HP MSR2000/3000/4000 Router Series Layer 3 - IP Routing Configuration Guide (V7) Part number: 5998-3992 Software version: CMW710-R0007P02 Document version: 6PW100-20130927
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents IP routing basics ··························································································································································· 1 Routing table ······································································································································································ 1 Dynamic routing protocols ······················································································································
Tuning and optimizing RIP networks ···························································································································· 29 Configuration prerequisites ·································································································································· 29 Configuring RIP timers··········································································································································· 29 Configuring split hori
Configuring the P2P network type for an interface ··························································································· 72 Configuring OSPF route control ··································································································································· 72 Configuration prerequisites ·································································································································· 72 Configuring OSPF route summarization ··
OSPF DR election configuration example ········································································································· 107 OSPF virtual link configuration example ··········································································································· 111 OSPF GR configuration example ······················································································································· 113 BFD for OSPF configuration example ······················
Configuring routing domain authentication······································································································ 148 Configuring IS-IS GR ···················································································································································· 148 Configuring BFD for IS-IS············································································································································· 149 Configuring IS-IS F
Configuring the interval for sending updates for the same route ··································································· 225 Enabling BGP to establish an EBGP session over multiple hops ···································································· 225 Enabling immediate reestablishment of direct EBGP connections upon link failure····································· 226 Enabling 4-byte AS number suppression ···················································································
Configuring interface PBR ·································································································································· 302 Displaying and maintaining PBR ································································································································ 303 PBR configuration examples········································································································································ 303 Packet type-based lo
Configuring a stub area ····································································································································· 341 Configuring an OSPFv3 virtual link ··················································································································· 341 Configuring OSPFv3 network types ··························································································································· 342 Configuration prerequisites ······
PBR and Track ······················································································································································ 385 IPv6 PBR configuration task list ··································································································································· 385 Configuring an IPv6 policy ········································································································································· 386 Creat
IP routing basics IP routing directs IP packet forwarding on routers based on a routing table. This chapter focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A RIB contains the global routing information and related information, including route recursion, route redistribution, and route extension information.
• Pre—Preference of the route. Among routes to the same destination, the route with the highest preference is optimal. • Cost—If multiple routes to a destination have the same preference, the one with the smallest cost is the optimal route. • NextHop—Next hop. • Interface—Output interface. Dynamic routing protocols Static routes work well in small, stable networks. They are easy to configure and require fewer system resources.
Route type Preference Multicast static route 1 OSPF 10 IS-IS 15 Unicast static route 60 RIP 100 OSPF ASE 150 OSPF NSSA 150 IBGP 255 EBGP 255 Unknown (route from an untrusted source) 256 Load sharing A routing protocol might find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing.
Route redistribution Route redistribution enables routing protocols to learn route information from each other. A dynamic routing protocol can redistribute routes from other routing protocols, including direct and static routing. For more information, see the respective chapters on those routing protocols in this configuration guide. The RIB records redistribution relationships of routing protocols.
Configuring the maximum lifetime for routes in the FIB When GR or NSR is disabled, FIB entries must be retained for some time after a protocol process switchover or RIB process switchover. When GR or NSR is enabled, FIB entries must be removed immediately after a protocol or RIB process switchover to avoid routing issues. Perform this task to meet such requirements. To configure the maximum lifetime for routes in the FIB (IPv4): Step Command Remarks 1. Enter system view. system-view N/A 2.
Task Command Display information about routes to a range of destination addresses. display ip routing-table [ vpn-instance vpn-instance-name ] ip-address1 to ip-address2 [ verbose ] Display information about routes permitted by an IP prefix list. display ip routing-table [ vpn-instance vpn-instance-name ] prefix-list prefix-list-name [ verbose ] Display information about routes installed by a protocol.
Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. Configuring a static route Before you configure a static route, complete the following tasks: • Configure the physical parameters for related interfaces.
Step 4. (Optional.) Delete all static routes, including the default route. Command Remarks delete [ vpn-instance vpn-instance-name ] static-routes all To delete one static route, use the undo ip route-static command. Configuring BFD for static routes IMPORTANT: Enabling BFD for a flapping route could worsen the situation. BFD provides a general-purpose, standard, medium-, and protocol-independent fast failure detection mechanism.
Step Command Remarks • Method 1: 2. Configure BFD control mode for a static route.
Configuring static route FRR A link or router failure on a path can cause packet loss and even routing loop. Static route fast reroute (FRR) enables fast rerouting to minimize the impact of link or node failures. Figure 1 Network diagram As shown in Figure 1, upon a link failure, FRR specifies a backup next hop by using a routing policy for routes matching the specified criteria. Packets are directed to the backup next hop to avoid traffic interruption.
Step Command Remarks • Method 1: 3. Configure static route FRR.
Figure 2 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure static routes: # Configure a default route on Router A. system-view [RouterA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2 # Configure two static routes on Router B. system-view [RouterB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1 [RouterB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6 # Configure a default route on Router C.
Summary Count : 2 Static Routing table Status : Summary Count : 2 Destination/Mask Proto 1.1.2.0/24 1.1.3.0/24 Pre Cost NextHop Interface Static 60 0 1.1.4.1 Eth1/1 Static 60 0 1.1.5.6 Eth1/2 Static Routing table Status : Summary Count : 0 # Use the ping command on Host B to test the reachability of Host A (Windows XP runs on the two hosts). C:\Documents and Settings\Administrator>ping 1.1.2.2 Pinging 1.1.2.2 with 32 bytes of data: Reply from 1.1.2.
Figure 3 Network diagram 121.1.1.0/24 120.1.1.0/24 Router A L2 Switch Router B Eth1/1 Eth1/1 Eth1/2 Eth1/2 BFD Eth1/1 Eth1/2 Router C Device Interface IP address Device Interface IP address Router A Eth1/1 12.1.1.1/24 Router B Eth1/1 12.1.1.2/24 Eth1/2 10.1.1.102/24 Eth1/2 13.1.1.1/24 Router C Eth1/1 10.1.1.100/24 Eth1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2.
Verifying the configuration # Display BFD sessions on Router A. display bfd session Total Session Num: 1 Up Session Num: 1 Init Mode: Active IPv4 Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr State Holdtime Interface 4/7 12.1.1.1 12.1.1.2 Up 2000ms Eth1/1 The output shows that the BFD session has been created. # Display static routes on Router A.
BFD for static routes configuration example (indirect next hop) Network requirements In Figure 4, Router A has a route to interface Loopback 1 (2.2.2.9/32) on Router B, with the output interface Ethernet 1/1. Router B has a route to interface Loopback 1 (1.1.1.9/32) on Router A, with the output interface Ethernet 1/1. Router D has a route to 1.1.1.9/32, with the output interface Ethernet 1/1, and a route to 2.2.2.9/32, with the output interface Ethernet 1/2. Configure a static route to subnet 120.1.1.
[RouterB] bfd multi-hop min-transmit-interval 500 [RouterB] bfd multi-hop min-receive-interval 500 [RouterB] bfd multi-hop detect-multiplier 9 [RouterB] ip route-static 121.1.1.0 24 1.1.1.9 bfd control-packet bfd-source 2.2.2.9 [RouterB] ip route-static 121.1.1.0 24 ethernet 1/2 13.1.1.2 preference 65 [RouterB] quit # Configure static routes on Router C. system-view [RouterC] ip route-static 120.1.1.0 24 13.1.1.1 [RouterC] ip route-static 121.1.1.0 24 10.1.1.
Summary Count : 1 Destination/Mask Proto 120.1.1.0/24 Static 65 Pre Cost NextHop Interface 0 10.1.1.100 Eth1/2 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through Ethernet 1/2.
[RouterS] display ip routing-table 4.4.4.4 verbose Summary Count : 1 Destination: 4.4.4.4/32 Protocol: Static SubProtID: 0x0 Cost: 0 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff Process ID: 0 Age: 04h20m37s Preference: 60 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 13.13.13.2 Label: NULL RealNextHop: 13.13.13.2 BkLabel: NULL BkNextHop: 12.12.12.
Configuring a default route A default route is used to forward packets that do not match any specific routing entry in the routing table. Without a default route, packets that do not match any routing entries are discarded and an ICMP destination-unreachable packet is sent to the source. A default route can be configured in either of the following ways: • The network administrator can configure a default route with both destination and mask being 0.0.0.0.
Configuring RIP Routing Information Protocol (RIP) is a distance-vector IGP suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0. The hop count from a router to a directly connected router is 1. To limit convergence time, RIP restricts the metric range from 0 to 15.
2. RIP uses the received responses to update the local routing table and sends triggered update messages to its neighbors. All RIP routers on the network do this to learn latest routing information. 3. RIP periodically sends the local routing table to its neighbors. After a RIP neighbor receives the message, it updates its routing table, selects optimal routes, and sends an update to other neighbors. RIP ages routes to keep only valid routes. RIP versions There are two RIP versions, RIPv1 and RIPv2.
Tasks at a glance (Optional.) Configuring RIP route control: • • • • • • • Configuring an additional routing metric Configuring RIPv2 route summarization Disabling host route reception Advertising a default route Configuring received/redistributed route filtering Configuring a preference for RIP Configuring RIP route redistribution (Optional.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enable RIP and enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] By default, RIP is disabled. By default, RIP is disabled on a network. 3. Enable RIP on a network. network network-address [ wildcard-mask ] The network 0.0.0.0 command can enable RIP on all interfaces in a single process, but does not apply to multiple RIP processes. Command Remarks Enabling RIP on an interface Step 1. Enter system view.
