The default setting is 1 second. Specifying SPF calculation interval LSDB changes result in SPF calculations. When the topology changes frequently, a large amount of network and router resources are occupied by SPF calculation. You can adjust the SPF calculation interval to reduce the impact. When network changes are not frequent, the minimum-interval is adopted.
Specifying the LSA generation interval You can adjust the LSA generation interval to protect network resources and routers from being over consumed by frequent network changes. When network changes are not frequent, LSAs are generated at the minimum-interval. If network changes become frequent, the LSA generation interval is incremented by incremental-interval × 2n-2 (n is the number of generation times) each time a LSA generation occurs until the maximum-interval is reached.
a link to a transit network, or a virtual link. On such links, a maximum cost value of 65,535 is used. Neighbors do not send packets to the stub router as long as they have a route with a smaller cost. To configure a router as a stub router: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Configure the router as a stub router.
Configuring OSPF interface authentication Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A • Configure simple authentication: 3. Configure OSPF interface authentication mode. ospf authentication-mode simple [ cipher | plain ] password • Configure MD5 authentication: ospf authentication-mode { hmac-md5 | md5 } key-id [ cipher | plain ] password Use either method. By default, no authentication is configured.
To avoid routing loops, configure all the routers in a routing domain to be either compatible or incompatible with RFC 1583. To make them compatible: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enable compatibility with RFC 1583. rfc1583 compatible Optional. Enabled by default.
Step 3. Command Enable OSPF trap generation. Remarks snmp-agent trap enable ospf [ process-id ] [ ifauthfail | ifcfgerror | ifrxbadpkt | ifstatechange | iftxretransmit | lsdbapproachoverflow | lsdboverflow | maxagelsa | nbrstatechange | originatelsa | vifcfgerror | virifauthfail | virifrxbadpkt | virifstatechange | viriftxretransmit | virnbrstatechange ] * Optional. Enabled by default. Enabling message logging Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view.
Step Configure OSPF to give priority to receiving and processing hello packets. 2. Command Remarks ospf packet-process prioritized-treatment Not configured by default. Configuring the LSU transmit rate Sending large numbers of LSU packets affects router performance and consumes too much network bandwidth. You can configure the router to send LSU packets at a proper interval and limit the maximum number of LSU packets sent out of an OSPF interface each time.
• IETF standard GR—Uses Opaque LSAs to implement GR. • Non IETF standard GR—Uses link local signaling (LLS) to advertise GR capability and uses out of band synchronization to synchronize the LSDB. Configuring the OSPF GR helper You can configure the IETF standard or non IETF standard OSPF GR helper. Configuring the IETF standard OSPF GR helper Step Command Remarks 1. Enter system view. system-view N/A 2. Enable OSPF and enter its view.
Configuring BFD for OSPF Bidirectional forwarding detection (BFD) provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide. OSPF supports the following BFD detection methods: • Control packet bidirectional detection, which requires BFD configuration to be made on both OSPF routers on the link.
Task Command Remarks Display Link State Database information. display ospf [ process-id ] lsdb [ brief | [ { ase | router | network | summary | asbr | nssa | opaque-link | opaque-area | opaque-as } [ link-state-id ] ] [ originate-router advertising-router-id | self-originate ] ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display OSPF neighbor information.
OSPF configuration examples These configuration examples only cover OSPF configuration related commands. Configuring OSPF basic functions Network requirements • Enable OSPF on all routers, and split the AS into three areas. • Configure Router A and Router B as ABRs. Figure 18 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure OSPF basic functions: # Configure Router A.
system-view [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] ospf [RouterD-ospf-1] area 2 [RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] quit [RouterD-ospf-1] quit 3.
10.2.1.0/24 1 Transit 10.2.1.1 10.2.1.1 0.0.0.1 10.3.1.0/24 2 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.4.1.0/24 2 Stub 10.2.1.2 10.4.1.1 0.0.0.1 10.5.1.0/24 3 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.1.1.0/24 1 Transit 10.1.1.1 10.2.1.1 0.0.0.0 Total Nets: 5 Intra Area: 3 Inter Area: 2 ASE: 0 NSSA: 0 # Display the Link State Database on Router A. [RouterA] display ospf lsdb OSPF Process 1 with Router ID 10.2.1.1 Link State Database Area: 0.0.0.
# Ping 10.4.1.1 to check connectivity. [RouterD] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=2 ms Reply from 10.4.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms Reply from 10.4.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms --- 10.4.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.
display ospf abr-asbr OSPF Process 1 with Router ID 10.5.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.3.1.1 0.0.0.2 10 10.3.1.1 ABR Inter 10.4.1.1 0.0.0.2 22 10.3.1.1 ASBR # Display the OSPF routing table of Router D. display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.
Figure 20 Network diagram Eth1/2 10.4.1.1/24 Eth1/2 10.3.1.1/24 Eth1/1 10.1.1.1/24 Eth1/1 10.2.1.2/24 Router E Router D Eth1/1 10.1.1.2/24 Eth1/3 10.2.1.1/24 Router C Eth1/2 11.1.1.2/24 AS 100 EBGP Eth1/2 11.1.1.1/24 Router B Eth1/1 11.2.1.1/24 Eth1/1 11.2.1.2/24 AS 200 Router A Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure OSPF basic functions: # Configure Router A.
[RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit # Configure Router E. system-view [RouterE] ospf [RouterE-ospf-1] area 0 [RouterE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [RouterE-ospf-1-area-0.0.0.0] quit [RouterE-ospf-1] quit 3.
5. Configure summary route 10.0.0.0/8 on Router B and advertise it: [RouterB-ospf-1] asbr-summary 10.0.0.0 8 # Display the routing table of Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost NextHop Interface 10.0.0.0/8 O_ASE 150 2 11.2.1.1 Eth1/1 11.2.1.0/24 Direct 0 0 11.2.1.2 Eth1/1 11.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
# Display ABR/ASBR information on Router C. display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.2.1.1 0.0.0.1 3 10.2.1.1 ABR Inter 10.3.1.1 0.0.0.1 5 10.2.1.1 ABR Inter 10.5.1.1 0.0.0.1 7 10.2.1.1 ASBR # Display OSPF routing information on Router C. display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type 10.2.
[RouterC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 4 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 3 Transit 10.2.1.2 10.2.1.1 0.0.0.1 10.3.1.0/24 7 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.4.1.0/24 3 Stub 10.4.1.1 10.4.1.1 0.0.0.1 10.5.1.0/24 17 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.
Figure 22 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configuring OSPF basic functions (see "Configuring OSPF basic functions"). 3. Configure Area 1 as an NSSA area: # Configure Router A. system-view [RouterA] ospf [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] nssa [RouterA-ospf-1-area-0.0.0.1] quit # Configure Router C. system-view [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.
10.3.1.0/24 7 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.4.1.0/24 3 Stub 10.4.1.1 10.4.1.1 0.0.0.1 10.5.1.0/24 17 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.1 Total Nets: 5 Intra Area: 2 4. Inter Area: 3 ASE: 0 NSSA: 0 Configure a static route and configure OSPF to redistribute the static route on Router C: [RouterC] ip route-static 3.1.2.1 24 10.4.1.
Figure 23 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure OSPF basic functions: # Configure Router A. system-view [RouterA] router id 1.1.1.1 [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B. system-view [RouterB] router id 2.2.2.
[RouterD-ospf-1] return # Display neighbor information on Router A. [RouterA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(Ethernet1/1)'s neighbors Router ID: 2.2.2.2 State: 2-Way Address: 192.168.1.2 Mode: None DR: 192.168.1.4 Priority: 1 BDR: 192.168.1.3 Dead timer due in 38 GR State: Normal MTU: 0 sec Neighbor is up for 00:01:31 Authentication Sequence: [ 0 ] Router ID: 3.3.3.3 State: Full Address: 192.168.1.
Area 0.0.0.0 interface 192.168.1.4(Ethernet1/1)'s neighbors Router ID: 1.1.1.1 State: Full Address: 192.168.1.1 Mode:Nbr is DR: 192.168.1.4 Slave BDR: 192.168.1.3 Dead timer due in 31 GR State: Normal Priority: 100 MTU: 0 sec Neighbor is up for 00:11:17 Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 State: Full Address: 192.168.1.2 Mode:Nbr is DR: 192.168.1.4 Slave Priority: 0 BDR: 192.168.1.
Router ID: 3.3.3.3 State: Full Address: 192.168.1.3 Mode: Nbr is Slave DR: 192.168.1.1 Priority: 2 BDR: 192.168.1.3 Dead timer due in 39 GR State: Normal MTU: 0 sec Neighbor is up for 00:01:41 Authentication Sequence: [ 0 ] The output shows that Router A becomes the DR and Router C becomes the BDR. The full neighbor state means an adjacency has been established. The 2-way neighbor state means the two routers are not the DR or BDR, and they do not exchange LSAs.
2. Configure OSPF basic functions: # Configure Router A. system-view [RouterA] ospf 1 router-id 1.1.1.1 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit # Configure Router B. system-view [RouterB] ospf 1 router-id 2.2.2.2 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] area 1 [RouterB–ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.
# Configure Router B. [RouterB] ospf [RouterB-ospf-1] area 1 [RouterB-ospf-1-area-0.0.0.1] vlink-peer 3.3.3.3 [RouterB-ospf-1-area-0.0.0.1] quit [RouterB-ospf-1] quit # Configure Router C. [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] vlink-peer 2.2.2.2 [RouterC-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Router B. [RouterB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type AdvRouter Area 10.
Figure 25 Network diagram Configuration procedure 1. Configure IP address for interfaces. (Details not shown.) 2. Configure OSPF basic functions: # Configure Router A system-view [RouterA] router id 1.1.1.1 [RouterA] ospf 100 [RouterA-ospf-100] area 0 [RouterA-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterA-ospf-100-area-0.0.0.0] quit # Configure Router B system-view [RouterB] router id 2.2.2.2 [RouterB] ospf 100 [RouterB-ospf-100] area 0 [RouterB-ospf-100-area-0.0.0.
# Configure Router B as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [RouterB-ospf-100] enable link-local-signaling [RouterB-ospf-100] enable out-of-band-resynchronization # Configure Router C as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100.
Configuring route filtering Network requirements • In Figure 26, all the routers in the network run OSPF. The AS is divided into three areas. • Router A works as the ABR between Area 0 and Area 1. Router B works as the ABR between Area 0 and Area 2. • Configure Router C as an ASBR to redistribute external routes (static routes), and configure a filter policy on Router C to filter out route 3.1.3.0/24. • Configure a routing policy on Router A to filter route 10.5.1.0/24.
4. 3.1.2.0/24 O_ASE 150 1 10.2.1.2 Eth1/2 3.1.3.0/24 O_ASE 150 1 10.2.1.2 Eth1/2 10.1.1.0/24 Direct 0 0 10.1.1.1 Eth1/1 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 0 10.2.1.1 Eth1/2 10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.3.1.0/24 OSPF 10 4 10.1.1.2 Eth1/1 10.4.1.0/24 OSPF 10 13 10.2.1.2 Eth1/2 10.5.1.0/24 OSPF 10 14 10.1.1.2 Eth1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
[RouterA-ospf-1] filter-policy 2000 import [RouterA-ospf-1] quit # Display the OSPF routing table of Router A. [RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost NextHop Interface 3.1.1.0/24 O_ASE 150 1 10.2.1.2 Eth1/2 3.1.2.0/24 O_ASE 150 1 10.2.1.2 Eth1/2 10.1.1.0/24 Direct 0 0 10.1.1.1 Eth1/1 10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.2.1.0/24 Direct 0 0 10.2.1.1 Eth1/2 10.2.1.1/32 Direct 0 0 127.
Router C Eth 1/1 10.1.1.100/24 Eth 1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for the interfaces. (Details not shown.) 2. Configure OSPF basic functions: # Configure Router A. system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.
[RouterB] bfd session init-mode active [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospf bfd enable [RouterB-Ethernet1/1] bfd min-transmit-interval 500 [RouterB-Ethernet1/1] bfd min-receive-interval 500 [RouterB-Ethernet1/1] bfd detect-multiplier 6 4. Verify the configuration: The following operations are performed on Router A. The operations on Router B and Router C are similar. (Details not shown.) # Display BFD information on Router A.
# After the link over which Router A and Router B communicates through the Layer 2 switch fails, Router A quickly detects the change on Router B. %Nov 12 18:34:48:823 2005 RouterA BFD/5/LOG: Sess[192.168.0.102/192.168.0.100, Eth1/1], Sta : UP->DOWN, Diag: 1 %Nov 12 18:34:48:824 2005 RouterA RM/4/RMLOG:OSPF-NBRCHANGE: Process 1, Neighbour 192.168.0.102 (Ethernet1/1) from Full to Down *0.50673825 RouterA BFD/8/SCM:Sess[192.168.0.102/192.168.0.100,Eth1/1],Oper: Reset *0.
Tag: 0 Destination: 120.1.1.0/24 Protocol: OSPF Process ID: 0 Preference: 0 Cost: 2 IpPrecedence: QosLcId: NextHop: 192.168.0.100 BkNextHop: 0.0.0.0 Interface: Ethernet1/1 BkInterface: RelyNextHop: 0.0.0.0 Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Invalid Adv Age: 00h58m05s Tag: 0 Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom No OSPF neighbor relationship can be established.
Solution 1. Use the display ospf peer command to verify neighbor information. 2. Use the display ospf interface command to verify OSPF interface information. 3. Use the display ospf lsdb command to verify the LSDB. 4. Use the display current-configuration configuration ospf command to verify area configuration. If more than two areas are configured, at least one area is connected to the backbone. 5. In a stub area, all routers attached are configured with the stub command.
Configuring IS-IS This chapter describes how to configure IS-IS for an IPv4 network. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the International Organization for Standardization (ISO) to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, and the new one is called "Integrated IS-IS" or "Dual IS-IS.
The IDP and DSP are variable in length. The length of an NSAP address varies from 8 bytes to 20 bytes. Figure 28 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address. Typically, a router only needs one area address, and all nodes in the same area must have the same area address.