Configuring a RIP version You can configure a global RIP version in RIP view or an interface-specific RIP version in interface view. An interface preferentially uses the interface-specific RIP version. If no interface-specific version is specified, the interface uses the global RIP version. If neither global nor interface-specific RIP version is configured, the interface sends RIPv1 broadcasts, and can receive RIPv1 broadcasts and unicasts, and RIPv2 broadcasts, multicasts, and unicasts.
To configure additional routing metrics: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify an inbound additional routing metric. rip metricin [ route-policy route-policy-name ] value The default setting is 0. 4. Specify an outbound additional routing metric. rip metricout [ route-policy route-policy-name ] value The default setting is 1.
Step Command Remarks 3. Disable RIPv2 automatic route summarization. undo summary By default, RIPv2 automatic route summarization is enabled. 4. Return to system view. Quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Configure a summary route. rip summary-address ip-address { mask | mask-length } By default, no summary route is configured.
Step 6. Configure the RIP interface to advertise a default route. Command Remarks rip default-route { { only | originate } [ cost cost ] | no-originate } By default, a RIP interface can advertise a default route if the RIP process is enabled to advertise a default route. NOTE: The router enabled to advertise a default route does not accept default routes from RIP neighbors.
Step Configure a preference for RIP. 3. Command Remarks preference [ route-policy route-policy-name ] value The default setting is 100. Configuring RIP route redistribution Perform this task to configure RIP to redistribute routes from other routing protocols, including OSPF, IS-IS, BGP, static, and direct. To configure RIP route redistribution: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3.
Garbage-collect timer—Specifies the interval from when the metric of a route becomes 16 to when it is deleted from the routing table. RIP advertises the route with a metric of 16. If no update is announced for that route before the garbage-collect timer expires, the route is deleted from the routing table. • IMPORTANT: To avoid unnecessary traffic or route flapping, configure identical RIP timer settings on RIP routers. To configure RIP timers: Step Command Remarks 1. Enter system view.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Enable poison reverse. rip poison-reverse By default, poison reverse is disabled. Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3.
To enable source IP address check on incoming RIP updates: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable source IP address check on incoming RIP messages. validate-source-address By default, this function is enabled. Configuring RIPv2 message authentication Perform this task to enable authentication on RIPv2 messages.
Step Command Remarks 3. Specify a RIP neighbor. peer ip-address By default, RIP does not unicast updates to any peer. 4. Disable source IP address check on inbound RIP updates undo validate-source-address By default, source IP address check on inbound RIP updates is enabled. Configuring RIP network management You can use network management software to manage the RIP process to which MIB is bound. To configure RIP network management: Step Command Remarks 1. Enter system view.
When authentication is enabled, follow these guidelines to ensure packet forwarding: • For simple authentication, the maximum length of RIP packets must be no less than 52 bytes. • For MD5 authentication (with packet format defined in RFC 2453), the maximum length of RIP packets must be no less than 56 bytes. • For MD5 authentication (with packet format defined in RFC 2082), the maximum length of RIP packets must be no less than 72 bytes.
up convergence, perform this task to enable BFD for RIP. For more information about BFD, see High Availability Configuration Guide. RIP supports the following BFD detection modes: • Single-hop echo detection—Detection mode for a direct neighbor. In this mode, a BFD session is established only when the directly connected neighbor has route information to send.
Configuring bidirectional control detection Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A By default, RIP does not unicast updates to any peer. Because the undo peer command does not remove the neighbor relationship immediately, executing the command cannot bring down the BFD session immediately. 3. Specify a RIP neighbor. peer ip-address 4. Enter interface view.
Configuration prerequisites You must specify a next hop by using the apply fast-reroute backup-interface command in a routing policy and reference the routing policy for FRR. For more information about routing policy configuration, see "Configuring routing policies." Configuration procedure To configure RIP FRR: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the source address of echo packets.
Figure 7 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure basic RIP by using either of the following methods: (Method 1) # Enable RIP on the specified networks on Router A. system-view [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] network 3.0.0.0 [RouterA-rip-1] quit (Method 2) # Enable RIP on the specified interfaces on Router B.
# Configure RIPv2 on Router B. [RouterB] rip [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] quit # Display the RIP routing table on Router A. [RouterA] display rip 1 route Route Flags: R - RIP A - Aging, S - Suppressed, G - Garbage-collect O - Optimal, F - Flush to RIB ---------------------------------------------------------------------------Peer 1.1.1.2 on Ethernet1/1 Destination/Mask Nexthop Cost Tag Flags Sec 10.0.0.0/8 1.1.1.2 1 0 RAOF 87 10.1.1.0/24 1.1.1.
2.1.1.0/24 1.1.1.1 1 0 RAOF 19 3.1.1.0/24 1.1.1.1 1 0 RAOF 19 # Display the RIP routing table on Router B. [RouterB] display rip 1 route Route Flags: R - RIP A - Aging, S - Suppressed, G - Garbage-collect O - Optimal, F - Flush to RIB ---------------------------------------------------------------------------Peer 1.1.1.1 on Ethernet1/1 Destination/Mask Nexthop Cost Tag Flags Sec 2.1.1.0/24 1.1.1.
[RouterB-rip-100] quit [RouterB] rip 200 [RouterB-rip-200] network 12.0.0.0 [RouterB-rip-200] version 2 [RouterB-rip-200] undo summary [RouterB-rip-200] quit # Enable RIP 200, and configure RIPv2 on Router C. system-view [RouterC] rip 200 [RouterC-rip-200] network 12.0.0.0 [RouterC-rip-200] network 16.0.0.0 [RouterC-rip-200] version 2 [RouterC-rip-200] undo summary [RouterC-rip-200] quit # Display the IP routing table on Router C. [RouterC] display ip routing-table Destinations : 13 3.
11.1.1.0/24 RIP 1 12.3.1.1 Eth1/1 12.3.1.0/24 Direct 0 100 0 12.3.1.2 Eth1/1 12.3.1.0/32 Direct 0 0 12.3.1.2 Eth1/1 12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0 12.3.1.255/32 Direct 0 0 12.3.1.2 Eth1/1 16.4.1.0/24 Direct 0 0 16.4.1.1 Eth1/2 16.4.1.0/32 Direct 0 0 16.4.1.1 Eth1/2 16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0 16.4.1.255/32 Direct 0 0 16.4.1.1 Eth1/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
[RouterB] rip [RouterB-rip-1] network 1.0.0.0 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary # Configure Router C. system-view [RouterB] rip [RouterC-rip-1] network 1.0.0.0 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary # Configure Router D. system-view [RouterD] rip [RouterD-rip-1] network 1.0.0.0 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary # Configure Router E. system-view [RouterE] rip [RouterE-rip-1] network 1.0.0.
Configuring RIP to advertise a summary route Network requirements As shown in Figure 10, Router A and Router B run OSPF, Router D runs RIP, and Router C runs OSPF and RIP. Configure RIP to redistribute OSPF routes on Router C so Router D can learn routes destined for networks 10.1.1.0/24, 10.2.1.0/24, 10.5.1.0/24, and 10.6.1.0/24. To reduce the routing table size of Router D, configure route summarization on Router C to advertise only the summary route 10.0.0.0/8 to Router D.
[RouterC-ospf-1] quit 3. Configure basic RIP: # Configure Router C. [RouterC] rip 1 [RouterC-rip-1] network 11.3.1.0 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary # Configure Router D. system-view [RouterD] rip 1 [RouterD-rip-1] network 11.0.0.0 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary [RouterD-rip-1] quit # Configure RIP to redistribute routes from OSPF process 1 and direct routes on Router C.
Destination/Mask Proto 0.0.0.0/32 10.0.0.0/8 11.3.1.0/24 11.3.1.0/32 Pre Cost NextHop Interface Direct 0 0 127.0.0.1 InLoop0 RIP 1 11.3.1.1 Eth1/1 Direct 0 0 11.3.1.2 Eth1/1 Direct 0 0 11.3.1.2 Eth1/1 11.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0 11.4.1.0/24 Direct 0 0 11.4.1.2 Eth1/2 11.4.1.0/32 Direct 0 0 11.4.1.2 Eth1/2 11.4.1.2/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
[RouterA-rip-1] version 2 [RouterA-rip-1] undo summary [RouterA-rip-1] network 192.168.1.0 [RouterA-rip-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] rip bfd enable [RouterA-Ethernet1/1] quit [RouterA] rip 2 [RouterA-rip-2] network 192.168.2.0 [RouterA-rip-2] quit # Configure Router B. system-view [RouterB] rip 1 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.
# Display RIP routes destined for 120.1.1.0/24 on Router A. display ip routing-table 120.1.1.0 24 verbose Summary Count : 1 Destination: 120.1.1.0/24 Protocol: RIP SubProtID: 0x1 Cost: 1 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff Process ID: 1 Age: 04h20m37s Preference: 100 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 192.168.1.2 Flags: 0x1008c OrigNextHop: 192.168.1.2 Label: NULL RealNextHop: 192.168.1.
Configure BFD for RIP (single-hop echo detection for a specific destination) Network requirements As shown in Figure 12, Ethernet 1/2 of Router A and Ethernet 1/1 of Router B run RIP process 1. Ethernet 1/2 of Router B and Router C runs RIP process 1. Configure a static route destined for 100.1.1.0/24 and enable static route redistribution into RIP on both Router A and Router C so Router B can learn two routes destined for 100.1.1.0/24 through Ethernet 1/1 and Ethernet 1/2.
[RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C. system-view [RouterC] rip 1 [RouterC-rip-1] network 192.168.3.0 [RouterC-rip-1] import-route static cost 3 [RouterC-rip-1] quit 3. Configure BFD parameters on Ethernet 1/2 of Router A. [RouterA] bfd echo-source-ip 11.11.11.11 [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] bfd min-echo-receive-interval 500 [RouterA-Ethernet1/2] quit 4.
Tunnel ID: Invalid BkTunnel ID: Invalid Interface: Ethernet1/1 BkInterface: N/A # Display routes destined for 100.1.1.0/24 on Router B when the link between Router A and Router B fails. display ip routing-table 100.1.1.0 24 verbose Summary Count : 1 Destination: 100.1.1.
Figure 13 Network diagram Router D Eth1/1 Eth1/2 101.1.1.0/24 100.1.1.0/24 Eth1/2 Router B Eth1/1 Eth1/2 Eth1/1 Eth1/2 Router A Eth1/1 Router C BFD Device Interface IP address Device Interface IP address Router A Eth1/1 192.168.3.1/24 Router B Eth1/1 192.168.2.1/24 Eth1/2 192.168.1.1/24 Eth1/2 192.168.1.2/24 Router C Eth1/1 192.168.2.2/24 Eth1/1 192.168.3.2/24 Eth1/2 192.168.4.2/24 Eth1/2 192.168.4.1/24 Router D Configuration procedure 1.
[RouterC-rip-1] version 2 [RouterC-rip-1] undo summary [RouterC-rip-1] network 192.168.2.0 [RouterC-rip-1] network 192.168.4.0 [RouterC-rip-1] network 100.1.1.0 [RouterC-rip-1] peer 192.168.1.1 [RouterC-rip-1] undo validate-source-address [RouterC-rip-1] import-route static [RouterC-rip-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] rip bfd enable [RouterC-Ethernet1/1] quit # Configure Router D.
[RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] ip address 192.168.4.2 24 [RouterC-Ethernet1/2] quit # Configure Router D. [RouterD] interface ethernet 1/2 [RouterD-Ethernet1/2] ip address 192.168.4.1 24 [RouterD-Ethernet1/2] quit [RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] ip address 192.168.3.2 24 [RouterD-Ethernet1/1] quit 4. Configure static routes: # Configure a static route to Router C on Router A. [RouterA] ip route-static 192.168.2.0 24 ethernet1/2 192.168.1.
# Display RIP routes destined for 100.1.1.0/24 on Router A when the link between Router B and Router C fails. display ip routing-table 100.1.1.0 verbose Summary Count : 1 Destination: 100.1.1.0/24 Protocol: RIP Process ID: 2 SubProtID: 0x1 Cost: 2 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x12000003 AttrID: 0xffffffff Age: 00h10m35s Preference: 100 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 192.168.3.2 Flags: 0x1008c OrigNextHop: 192.168.3.
[RouterS-route-policy-frr-10] if-match ip address prefix-list abc [RouterS-route-policy-frr-10] apply fast-reroute backup-interface ethernet 1/1 backup-nexthop 12.12.12.2 [RouterS-route-policy-frr-10] quit [RouterS] rip 1 [RouterS-rip-1] fast-reroute route-policy frr [RouterS-rip-1] quit # Configure Router D. system-view [RouterD] bfd echo-source-ip 4.4.4.4 [RouterD] ip prefix-list abc index 10 permit 1.1.1.
OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 13.13.13.1 Flags: 0x1008c OrigNextHop: 13.13.13.1 Label: NULL RealNextHop: 13.13.13.1 BkLabel: NULL BkNextHop: 24.24.24.
Configuring OSPF Open Shortest Path First (OSPF) is a link-state IGP developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. OSPF refers to OSPFv2 throughout this chapter. Overview OSPF has the following features: • Wide scope—Supports various network sizes and up to several hundred routers in an OSPF routing domain. • Fast convergence—Advertises routing updates instantly upon network topology changes. • Loop free—Computes routes with the SPF algorithm to avoid routing loops.
LSA types OSPF advertises routing information in Link State Advertisements (LSAs). The following LSAs are commonly used: • Router LSA—Type-1 LSA, originated by all routers and flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. • Network LSA—Type-2 LSA, originated for broadcast and NBMA networks by the designated router, and flooded throughout a single area only. This LSA contains the list of routers connected to the network.
Figure 15 Area-based OSPF network partition Area 4 Area 1 Area 0 Area 2 Area 3 Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF has the following requirements: • All non-backbone areas must maintain connectivity to the backbone area. • The backbone area must maintain connectivity within itself.
Figure 17 Virtual link application 2 Area 1 Virtual link R2 R1 Area 0 The virtual link between the two ABRs acts as a point-to-point connection. You can configure interface parameters, such as hello interval, on the virtual link as they are configured on a physical interface. The two ABRs on the virtual link unicast OSPF packets to each other, and the OSPF routers in between convey these OSPF packets as normal IP packets.
• Internal router—All interfaces on an internal router belong to one OSPF area. • ABR—Belongs to more than two areas, one of which must be the backbone area. ABR connects the backbone area to a non-backbone area. An ABR and the backbone area can be connected through a physical or logical link. • Backbone router—At least one interface of a backbone router must reside in the backbone area. All ABRs and internal routers in Area 0 are backbone routers.
destination of the Type-2 external route. If two Type-2 routes to the same destination have the same cost, OSPF takes the cost from the router to the ASBR into consideration to determine the best route. Route calculation OSPF computes routes in an area as follows: • Each router generates LSAs based on the network topology around itself, and sends them to other routers in update packets. • Each OSPF router collects LSAs from other routers to compose an LSDB.
• BDR—Elected along with the DR to establish adjacencies with all other routers. If the DR fails, the BDR immediately becomes the new DR, and other routers elect a new BDR. Routers other than the DR and BDR are called "DROthers." They do not establish adjacencies with one another, so the number of adjacencies is reduced. The role of a router is subnet (or interface) specific. It might be a DR on one interface and a BDR or DROther on another interface.
• RFC 3137, OSPF Stub Router Advertisement • RFC 4811, OSPF Out-of-Band LSDB Resynchronization • RFC 4812, OSPF Restart Signaling • RFC 4813, OSPF Link-Local Signaling OSPF configuration task list To run OSPF, you must first enable OSPF on the router. Make a proper configuration plan to avoid incorrect settings that can result in route blocking and routing loops. To configure OSPF, perform the following tasks: Tasks at a glance (Required.) Enabling OSPF (Optional.
Tasks at a glance (Optional.) Tuning and optimizing OSPF networks: • • • • • • • • • • • • • • • • • • • • Configuring OSPF timers • • • • (Optional.
• If you specify a router ID when you create an OSPF process, any two routers in an AS must have different router IDs. A common practice is to specify the IP address of an interface as the router ID. • If you specify no router ID when you create the OSPF process, the global router ID is used. HP recommends specifying a router ID when you create the OSPF process. OSPF supports multiple processes and VPNs: • To run multiple OSPF processes, you must specify an ID for each process.
Step Enter interface view. 2. Command Remarks interface interface-type interface-number N/A By default, OSPF is disabled on an interface. Enable an OSPF process on the interface. 3. ospf process-id area area-id [ exclude-subip ] If the specified OSPF process and area do not exist, the command creates the OSPF process and area. Disabling an OSPF process on an interface does not delete the OSPF process or the area.
Configuring an NSSA area A stub area cannot import external routes, but an NSSA area can import external routes into the OSPF routing domain while retaining other stub area characteristics. Do not configure the backbone area as an NSSA area or totally NSSA area. To configure an NSSA area, configure the nssa command on all the routers attached to the area. To configure a totally NSSA area, configure the nssa command on all the routers attached to the area and configure the nssa no-summary command on the ABR.
Step Command Remarks By default, no virtual link is configured. 4. vlink-peer router-id [ dead seconds | hello seconds | { { hmac-md5 | md5 } key-id { cipher cipher-string | plain plain-string } | simple { cipher cipher-string | plain plain-string } } | retransmit seconds | trans-delay seconds ] * Configure a virtual link. Configure this command on both ends of a virtual link, and the hello and dead intervals must be identical on both ends of the virtual link.
Step 3. 4. Command Remarks Configure the OSPF network type for the interface as broadcast. ospf network-type broadcast By default, the network type of an interface depends on the link layer protocol. (Optional.) Configure a router priority for the interface. ospf dr-priority priority The default router priority is 1.
Configuring the P2MP network type for an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A By default, the network type of an interface depends on the link layer protocol. After you configure the OSPF network type for an interface as P2MP unicast, all packets are unicast over the interface. The interface cannot broadcast hello packets to discover neighbors, so you must manually specify the neighbors.
• Enable OSPF. • Configure filters if routing information filtering is needed. Configuring OSPF route summarization Configure route summarization on an ABR or ASBR to summarize contiguous networks into a single network and distribute it to other areas. Route summarization reduces the routing information exchanged between areas and the size of routing tables, and improves routing performance. For example, three internal networks 19.1.1.0/24, 19.1.2.0/24, and 19.1.3.0/24 are available within an area.
Configuring received OSPF route filtering Perform this task to filter routes calculated using received LSAs. The following filtering methods are available: • Use an ACL or IP prefix list to filter routing information by destination address. • Use the gateway keyword to filter routing information by next hop. • Use an ACL or IP prefix list to filter routing information by destination address and at the same time use the gateway keyword to filter routing information by next hop.
value is configured for an interface, OSPF computes the interface cost based on the interface bandwidth and default bandwidth reference value. To configure an OSPF cost for an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure an OSPF cost for the interface. ospf cost value By default, the OSPF cost is calculated according to the interface bandwidth.