• System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6-byte. • SEL—Has a value of 0 and a fixed length of 1-byte. For example, for a NET is ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is 1234.5678.9abc, and the SEL is 00. Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning. When you configure multiple NETs, make sure their system IDs are the same.
Figure 29 IS-IS topology 1 Figure 30 shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas. Figure 30 IS-IS topology 2 NOTE: The IS-IS backbone does not need to be a specific area.
router does not advertise the routing information of other Level-1 areas and the Level-2 area to a Level-1 area, so a Level-1 router sends packets destined for other areas to the nearest Level-1-2 router. The path passing through the Level-1-2 router might not be the best. To solve this problem, IS-IS provides the route leaking feature.
A pseudonode represents a virtual node on the broadcast network. It is not a real router. In IS-IS, it is identified by the system ID of the DIS and a 1-byte Circuit ID (a non-zero value). Using pseudonodes can reduce the resources consumed by SPF and simplify network topology. NOTE: On an IS-IS broadcast networks, all routers establish adjacency relationships, but they synchronize their LSDBs through the DIS. IS-IS PDUs PDU IS-IS PDUs are encapsulated in link layer frames.
Table 4 PDU types Type PDU Type Acronym 15 Level-1 LAN IS-IS hello PDU L1 LAN IIH 16 Level-2 LAN IS-IS hello PDU L2 LAN IIH 17 Point-to-Point IS-IS hello PDU P2P IIH 18 Level-1 Link State PDU L1 LSP 20 Level-2 Link State PDU L2 LSP 24 Level-1 Complete Sequence Numbers PDU L1 CSNP 25 Level-2 Complete Sequence Numbers PDU L2 CSNP 26 Level-1 Partial Sequence Numbers PDU L1 PSNP 27 Level-2 Partial Sequence Numbers PDU L2 PSNP Hello PDU IS-to-IS hello PDUs (IIHs) are used by routers
• Holding time—If no hello packets are received from the neighbor within the holding time, the neighbor is considered down. • PDU length—Total length of the PDU in bytes. • Priority—DIS priority. • LAN ID—Includes the system ID and a 1-byte pseudonode ID. Figure 35 shows the hello packet format on the point-to-point networks. Figure 35 P2P IIH format Instead of the priority and LAN ID fields in the LAN IIH, the P2P IIH has a Local Circuit ID field.
Figure 36 L1/L2 LSP format Major fields of the L1/L2 LSP are as follows: • PDU length—Total length of the PDU in bytes. • Remaining lifetime—LSP remaining lifetime in seconds. • LSP ID—Consists of the system ID, the pseudonode ID (1 byte) and the LSP fragment number (1 byte). • Sequence number—LSP sequence number. • Checksum—LSP checksum. • P (Partition)—Partition bit that is only for L2 LSPs. This field indicates whether the router supports partition repair.
Figure 37 LSDB overload SNP A sequence number PDU (SNP) describes the complete or partial LSPs for LSDB synchronization. SNPs include Complete SNP (CSNP) and Partial SNP (PSNP), which are further divided into Level-1 CSNP, Level-2 CSNP, Level-1 PSNP and Level-2 PSNP. A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers. On broadcast networks, CSNPs are sent by the DIS periodically (10 seconds by default).
Figure 39 L1/L2 PSNP format No. of Octets 1 Intradomain routing protocol discriminator R Length indicator 1 Version/Protocol ID extension 1 ID length 1 R R 1 PDU type Version 1 Reserved 1 Maximum area address 1 PDU length 2 Source ID ID length+1 Variable length fields CLV The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 40 CLV format Table 5 shows that different PDUs contain different CLVs.
CLV Code Name PDU Type 132 IP Interface Address IIH, LSP Supported IS-IS features Multiple instances and processes IS-IS supports multiple instances and processes. Multiple processes allow an IS-IS process to work in concert with a group of interfaces. A router can run multiple IS-IS processes, and each process corresponds to a unique group of interfaces.
LSP fragment extension IS-IS advertises link state information by flooding LSPs. Because one LSP carries a limited amount of link state information, IS-IS fragments LSPs. Each LSP fragment is uniquely identified by a combination of the System ID, Pseudonode ID (0 for a common LSP or a non-zero value for a Pseudonode LSP), and LSP Number (LSP fragment number) of the node or pseudo node that generated the LSP.
Dynamic host name mapping mechanism The dynamic host name mapping mechanism provides the mappings between the host names and the system IDs for the IS-IS routers. The dynamic host name information is announced in the dynamic host name CLV of an LSP. This mechanism also provides the mapping between a host name and the DIS of a broadcast network, which is announced in the dynamic host name TLV of a pseudonode LSP. A host name is easier to remember than a system ID.
Task control Configuring a DIS priority for an interface Enhancing IS-IS network security Remarks Configuring the maximum number of ECMP routes Optional. Configuring IS-IS route summarization Optional. Advertising a default route Optional. Configuring IS-IS route redistribution Optional. Configuring IS-IS route filtering Optional. Configuring IS-IS route leaking Optional. Specifying intervals for sending IS-IS hello and CSNP packets Optional. Specifying the IS-IS hello multiplier Optional.
Enabling IS-IS Step Command Remarks 1. Enter system view. system-view N/A 2. Enable the IS-IS routing process and enter its view. isis [ process-id ] [ vpn-instance vpn-instance-name ] Not enabled by default. 3. Assign a network entity title. network-entity net Not assigned by default. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Enable an IS-IS process on the interface. isis enable [ process-id ] Disabled by default.
Interfaces with different network types operate differently. For example, broadcast interfaces on a network must elect the DIS and flood CSNP packets to synchronize the LSDBs, but P2P interfaces on a network do not need to elect the DIS, and have a different LSDB synchronization mechanism. If only two routers exist on a broadcast network, configure the network type of attached interfaces as P2P to avoid DIS election and CSNP flooding, saving network bandwidth and speeding up network convergence.
Interface bandwidth Interface cost ≤ 2500 Mbps 20 > 2500 Mbps 10 4. If none of the above costs is used, a default cost of 10 applies. Configuring an IS-IS cost for an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Specify an IS-IS cost style. cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } Optional. 4. Return to system view.
Specifying a priority for IS-IS A router can run multiple routing protocols. When routes to the same destination are found by multiple routing protocols, the route learned by the protocol with the highest priority is adopted. You can reference a routing policy to specify a priority for specific routes. For information about routing policy, see "Configuring routing policies." To configure the priority of IS-IS: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view.
Advertising a default route A router running IS-IS cannot redistribute any default routes or advertise a default route to neighbors. Perform this task to advertise a default route of 0.0.0.0/0 to the same level neighbors. You can use a routing policy to generate the default route only when a local routing entry is matched by the policy. To advertise a default route: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view.
Filtering routes calculated from received LSPs IS-IS saves the LSPs received from neighbors in the LSDB, uses the SPF algorithm to calculate the shortest path tree with itself as the root, and installs the routes into the IS-IS routing table. By referencing a configured ACL, IP prefix list, or routing policy, you can filter the calculated routes. Only the routes matching the filter can be added into the IS-IS routing table. To filter routes calculated from received LSPs: Step Command Remarks 1.
Step Command Remarks 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable IS-IS route leaking. import-route isis level-2 into level-1 [ filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name } | tag tag ] * Disabled by default.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify the number of hello packets a neighbor must miss before declaring the router is down. isis timer holding-multiplier value [ level-1 | level-2 ] Optional. 3 by default. Configuring a DIS priority for an interface On a broadcast network, ISIS must elect a router as the DIS at a routing level. You can specify a DIS priority at a level for an interface.
If a PPP interface's peer IP address is on a different network segment, disable the hello source address check for the PPP interface to establish the neighbor relationship with the peer. To enable neighbor relationships over different network segments: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Disable hello source address check for the PPP interface.
Each router needs to refresh LSPs generated by itself at a configurable interval and send them to other routers to prevent valid routes from being aged out. A smaller refresh interval speeds up network convergence but consumes more bandwidth. When the network topology changes, for example, a neighbor is down or up, or the interface metric, system ID, or area ID is changed, the router generates an LSP after a configurable interval.
If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in this area. Otherwise, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services. To specify LSP lengths: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3.
Limiting LSP flooding In well-connected ATM, FR and NBMA networks, many P2P links exist. Figure 41 shows a fully meshed network, where Routers A, B, C and D run IS-IS. When Router A generates an LSP, it floods the LSP out of Ethernet 1/1, Ethernet 1/2 and Ethernet 1/3. After receiving the LSP from Ethernet 1/3, Router D floods it out of Ethernet 1/1 and Ethernet 1/2 to Router B and Router C. However, Router B and Router C have already received the LSP from Router A. LSP flooding consumes extra bandwidth.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure the SPF calculation interval. timer spf maximum-interval [ initial-interval [ second-wait-interval ] ] Optional. The default SPF calculation interval is 10 seconds. Assigning a high priority to IS-IS routes An IS-IS topology change causes network convergence.
Configuring system ID to host name mappings In IS-IS, a system ID identifies a router or host uniquely. A system ID has a fixed length of 6 bytes. When an administrator needs to view IS-IS neighbor information, routing table, or LSDB information, using the system IDs in dotted decimal notation is not convenient. To solve it, configure the mappings between system IDs and host names, as host names are easier to remember and use. Such mappings can be configured manually or dynamically.
Step Command Remarks Optional. Not configured by default. Configure a DIS name. 6. isis dis-name symbolic-name This command takes effect only on a router with dynamic system ID to host name mapping configured. This command is not supported on P2P interfaces. Enabling the logging of neighbor state changes Logging of neighbor state changes enables the router to output neighbor state changes to the console terminal. To enable the logging of neighbor state changes: Step Command Remarks 1.
If neither ip nor osi is specified, the OSI related fields in LSPs are checked. • To configure neighbor relationship authentication: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify the authentication mode and password. isis authentication-mode { md5 | simple } [ cipher ] password [ level-1 | level-2 ] [ ip | osi ] By default, no authentication is configured.
Configuring IS-IS GR Restarting IS-IS on a router will cause network disconnections and route reconvergence. With the GR feature, the restarting router (known as the "GR restarter") can notify the event to its GR capable neighbors. GR capable neighbors (known as "GR helpers") keep their adjacencies with the router within a configurable GR interval. After the restart, the router contacts its neighbors to retrieve its routing table. During this process, the network keeps stable.
Binding an IS-IS process with MIBs This task allows you to bind MIB with an IS-IS process to send and collect information. For more information about MIB, see Network Management and Monitoring Configuration Guide. To bind an IS-IS process with MIBs: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Bind the IS-IS process with MIBs.
Task Command Remarks Display IS-IS LSDB information. display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ lsp-id lspid | lsp-name lspname ] | local | verbose ] * [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display IS-IS mesh group information. display isis mesh-group [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view.
Figure 42 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IS-IS: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] isis enable 1 [RouterA-Serial2/0] quit # Configure Router B.
[RouterC] interface serial 2/2 [RouterC-Serial2/2] isis enable 1 [RouterC-Serial2/2] quit # Configure Router D. system-view [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.00 [RouterD-isis-1] quit [RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] isis enable 1 [RouterD-Ethernet1/1] quit [RouterD] interface serial 2/0 [RouterD-Serial2/0] isis enable 1 [RouterD-Serial2/0] quit 3.
Database information for ISIS(1) -------------------------------- Level-1 Link State Database LSPID Seq Num Checksum Holdtime Length ATT/P/OL -----------------------------------------------------------------------0000.0000.0001.00-00 0x0000000d 0xc57a 991 68 0/0/0 0000.0000.0002.00-00 0x0000000c 0xef4d 1025 68 0/0/0 0000.0000.0003.
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------10.1.1.0/24 10 NULL S2/0 Direct D/L/- 10.1.2.0/24 20 NULL S2/0 10.1.1.1 R/-/- 192.168.0.0/24 20 NULL S2/0 10.1.1.1 R/-/- 0.0.0.0/0 10 NULL S2/0 10.1.1.
192.168.0.0/24 10 NULL S2/0 Direct D/L/- 10.1.1.0/24 20 NULL S2/0 192.168.0.1 R/-/- 10.1.2.0/24 20 NULL S2/0 192.168.0.1 R/-/- 172.16.0.0/16 10 NULL Eth1/1 Direct D/L/- Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set DIS election configuration Network requirements As shown in Figure 43, on a broadcast network (Ethernet), Router A, Router B, Router C, and Router D reside in IS-IS area 10.
[RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis enable 1 [RouterB-Ethernet1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] is-level level-1 [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis enable 1 [RouterC-Ethernet1/1] quit # Configure Router D. system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 10.0000.0000.0004.
Interface: Ethernet1/1 Id IPV4.State IPV6.State MTU Type DIS 001 Up Down 1497 L1/L2 No/No # Display IS-IS interfaces of Router C. [RouterC] display isis interface Interface information for ISIS(1) --------------------------------Interface: Ethernet1/1 Id IPV4.State 001 Up IPV6.State Down MTU Type DIS 1497 L1/L2 Yes/No # Display information about IS-IS interfaces of Router D.
# Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for ISIS(1) --------------------------------Interface: Ethernet1/1 Id IPV4.State 001 Up IPV6.State Down MTU Type DIS 1497 L1/L2 Yes/Yes After the DIS priority configuration, you can see Router A is the DIS for Level-1-2, and the pseudonode is 0000.0000.0001.01. # Display information about IS-IS neighbors and interfaces of Router C.
Id IPV4.State IPV6.State MTU Type DIS 001 Up Down 1497 L1/L2 No/No Configuring IS-IS route redistribution Network requirements As shown in Figure 44, Router A, Router B, Router C, and Router D reside in the same AS. They use IS-IS to interconnect. Router A and Router B are Level-1 routers, Router D is a Level-2 router, and Router C is a Level-1-2 router. Redistribute RIP routes into IS-IS on Router D. Figure 44 Network diagram Configuration procedure 1. Configure IP addresses for interfaces.
# Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface serial 2/0 [RouterC-Serial2/0] isis enable 1 [RouterC-Serial2/0] quit [RouterC] interface serial 2/1 [RouterC-Serial2/1] isis enable 1 [RouterC-Serial2/1] quit [RouterC] interface serial 2/2 [RouterC-Serial2/2] isis enable 1 [RouterC-Serial2/2] quit # Configure Router D.
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------10.1.1.0/24 10 NULL S2/1 Direct D/L/- 10.1.2.0/24 10 NULL S2/0 Direct D/L/- 192.168.0.
# Configure route redistribution from RIP to IS-IS on Router D. [RouterD-rip-1] quit [RouterD] isis 1 [RouterD–isis-1] import-route rip level-2 # Display IS-IS routing information on Router C. [RouterC] display isis route Route information for ISIS(1) ----------------------------ISIS(1) IPv4 Level-1 Forwarding Table ------------------------------------IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags -------------------------------------------------------------------------10.1.1.
Figure 45 Network diagram Configuration procedure 1. Configure IP addresses of the interfaces on each router and configure IS-IS: Follow Figure 45 to configure the IP address and subnet mask of each interface on the router. (Details not shown.) Configure IS-IS on the routers, ensuring that Router A, Router B, and Router C can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS. (Details not shown.) 2.
T2 Timer Status: Remaining Time: 59 IS-IS(1) Level-2 Restart Status Restart Interval: 150 SA Bit Supported Total Number of Interfaces = 1 Restart Status: RESTARTING Number of LSPs Awaited: 3 T3 Timer Status: Remaining Time: 140 T2 Timer Status: Remaining Time: 59 IS-IS authentication configuration example Network requirements As shown in Figure 46, Router A, Router B, Router C, and Router D reside in the same IS-IS routing domain.
[RouterA-isis-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis enable 1 [RouterA-Ethernet1/1] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis enable 1 [RouterB-Ethernet1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
[RouterB-Ethernet1/1] isis authentication-mode md5 t5Hr [RouterB-Ethernet1/1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis authentication-mode md5 t5Hr [RouterC-Ethernet1/1] quit # Specify the MD5 authentication mode and password hSec on Ethernet 1/1 of Router D and on Ethernet 1/2 of Router C.
Figure 47 Network diagram Device Interface IP address Device Interface IP address Router A Eth1/1 192.168.0.102/24 Router B Eth1/1 192.168.0.100/24 Eth1/2 10.1.1.102/24 Eth1/2 13.1.1.1/24 Router C Eth1/1 10.1.1.100/24 Eth1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IS-IS basic functions: # Configure Router A. system-view [RouterA] isis [RouterA-isis-1] network-entity 10.0000.0000.0001.
[RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis enable [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis enable [RouterC-Ethernet1/2] quit 3. Configure BFD functions: # Enable BFD on Router A and configure BFD parameters.
Tag: 0 Destination: 120.1.1.0/24 Protocol: ISIS Process ID: 1 Preference: 10 IpPrecedence: NextHop: 10.1.1.100 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Cost: 4 QosLcId: Interface: Ethernet1/2 BkInterface: Neighbor : 0.0.0.0 Tunnel ID: 0x0 Label: NULL BKTunnel ID: 0x0 BKLabel: NULL State: Invalid Adv Age: 00h58m05s Tag: 0 # Enable debugging on Router A.
Routing Table : Public Summary Count : 2 Destination: 120.1.1.0/24 Protocol: ISIS Process ID: 1 Preference: 10 IpPrecedence: NextHop: 10.1.1.100 BkNextHop: 0.0.0.0 RelyNextHop: 0.0.0.0 Cost: 4 QosLcId: Interface: Ethernet1/2 BkInterface: Neighbor : 0.0.0.
Configuring BGP Overview Border Gateway Protocol (BGP) is an exterior gateway protocol. It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271). Unless otherwise stated, BGP refers to BGP-4 in this document. BGP has the following characteristics: • Focuses on route control and the selection rather than route discovery and calculation. • Uses TCP to enhance reliability.
BGP path attributes BGP uses the following path attributes in update messages for route filtering and selection: • ORIGIN The ORIGIN attribute identifies the origin of routing information (how a route became a BGP route). This attribute has the following types: { IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute. { EGP—Has the second highest priority. Routes obtained through EGP have the EGP attribute. { • INCOMPLETE—Has the lowest priority.
{ • Filter routes—By configuring an AS path filtering list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about routing policies and AS path filtering lists, see "Configuring routing policies." NEXT_HOP The NEXT_HOP attribute is not necessarily the IP address of a directly-connected router.
Figure 50 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 MED = 0 EBGP IBGP 9.0.0.0 IBGP Router A D = 9.0.0.0 Next_hop = 3.1.1.1 MED = 100 AS 10 EBGP Router D IBGP 3.1.1.1 Router C MED = 100 AS 20 Generally, BGP only compares MEDs of routes received from the same AS. You can also use the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs.
Figure 51 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a four-byte integer).
BGP route selection BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the best route in the following sequence: 1. Highest Preferred_value 2. Highest LOCAL_PREF 3. Summary route 4. Shortest AS_PATH 5. IGP, EGP, or INCOMPLETE route in turn 6. Lowest MED value 7. Learned from EBGP, confederation, or IBGP in turn 8. Smallest next hop metric 9. Shortest CLUSTER_LIST 10. Smallest ORIGINATOR_ID 11.
• BGP load balancing through route selection BGP differs from IGP in the implementation of load balancing in the following ways: { { IGP routing protocols, such as RIP and OSPF, compute metrics of routes, and then implement load balancing over routes with the same metric and to the same destination. The route selection criterion is metric. BGP has no route computation algorithm, so it cannot implement load balancing according to metrics of routes.
The system supports both manual and automatic route summarization. Manual route summarization allows you to determine the attribute of a summary route and whether to advertise more specific routes. • Route dampening BGP route dampening solves the issue of route instability such as route flaps—a route comes up and disappears in the routing table frequently.
IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n(n-1)/2. If a large number of IBGP peers exist, large amounts of network and CPU resources are consumed to maintain sessions. Using route reflectors can solve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards the routing information received from a client to other clients.
• Confederation Confederation is another method to manage growing IBGP connections in an AS. It splits an AS into multiple sub ASs. In each sub AS, IBGP peers are fully meshed. As shown in Figure 56, intra-confederation EBGP connections are established between sub Ass in AS 200. Figure 56 Confederation network diagram A non-confederation BGP speaker does not need to know sub ASs in the confederation. It considers the confederation as one AS, and the confederation ID as the AS number.
• MP_UNREACH_NLRI—Multiprotocol Unreachable NLRI, for carrying prefixes of unfeasible routes for multiple network layer protocols. Such routes can then be withdrawn. MP-BGP uses these attributes to advertise feasible and unfeasible routes of different network layer protocols. BGP speakers not supporting MP-BGP ignore updates containing these attributes and do not forward them to its peers.
View names Ways to enter the views Remarks system-view [Sysname] bgp 100 IPv6 BGP-VPN instance view [Sysname-bgp] ipv6-family vpn-instance vpn1 Configurations in this view apply to IPv6 unicast routes in the specified VPN instance. [Sysname-bgp-ipv6-vpn1] system-view [Sysname] bgp 100 BGP VPNv4 instance view [Sysname-bgp] ipv4-family vpnv4 Configurations in this view apply to VPNv4 routes.
• RFC 4760, Multiprotocol Extensions for BGP-4 • RFC 5291, Outbound Route Filtering Capability for BGP-4 • RFC 5292, Address-Prefix-Based Outbound Route Filter for BGP-4 BGP configuration task list In a basic BGP network, you only need to perform the following configurations: • Enable BGP. • Configure BGP peers or peer groups. • Control BGP route generation. To control BGP route distribution and path selection, you must perform other configurations.
Task Tuning and optimizing BGP networks Configuring a large scale BGP network Remarks Configuring the AS_PATH attribute Optional. Configuring the BGP keepalive interval and holdtime Optional. Configuring the interval for sending the same update Optional. Allowing establishment of EBGP session to an indirectly connected peer or peer group Optional. Enabling the BGP ORF capability Optional. Enabling 4-byte AS number suppression Optional.
Step 1. Enter system view. Command Remarks system-view N/A Optional. 2. Configure a global router ID. 3. Enable BGP and enter BGP view. router id router-id By default, no global router ID is configured. BGP uses the highest loopback interface IP address as the router ID. If no loopback interface IP address is available, BGP uses the highest physical interface IP address as the router ID regardless of the interface status. Not enabled by default.
Configuring a BGP peer group In a large-scale network, grouping peers that use the same route selection policy simplifies overall configuration. When you modify the policy of the group, the modification applies to all peers in the group. However, if a peer group already contains peers, you cannot remove or change its AS number. A peer group is an IBGP peer group if peers in it belong to the local AS, and is an EBGP peer group if peers in it belong to different ASs.
To configure an EBGP peer group by using Method 1: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Specify the AS number for the group.
Step Command Enable the default use of IPv4 unicast address family for the peers that are established using the peer as-number command. default ipv4-unicast 7. Enable a peer. peer ip-address enable 8. Configure a description for a peer group. peer group-name description description-text 6. Remarks Optional. Enabled by default. This command is not supported in BGP-VPN instance view. Optional. Enabled by default. Optional. By default, no description is configured for the peer group.
To establish multiple BGP sessions between two routers, you must specify the source interface for establishing TCP connections to each peer on the local router. Otherwise, the local BGP router might fail to establish a TCP connection to a peer when using the outbound interface of the best route to the peer as the source interface. • To specify the source interface for TCP connections: Step Command Enter system view. 1.
Step Command Remarks Optional. 3. Inject a local network to the BGP routing table. network ip-address [ mask | mask-length ] [ route-policy route-policy-name ] Not injected by default. The network to be injected must be available and active in the local IP routing table. Redistributing IGP routes Perform this task to configure route redistribution from an IGP to BGP. By default, BGP does not redistribute default IGP routes.
To configure automatic route summarization: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name 3. Configure automatic route summarization. summary automatic Not configured by default.
Step Enter system view. 1. Command Remarks system-view N/A • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name Advertise a default route to a peer or peer group. 3. peer { group-name | ip-address } default-route-advertise [ route-policy route-policy-name ] Not advertised by default.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b.
4. peer ip-prefix import 5. peer route-policy import Only routes passing all the configured policies can be received. To configure BGP route reception filtering policies: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b.
discard a packet due to an unreachable destination. As shown in Figure 57, Router E has learned a route of 8.0.0.0/8 from Router D through BGP. Router E then sends a packet to 8.0.0.0/8 through Router D, which finds from its routing table that Router B is the next hop (configured using the peer next-hop-local command). Because Router D has learned the route to Router B through IGP, Router D forwards the packet to Router C through route recursion. Router C does not know the route 8.0.0.
You can specify the threshold value for the router to display an alarm message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router displays an alarm message. To configure the maximum number of prefixes allowed to be received from a peer or peer group: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a.
Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the route to the destination. To specify a preferred value for routes from a peer or peer group: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name 3.
Configure the default local preference The local preference is used to determine the best route for traffic leaving the local AS. When a BGP router obtains from several IBGP peers multiple routes to the same destination but with different next hops, it considers the route with the highest local preference as the best route. This task allows you to specify the default local preference for routes sent to IBGP peers. To specify the default local preference: Step 1. Enter system view.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name 3. Enable the comparison of MED of routes from different ASs. Not enabled by default. compare-different-as-med Enabling the comparison of MEDs for routes on a per-AS basis Route learning sequence might affect optimal route selection.
To resolve this issue, configure the bestroute compare-med command on Router D. After that, Router D puts routes received from the same AS into a group. Router D then selects the route with the lowest MED from the same group, and compares routes from different groups. The following output is the BGP routing table on Router D after the comparison of MED of routes from each AS is enabled. Network 10.0.0.0 learned from Router B is the optimal route. Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.0.0.
Configuring the NEXT_HOP attribute By default, when advertising routes to an IBGP peer or peer group, a BGP router does not set itself as the next hop. However, to ensure a BGP peer can find the correct next hop in some cases, you need to configure the router as the next hop for routes sent to the peer. For example, as shown in Figure 59, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship.
Step Command Remarks Optional. 3. Specify the router as the next hop of routes sent to a peer or peer group. peer { group-name | ip-address } next-hop-local By default, the router sets it as the next hop for routes sent to an EBGP peer or peer group, but does not set it as the next hop for routes sent to an IBGP peer or peer group.
Step 3. Command Disable BGP from considering AS_PATH during best route selection. Remarks Optional. bestroute as-path-neglect By default, BGP considers AS_PATH during best route selection. Specifying a fake AS number for a peer or peer group When Router A in AS 2 is moved to AS 3, you can configure Router A to specify a fake AS number of 2 for created connections to EBGP peers or peer groups. In this way, these EBGP peers still think Router A is in AS 2 and need not change their configurations.
Use AS number substitution only in the specific scenario. Improper configuration can result in routing loops. To configure AS number substitution for a peer or peer group: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name 3.
Step Command Remarks 2. Enter BGP view or BGP-VPN instance view. bgp as-number N/A 3. Configure BGP to ignore the first AS number of EBGP route updates. ignore-first-as By default, BGP checks the first AS number of EBGP route updates. Tuning and optimizing BGP networks Configuring the BGP keepalive interval and holdtime After establishing a BGP session, two routers send keepalive messages at the specified keepalive interval to each other to keep the session.
Step Command Remarks • Configure the global keepalive interval and holdtime: timer keepalive keepalive hold holdtime 3. Configure BGP keepalive interval and holdtime. • Configure the keepalive interval and holdtime for a peer or peer group: peer { group-name | ip-address } timer keepalive keepalive hold holdtime Optional. By default, the keepalive interval is 60 seconds, and holdtime is 180 seconds.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name 3. Allow the establishment of EBGP session to an indirectly connected peer or peer group, and specify the maximum hop count.