Step Command Remarks 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Configure a preference for OSPF. preference [ ase ] [ route-policy route-policy-name ] value By default, the preference of OSPF internal routes is 10 and the preference of OSPF external routes is 150.
Step 2. 3. Command Remarks Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A Redistribute a default route. default-route-advertise [ [ [ always | permit-calculate-other ] | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] By default, no default route is redistributed. This command is applicable only to VPNs. The PE router advertises a default route in a Type-3 LSA to a CE router.
• Change OSPF packet timers to adjust the convergence speed and network load. On low-speed links, consider the delay time for sending LSAs. • Change the SPF calculation interval to reduce resource consumption caused by frequent network changes. • Configure OSPF authentication to improve security. Configuration prerequisites Before you configure OSPF network optimization, complete the following tasks: • Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes.
Step Command Remarks By default: • The dead interval on P2P and broadcast interfaces is 40 seconds. 5. Specify the dead interval. • The dead interval on P2MP and NBMA interfaces is 120 seconds. ospf timer dead seconds The dead interval must be at least four times the hello interval on an interface. The default dead interval is restored when the network type for an interface is changed. The default setting is 5 seconds. 6. Specify the retransmission interval.
Step Command Remarks By default: 3. Specify the SPF calculation interval. spf-schedule-interval maximum-interval [ minimum-interval [ incremental-interval ] ] • The maximum interval is 5 seconds. • The minimum interval is 50 milliseconds. • The incremental interval is 200 milliseconds.
Step Command Remarks By default: • The maximum interval is 5 3. Configure the LSA generation interval. lsa-generation-interval maximum-interval [ minimum-interval [ incremental-interval ] ] seconds. • The minimum interval is 0 milliseconds. • The incremental interval is 0 milliseconds. Disabling interfaces from receiving and sending OSPF packets To enhance OSPF adaptability and reduce resource consumption, you can set an OSPF interface to "silent.
Step 2. 3. Command Remarks Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A Configure the router as a stub router. stub-router [ external-lsa [ max-metric-value ] | include-stub | on-startup { seconds | wait-for-bgp [ seconds ] } | summary-lsa [ max-metric-value ] ] * By default, the router is not configured as a stub router. A stub router has no associations with a stub area.
Step Command Remarks • Configure simple authentication: 3. Configure interface authentication mode. ospf authentication-mode simple { cipher cipher-string | plain plain-string } • Configure MD5 authentication: ospf authentication-mode { hmac-md5 | md5 } key-id { cipher cipher-string | plain plain-string } Use either method. By default, no authentication is configured.
Configuring the maximum number of external LSAs in LSDB Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Specify the maximum number of external LSAs in the LSDB. lsdb-overflow-limit number By default, the maximum number of external LSAs in the LSDB is not limited.
To enable compatibility with RFC 1583: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enable compatibility with RFC 1583. rfc1583 compatible By default, this feature is enabled. Logging neighbor state changes Perform this task to enable output of neighbor state change logs to the information center.
Step Command Remarks By default, SNMP notifications for OSPF is enabled. 3. Enable SNMP notifications for OSPF.
Step Command Remarks 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enable OSPF ISPF. ispf enable By default, OSPF ISPF is enabled. Configuring prefix suppression An OSPF interface by default advertises all its prefixes in LSAs. You can suppress interfaces from advertising all its prefixes to speed up OSPF convergence. This function also helps improve the network security by preventing IP routing toward the suppressed networks.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable prefix suppression on the interface. ospf prefix-suppression [ disable ] By default, prefix suppression is disabled on an interface. Configuring prefix prioritization This feature enables the device to install prefixes in descending priority order: critical, high, medium, and low. The prefix priorities are assigned through routing policies.
Two routers are required to complete a GR process. The following are router roles in a GR process. • GR restarter—Graceful restarting router. It must have GR capability. • GR helper—A neighbor of the GR restarter. It helps the GR restarter to complete the GR process. OSPF GR has the following types: • IETF GR—Uses Opaque LSAs to implement GR. • Non-IETF GR—Uses link local signaling (LLS) to advertise GR capability and uses out of band synchronization to synchronize the LSDB.
Configuring OSPF GR helper You can configure the IETF or non IETF OSPF GR helper. Configuring the IETF OSPF GR helper Step Command Remarks 1. Enter system view. system-view N/A 2. Enable OSPF and enter its view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enable opaque LSA reception and advertisement capability. opaque-capability enable By default, opaque LSA reception and advertisement capability is enabled. 4. (Optional.
Configuring BFD for OSPF BFD provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, which improves the network convergence speed. For more information about BFD, see High Availability Configuration Guide. OSPF supports the following BFD detection modes: • Bidirectional control detection—Requires BFD configuration to be made on both OSPF routers on the link.
Figure 21 Network diagram for OSPF FRR In Figure 21, configure FRR on Router B by using a routing policy to specify a backup next hop. When the primary link fails, OSPF directs packets to the backup next hop. At the same time, OSPF calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence.
Step Command Remarks N/A 6. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * 7. Enable OSPF FRR to calculate a backup next hop by using the LFA algorithm. fast-reroute lfa [ abr-only ] By default, OSPF FRR is not configured. If abr-only is specified, the route to the ABR is selected as the backup path.
Task Command Display OSPF LSDB information (MSR4000). display ospf [ process-id ] lsdb [ area area-id | brief | [ { asbr | ase | network | nssa | opaque-area | opaque-as | opaque-link | router | summary } [ link-state-id ] ] [ originate-router advertising-router-id | self-originate ] ] [ standby slot slot-number ] Display OSPF next hop information. display ospf [ process-id ] nexthop Display OSPF neighbor information (MSR2000/MSR3000).
Task Command Clear OSPF statistics. reset ospf [ process-id ] counters Reset an OSPF process. reset ospf [ process-id ] process [ graceful-restart ] Re-enable OSPF route redistribution. reset ospf [ process-id ] redistribution OSPF configuration examples Basic OSPF configuration example Network requirements • Enable OSPF on all routers, and split the AS into three areas. • Configure Router A and Router B as ABRs. Figure 22 Network diagram Router A Area 0 Router B Eth1/1 10.1.1.
[RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] area 2 [RouterB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.2] quit [RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] router id 10.4.1.1 [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.
DR: 10.2.1.1 BDR: 10.2.1.2 MTU: 0 Options is 0x02 (-|-|-|-|-|-|E|-) Dead timer due in 32 sec Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Router A. [RouterA] display ospf routing OSPF Process 1 with Router ID 10.2.1.1 Routing Tables Routing for Network Destination Cost Type 10.2.1.0/24 1 10.3.1.0/24 2 10.4.1.0/24 10.5.1.0/24 10.1.1.0/24 NextHop AdvRouter Area Transit 10.2.1.1 10.2.1.1 0.0.0.1 Inter 10.
--- Ping statistics for 10.4.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.779/1.408/1.702/0.323 ms OSPF route redistribution configuration example Network requirements • Enable OSPF on all the routers. • Split the AS into three areas. • Configure Router A and Router B as ABRs. • Configure Router C as an ASBR to redistribute external routes (static routes). Figure 23 Network diagram Area 0 Router A Router B Eth1/1 10.1.1.1/24 Eth1/1 10.
# Display the OSPF routing information on Router D. display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 25 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 10 Stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 12 Inter 10.3.1.1 10.3.1.1 0.0.0.
Figure 24 Network diagram Eth1/2 10.4.1.1/24 Eth1/2 10.3.1.1/24 Eth1/1 10.1.1.1/24 Eth1/1 10.2.1.2/24 Router E Router D Eth1/1 10.1.1.2/24 Eth1/3 10.2.1.1/24 Router C Eth1/2 11.1.1.2/24 AS 100 EBGP Eth1/2 11.1.1.1/24 Router B Eth1/1 11.2.1.1/24 Eth1/1 11.2.1.2/24 AS 200 Router A Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Enable OSPF: # Configure Router A. system-view [RouterA] router id 11.2.1.
# Configure Router D. system-view [RouterD] router id 10.3.1.1 [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit # Configure Router E. system-view [RouterE] router id 10.4.1.1 [RouterE] ospf [RouterE-ospf-1] area 0 [RouterE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [RouterE-ospf-1-area-0.
5. 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 10.1.1.0/24 OSPF 150 1 11.2.1.1 Eth1/1 10.2.1.0/24 OSPF 150 1 11.2.1.1 Eth1/1 10.3.1.0/24 OSPF 150 1 11.2.1.1 Eth1/1 10.4.1.0/24 OSPF 150 1 11.2.1.1 Eth1/1 11.2.1.0/24 Direct 0 0 11.2.1.2 Eth1/1 11.2.1.0/32 Direct 0 0 11.2.1.2 Eth1/1 11.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0 11.2.1.255/32 Direct 0 0 11.2.1.2 Eth1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.
• Configure Router D as the ASBR to redistribute static routes. • Configure Area 1 as a stub area to reduce advertised LSAs without influencing reachability. Figure 25 Network diagram Router A Area 0 Eth1/1 10.1.1.2/24 Eth1/2 10.2.1.1/24 Area 1 Stub Router B Eth1/1 10.1.1.1/24 Eth1/1 10.2.1.2/24 Eth1/2 10.3.1.1/24 Eth1/1 10.3.1.2/24 Area 2 ASBR Router C Eth1/2 10.4.1.1/24 Eth1/2 10.5.1.1/24 Router D Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2.