Table 8 Description of the both, send, and receive parameters and the negotiation result Local parameter Peer parameter Negotiation result send • receive • both The local end can only send ORF information, and the peer end can only receive ORF information. receive • send • both The local end can only receive ORF information, and the peer end can only send ORF information. both both Both the local and peer ends can send and receive ORF information.
Step Enter system view. 1. Command Remarks system-view N/A • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name Enable quick reestablishment of direct EBGP session. 3. ebgp-interface-sensitive Optional. Not enabled by default.
Step Command Remarks • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ipv4-family vpn-instance vpn-instance-name Configure the maximum number of BGP routes for load balancing. 3. balance number By default, load balancing is not enabled. Forbidding session establishment with a peer or peer group This task allows you to temporarily tear down the BGP session to a specific peer or peer group.
Configuring automatic soft-reset After route refresh is enabled for peers and a policy is modified, the router advertises a route-refresh message to the peers, which then resend their routing information to the router. After receiving the routing information, the router performs dynamic route update by using the new policy. To enable BGP route refresh for a peer or peer group: Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2.
Step Command Remarks 5. Return to user view. return N/A 6. Perform manual soft-reset on BGP sessions. refresh bgp { all | ip-address | group group-name | external | internal } { export | import } N/A Configuring a large scale BGP network In a large-scale BGP network, configuration and maintenance might become difficult due to large numbers of BGP peers. To facilitate configuration, you can configure peer group, community, route reflector, or confederation as needed.
Step Command Remarks • Advertise the community 3. 4. Advertise the community attribute or extended community attribute to a peer or peer group. Apply a routing policy to routes advertised to a peer or peer group. attribute to a peer or peer group: peer { group-name | ip-address } advertise-community Use either method. • Advertise the extended Not configured by default. peer { group-name | ip-address } route-policy route-policy-name export Not configured by default.
Step Command Remarks Not configured by default. 3. Configure the router as a route reflector and specify a peer or peer group as its client. peer { group-name | ip-address } reflect-client 4. Enable route reflection between clients. reflect between-clients Configure the cluster ID of the route reflector. 5. The peer reflect-client command can be configured in both BGP view and BGP-VPNv4 subaddress family view.
Step Command Remarks 3. Configure a confederation ID. confederation id as-number Not configured by default. 4. Specify peering sub ASs in the confederation. confederation peer-as as-number-list Not configured by default. Configuring confederation compatibility If some other routers in the confederation do not comply with RFC 3065, you must enable confederation compatibility to allow the router to work with those routers. Step Command Remarks 1. Enter system view. system-view N/A 2.
• In general, the maximum time allowed for the peer to reestablish a BGP session must be less than the Holdtime carried in the Open message. • The End-Of-RIB (End of Routing-Information-Base) indicates the end of route updates. Perform the following configuration on the GR helper. To configure BGP GR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable BGP, and enter its view. bgp as-number N/A 3. Enable GR Capability for BGP. graceful-restart Disabled by default. 4.
Step Command Remarks 4. Enter BGP-VPN instance view. ipv4-family vpn-instance vpn-instance-name Optional. 5. Enable the logging of session state changes for a peer or peer group. peer { group-name | ip-address } log-change Optional. N/A Enabled by default. Configuring BFD for BGP BGP maintains neighbor relationships based on the keepalive timer and holdtime timer, which are set in seconds. BGP defines that the holdtime interval must be at least three times the keepalive interval.
Task Command Remarks Display AS path information. display bgp paths [ as-regular-expression | | { begin | exclude | include } regular-expression ] Available in any view. Display BGP peer or peer group information. display bgp peer [ ip-address { log-info | verbose } | group-name log-info | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display the prefix information in the ORF message from the specified BGP peer.
Task Command Remarks Display the global router ID. display router id [ | { begin | exclude | include } regular-expression ] Available in any view. Resetting BGP session Task Command Remarks Reset the specified BGP session. reset bgp { as-number | ip-address | all | external | group group-name | internal } Available in user view. Reset all IPv4 unicast BGP sessions. reset bgp ipv4 all Available in any view.
{ { { To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections. Because loopback interfaces are virtual interfaces, you need to use the peer connect-interface command to specify the loopback interface as the source interface for establishing BGP connections. Enable OSPF in AS 65009 to make sure that Router B can communicate with Router C through loopback interfaces. # Configure Router B.
To enable Router C to access the network 8.1.1.0/24 connected directly to Router A, inject network 8.1.1.0/24 to the BGP routing table of Router A. { # Configure Router A. system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] network 8.1.1.1 24 [RouterA-bgp] quit # Configure Router B. [RouterB] bgp 65009 [RouterB-bgp] peer 3.1.1.2 as-number 65008 [RouterB-bgp] quit # Display BGP peer information on Router B.
Origin : i - IGP, e - EGP, ? - incomplete *> Network NextHop MED 8.1.1.0/24 3.1.1.2 0 LocPrf PrefVal Path/Ogn 0 65008i # Display the BGP routing table on Router C. [RouterC] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 8.1.1.0/24 3.1.1.
[RouterC] display bgp routing-table Total Number of Routes: 4 BGP Local router ID is 3.3.3.3 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn i 2.2.2.2/32 2.2.2.2 0 100 0 ? *>i 3.1.1.0/24 2.2.2.2 0 100 0 ? *>i 8.1.1.0/24 3.1.1.2 0 100 0 65008i * i 9.1.1.0/24 2.2.2.2 0 100 0 ? The output shows that the route 8.1.1.
Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure OSPF: Enable OSPF in AS 65009, so that Router B can obtain the route to 9.1.2.0/24. # Configure Router B. system-view [RouterB] ospf 1 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C.
# Display the BGP routing table on Router A. [RouterA] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 1.1.1.1 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 3.3.3.3/32 3.1.1.1 1 0 65009? *> 8.1.1.0/24 0.0.0.0 0 0 i *> 9.1.2.0/24 3.1.1.1 1 0 65009? # Display the routing table on Router C.
PING 8.1.1.1: 56 data bytes, press CTRL_C to break Reply from 8.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=2 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=3 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 8.1.1.1: bytes=56 Sequence=5 ttl=254 time=2 ms --- 8.1.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.
internal network through Router C; configure a static route to interface loopback 0 on Router B (or use another protocol like OSPF) to establish the IBGP connection. # Configure Router A. system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] peer 3.1.2.1 as-number 65009 [RouterA-bgp] network 8.1.1.1 24 [RouterA-bgp] quit # Configure Router B. system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.
{ { 3. The output shows two valid routes to destination 9.1.1.0/24: the route with next hop 3.1.1.1 is marked with a greater-than sign (>), indicating it is the best route; the route with next hop 3.1.2.1 is marked with only an asterisk (*), indicating it is a valid route, but not the best. By using the display ip routing-table command, you can find only one route to 9.1.1.0/24 with next hop 3.1.1.1 and outbound interface S2/0.
Figure 65 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure static routing between Router A and Router B: # Configure a default route with the next hop 192.168.212.1 on Router A. system-view [RouterA] ip route-static 0.0.0.0 0 192.168.212.1 # Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B. system-view [RouterB] ip route-static 192.
Destinations : 10 Destination/Mask Proto 3.3.3.3/32 Routes : 10 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 10.220.2.0/24 Direct 0 0 10.220.2.16 S2/0 10.220.2.16/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 172.17.100.0/24 Direct 0 0 172.17.100.2 S2/1 172.17.100.2/32 Direct 0 0 127.0.0.1 InLoop0 192.168.64.0/24 O_ASE 150 1 172.17.100.1 S2/1 192.168.74.0/24 O_ASE 150 1 172.
After the above configurations, ping the hosts on networks 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 from Router D. The ping operations succeed. 5. Configure route summarization on Router C: # Summarize 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 into a single route 192.168.64.0/18 on Router C and disable advertisement of the specific routes. [RouterC-bgp] aggregate 192.168.64.
BGP community configuration Network requirements As shown in Figure 66, EBGP runs between Router B and Router A, and between Router B and Router C. Configure No_Export community attribute on Router A to make routes from AS 10 not advertised by AS 20 to any other AS. Figure 66 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure EBGP connections: # Configure Router A. system-view [RouterA] bgp 10 [RouterA-bgp] router-id 1.1.1.
Local AS number : 20 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Original nexthop: 200.1.2.1 AS-path : 10 Origin : igp Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Advertised to such 1 peers: 200.1.3.2 Router B has advertised the route to Router C in AS 30. # Display BGP routing table information on Router C. [RouterC] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 3.3.3.
Attribute value : MED 0, pref-val 0, pre 255 State : valid, external, best, Not advertised to any peers yet The output shows that BGP has not learned any route. BGP route reflector configuration Network requirements As shown in Figure 67, all routers run BGP. • EBGP runs between Router A and Router B. IBGP runs between Router C and Router B, and between Router C and Router D. • Router C is a route reflector with clients Router B and D. • Router D can learn route 1.0.0.0/8 from Router C.
[RouterC-bgp] peer 193.1.1.2 as-number 200 [RouterC-bgp] peer 194.1.1.2 as-number 200 [RouterC-bgp] quit # Configure Router D. system-view [RouterD] bgp 200 [RouterD-bgp] peer 194.1.1.1 as-number 200 [RouterD-bgp] quit Configure the route reflector: 3. # Configure Router C as the route reflector. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.2 reflect-client [RouterC-bgp] peer 194.1.1.2 reflect-client [RouterC-bgp] quit Verifying the configuration # Display the BGP routing table on Router B.
Figure 68 Network diagram Router C Router B Eth1/1 Eth1/1 Eth1/1 AS 65002 S2/0 AS 65003 Router F Eth1/4 AS 100 Eth1/1 S2/1 Eth1/2 Eth1/2 Router A Eth1/1 Eth1/3 Eth1/2 AS 200 Router D AS 65001 Eth1/1 Router E Device Interface IP address Device Interface IP address Router A S2/1 200.1.1.1/24 Router D Eth1/1 10.1.5.1/24 Eth1/1 10.1.2.1/24 Eth1/2 10.1.3.2/24 Eth1/2 10.1.3.1/24 Eth1/1 10.1.5.2/24 Eth1/3 10.1.4.1/24 Eth1/2 10.1.4.2/24 Eth1/4 10.1.1.1/24 Eth1/1 9.1.1.
system-view [RouterC] bgp 65003 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] confederation id 200 [RouterC-bgp] confederation peer-as 65001 65002 [RouterC-bgp] peer 10.1.2.1 as-number 65001 [RouterC-bgp] quit 3. Configure IBGP connections in AS 65001: # Configure Router A. [RouterA] bgp 65001 [RouterA-bgp] peer 10.1.3.2 as-number 65001 [RouterA-bgp] peer 10.1.3.2 next-hop-local [RouterA-bgp] peer 10.1.4.2 as-number 65001 [RouterA-bgp] peer 10.1.4.
Total Number of Routes: 1 BGP Local router ID is 2.2.2.2 Status codes: * - valid, ^ - VPNv4 best, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network *>i NextHop 9.1.1.0/24 MED LocPrf 0 100 10.1.1.1 PrefVal Path/Ogn 0 (65001) 100i [RouterB] display bgp routing-table 9.1.1.0 BGP local router ID : 2.2.2.2 Local AS number : 65002 Paths: 1 available, 1 best BGP routing table entry information of 9.1.1.0/24: From : 10.1.1.
Origin : igp Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, internal, best, Not advertised to any peers yet The output shows the following: • Router F can send route information to Router B and Router C through the confederation by establishing only an EBGP connection with Router A. • Router B and Router D are in the same confederation, but belong to different sub ASs.
[RouterB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] ospf [RouterC-ospf] area 0 [RouterC-ospf-1-area-0.0.0.0] network 193.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] ospf [RouterD-ospf] area 0 [RouterD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.
{ Method 1: Specify a higher MED value for the route 1.0.0.0/8 advertised to 192.1.1.2 to make Router D give priority to the route learned from Router C. # Define ACL 2000 to permit the route 1.0.0.0/8 [RouterA] acl number 2000 [RouterA-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [RouterA-acl-basic-2000] quit # Define routing policy apply_med_50 that sets the MED value of route 1.0.0.0/8 to 50, and routing policy apply_med_100 that sets the MED value of route 1.0.0.0/8 to 100.
[RouterC-route-policy] quit # Apply the routing policy localpref to the route from the peer 193.1.1.1 on Router C. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.1 route-policy localpref import [RouterC-bgp] quit # Display the BGP routing table on Router D. [RouterD] display bgp routing-table Total Number of Routes: 2 BGP Local router ID is 194.1.1.
# Enable GR capability for BGP. [RouterA-bgp] graceful-restart 2. Configure Router B: # Configure IP addresses for interfaces. (Details not shown.) # Configure the EBGP connection. system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 200.1.1.2 as-number 65008 # Configure the IBGP connection. [RouterB-bgp] peer 9.1.1.2 as-number 65009 # Inject networks 200.1.1.0/24 and 9.1.1.0/24 to the BGP routing table. [RouterB-bgp] network 200.1.1.0 24 [RouterB-bgp] network 9.
Figure 71 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure OSPF so that Router A and Router C are reachable to each other. (Details not shown.) 3. Configure BGP on Router A: # Establish two IBGP connections to Router C. system-view [RouterA] bgp 200 [RouterA-bgp] peer 3.0.2.2 as-number 200 [RouterA-bgp] peer 2.0.2.2 as-number 200 [RouterA-bgp] quit # Create ACL 2000 to permit 1.1.1.0/24 to pass.
[RouterA-bgp] quit 4. Configure BGP on Router C: system-view [RouterC] bgp 200 [RouterC-bgp] peer 3.0.1.1 as-number 200 [RouterC-bgp] peer 3.0.1.1 bfd [RouterC-bgp] peer 2.0.1.1 as-number 200 [RouterC-bgp] quit 5. Configure BFD parameters (you can use default BFD parameters instead): # Configure Router A. { Configure active-mode BFD on Ethernet 1/2.
Recv Pkt Num: 57 Send Pkt Num: 53 Hold Time: 2200ms Connect Type: Indirect Running Up for: 00:00:06 Auth mode: Simple Protocol: BGP Diag Info: No Diagnostic The output shows that a BFD session is established between Ethernet 1/2 of Router A and Ethernet 1/1 of Router C and that BFD runs correctly. # Display BGP peer information on Router C. The output shows that Router C has established two BGP neighborships with Router A. display bgp peer BGP local router ID : 1.1.1.
# Enable BFD debugging on Router C. debugging bfd scm debugging bfd event debugging bgp bfd terminal monitor terminal debugging # The following debugging information shows that: when the link between Router A and Router B fails, Router C can quickly detect the link failure. %Nov 5 11:42:24:172 2009 RouterC BFD/5/BFD_CHANGE_FSM: Sess[3.0.2.2/3.0.1.1,13/17,Eth1/1,Ctrl], Sta: UP->DOWN, Diag: 1 %Nov 5 11:42:24:172 2009 RouterC BGP/5/BGP_STATE_CHANGED: 3.0.1.
Solution 1. Use the display current-configuration command to verify that the peer's AS number is correct. 2. Use the display bgp peer command to verify that the peer's IP address is correct. 3. If a loopback interface is used, verify that the loopback interface is specified with the peer connect-interface command. 4. If the peer is a non-direct EBGP peer, verify that the peer ebgp-max-hop command is configured. 5.
Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: 1. Configure filters based on route attributes, such as destination address and the advertising router's address. 2.
Extended community list An extended community list matches the extended community attribute (Route-Target for VPN and Source of Origin) of BGP routing information. For more information about extended community list, see MPLS Configuration Guide. Routing policy A routing policy can comprise multiple nodes, which are in a logical OR relationship. A node with a smaller number is matched first. A route that matches one node matches the routing policy.
[Sysname] ip ip-prefix abc index 10 deny 10.1.0.0 16 [Sysname] ip ip-prefix abc index 20 deny 10.2.0.0 16 [Sysname] ip ip-prefix abc index 30 deny 10.3.0.0 16 [Sysname] ip ip-prefix abc index 40 permit 0.0.0.0 0 less-equal 32 Configuring an IPv6 prefix list Step Command Remarks 1. Enter system view. system-view N/A 2. Configure an IPv6 prefix list.
Step Command Remarks • Configure a basic community list: Configure a community list. 2. ip community-list { basic-comm-list-num | basic comm-list-name } { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * • Configure an advanced community list: ip community-list { adv-comm-list-num | advanced comm-list-name } { deny | permit } regular-expression Use either method. Not configured by default.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a routing policy and a node and enter routing policy view. route-policy route-policy-name { deny | permit } node node-number By default, no routing policy is created. Configuring if-match clauses Follow these guidelines when you configure if-match clauses: • The if-match clauses of a routing policy node have a logical AND relationship.
Step Command Remarks Match BGP routing information whose community attribute is specified in the community lists. if-match community { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number }&<1-16> Optional. 7. Match routes having the specified cost. if-match cost value 8. Match BGP routing information whose extended community attribute is specified in the extended community lists.
Step 5. 6. 7. 8. Command Remarks Set the community attribute for BGP routes. apply community { none | additive | { community-number&<1-16> | aa:nn&<1-16> | internet | no-advertise | no-export | no-export-subconfed } * [ additive ] } Set a cost for routing information. apply cost [ + | - ] value Set a cost type for routing information. apply cost-type [ external | internal | type-1 | type-2 ] Optional. Set the extended community attribute for BGP routes.
If you configure the apply community clause for multiple nodes that are combined by the continue clause, the apply comm-list delete clause configured on the current node cannot delete the community attributes set by preceding nodes. • To configure a continue clause for a routing policy: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a routing policy and enter routing policy view. route-policy route-policy-name { deny | permit } node node-number Not created by default.
Configure Router B to redistribute IS-IS routes into OSPF, and use a routing policy to set the cost of route 172.17.1.0/24 to 100 and the tag of route 172.17.2.0/24 to 20. Figure 72 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IS-IS: # Configure Router C. system-view [RouterC] isis [RouterC-isis-1] is-level level-2 [RouterC-isis-1] network-entity 10.0000.0000.0001.
system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # On Router B, configure OSPF and enable route redistribution from IS-IS. [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] import-route isis 1 [RouterB-ospf-1] quit # Display the OSPF routing table on Router A.
[RouterB-route-policy] quit [RouterB] route-policy isis2ospf permit node 30 [RouterB-route-policy] quit 6. Apply the routing policy to route redistribution on Router B: # On Router B, enable route redistribution from IS-IS and apply the routing policy. [RouterB] ospf [RouterB-ospf-1] import-route isis 1 route-policy isis2ospf [RouterB-ospf-1] quit # Display OSPF routing table information on Router A. The cost of route 172.17.1.0/24 is 100, and the tag of route 172.17.2.0/24 is 20.
# Configure IPv6 addresses for interfaces Ethernet 1/1 and Ethernet 1/2. system-view [RouterA] ipv6 [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ipv6 address 10::1 32 [RouterA-Ethernet1/1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] ipv6 address 11::1 32 [RouterA-Ethernet1/2] quit # Enable RIPng on Ethernet 1/1.
via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 18 Sec Dest 20::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 8 Sec Dest 40::/32, via FE80::7D58:0:CA03:1, cost 1, tag 0, A, 3 Sec Applying a routing policy to filter received BGP routes Network requirements • All the routers in Figure 74 run BGP. Router C establishes EBGP connections with other routers. • Configure a routing policy on Router D to reject routes from AS 200. Figure 74 Network diagram Configuration procedure 1.
[RouterC-bgp] peer 1.1.3.2 as-number 400 # Configure Router D. system-view [RouterD] bgp 400 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] peer 1.1.3.1 as-number 300 [RouterD-bgp] quit # Inject routes 4.4.4.4/24, 5.5.5.5/24, and 6.6.6.6/24 on Router A. [RouterA-bgp] network 4.4.4.4 24 [RouterA-bgp] network 5.5.5.5 24 [RouterA-bgp] network 6.6.6.6 24 # Inject routes 7.7.7.7/24, 8.8.8.8/24, and 9.9.9.9/24 on Router B. [RouterB-bgp] network 7.7.7.7 24 [RouterB-bgp] network 8.8.8.
# On Router D, specify routing policy rt1 to filter routes received from peer 1.1.3.1. [RouterD] bgp 400 [RouterD-bgp] peer 1.1.3.1 route-policy rt1 import # Display the BGP routing table information of Router D. [RouterD-bgp] display bgp routing-table Total Number of Routes: 3 BGP Local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn *> 4.
Configuring PBR Overview Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address, packet length, and other criteria. A policy can specify the output interface, next hop, default output interface, default next hop, and other parameters for packets that match specific criteria such as ACLs or have specific lengths. A device uses PBR to forward matching packets and uses the routing table to forward other packets.
Table 9 Priorities and meanings of apply clauses Clause Meaning Priority apply ip-df zero Sets the DF (Don't Fragment) bit in the IP header to 0, which means the packet can be fragmented. This clause is always executed. If this clause is configured, other apply clauses, except the apply ip-df zero clause, are not executed. apply access-vpn vpn-instance Sets VPN instances. apply ip-precedence Sets an IP precedence.
All packets can match a node where no if-match clauses are configured. If a permit-mode node has no apply clause, packets matching all the if-match clauses of the node are forwarded according to the routing table. If a node has no if-match or apply clauses configured, all packets can match the node and are forwarded according to the routing table.
NOTE: An ACL match criterion uses the specified ACL to match packets if the match mode is configured as permit. If the specified ACL does not exist or the match mode is configured as deny, no packet can match the criterion. Configuring actions for a node Step Command Remarks 1. Enter system view. system-view N/A 2. Enter policy node view. policy-based-route policy-name [ deny | permit ] node node-number N/A 3. Set the DF bit in the IP header to 0, which means the packet can be fragmented.
Configuring PBR Configuring local PBR Configure PBR by applying a policy locally. PBR uses the policy to guide the forwarding of locally generated packets. You can apply only one policy locally. If you perform the ip local policy-based-route command multiple times, only the last specified policy takes effect. If the specified policy does not exist, the local PBR configuration succeeds, but it does not take effect until the policy is created. Do not configure local PBR unless required.
Task Command Remarks Display information about local PBR and interface PBR. display ip policy-based-route [ | { begin | exclude | include } regular-expression ] Available in any view. Display PBR configuration. display ip policy-based-route setup { interface interface-type interface-number | local | policy-name } [ | { begin | exclude | include } regular-expression ] Available in any view. Display PBR statistics.
[RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 1.1.2.1 255.255.255.0 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ip address 1.1.3.1 255.255.255.0 2. Configure Router B: # Configure the IP address of the serial interface. system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 1.1.2.2 255.255.255.0 3. Configure Router C: # Configure the IP address of the serial interface.
Figure 76 Network diagram Router B Router C S2/0 1.1.2.2/24 S2/1 1.1.3.2/24 S2/0 1.1.2.1/24 Router A S2/1 1.1.3.1/24 Eth1/1 10.110.0.10/24 Subnet 10.110.0.0/24 Host A Host B 10.110.0.20/24 Gateway: 10.110.0.10 Configuration procedure NOTE: In this example, static routes are configured to ensure the reachability among devices. 1. Configure Router A: # Configure ACL 3101 to match TCP packets.
2. Configure Router B: # Configure a static route to subnet 10.110.0.0/24. system-view [RouterB] ip route-static 10.110.0.0 24 1.1.2.1 # Configure the IP address of the serial interface. [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 1.1.2.2 255.255.255.0 3. Configure Router C: # Configure a static route to subnet 10.110.0.0/24. system-view [RouterC] ip route-static 10.110.0.0 24 1.1.3.1 # Configure the IP address of the serial interface.
Configuration procedure 1. Configure Router A: # Configure RIP. system-view [RouterA] rip [RouterA-rip-1] network 192.1.1.0 [RouterA-rip-1] network 150.1.0.0 [RouterA-rip-1] network 151.1.0.0 [RouterA-rip-1] quit # Configure Node 10 for policy lab1 to forward packets with a length of 64 to 100 bytes to the next hop 150.1.1.2, and packets with a length of 101 to 1000 bytes to the next hop 151.1.1.2.
[RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 10.1.1.1 32 3. Verify the configuration: # Run the debugging ip policy-based-route command on Router A. debugging ip policy-based-route terminal debugging terminal monitor # Ping Loopback 0 of Router B from Host A, and set the data length to 80 bytes. C:\>ping -l 80 10.1.1.1 Pinging 10.1.1.1 with 80 bytes of data: Reply from 10.1.1.1: bytes=80 time<1ms TTL=255 Reply from 10.1.1.
The debugging information about PBR displayed on Router A is as follows: *Jun 7 12:06:47:631 2009 RouterA PBR/7/POLICY-ROUTING: IP policy based routing success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.2 *Jun 7 12:06:48:630 2009 RouterA PBR/7/POLICY-ROUTING: IP policy based routing success : POLICY_ROUTEMAP : lab1, Node : 20, next-hop : 151.1.1.
# Configure Node 1 for policy management to forward management packets through Ethernet1/1.1. (Because Ethernet1/1.1 obtains its IP address through DHCP and the next hop address is unknown, specify the gateway address learned through DHCP as the next hop address.) [Router] policy-based-route management permit node 1 [Router-pbr-management-1] if-match acl 3000 [Router-pbr-management-1] apply output-interface ethernet 1/1.
Configuring IPv6 static routing Overview Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator has to modify the static routes manually. Similar to IPv4 static routes, IPv6 static routes work well in simple IPv6 network environments.
Displaying and maintaining IPv6 static routes Task Command Remarks Display IPv6 static route information. display ipv6 routing-table protocol static [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] Available in any view. For more information about the display ipv6 routing-table protocol static [ inactive | verbose ] [ | { begin | exclude | include } regular-expression ] command, see Layer 3—IP Routing Command Reference.
3. Configure the IPv6 addresses of hosts and gateways: Configure the IPv6 addresses of all the hosts based on the network diagram, and configure the default gateway of Host A as 1::1, Host B as 2::1, and Host C as 3::1. 4. Verify the configuration: # Display the IPv6 routing table on Router A.
Configuring an IPv6 default route An IPv6 default route is used to forward packets that match no entry in the routing table. An IPv6 default route can be configured in either of the following ways: • The network administrator can configure a default route with a destination prefix of ::/0. For more information, see "Configuring IPv6 static routing." • Some dynamic routing protocols, such as OSPFv3, RIPng, and IPv6 IS-IS, can generate an IPv6 default route.
Configuring RIPng Overview RIP next generation (RIPng) is an extension of RIP-2 for IPv4. Most RIP concepts are applicable in RIPng. RIPng for IPv6 has the following basic differences from RIP: • UDP port number—RIPng uses UDP port 521 for sending and receiving routing information. • Multicast address—RIPng uses FF02::9 as the link-local-router multicast address. • Destination Prefix—128-bit destination address prefix. • Next hop—128-bit IPv6 address.
Figure 80 RIPng basic packet format Packet header description: • Command—Type of message. 0x01 indicates Request, 0x02 indicates Response. • Version—Version of RIPng. It can only be 0x01. • RTE—Route table entry. It is 20 bytes for each entry. RTE format The following are types of RTEs in RIPng: • Next hop RTE—Defines the IPv6 address of a next hop. • IPv6 prefix RTE—Describes the destination IPv6 address, route tag, prefix length, and metric in the RIPng routing table.
The receiving RIPng router processes RTEs in the request. If only one RTE exists with the IPv6 prefix and prefix length both being 0 and with a metric value of 16, the RIPng router responds with the entire routing table information in response messages. If multiple RTEs exist in the request message, the RIPng router examines each RTE, update its metric, and send the requested routing information to the requesting router in the response packet.
Configuration prerequisites Before you configure RIPng basic functions, complete the following tasks: • Enable IPv6 packet forwarding. • Configure an IP address for each interface, and make sure all nodes are reachable to one another. Configuration procedure To configure the basic RIPng functions: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a RIPng process and enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] Not created by default. 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify an inbound routing additional metric. ripng metricin value Specify an outbound routing additional metric. ripng metricout value 4. Optional. 0 by default. Optional. 1 by default. Configuring RIPng route summarization Step Command 1. Enter system view. system-view 2. Enter interface view. interface interface-type interface-number 3.