10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.1 Destination Cost Type Tag NextHop AdvRouter 3.1.2.0/24 1 Type2 1 10.2.1.1 10.5.1.1 Routing for ASEs Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Because Router C resides in a normal OSPF area, its routing table contains an AS external route. 4. Configure Area 1 as a stub area: # Configure Router A. system-view [RouterA] ospf [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] stub [RouterA-ospf-1-area-0.0.0.
[RouterA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Router C. [RouterC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop 0.0.0.0/0 4 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 3 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 3 Stub 10.4.1.1 0.0.0.1 10.4.1.
[RouterA-ospf-1-area-0.0.0.1] nssa [RouterA-ospf-1-area-0.0.0.1] quit # Configure Router C. system-view [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] nssa [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] quit NOTE: • To allow Router C in the NSSA area to reach other areas within the AS, you must provide the keyword default-route-advertise for the nssa command issued on Router A (the ABR) so that Router C can obtain a default route.
10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 25 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 10 Stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 12 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Destination Cost Type Tag NextHop AdvRouter 3.1.2.0/24 1 Type2 1 10.3.1.1 10.2.1.1 Routing for ASEs Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 The output shows an AS external route imported from the NSSA area exists on Router D.
[RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] router id 3.3.3.3 [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] router id 4.4.4.4 [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.
Neighbor is up for 00:01:28 Authentication Sequence: [ 0 ] The output shows that Router D is the DR and Router C is the BDR. 3. Configure router priorities on interfaces: # Configure Router A. [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ospf dr-priority 100 [RouterA-Ethernet1/1] quit # Configure Router B. [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospf dr-priority 0 [RouterB-Ethernet1/1] quit # Configure Router C.
The output shows that the DR and BDR are not changed, because the new router priority settings do not take effect immediately. 4. Restart the OSPF process: # Restart the OSPF process on Router D. reset ospf 1 process Warning : Reset OSPF process? [Y/N]:y # Display neighbor information of Router D. display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(Ethernet1/1)'s neighbors Router ID: 1.1.1.1 State: Full Address: 192.168.1.
192.168.1.1 Broadcast DR 1 100 192.168.1.1 192.168.1.3 [RouterB] display ospf interface OSPF Process 1 with Router ID 2.2.2.2 Interfaces Area: 0.0.0.0 IP Address Type State 192.168.1.2 Broadcast DROther Cost Pri DR BDR 1 0 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR or BDR. OSPF virtual link configuration example Network requirements Configure a virtual link between Router B and Router C to connect Area 2 to the backbone area.
# Configure Router C. system-view [RouterC] ospf 1 router-id 3.3.3.3 [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] area 2 [RouterC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterC–ospf-1-area-0.0.0.2] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] ospf 1 router-id 4.4.4.4 [RouterD-ospf-1] area 2 [RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.
Routing for Network Destination Cost Type 10.2.1.0/24 2 10.3.1.0/24 5 10.1.1.0/24 2 NextHop AdvRouter Area Transit 10.2.1.1 3.3.3.3 0.0.0.1 Inter 10.2.1.2 3.3.3.3 0.0.0.0 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 The output shows that Router B has learned the route 10.3.1.0/24 to Area 2.
[RouterB-ospf-100] area 0 [RouterB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterB-ospf-100-area-0.0.0.0] quit # Configure Router C system-view [RouterC] router id 3.3.3.3 [RouterC] ospf 100 [RouterC-ospf-100] area 0 [RouterC-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterC-ospf-100-area-0.0.0.0] quit 3.
%Oct 21 15:29:29:902 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.2(Ethernet1/1) from Loading to Full. *Oct 21 15:29:29:902 2011 RouterA OSPF/7/DEBUG: -MDC=1; OSPF 100 deleted OOB Progress timer for neighbor 192.1.1.2. %Oct 21 15:29:30:897 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.3(Ethernet1/1) from Loading to Full. *Oct 21 15:29:30:897 2011 RouterA OSPF/7/DEBUG: -MDC=1; OSPF 100 deleted OOB Progress timer for neighbor 192.1.1.3.
Router C Eth 1/1 10.1.1.100/24 Eth 1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Enable OSPF: # Configure Router A. system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 121.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.
[RouterB] bfd session init-mode active [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospf bfd enable [RouterB-Ethernet1/1] bfd min-transmit-interval 500 [RouterB-Ethernet1/1] bfd min-receive-interval 500 [RouterB-Ethernet1/1] bfd detect-multiplier 6 Verifying the configuration # Display the BFD information on Router A.
OrigTblID: 0x0 OrigVrf: default-vrf TableID: 0x2 OrigAs: 0 NBRID: 0x26000002 LastAs: 0 AttrID: 0xffffffff Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 10.1.1.100 Label: NULL RealNextHop: 10.1.1.100 BkLabel: NULL BkNextHop: N/A Tunnel ID: Invalid BkTunnel ID: Invalid Interface: Ethernet1/2 BkInterface: N/A The output shows that Router A communicates with Router B through Ethernet 1/2.
[RouterD-ospf-1] quit { (Method 2.) Enable OSPF FRR to specify a backup next hop by using a routing policy: # Configure Router S. system-view [RouterS] bfd echo-source-ip 1.1.1.1 [RouterS] ip prefix-list abc index 10 permit 4.4.4.4 32 [RouterS] route-policy frr permit node 10 [RouterS-route-policy-frr-10] if-match ip address prefix-list abc [RouterS-route-policy-frr-10] apply fast-reroute backup-interface ethernet 1/1 backup-nexthop 12.12.12.
[RouterD] display ip routing-table 1.1.1.1 verbose Summary Count : 1 Destination: 1.1.1.1/32 Protocol: OSPF Process ID: 1 SubProtID: 0x1 Cost: 1 Age: 04h20m37s Preference: 10 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 13.13.13.1 Label: NULL RealNextHop: 13.13.13.1 BkLabel: NULL BkNextHop: 24.24.24.
Analysis The backbone area must maintain connectivity to all other areas. If a router connects to more than one area, at least one area must be connected to the backbone. The backbone cannot be configured as a stub area. In a stub area, all routers cannot receive external routes, and all interfaces connected to the stub area must belong to the stub area. Solution 1. Use the display ospf peer command to verify neighbor information. 2.
Configuring IS-IS This chapter describes how to configure IS-IS for IPv4 networks. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the ISO to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, called "Integrated IS-IS" or "Dual IS-IS." IS-IS is an IGP used within an AS. It uses the SPF algorithm for route calculation.
• System ID—Identifies the host. • SEL—Identifies the type of service. The IDP and DSP are variable in length. The length of an NSAP address ranges from 8 bytes to 20 bytes. Figure 32 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address. Typically, a router only needs one area address, and all nodes in the same area must have the same area address.
• Area ID—Has a length of 1 to 13 bytes. • System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6 bytes. • SEL—Has a value of 0 and a fixed length of 1 byte. For example, for a NET ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is 1234.5678.9abc, and the SEL is 00. Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning.
Figure 33 IS-IS topology 1 Area 3 Area 2 L1/L2 L1/L2 L2 L2 L1 Area 1 L2 L2 Area 5 L1/L2 Area 4 L1 L1/L2 L1 L1 L1 L1 Figure 34 shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas. The IS-IS backbone does not need to be a specific area.
passing through the Level-1-2 router might not be the best. To solve this problem, IS-IS provides the route leaking feature. Route leaking enables a Level-1-2 router to advertise the routes of other Level-1 areas and the Level-2 area to the connected Level-1 area so that the Level-1 routers can select the optimal routes for packets. IS-IS network types Network types IS-IS supports the broadcast network (for example, Ethernet and Token Ring) and the point-to-point network (for example, PPP and HDLC).
NOTE: On an IS-IS broadcast network, all routers establish adjacency relationships, but they synchronize their LSDBs through the DIS. IS-IS PDUs PDU IS-IS PDUs are encapsulated into link layer frames. An IS-IS PDU has two parts, the headers and the variable length fields. The headers comprise the PDU common header and the PDU specific header. All PDUs have the same PDU common header. The specific headers vary by PDU type.
A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers. On broadcast networks, CSNPs are sent by the DIS periodically (every 10 seconds by default). On point-to-point networks, CSNPs are sent only during the first adjacency establishment. A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor.
• RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS • RFC 2973, IS-IS Mesh Groups • RFC 3277, IS-IS Transient Blackhole Avoidance • RFC 3358, Optional Checksums in ISIS • RFC 3373, Three-Way Handshake for IS-IS Point-to-Point Adjacencies • RFC 3567, Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication • RFC 3719, Recommendations for Interoperable Networks using IS-IS • RFC 3786, Extending the Number of IS-IS LSP Fragments Beyond the 256 Limit • RFC 37
Tasks at a glance (Optional.
Step Command Remarks 5. Enter interface view. interface interface-type interface-number N/A 6. Enable an IS-IS process on the interface. isis enable [ process-id ] By default, no IS-IS process is enabled. Configuring the IS level and circuit level Follow these guidelines when you configure the IS level for routers in only one area: • Configure the IS level of all routers as Level-1 or Level-2 rather than different levels because the routers do not need to maintain two identical LSDBs.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure P2P network type for an interface. isis circuit-type p2p By default, the network type of an interface depends on the physical media. The network type of a VLAN interface is broadcast.
Configuring an IS-IS cost for an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. (Optional.) Specify an IS-IS cost style. cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } By default, the IS-IS cost type is narrow. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6.
To configure a preference for IS-IS: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure a preference for IS-IS. preference { preference | route-policy route-policy-name } * The default setting is 15. Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks 1.
To advertise a default route: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Advertise a default route. default-route-advertise [ [ level-1 | level-1-2 | level-2 ] | route-policy route-policy-name ] * By default, IS-IS does not advertise a default route. Configuring IS-IS route redistribution Perform this task to redistribute routes from other routing protocols into IS-IS.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Filter routes calculated using received LSPs. filter-policy { acl-number | prefix-list prefix-list-name | route-policy route-policy-name } import By default, IS-IS route filtering is not configured.
Tuning and optimizing IS-IS networks Configuration prerequisites Before you tune and optimize IS-IS networks, complete the following tasks: • Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes. • Enable IS-IS. Specifying the interval for sending IS-IS hello packets If a neighbor does not receive any hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes.
Step 3. Specify the hello multiplier. Command Remarks isis timer holding-multiplier value [ level-1 | level-2 ] The default setting is 3. Specifying the interval for sending IS-IS CSNP packets On a broadcast network, perform this task on the DIS that uses CSNP packets to synchronize LSDBs. To specify the interval for sending IS-IS CSNP packets: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Disable source address check for hello packets on a PPP interface. isis peer-ip-ignore By default, a PPP interface checks the source IP address in hello packets. The command applies only to PPP interfaces.
Configuring LSP parameters Configuring LSP timers 1. Specify the maximum age of LSPs. Each LSP has an age that decreases in the LSDB. Any LSP with an age of 0 is deleted from the LSDB. You can adjust the age value based on the scale of a network. To specify the maximum age of LSPs: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Specify the maximum LSP age.
On a P2P link, IS-IS requires an advertised LSP be acknowledged. If no acknowledgement is received within a configurable interval, IS-IS will retransmit the LSP. To configure LSP sending intervals: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify the minimum interval for sending LSPs and the maximum LSP number that can be sent at a time.
Enabling LSP fragment extension Perform this task to enable IS-IS fragment extension for an IS-IS process. The MTUs of all interfaces running the IS-IS process must not be less than 512. Otherwise, LSP fragment extension does not take effect. To enable LSP fragment extension: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable LSP fragment extension.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A • Add the interface to a mesh Use either method. 3. group: isis mesh-group mesh-group-number Add the interface to a mesh group or block the interface. • Block the interface: isis mesh-group mesh-blocked By default, the interface does not belong to any mesh group and is not blocked. The mesh group feature takes effect only on P2P interfaces.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Assign convergence priorities to specific IS-IS routes. priority { critical | high | medium } { prefix-list prefix-list-name | tag tag-value } By default, IS-IS routes, except IS-IS host routes, have the low convergence priority.
Step 3. Configure a system ID to host name mapping for a remote IS. Command Remarks is-name map sys-id map-sys-name A system ID can correspond to only one host name. Configuring dynamic system ID to host name mapping Static system ID to host name mapping requires you to manually configure a mapping for each router in the network. When a new router is added to the network or a mapping must be modified, you must configure all routers manually.
Step Command Remarks 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable the logging of neighbor state changes. log-peer-change By default, the logging of neighbor state changes is enabled. Enabling IS-IS ISPF When the network topology changes, Incremental Shortest Path First (ISPF) computes only the affected part of the SPT, instead of the entire SPT. To enable IS-IS ISPF: Step Command Remarks 1. Enter system view. system-view N/A 2.
Enhancing IS-IS network security To enhance the security of an IS-IS network, you can configure IS-IS authentication. IS-IS authentication involves neighbor relationship authentication, area authentication, and routing domain authentication. Configuration prerequisites Before the configuration, complete the following tasks: • Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes. • Enable IS-IS.
Configuring routing domain authentication Routing domain authentication prevents untrusted routing information from entering into a routing domain. A router with the authentication configured encapsulates the password in the specified mode into Level-2 packets (LSP, CSNP, and PSNP) and check the password in received Level-2 packets. All the routers in the backbone must have the same authentication mode and password. To configure routing domain authentication: Step Command Remarks 1. Enter system view.
Step Command Remarks 2. Enable IS-IS and enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable IS-IS GR. graceful-restart By default, the GR capability for IS-IS is disabled. By default, the SA bit is not suppressed. (Optional.) Suppress the SA bit during restart. graceful-restart suppress-sa 5. (Optional.) Configure the T1 timer. graceful-restart t1 seconds count count By default, the T1 timer is 3 seconds and can expire 10 times. 6. (Optional.
Figure 39 Network diagram for IS-IS FRR In Figure 39, after you enable FRR on Router B, IS-IS automatically calculates or designates a backup next hop when a link failure is detected. In this way, packets are directed to the backup next hop to reduce traffic recovery time. Meanwhile, IS-IS calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence.
FRR. For more information about the apply fast-reroute backup-interface command and routing policy configurations, see "Configuring routing policies." To configure IS-IS FRR using a routing policy: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the source address of echo packets. bfd echo-source-ip ip-address By default, the source address of echo packets is not configured. 3. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 4.
Task Command Display IS-IS backup neighbor information (MSR4000). display isis peer [ statistics | verbose ] [ process-id ] [ standby slot slot-number ] Display IS-IS redistributed route information display isis redistribute [ ipv4 [ ip-address mask-length ] ] [ level-1 | level-2 ] [ process-id ] Display IS-IS IPv4 routing information. display isis route [ ipv4 [ ip-address mask-length ] ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ] Display IS-IS IPv4 topology information.
Figure 40 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IS-IS: # Configure Router A system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis enable 1 [RouterA-Ethernet1/1] quit # Configure Router B.
[RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis enable 1 [RouterC-Ethernet1/2] quit # Configure Router D system-view [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.
0000.0000.0003.00-00 0x00000014 0x194a 1190 111 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 995 55 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [RouterC] display isis lsdb Database information for ISIS(1) -------------------------------Level-1 Link State Database --------------------------LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------0000.0000.0001.
[RouterA] display isis route Route information for IS-IS(1) ------------------------------ Level-1 IPv4 Forwarding Table ----------------------------- IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------10.1.1.0/24 10 NULL Eth1/1 Direct D/L/- 10.1.2.0/24 20 NULL Eth1/1 10.1.1.1 R/-/- 192.168.0.0/24 20 NULL Eth1/1 10.1.1.1 R/-/- 0.0.0.0/0 10 NULL Eth1/1 10.1.1.
Level-2 IPv4 Forwarding Table ----------------------------IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------192.168.0.0/24 10 NULL Eth1/2 Direct D/L/- 10.1.1.0/24 20 NULL Eth1/2 192.168.0.1 R/-/- 10.1.2.0/24 20 NULL Eth1/2 192.168.0.1 R/-/- 172.16.0.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis enable 1 [RouterA-Ethernet1/1] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis enable 1 [RouterB-Ethernet1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
Interface: Ethernet1/1 Circuit Id: 0000.0000.0004.01 State: Up Type: L2 HoldTime: 23s PRI: 64 # Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for IS-IS(1) --------------------------------Interface: Ethernet1/1 Id IPv4.State IPv6.State MTU Type DIS 001 Up Down 1497 L1/L2 No/No # Display IS-IS interfaces of Router C.
State: Up HoldTime: 22s Type: L1 PRI: 64 System Id: 0000.0000.0002 Interface: Ethernet1/1 Circuit Id: 0000.0000.0001.01 State: Up Type: L2(L1L2) HoldTime: 22s PRI: 64 System Id: 0000.0000.0004 Interface: Ethernet1/1 Circuit Id: 0000.0000.0001.01 State: Up Type: L2 HoldTime: 22s PRI: 64 # Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for IS-IS(1) --------------------------------- Interface: Ethernet1/1 Id IPv4.State IPv6.
Interface: Ethernet1/1 Circuit Id: 0000.0000.0001.01 State: Up Type: L2 HoldTime: 7s PRI: 100 System Id: 0000.0000.0002 Interface: Ethernet1/1 Circuit Id: 0000.0000.0001.01 State: Up Type: L2 HoldTime: 26s PRI: 64 [RouterD] display isis interface Interface information for IS-IS(1) --------------------------------- Interface: Ethernet1/1 Id IPv4.State IPv6.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis enable 1 [RouterA-Ethernet1/1] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] isis enable 1 [RouterB-Ethernet1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
192.168.0.0/24 20 NULL Eth1/1 10.1.1.1 R/-/- 0.0.0.0/0 10 NULL Eth1/1 10.1.1.1 R/-/- Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set [RouterC] display isis route Route information for IS-IS(1) ----------------------------Level-1 IPv4 Forwarding Table ----------------------------IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------10.1.1.0/24 10 NULL Eth1/1 Direct D/L/- 10.1.
# Configure RIPv2 on Router D. [RouterD] rip 1 [RouterD-rip-1] network 10.0.0.0 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary # Configure RIPv2 on Router E. [RouterE] rip 1 [RouterE-rip-1] network 10.0.0.0 [RouterE-rip-1] version 2 [RouterE-rip-1] undo summary # On Router D, configure IS-IS to redistribute routes from RIP. [RouterD-rip-1] quit [RouterD] isis 1 [RouterD–isis-1] import-route rip level-2 # Display IS-IS routing information on Router C.