Step Configure a filter policy to filter redistributed routes. 4. Command Remarks filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ protocol [ process-id ] ] By default, RIPng does not filter redistributed routes. Configuring a priority for RIPng Routing protocols have their own protocol priorities used for optimal route selection. You can set a priority for RIPng manually. The smaller the value, the higher the priority. To configure a RIPng priority: Step Command Remarks 1.
When adjusting RIPng timers, consider the network performance, and perform unified configurations on routers running RIPng to avoid unnecessary network traffic or route oscillation. To configure RIPng timers: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A Optional. 3. Configure RIPng timers.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Enable the poison reverse function. ripng poison-reverse Disabled by default. Configuring zero field check on RIPng packets Some fields in the RIPng packet must be zero, which are called "zero fields." With zero field check on RIPng packets enabled, if such a field contains a non-zero value, the entire RIPng packet is discarded.
An IPsec policy used for RIPng can only be in manual mode. For more information, see Security Configuration Guide. Configuration prerequisites Before you apply an IPsec policy for RIPng, complete following tasks: • Create an IPsec proposal. • Create an IPsec policy. For more information about IPsec policy configuration, see Security Configuration Guide. Configuration procedure To apply an IPsec policy in a process: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view.
Task Command Remarks Clear statistics of a RIPng process. reset ripng process-id statistics Available in user view. RIPng configuration examples Configuring RIPng basic functions Network requirements As shown in Figure 83, all routers learn IPv6 routing information through RIPng. Configure Router B to filter the route (3::/64) learned from Router C, which means the route is not added to the routing table of Router B, and Router B does not forward it to Router A.
[RouterC] ripng 1 [RouterC-ripng-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ripng 1 enable [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] ripng 1 enable [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/3 [RouterC-Ethernet1/3] ripng 1 enable [RouterC-Ethernet1/3] quit # Display the routing table of Router B.
Peer FE80::20F:E2FF:FE00:100 on Ethernet1/2 Dest 4::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec Dest 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, A, 5 Sec [RouterA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect ---------------------------------------------------------------Peer FE80::20F:E2FF:FE00:1235 on Ethernet1/1 Dest 1::/64, via FE80::20F:E2FF:FE00:1235, cost 1, tag 0, A, 2 Sec Dest 4::/64, via FE80::20F:E2FF:FE00:1235, cost 2, tag 0,
[RouterB] ripng 100 [RouterB-ripng-100] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ripng 100 enable [RouterB-Ethernet1/2] quit [RouterB] ripng 200 [RouterB-ripng-200] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ripng 200 enable # Enable RIPng 200 on Router C.
[RouterB] ripng 100 [RouterB-ripng-100] default cost 3 [RouterB-ripng-100] import-route ripng 200 [RouterB-ripng-100] quit [RouterB] ripng 200 [RouterB-ripng-200] import-route ripng 100 [RouterB-ripng-200] quit # Display the routing table of Router A.
Figure 85 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure RIPng basic functions: # Configure Router A. system-view [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ripng 1 enable [RouterA-Ethernet1/1] quit # Configure Router B.
[RouterA-ipsec-policy-manual-policy001-10] transform-set tran1 [RouterA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] quit # On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the s
[RouterB] ripng 1 [RouterB-ripng-1] enable ipsec-policy policy001 [RouterB-ripng-1] quit # Configure Router C. [RouterC] ripng 1 [RouterC-ripng-1] enable ipsec-policy policy001 [RouterC-ripng-1] quit 5. Verify the configuration: RIPng packets between Routers A, B and C are protected by IPsec.
Configuring OSPFv3 Overview Open Shortest Path First version 3 (OSPFv3) supports IPv6 and complies with RFC 2740 (OSPF for IPv6).
• Router-LSA—Originated by all routers. This LSA describes the collected states of the router's interfaces to an area, and is flooded throughout a single area only. • Network-LSA—Originated for broadcast and NBMA networks by the Designated Router. This LSA contains the list of routers connected to the network, and is flooded throughout a single area only. • Inter-Area-Prefix-LSA—Similar to Type 3 LSA of OSPFv2, originated by Area Border Routers (ABRs), and flooded throughout the LSA's associated area.
SPF timer Whenever the LSDB changes, an SPF calculation happens. If recalculations become frequent, a large amount of resources are occupied. You can adjust the SPF calculation interval and delay time to protect networks from being overloaded due to frequent changes. GR timer If a failure to establish adjacencies occurs during a GR, the device is in the GR process for a long time. To avoid this, configure the GR timer for the device to exit the GR process when the timer expires.
Task Remarks Configuring OSPFv3 GR Disabling interfaces from receiving and sending OSPFv3 packets Optional. Enabling the logging of neighbor state changes Optional. Configuring GR helper Optional. Configuring BFD for OSPFv3 Optional. Applying IPsec policies for OSPFv3 Optional. Enabling OSPFv3 Configuration prerequisites Before you enable OSPFv3, complete the following tasks: • Make neighboring nodes accessible with each other at the network layer. • Enable IPv6 packet forwarding.
Splitting an OSPFv3 AS into multiple areas reduces the number of LSAs and extends OSPFv3 applications. For those non-backbone areas residing on the AS boundary, configure them as stub areas to further reduce the size of routing tables and the number of LSAs. Non-backbone areas exchange routing information through the backbone area. The backbone and non-backbone areas (including the backbone itself) must be contiguous. In practice, necessary physical links might not be available for this connectivity.
To configure a virtual link: Step Command 1. Enter system view. system-view 2. Enter OSPFv3 view. ospfv3 [ process-id ] 3. Enter OSPFv3 area view. area area-id 4. Configure a virtual link.
Configuring an NBMA or P2MP neighbor For NBMA and P2MP interfaces (only when in unicast mode), you must specify the link-local IP addresses of their neighbors because these interfaces cannot find neighbors through broadcasting hello packets. You can also specify DR priorities for neighbors. To configure an NBMA or P2MP (unicast) neighbor and its DR priority: Step Command 1. Enter system view. system-view 2. Enter interface view. interface interface-type interface-number 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id ] N/A 3. Configure inbound route filtering. filter-policy { acl-number | ipv6-prefix ipv6-prefix-name } import Not configured by default. NOTE: The filter-policy import command can only filter routes computed by OSPFv3. Only routes not filtered out can be added into the local routing table.
To configure the maximum number of ECMP routes: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id ] N/A 3. Specify the maximum number of ECMP routes. maximum load-balancing maximum Optional. Configuring a priority for OSPFv3 A router can run multiple routing protocols. The system assigns a priority to each protocol. When these routing protocols find the same route, the route found by the protocol with the highest priority is selected.
Step Command 5. Inject a default route. default-route-advertise [ always | cost value | type type | route-policy route-policy-name ] * Filter redistributed routes. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ isisv6 process-id | ospfv3 process-id | ripng process-id | bgp4+ | direct | static ] 6. Remarks Optional. Not injected by default. Optional. Not configured by default.
Step Command Remarks 4. Specify the poll interval. ospfv3 timer poll seconds [ instance instance-id ] 5. Configure the dead interval. ospfv3 timer dead seconds [ instance instance-id ] 6. Configure the LSA retransmission interval. ospfv3 timer retransmit interval [ instance instance-id ] 7. Configure the LSA transmission delay. ospfv3 trans-delay seconds [ instance instance-id ] 8. Return to system view. quit N/A 9. Enter OSPFv3 view. ospfv3 [ process-id ] N/A Optional.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Ignore MTU check for DD packets. ospfv3 mtu-ignore [ instance instance-id ] Not ignored by default. Disabling interfaces from receiving and sending OSPFv3 packets Follow these guidelines when you disable interfaces from receiving and sending OSPFv3 packets: • Multiple OSPFv3 processes can disable the same interface from receiving and sending OSPFv3 packets.
Graceful Restart ensures the continuity of packet forwarding when a routing protocol restarts or an active/standby switchover occurs: • GR restarter—Graceful restarting router. It must be Graceful Restart capable. • GR helper—The neighbor of the GR restarter. It helps the GR restarter to complete the GR process. Configuring GR helper You can configure the GR helper capability on a GR helper. To configure GR helper: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view.
Applying IPsec policies for OSPFv3 To protect routing information and defend attacks, OSPFv3 can authenticate protocol packets by using an IPsec policy. Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy. If they match, the device accepts the packet. Otherwise, it discards the packet and will not establish a neighbor relationship with the sending device.
To apply an IPsec policy on a virtual link: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id ] N/A 3. Enter OSPFv3 area view. area area-id N/A 4. Apply an IPsec policy on a virtual link. vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds | dead seconds | instance instance-id | ipsec-policy policy-name ] * Not configured by default.
Task Command Display OSPFv3 link state retransmission list information. display ospfv3 [ process-id ] retrans-list [ { external | grace | inter-prefix | inter-router | intra-prefix | link | network | router } [ link-state-id ] [ originate-router ip-address ] | statistics ] [ | { begin | exclude | include } regular-expression ] Display OSPFv3 statistics. display ospfv3 statistics [ | { begin | exclude | include } regular-expression ] Display the GR status of the specified OSPFv3 process.
[RouterA] interface serial 2/1 [RouterA-Serial2/1] ospfv3 1 area 1 [RouterA-Serial2/1] quit # Configure Router B. system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] ospfv3 1 area 0 [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] ospfv3 1 area 1 [RouterB-Serial2/1] quit # Configure Router C.
# Display OSPFv3 neighbor information on Router C. [RouterC] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------Neighbor ID Pri State Dead Time Interface 2.2.2.2 1 Full/DR 00:00:35 S2/0 Instance ID 0 OSPFv3 Area ID 0.0.0.2 (Process 1) ---------------------------------------------------------------------Neighbor ID Pri State Dead Time Interface 4.4.4.
# Display OSPFv3 routing information on Router D. A default route is added and its cost is the cost of a direct route plus the configured cost. [RouterD] display ospfv3 routing E1 - Type 1 external route, IA - Inter area route, E2 - Type 2 external route, * I - Intra area route - Selected route OSPFv3 Router with ID (4.4.4.
Configuring OSPFv3 DR election Network requirements • In Figure 88, the priority of Router A is 100, the highest priority on the network, so it becomes the DR. • The priority of Router C is 2, the second highest priority on the network, so it becomes the BDR. • The priority of Router B is 0, so it cannot become a DR. • Router D has the default priority 1.
[RouterC] ipv6 [RouterC] ospfv3 [RouterC-ospfv3-1] router-id 3.3.3.3 [RouterC-ospfv3-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ospfv3 1 area 0 [RouterC-Ethernet1/1] quit # Configure Router D. system-view [RouterD] ipv6 [RouterD] ospfv3 [RouterD-ospfv3-1] router-id 4.4.4.4 [RouterD-ospfv3-1] quit [RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] ospfv3 1 area 0 [RouterD-Ethernet1/1] quit # Display neighbor information on Router A.
# Display neighbor information on Router A. DR priorities have been updated, but the DR and BDR are not changed. [RouterA] display ospfv3 peer OSPFv3 Area ID 0.0.0.0 (Process 1) ---------------------------------------------------------------------Neighbor ID Pri State Dead Time Interface Instance ID 2.2.2.2 0 2-Way/DROther 00:00:38 Eth1/1 0 3.3.3.3 2 Full/Backup 00:00:32 Eth1/1 0 4.4.4.4 1 Full/DR 00:00:36 Eth1/1 0 # Display neighbor information on Router D. Router D is still the DR.
Figure 89 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure OSPFv3 basic functions: # Enable OSPFv3 process 1 on Router A. system-view [RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
[RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] ospfv3 2 area 2 [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ospfv3 2 area 2 [RouterC-Ethernet1/1] quit # Display the routing table of Router C. [RouterC] display ipv6 routing-table Routing Table : Destinations : 6 3.
NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 1::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : Eth1/2 Cost : 3 Destination: 2::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : Eth/1/2 Cost : 3 Destination: 3::/64 Protocol : Direct NextHop : 3::2 Preference: 0 Interface : Eth1/2 Cost : 0 Destination: 3::2/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InL
Figure 90 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure OSPFv3 basic functions: # On Router A, enable OSPFv3 process 1, enable GR, and set the router ID to 1.1.1.1. system-view [RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
[RouterC-Ethernet1/1] quit 3. Verify the configuration: # After all routers function correctly, perform a master/backup switchover on Router A to trigger an OSPFv3 GR operation. Configuring BFD for OSPFv3 Network requirements As shown in Figure 91: • Configure OSPFv3 on Router A, Router B and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B. • After the link Router A<—>L2 Switch<—>Router B fails, BFD can quickly detect the failure and notify OSPFv3 of the failure.
[RouterA-Ethernet1/2] quit # Configure Router B. Enable OSPFv3 and configure the router ID as 2.2.2.2. system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospfv3 1 area 0 [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ospfv3 1 area 0 [RouterB-Ethernet1/2] quit # Configure Router C. Enable OSPFv3 and configure the router ID as 3.3.3.3.
IPv6 Session Working Under Ctrl Mode: Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ethernet1/1 on Router A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ethernet1/1 on Router B) Session State: Up Hold Time: Interface: Eth1/1 / # Display routes to 2001:4::0/64 on Router A, and you can see that Router A communicates with Router B through the Layer 2 switch.
*Nov 5 11:37:43:062 2009 RouterA RM/6/RMDEBUG: OSPFv3 OSPFv3-BFD: Message Type delete session, Connect Type direct-connect, Src IP Address FE80::20F:FF:FE00:1202, Dst IP Address FE80::20F:FF:FE00:1200. # Display the BFD information of Router A. You can see that Router A has removed its neighbor relationship with Router B and therefore no information is output.
[RouterA] ipv6 [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ospfv3 1 area 1 [RouterA-Serial2/1] quit # Configure Router B: enable OSPFv3 and configure the Router ID as 2.2.2.2. system-view [RouterB] ipv6 [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.