IS-IS authentication configuration example Network requirements As shown in Figure 43, Router A, Router B, Router C, and Router D reside in the same IS-IS routing domain. Router A, Router B, and Router C belong to Area 10, and Router D belongs to Area 20. Configure neighbor relationship authentication between neighbors. Configure area authentication in Area 10 to prevent untrusted routes from entering into the area.
# Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis enable 1 [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis enable 1 [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/3 [RouterC-Ethernet1/3] isis enable 1 [RouterC-Ethernet1/3] quit # Configure Router D.
4. Configure the area authentication mode as MD5 and set the plaintext password to 10Sec on Router A, Router B, and Router C. [RouterA] isis 1 [RouterA-isis-1] area-authentication-mode md5 plain 10Sec [RouterA-isis-1] quit [RouterB] isis 1 [RouterB-isis-1] area-authentication-mode md5 plain 10Sec [RouterB-isis-1] quit [RouterC] isis 1 [RouterC-isis-1] area-authentication-mode md5 plain 10Sec [RouterC-isis-1] quit 5.
Verifying the configuration After Router A establishes adjacencies with Router B and Router C, they begin to exchange routing information. Restart IS-IS on Router A, which enters the restart state and sends connection requests to its neighbors through the GR mechanism to synchronize the LSDB. To display the IS-IS GR status on Router A, use the display isis graceful-restart status command. # Restart the IS-IS process on Router A.
Figure 45 Network diagram Device Interface IP address Device Interface IP address Router A Eth1/1 192.168.0.102/24 Router B Eth1/1 192.168.0.100/24 Eth1/2 10.1.1.102/24 Eth1/2 13.1.1.1/24 Router C Eth1/1 10.1.1.100/24 Eth1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure basic IS-IS: # Configure Router A. system-view [RouterA] isis [RouterA-isis-1] network-entity 10.0000.0000.0001.
[RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis enable [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis enable [RouterC-Ethernet1/2] quit Configure BFD functions: 3. # Enable BFD and configure BFD parameters on Router A.
Flags: 0x1008c OrigNextHop: 192.168.0.100 Label: NULL RealNextHop: 192.168.0.100 BkLabel: NULL Tunnel ID: Invalid BkTunnel ID: Invalid BkNextHop: N/A Interface: Ethernet1/1 BkInterface: N/A The output shows that Router A and Router B communicate through Ethernet 1/1. Then the link over Ethernet 1/1 fails. # Display routes destined for 120.1.1.0/24 on Router A. display ip routing-table 120.1.1.0 verbose Summary Count : 1 Destination: 120.1.1.
Configuration procedure 1. Configure IP addresses and subnet masks for interfaces on the routers. (Details not shown.) 2. Configure IS-IS on the routers to make sure Router A, Router D, and Router S can communicate with each other at the network layer. (Details not shown.) 3. Configure IS-IS FRR: Enable IS-IS FRR to automatically calculate a backup next hop, or designate a backup next hop by using a routing policy. { (Method 1.
Verifying the configuration # Display route 4.4.4.4/32 on Router S to view the backup next hop information. [RouterS] display ip routing-table 4.4.4.4 verbose Summary Count : 1 Destination: 4.4.4.4/32 Protocol: ISIS SubProtID: 0x1 Cost: 10 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff Process ID: 1 Age: 04h20m37s Preference: 10 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 13.13.13.2 Label: NULL RealNextHop: 13.13.
Configuring BGP Overview Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP). It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271). BGP has the following characteristics: • Focuses on route control and selection rather than route discovery and calculation. • Uses TCP to enhance reliability.
BGP path attributes BGP uses the following path attributes in update messages for route filtering and selection: • ORIGIN The ORIGIN attribute specifies the origin of BGP routes. This attribute has the following types: { IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute. { EGP—Has the second highest priority. Routes obtained through EGP have the EGP attribute. { • INCOMPLETE—Has the lowest priority. The source of routes with this attribute is unknown.
{ • Filter routes—By using an AS path list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about AS path list, see "Configuring routing policies." NEXT_HOP The NEXT_HOP attribute might not be the IP address of a directly-connected router. Its value is determined as follows: { { { When a BGP speaker advertises a self-originated route to a BGP peer, it sets the address of the sending interface as the NEXT_HOP.
Figure 49 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 MED = 0 EBGP IBGP 9.0.0.0 IBGP Router A D = 9.0.0.0 Next_hop = 3.1.1.1 MED = 100 AS 10 EBGP Router D IBGP 3.1.1.1 Router C MED = 100 AS 20 Generally BGP only compares MEDs of routes received from the same AS. You can also use the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs.
Figure 50 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a 4-byte integer).
The device supports the Route-Target attribute for VPN and Site of Origin (SoO) attribute. For more information, see MPLS Configuration Guide. BGP route selection BGP discards routes with unreachable NEXT_HOPs. If multiple routes to the same destination are available, BGP selects the best route in the following sequence: 1. The route with the highest Preferred_value. 2. The route with the highest LOCAL_PREF. 3.
directly-connected next hop through IGP. The matching route with the direct next hop is called the "recursive route." The process of finding a recursive route is route recursion. The system supports BGP load balancing based on route recursion. If multiple recursive routes to the same destination are load balanced (suppose three direct next hop addresses), BGP generates the same number of next hops to forward packets.
• Route summarization Route summarization can reduce the BGP routing table size by advertising summary routes rather than more specific routes. The system supports both manual and automatic route summarization. Manual route summarization allows you to determine the attribute of a summary route and whether to advertise more specific routes. • Route dampening Route frapping (a route comes up and disappears in the routing table frequently) causes BGP to send many routing updates.
IBGP peers must be fully meshed to maintain connectivity. If n routers exist in an AS, the number of IBGP connections is n(n-1)/2. If a large number of IBGP peers exist, large amounts of network and CPU resources are consumed to maintain sessions. Using route reflectors can solve this issue. In an AS, a router acts as a route reflector, and other routers act as clients connecting to the route reflector. The route reflector forwards routing information received from a client to other clients.
• Confederation Confederation is another method to manage growing IBGP connections in an AS. It splits an AS into multiple sub-ASs. In each sub-AS, IBGP peers are fully meshed. As shown in Figure 55, intra-confederation EBGP connections are established between sub-ASs in AS 200. Figure 55 Confederation network diagram A non-confederation BGP speaker does not need to know sub-ASs in the confederation. It considers the confederation as one AS, and the confederation ID as the AS number.
MP-BGP uses these two attributes to advertise feasible and unfeasible routes for different network layer protocols. BGP speakers not supporting MP-BGP ignore updates containing these attributes and do not forward them to its peers. The current MP-BGP implementation supports multiple protocol extensions, including VPN, IPv6, and multicast. For more information about VPN, see MPLS Configuration Guide.
View names BGP VPNv6 address family view Ways to enter the views Remarks system-view Configurations in this view are effective for VPNv6 routes and peers.
• RFC 2796, BGP Route Reflection • RFC 3065, Autonomous System Confederations for BGP • RFC 4271, A Border Gateway Protocol 4 (BGP-4) • RFC 4724, Graceful Restart Mechanism for BGP • RFC 4360, BGP Extended Communities Attribute • RFC 4760, Multiprotocol Extensions for BGP-4 BGP configuration task list In a basic BGP network, you only need to perform the following configurations: • Enable BGP. • Configure BGP peers or peer groups.
Tasks at a glance Remarks (Optional.
Tasks at a glance Remarks (Optional.) Controlling BGP path selection: • • • • • • Specifying a preferred value for routes received Configuring preferences for BGP routes Configuring the default local preference N/A Configuring the MED attribute Configuring the NEXT_HOP attribute Configuring the AS_PATH attribute (Optional.
To enable BGP: Step 1. 2. Enter system view. Configure a global router ID. Command Remarks system-view N/A router id router-id By default, no global router ID is configured, and BGP uses the highest loopback interface IP address—if any—as the router ID. If no loopback interface IP address is available, BGP uses the highest physical interface IP address as the route ID regardless of the interface status. • Enable BGP and enter BGP 3. Enable BGP and enter BGP view or BGP-VPN instance view.
Step 5. 6. Command Remarks Create and enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] By default, the BGP IPv4 unicast address family view and BGP-VPN IPv4 unicast address family view are not created. Enable the router to exchange IPv4 unicast routing information with the specified peer. peer ip-address enable By default, the router cannot exchange IPv4 unicast routing information with the peer.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Create an IBGP peer group. group group-name [ internal ] By default, no IBGP peer group is created. By default, no peer exists in the peer group. 4. Add a peer into the IBGP peer group. peer ip-address group group-name [ as-number as-number ] 5. (Optional.
Step 6. 7. Command Remarks Create and enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] By default, the BGP IPv6 unicast address family view and BGP-VPN IPv6 unicast address family view are not created. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group. peer group-name enable By default, the router cannot exchange IPv6 unicast routing information with the peers.
Step Command Remarks peer group-name description description-text By default, no description is configured for the peer group. 6. (Optional.) Configure a description for a peer group. 7. Create and enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] By default, the BGP IPv4 unicast address family view and BGP-VPN IPv4 unicast address family view are not created.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Create an IPv4 BGP peer and specify its AS number. peer ip-address as-number as-number By default, no IPv4 BGP peer is created.
Step Command Remarks By default, no peer exists in the peer group. 5. Add the peer into the EBGP peer group. peer ipv6-address group group-name [ as-number as-number ] 6. (Optional.) Configure a description for the peer group. peer group-name description description-text By default, no description is configured for the peer group. 7. Create and enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view.