# On Router B, create an IPsec proposal named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1. Create an IPsec policy named policy001, specify the manual mode for it, reference IPsec proposal tran1, set the SPIs of the inbound and outbound SAs to 12345, and the keys for the inbound and outbound SAs using ESP to abcdefg.
[RouterC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba [RouterC-ipsec-policy-manual-policy002-10] quit 4. Apply the IPsec policies in areas: # Configure Router A. [RouterA] ospfv3 1 [RouterA-ospfv3-1] area 1 [RouterA-ospfv3-1-area-0.0.0.1] enable ipsec-policy policy001 [RouterA-ospfv3-1-area-0.0.0.
4. Check OSPFv3 timers. The dead interval on an interface must be at least four times the hello interval. 5. On a broadcast network, at least one interface must have a DR priority higher than 0. Incorrect routing information Symptom OSPFv3 cannot find routes to other areas. Analysis The backbone area must maintain connectivity to all other areas. If a router connects to more than one area, at least one area must be connected to the backbone. The backbone cannot be configured as a stub area.
Configuring IPv6 IS-IS This chapter describes how to configure IPv6 IS-IS, which supports all IPv4 IS-IS features except that it advertises IPv6 routing information. For information about IS-IS, see "Configuring IS-IS." Overview Intermediate System-to-Intermediate System (IS-IS) supports multiple network protocols, including IPv6. To support IPv6, the IETF added two type-length-values (TLVs) and a new network layer protocol identifier (NLPID).
Step Command Remarks 6. Enter interface view. interface interface-type interface-number N/A 7. Enable IPv6 for an IS-IS process on the interface. isis ipv6 enable [ process-id ] Disabled by default. Configuring IPv6 IS-IS route control Before you configure IPv6 IS-IS route control, complete basic IPv6 IS-IS configuration. For information about ACL, see ACL and QoS Configuration Guide. For information about routing policy and IPv6 prefix list, see "Configuring routing policies.
Step Command Remarks 11. Specify the maximum number of equal-cost load balanced routes. ipv6 maximum load-balancing number Optional. NOTE: The ipv6 filter-policy export command is usually used in combination with the ipv6 import-route command. If no protocol is specified for the ipv6 filter-policy export command, routes redistributed from all routing protocols are filtered before advertisement.
Figure 93 Network diagram Router A Router B IPv6 IPv6 4 IPv6 IPv4 3 36 IPv6 IPv4 5 IPv4 IPv4 Router D Router C In Figure 93, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6. Router C supports only IPv4 and cannot forward IPv6 packets. Enable IPv6 IS-IS MTR on Router A, Router B, Router C, and Router D to make them perform route calculation separately in IPv4 and IPv6 topologies.
Task Command Remarks Display IS-IS enabled interface information. display isis interface [ statistics | [ interface-type interface-number ] [ verbose ] ] [ process-id | vpn-instance vpn-instance-name ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display LSDB information.
Figure 94 Network diagram S2/0 2001:1::2/64 Router A L1 S2/1 2001:1::1/64 S2/0 2001:2::1/64 Eth1/1 2001:4::1/64 S2/2 2001:3::1/64 S2/0 2001:3::2/64 Router D L2 Router C L1/L2 S2/0 2001:2::2/64 Router B L1 Area 20 Area 10 Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 IS-IS: # Configure Router A. system-view [RouterA] ipv6 [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.
[RouterC-Serial2/0] isis ipv6 enable 1 [RouterC-Serial2/0] quit [RouterC] interface serial 2/1 [RouterC-Serial2/1] isis ipv6 enable 1 [RouterC-Serial2/1] quit [RouterC] interface serial 2/2 [RouterC-Serial2/2] isis ipv6 enable 1 [RouterC-Serial2/2] quit # Configure Router D. system-view [RouterD] ipv6 [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.
# Display the IPv6 IS-IS routing table of Router B.
ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------Destination: 2001:1:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: S2/1 : 10 Destination: 2001:2:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: S2/0 : 10 Destination: 2001:3:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: S2/2 : 10 Destination: 2001:4::1 PrefixLen: 128 Flag : R/-/- Cost Next Hop : FE80::20F:E2FF:FE3E:FA3D Interface: S2/2 : 10 Flags: D-D
Configuring BFD for IPv6 IS-IS Network requirements As shown in Figure 95, configure IPv6 IS-IS on Router A, Router B, and Router C and configure BFD over the link Router A<—>L2 Switch<—>Router B. When the link between Router B and the Layer-2 switch fails, BFD can quickly detect the failure and notify IPv6 IS-IS of the failure. Then Router A and Router B communicate through Router C.
[RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] ipv6 enable [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis ipv6 enable 1 [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] isis ipv6 enable 1 [RouterB-Ethernet1/2] quit # Configure Router C. system-view [RouterC] ipv6 [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ethernet1/1 on Router A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ethernet1/1 on Router B) Session State: Up Hold Time: Interface: Eth1/1 / # Display route 2001:4::0/64 on Router A, and you can see that Router A and Router B communicate through the Layer-2 switch.
%Aug DOWN 8 14:54:05:365 2009 RouterA IFNET/4/LINK UPDOWN: Ethernet1/1: link status is %Aug 8 14:54:05:366 2008 RouterA IFNET/4/UPDOWN: Line protocol on the interface Ethernet0/1 is DOWN %Aug 8 14:54:05:367 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (Eth1/1) DOWN, Level-2 Circuit Down. %Aug 8 14:54:05:367 2009 RouterA ISIS/4/ADJLOG:ISIS-1-ADJCHANGE: Adjacency To 0000.0000.0002 (Eth1/1) DOWN, Level-2 Adjacency clear.
Figure 96 Network diagram Configuration procedure 1. Configure IPv4 and IPv6 addresses for the interfaces on each router and configure IS-IS: Follow Figure 96 to configure the IPv4 and IPv6 address and subnet mask of each interface on the routers. (Details not shown.) Configure IS-IS on the routers, making sure that Router A, Router B, Router C, and Router D can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS. (Details not shown.) 2.
Flag : D/L/- Cost Next Hop : Direct Interface: Eth1/1 : 4 Destination: 44::1 PrefixLen: 128 Flag : R/L/- Cost Next Hop : FE80::200:5EFF:FE00:F11 Interface: Eth1/2 : 36 Destination: 14:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: Eth1/2 : 36 Flags: D-Direct, R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set ISIS(1) IPv6 Level-2 Forwarding Table ------------------------------------Destination: 12:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interf
Configuring IPv6 BGP This chapter describes only configuration for IPv6 BGP. For BGP-related information, see "Configuring BGP." IPv6 BGP overview BGP-4 can only carry IPv4 routing information. To support multiple network layer protocols, IETF extended BGP-4 by introducing Multiprotocol BGP (MP-BGP) defined in RFC 2858 multiprotocol extensions for BGP-4. MP-BGP for IPv6 is called "IPv6 BGP" for short.
Task Remarks Configuring IPv6 BGP route attributes Tuning and optimizing IPv6 BGP networks Configuring a large-scale IPv6 BGP network Configuring 6PE Configuring outbound route filtering Optional. Configuring inbound route filtering Optional. Configuring IPv6 BGP and IGP route synchronization Optional. Configuring route dampening Optional. Configuring IPv6 BGP preference and default LOCAL_PREF and NEXT_HOP attributes Optional. Configuring the MED attribute Optional.
Step Command Remarks N/A 2. Enter BGP view. bgp as-number 3. Specify a router ID. router-id router-id 4. Enter IPv6 address family view or IPv6 BGP-VPN instance view. ipv6-family [ vpn-instance vpn-instance-name ] N/A Specify an IPv6 peer. peer ipv6-address as-number as-number N/A Optional. 5. Required, if no IP addresses are configured for any interfaces. Injecting a local IPv6 route Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view.
Step 4. Command Configure a preferred value for routes received from an IPv6 peer or peer group. Remarks peer { ipv6-group-name | ipv6-address } preferred-value value By default, the preferred value is 0. IPv6 BGP-VPN instance view does not support the ipv6-group-name argument. Specifying the source interface for establishing TCP connections IPv6 BGP uses TCP as the transport layer protocol.
Step 4. Allow the establishment of EBGP connection to an indirectly connected peer or peer group. Command Remarks peer { ipv6-group-name | ipv6-address } ebgp-max-hop [ hop-count ] Not configured by default. Configuring a description for an IPv6 peer or peer group Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A Optional. 4. Configure a description for an IPv6 peer or peer group.
Controlling route distribution and reception This task includes routing information filtering, routing policy application, and route dampening. Configuration prerequisites Before you configure route distribution and reception control, complete the following tasks: • Enable IPv6. • Configure IPv6 BGP basic functions. Configuring IPv6 BGP route redistribution IMPORTANT: If the default-route imported command is not configured, using the import-route command cannot redistribute an IGP default route.
Advertising a default route to an IPv6 peer or peer group Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A 4. Advertise a default route to an IPv6 peer or peer group. peer { ipv6-group-name | ipv6-address } default-route-advertise [ route-policy route-policy-name ] Not advertised by default.
NOTE: IPv6 BGP advertises routes passing the specified policy to peers. Using the protocol argument can filter only the routes redistributed from the specified protocol. If no protocol is specified, IPv6 BGP filters all routes to be advertised, including redistributed routes and routes imported with the network command. Configuring inbound route filtering Only routes passing the configured filtering can be added into the local IPv6 BGP routing table.
IGP route with the same destination network segment before it can advertise the IBGP route (use the display ipv6 routing-table protocol command to check the IGP route state). To configure IPv6 BGP and IGP route synchronization: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A 4. Enable route synchronization between IPv6 BGP and IGP. synchronization Not enabled by default.
local router specifies itself as the next hop of routes sent to an IPv6 IBGP peer or peer group regardless of whether the peer next-hop-local command is configured. In a "third party next hop" network where the two IPv6 EBGP peers reside in a common broadcast subnet, the router does not change the next hop for routes sent to the IPv6 EBGP peer or peer group by default, unless the peer next-hop-local command is configured. To perform this configuration: Step Command Remarks 1. Enter system view.
Step Command Remarks Optional. Enable the comparison of MED for routes from each AS. 6. Enable the comparison of MED for routes from confederation peers. 7. bestroute compare-med Disabled by default. The IPv6 BGP-VPN instance view does not support this command. Optional. bestroute med-confederation Disabled by default. The IPv6 BGP-VPN instance view does not support this command. Configuring the AS_PATH attribute Step Command Remarks 1. Enter system view. system-view N/A 2.
IPv6 BGP connection soft reset • After modifying a route selection policy, reset IPv6 BGP connections to make the new one take effect. The current IPv6 BGP implementation supports the route-refresh feature that enables dynamic route refresh without needing to disconnect IPv6 BGP links. After this feature is enabled on all IPv6 BGP routers, a router that wants to apply a new route selection policy advertises a route-refresh message to its peers, which then send their routing information to the router.
Configuring IPv6 BGP soft reset Enabling route refresh Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A 4. Enable route refresh. peer { ipv6-group-name | ipv6-address } capability-advertise route-refresh Optional. Enabled by default. Performing manual soft-reset Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A 4. Enable BGP route refresh for a peer or peer group. peer { group-name | ipv6-address } capability-advertise route-refresh Enabled by default. 5. Enable the non-standard ORF capability for a BGP peer or peer group. peer { group-name | ipv6-address } capability-advertise orf non-standard 6.
Step Command Remarks 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view or IPv6 BGP-VPN instance view. ipv6-family [ vpn-instance vpn-instance-name ] N/A Disabled by default. 4. Enable 4-byte AS number suppression. peer { group-name | ip-address } capability-advertise suppress-4-byte-as IPv6 BGP-VPN instance view does not support the group-name argument. Configuring the maximum number of ECMP routes Step Command Remarks 1. Enter system view. system-view N/A 2.
Applying an IPsec policy to an IPv6 BGP peer or peer group To protect routing information and defend attacks, IPv6 BGP can authenticate protocol packets by using an IPsec policy. Outbound IPv6 BGP packets carry the Security Parameter Index (SPI) defined in the IPsec policy. A device uses the SPI carried in a received packet to match against the configured IPsec policy.
Configuration prerequisites Before you configure a large-scale IPv6 BGP network, complete the following tasks: • Make peer nodes accessible to each other at the network layer. • Enable BGP and configure a router ID. Configuring IPv6 BGP peer group Configuring an IBGP peer group Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter IPv6 address family view. ipv6-family N/A 4. Create an IBGP peer group.
Step Command Remarks 5. Specify the AS number of an IPv6 peer. peer ipv6-address as-number as-number Not specified by default. 6. Add the IPv6 peer into the peer group. peer ipv6-address group ipv6-group-name Not added by default. NOTE: When creating a mixed EBGP peer group, you must create a peer and specify its AS number, which can be different from AS numbers of other peers; however, you cannot specify an AS number for the EBGP peer group.
Configuring an IPv6 BGP route reflector In general, because the route reflector forwards routing information between clients, you are not required to make clients of a route reflector fully meshed. If clients are fully meshed, HP recommends disabling route reflection between clients to reduce routing costs. If a cluster has multiple route reflectors, you must specify the same cluster ID for these route reflectors to avoid routing loops. To configure an IPv6 BGP route reflector: Step Command Remarks 1.
Figure 97 Network diagram for 6PE The P (Provider) router in the above figure refers to a backbone router in the network of a service provider. P is not directly connected with a CE, and is required to have the basic MPLS capability. When an ISP wants to utilize the existing IPv4/MPLS network to provide IPv6 traffic switching capability, only the PE routers must be upgraded. Therefore, it is a highly efficient solution. Furthermore, the operation risk of the 6PE technology is very low.
Step Command Remarks 3. Specify the AS number for the 6PE peer or peer group. peer { ipv4-group-name | ipv4-address } as-number as-number Not specified by default. 4. Enter IPv6 address family view. ipv6-family N/A 5. Enable the 6PE peer or peer group. peer { ipv4-group-name | ipv4-address | ipv6-address } enable Not enabled by default. 6. Advertise community attribute to the 6PE peer or peer group. peer { group-name | ipv4-address } advertise-community Optional.
Step Command Remarks 18. Display information about the 6PE peer or peer group. display bgp ipv6 peer [ group-name log-info | ipv4-address verbose ] [ | { begin | exclude | include } regular-expression ] 19. Display routes from or to the 6PE peer or peer group. display bgp ipv6 routing-table peer ipv4-address { advertised-routes | received-routes } [ network-address prefix-length | statistic ] [ | { begin | exclude | include } regular-expression ] 20.
Displaying and maintaining IPv6 BGP Displaying BGP Task Command Remarks Display IPv6 BGP peer group information. display bgp ipv6 group [ ipv6-group-name ] [ | { begin | exclude | include } regular-expression ] Available in any view. Display IPv6 BGP advertised routing information. display bgp ipv6 network [ | { begin | exclude | include } regular-expression ] Available in any view. Display IPv6 BGP AS path information.
Task Command Remarks Display IPv6 BGP routing flap statistics. display bgp ipv6 routing-table flap-info [ regular-expression as-regular-expression | [ as-path-acl as-path-acl-number | ipv6-address prefix-length [ longer-match ] ] [ | { begin | exclude | include } regular-expression ] ] Available in any view. Display labeled IPv6 BGP routing information. display bgp ipv6 routing-table label [ | { begin | exclude | include } regular-expression ] Available in any view.
IPv6 BGP basic configuration Network requirements As shown in Figure 98, all routers run IPv6 BGP. Between Router A and Router B is an EBGP connection. Router B, Router C, and Router D are fully meshed through IBGP connections. Figure 98 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IBGP connections: # Configure Router B. system-view [RouterB] ipv6 [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.
[RouterD-bgp-af-ipv6] peer 9:2::1 as-number 65009 [RouterD-bgp-af-ipv6] quit [RouterD-bgp] quit 3. Configure the EBGP connection: # Configure Router A. system-view [RouterA] ipv6 [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] ipv6-family [RouterA-bgp-af-ipv6] peer 10::1 as-number 65009 [RouterA-bgp-af-ipv6] quit [RouterA-bgp] quit # Configure Router B.
IPv6 BGP route reflector configuration Network requirements As shown in Figure 99, Router B receives an EBGP update and sends it to Router C, which is configured as a route reflector with two clients: Router B and Router D. Router B and Router D need not establish an IBGP connection because Router C reflects updates between them. Figure 99 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 BGP basic functions: # Configure Router A.
[RouterC-bgp-af-ipv6] peer 101::2 as-number 200 [RouterC-bgp-af-ipv6] peer 102::2 as-number 200 # Configure Router D. system-view [RouterD] ipv6 [RouterD] bgp 200 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] ipv6-family [RouterD-bgp-af-ipv6] peer 102::1 as-number 200 3. Configure route reflector: # Configure Router C as a route reflector, and configure Router B and Router D as its clients. [RouterC-bgp-af-ipv6] peer 101::2 reflect-client [RouterC-bgp-af-ipv6] peer 102::2 reflect-client 4.
system-view [CE1] ipv6 # Specify IP addresses for interfaces. [CE1] interface serial 2/0 [CE1-Serial2/0] ipv6 address auto link-local [CE1-Serial2/0] quit [CE1] interface loopback0 [CE1-LoopBack0] ipv6 address 1::1/128 [CE1-LoopBack0] quit # Configure an IPv6 static route to PE 1. [CE1] ipv6 route-static :: 0 serial2/0 2. Configure PE 1: # Enable IPv6 packet forwarding, MPLS and LDP. system-view [PE1] ipv6 [PE1] mpls lsr-id 2.2.2.
[PE1-bgp] quit # Configure the static route to CE 1. [PE1] ipv6 route-static 1::1 128 serial2/0 # Configure OSPF for LSP establishment. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] 3. Configure PE 2: system-view [PE2] ipv6 [PE2] mpls lsr-id 3.3.3.
[PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit [PE1] 4. Configure CE 2: # Enable IPv6 packet forwarding and specify IP addresses for interfaces.
Origin : i - IGP, e - EGP, ? - incomplete *> Network : 1::1 PrefixLen : 128 NextHop : FE80::E142:0:4607:1 LocPrf : PrefVal : 0 Label : NULL MED : 0 Path/Ogn: ? *> Network : 2::2 PrefixLen : 128 NextHop : ::1 LocPrf : PrefVal : 0 Label : NULL MED : 0 Path/Ogn: ? *>i Network : 3::3 PrefixLen : 128 NextHop : ::FFFF:3.3.3.3 LocPrf : 100 PrefVal : 0 Label : NULL MED : 0 Path/Ogn: ? *>i Network : 4::4 PrefixLen : 128 NextHop : ::FFFF:3.3.3.
[RouterA] ipv6 [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] ipv6-family [RouterA-bgp-af-ipv6] group ibgp internal [RouterA-bgp-af-ipv6] peer 1::2 group ibgp [RouterA-bgp-af-ipv6] quit [RouterA-bgp] quit # Configure Router B. system-view [RouterB] ipv6 [RouterB] bgp 65008 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] ipv6-family [RouterB-bgp-af-ipv6] group ibgp internal [RouterB-bgp-af-ipv6] peer 1::1 group ibgp [RouterB-bgp-af-ipv6] quit [RouterB-bgp] quit 3.
[RouterA-ipsec-proposal-tran1] esp authentication-algorithm sha1 [RouterA-ipsec-proposal-tran1] quit [RouterA] ipsec policy policy001 10 manual [RouterA-ipsec-policy-manual-policy001-10] proposal tran1 [RouterA-ipsec-policy-manual-policy001-10] sa spi outbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa spi inbound esp 12345 [RouterA-ipsec-policy-manual-policy001-10] sa string-key outbound esp abcdefg [RouterA-ipsec-policy-manual-policy001-10] sa string-key inbound esp abcdefg [RouterA-ipsec-pol
[RouterC] ipsec proposal tran2 [RouterC-ipsec-proposal-tran2] encapsulation-mode transport [RouterC-ipsec-proposal-tran2] transform esp [RouterC-ipsec-proposal-tran2] esp encryption-algorithm des [RouterC-ipsec-proposal-tran2] esp authentication-algorithm sha1 [RouterC-ipsec-proposal-tran2] quit [RouterC] ipsec policy policy002 10 manual [RouterC-ipsec-policy-manual-policy002-10] proposal tran2 [RouterC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321 [RouterC-ipsec-policy-manual-policy002-10] sa
BGP last state: OpenConfirm Port: Local – 1029 Remote - 179 Configured: Active Hold Time: 180 sec Received : Active Hold Time: 180 sec Negotiated: Active Hold Time: 180 sec Keepalive Time: 60 sec Peer optional capabilities: Peer support bgp multi-protocol extended Peer support bgp route refresh capability Address family IPv4 Unicast: advertised and received Received: Total 0 messages, Update messages 0 Sent: Total 0 messages, Update messages 0 Maximum allowed prefix number: 4294967295 Threshold:
IPsec policy name: policy002, SPI :54321 Routing policy configured: No routing policy is configured The output shows that both IBGP and EBGP neighbor relationships have been established, and all protocol packets are protected by IPsec. Configuring BFD for IPv6 BGP Network requirements As shown in Figure 102, configure OSPFv3 as the IGP in AS 200. Establish two IBGP connections between Router A and Router C.
[RouterA-acl6-basic-2000] rule permit source 1200::0 64 [RouterA-acl6-basic-2000] quit { Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the MED for route 1200::0/64 to 50. Policy apply_med_100 sets that to 100.
[RouterA-Ethernet1/2] bfd authentication-mode simple 1 ibgpbfd [RouterA-Ethernet1/2] quit # Configure Router C. [RouterC] bfd session init-mode active [RouterC] interface ethernet 1/1 { Configure the minimum interval for transmitting BFD control packets as 500 milliseconds. [RouterC-Ethernet1/1] bfd min-transmit-interval 500 { Configure the minimum interval for receiving BFD control packets as 500 milliseconds. [RouterC-Ethernet1/1] bfd min-receive-interval 500 { Configure the detect multiplier as 7.
2001::1 200 7 10 0 0 00:01:05 Established 3001::1 200 7 10 0 0 00:01:34 Established # Display route 1200::0/64 on Router C. The output shows that Router A and Router C communicate through Router B.
# Display route 1200::0/64 on Router C. The output shows that Router A and Router C communicate through Router D.
Configuring IPv6 PBR Introduction to IPv6 policy-based routing Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route packets based on the source address, packet length, and other criteria. A policy can specify the output interface, next hop, default output interface, default next hop, and other parameters for packets that match specific criteria such as ACLs or have specific lengths.
Clause Meaning Priority apply output-interface and apply ipv6-address next-hop Sets the output interface and sets the next hop. The apply output-interface clause takes precedence over the apply ipv6-address next-hop clause. Only the apply output-interface clause is executed when both are configured. apply default output-interface and apply ipv6-address default next-hop Sets the default output interface and sets the default next hop.
Configuring an IPv6 policy Creating an IPv6 node Step Command 1. Enter system view. system-view 2. Create an IPv6 policy or policy node and enter IPv6 policy node view. ipv6 policy-based-route policy-name [ deny | permit ] node node-number Configuring match criteria for an IPv6 node An ACL match criterion uses the specified ACL to match packets if the match mode is configured as permit. If the specified ACL does not exist or the match mode is configured as deny, no packet can match the criterion.
Step Command Remarks Optional. 6. Set a default output interface for permitted IPv6 packets. apply default output-interface interface-type interface-number 7. Set a default next hop for permitted IPv6 packets. apply ipv6-address default next-hop ipv6-address You can specify up to five output interfaces to achieve load sharing. Optional. You can specify up to five output interfaces to achieve load sharing.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Apply an IPv6 policy on the interface. ipv6 policy-based-route policy-name Not applied by default. Displaying and maintaining IPv6 PBR Task Command Remarks Display information about IPv6 local PBR and IPv6 interface PBR. display ipv6 policy-based-route [ | { begin | exclude | include } regular-expression ] Available in any view.
# Configure ACL 3001 to match TCP packets. system-view [RouterA] ipv6 [RouterA] acl ipv6 number 3001 [RouterA-acl6-adv-3001] rule permit tcp [RouterA-acl6-adv-3001] quit # Configure Node 5 of policy aaa, so that TCP packets are forwarded through Serial 2/0. [RouterA] ipv6 policy-based-route aaa permit node 5 [RouterA-pbr6-aaa-5] if-match acl6 3001 [RouterA-pbr6-aaa-5] apply output-interface serial 2/0 [RouterA-pbr6-aaa-5] quit # Configure IPv6 local PBR by applying policy aaa on Router A.
Figure 104 Network diagram Configuration procedure 1. Configure Router A: # Configure RIPng. system-view [RouterA] ipv6 [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface serial 2/0 [RouterA-Serial2/0] ipv6 address 1::1 64 [RouterA-Serial2/0] ripng 1 enable [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ipv6 address 2::1 64 [RouterA-Serial2/1] ripng 1 enable [RouterA-Serial2/1] quit # Configure ACL 3001 to match TCP packets.
[RouterA-Ethernet1/1] ipv6 address 10::2 64 [RouterA-Ethernet1/1] undo ipv6 nd ra halt [RouterA-Ethernet1/1] ripng 1 enable [RouterA-Ethernet1/1] ipv6 policy-based-route aaa 2. Configure Router B: # Configure RIPng. system-view [RouterB] ipv6 [RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] ipv6 address 1::2 64 [RouterB-Serial2/0] ripng 1 enable 3. Configure Router C: # Configure RIPng.
Figure 105 Network diagram 64~100bytes Router A S2/0 Eth1/1 192::1/64 150::1/64 S2/0 Router B 150::2/64 S2/1 151::1/64 S2/1 151::2/64 101~1000bytes Host A Loop0 10::1/128 192::3 Configuration procedure 1. Configure Router A: # Configure RIPng.
[RouterB] ipv6 [RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface serial 2/0 [RouterB-Serial2/0] ipv6 address 150::2 64 [RouterB-Serial2/0] ripng 1 enable [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] ipv6 address 151::2 64 [RouterB-Serial2/1] ripng 1 enable [RouterB-Serial2/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] ipv6 address 10::1 128 [RouterB-LoopBack0] ripng 1 enable 3.
*Jun 7 16:03:30:949 2009 RouterA PBR6/7/IPv6-POLICY-ROUTING: IPv6 Policy routin g success : POLICY_ROUTEMAP_IPV6 : lab1, Node : 10, Packet sent with next-hop 0150::0002 *Jun 7 16:03:31:949 2009 RouterA PBR6/7/IPv6-POLICY-ROUTING: IPv6 Policy routin g success : POLICY_ROUTEMAP_IPV6 : lab1, Node : 10, Packet sent with next-hop 0150::0002 The preceding information shows that Router A sets the next hop for the received packets to 150::2 according to PBR. The packets are forwarded through Serial 2/0.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEGILOPRST Configuring OSPF areas,63 A Configuring OSPF GR,81 Applying IPsec policies for OSPFv3,307 Configuring OSPF network types,65 Applying IPsec policies for RIPng,284 Configuring OSPF route control,68 B Configuring OSPFv3 area parameters,297 BGP configuration examples,215 Configuring OSPFv3 GR,305 BGP configuration task list,179 Configuring OSPFv3 network types,299 Binding an IS-IS process with MIBs,145 Configuring OSPFv3 routing information control,300 C Configuring PBR,264 C
Enabling OSPF,62 Overview,260 Enabling OSPFv3,297 P Enabling trap,212 PBR configuration examples,265 Enhancing IS-IS network security,142 PBR configuration task list,262 G R Generating BGP routes,185 Related information,395 I RIP configuration examples,35 Introduction to IPv6 policy-based routing,384 RIP configuration task list,22 IPv6 BGP configuration examples,366 RIPng configuration examples,286 IPv6 BGP configuration task list,343 RIPng configuration task list,279 IPv6 BGP overview,3