Step Command Remarks • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Add a peer into the EBGP peer group. peer ipv6-address group group-name as-number as-number By default, no peer exists in the peer group. 5. (Optional.) Configure a description for the peer group.
Step Command Remarks • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name Specify the source interface for establishing TCP connections to a peer or peer group. 3.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Inject a local network to the BGP routing table.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A 4. Enable route redistribution from the specified IGP into BGP.
The output interface of a BGP summary route is Null 0 on the originating router. Therefore, a summary route must not be an optimal route on the originating router. Otherwise, BGP will fail to forward packets matching the route. If a summarized specific route has the same mask as the summary route, but has a lower priority, the summary route becomes the optimal route. In this case, you must change the priority of the summary or the specified route to make the specified route as the optimal route.
Step 4. Create a summary route in the BGP routing table. Command Remarks aggregate ip-address { mask | mask-length } [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ] * By default, no summary route is configured. To configure BGP manual route summarization (IPv6): Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3.
Step Enter system view. 1. Command Remarks system-view N/A • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Advertise a default route to a peer or peer group.
Step Command Remarks • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN instance view. 2. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Specify the maximum number of routes that a router can receive from a peer or peer group.
If you configure multiple filtering policies, apply them in the following sequence: 1. filter-policy export 2. peer filter-policy export 3. peer as-path-acl export 4. peer prefix-list export 5. peer route-policy export Only routes passing all the configured policies can be advertised. To configure BGP route distribution filtering policies (IPv4): Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view.
Step Command Remarks • Reference an ACL or IP prefix list to filter advertised BGP routes: filter-policy { acl-number | prefix-list prefix-list-name } export [ direct | isis process-id | ospf process-id | rip process-id | static ] • Reference a routing policy to filter BGP routes advertised to a peer or peer group: peer { group-name | ip-address } route-policy route-policy-name export 4. Configure BGP route distribution filtering policies.
Step Command Remarks • Reference an ACL or IPv6 prefix list to filter advertised BGP routes: filter-policy { acl6-number | prefix-list ipv6-prefix-name } export [ direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] • Reference a routing policy to filter BGP routes advertised to a peer or peer group: peer { group-name | ipv6-address } route-policy route-policy-name export 4. Configure BGP route distribution filtering policies.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.
Step 3. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view. Command Remarks address-family ipv6 [ unicast ] N/A • Reference ACL or IPv6 prefix list to filter BGP routes received from all peers: filter-policy { acl6-number | prefix-list ipv6-prefix-name } import • Reference a routing policy to filter BGP routes received from a peer or peer group: peer { group-name | ipv6-address } route-policy route-policy-name import 4.
Step 4. Configure BGP route dampening. Command Remarks dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] * By default, BGP route dampening is not configured. To configure BGP route dampening (IPv6): Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4.
Step 3. 4. Command Remarks Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Specify a preferred value for routes received from a peer or peer group. peer { group-name | ip-address } preferred-value value The default preferred value is 0. To specify a preferred value for routes from a peer or peer group (IPv6): Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A 4. Configure preferences for EBGP, IBGP, and local BGP routes.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Configure the default local preference. default local-preference value The default local preference is 100.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A Configure the default MED value. default med med-value The default MED value is 0. To configure the default MED value (IPv6): Step 1. Enter system view.
Step Enable MED comparison for routes from different ASs. 4. Command Remarks compare-different-as-med By default, this feature is disabled. To enable MED comparison for routes from different ASs (IPv6): Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A 4. Enable MED comparison for routes from different ASs.
* i 3.3.3.3 50 0 200e However, Router C and Router A reside in the same AS, and Router C has a greater MED, so network 10.0.0.0 learned from Router C should not be optimal. You can configure the bestroute compare-med command to enable MED comparison for routes from the same AS on Router D. After that, Router D puts the routes received from each AS into a group, selects the route with the lowest MED from each group, and compares routes from different groups.
not belong to the confederation, BGP does not compare it with other routes. As a result, the first route becomes the optimal route. To enable MED comparison for routes from confederation peers (IPv4): Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4.
Figure 57 NEXT_HOP attribute configuration If a BGP router has two peers on a broadcast network, it does not set itself as the next hop for routes sent to an EBGP peer by default. As shown in Figure 58, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship. They are on the same broadcast network 1.1.1.0/24. When Router B sends EBGP routes to Router A, it does not set itself as the next hop by default.
To configure the NEXT_HOP attribute (IPv6): Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Enter BGP IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A peer { group-name | ipv6-address } next-hop-local By default, the router sets itself as the next hop for routes sent to an EBGP peer or peer group, but does not set itself as the next hop for routes sent to an IBGP peer or peer group. 4.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4. Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A Permit the local AS number to appear in routes from a peer or peer group and specify the appearance times.
Step 3. 4. Command Remarks Enter BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A Disable BGP from considering AS_PATH during best route selection. bestroute as-path-neglect By default, BGP considers AS_PATH during best route selection.
Configuring AS number substitution IMPORTANT: Do not configure AS number substitution in normal circumstances. Otherwise, routing loops might occur. To use BGP between PE and CE in MPLS L3VPN, VPN sites in different geographical areas should have different AS numbers. Otherwise, BGP discards route updates containing the local AS number.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Configure AS number substitution for a peer or peer group. peer { group-name | ipv6-address } substitute-as By default, AS number substitution is not configured.
Step Command Configure BGP to remove private AS numbers from the AS_PATH attribute of updates sent to an EBGP peer or peer group. 4. peer { group-name | ipv6-address } public-as-only Remarks By default, this feature is not configured. This command is only applicable to EBGP peers or peer groups. Ignoring the first AS number of EBGP route updates By default, BGP checks whether the first AS number in the AS_PATH attribute of a route update received from a peer is the AS number of that peer.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name Use either method. • Configure the global keepalive interval and hold time: timer keepalive keepalive hold holdtime 3. Configure the keepalive interval and hold time.
Configuring the interval for sending updates for the same route A BGP router sends an update message to its peers when a route is changed. If the route changes frequently, the BGP router keeps sending updates for the same route, resulting route flapping. To prevent this situation, perform this task to configure the interval for sending updates for the same route to a peer or peer group. To configure the interval for sending the same update to a peer or peer group (IPv4): Step 1. Enter system view.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Enable BGP to establish an EBGP session to an indirectly-connected peer or peer group and specify the maximum hop count. peer { group-name | ip-address } ebgp-max-hop [ hop-count ] By default, BGP cannot establish an EBGP session to an indirectly-connected peer or peer group.
Enabling 4-byte AS number suppression BGP supports 4-byte AS numbers. The 4-byte AS number occupies four bytes, in the range of 1 to 4294967295. By default, a device sends an Open message to the peer device for session establishment. The Open message indicates that the device supports 4-byte AS numbers. If the peer device supports 2-byte AS numbers instead of 4-byte AS numbers, the session cannot be established. To resolve this issue, enable the 4-byte AS number suppression function.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ip vpn-instance vpn-instance-name 3. Enable MD5 authentication for a BGP peer group or peer. peer { group-name | ip-address } password { cipher | simple } password By default, MD5 authentication is disabled. To enable MD5 authentication for BGP peers (IPv6): Step 1. Enter system view.
Step 4. Specify the maximum number of BGP ECMP routes for load balancing. Command Remarks balance number By default, load balancing is disabled. To specify the maximum number of BGP ECMP routes for load balancing (IPv6): Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. 4.
Step 4. Command Apply the IPsec profile to an IPv6 BGP peer or peer group. peer { group-name | ipv6-address } ipsec-profile profile-name Remarks By default, no IPsec profile is configured for any IPv6 BGP peer or peer group. This command supports only IPsec profiles in manual mode.
To avoid tearing down BGP sessions, you can use one of the following soft-reset methods to apply the new policy: Enabling route-refresh—The BGP router advertises a route-refresh message to the specified peer, and the peer resends its routing information to the router. After receiving the routing information, the router filters the routing information by using the new policy. • This method requires that both the local router and the peer support route refresh.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ipv6-address } capability-advertise route-refresh 3. Enable BGP route refresh for a peer or peer group.
Step 3. 4. Enter BGP IPv6 unicast address family view. Save all route updates from the peer or peer group. Command Remarks address-family ipv6 [ unicast ] N/A peer { group-name | ipv6-address } keep-all-routes By default, the routes are not saved. This command takes effect only for the routes received after this command is executed. Configuring manual soft-reset To configure manual soft-reset (IPv4): Step 1. Enter system view.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ipv6-address } capability-advertise route-refresh 3. 4. 5. Enable BGP route refresh for a peer or peer group. • Enable BGP route refresh and By default, BGP route refresh is enabled. Return to user view.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Configure BGP to protect an EBGP peer or peer group when the memory usage reaches level 2 threshold. peer { group-name | ip-address } low-memory-exempt By default, BGP periodically tears down an EBGP session to release memory resources when level 2 threshold is reached.
Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. address-family ipv4 [ unicast ] N/A • Advertise the COMMUNITY 4. 5. Advertise the COMMUNITY or extended community attribute to a peer or peer group. (Optional.
Step 5. (Optional.) Apply a routing policy to routes advertised to a peer or peer group. Command Remarks peer { group-name | ipv6-address } route-policy route-policy-name export By default, no routing policy is applied. Configuring BGP route reflection Configuring a BGP route reflector Perform this task to configure a BGP route reflector and its clients. The route reflector and its clients automatically form a cluster identified by the router ID of the route reflector.
Step Command Remarks 5. Enable route reflection between clients. reflect between-clients By default, route reflection between clients is enabled. 6. (Optional.) Configure the cluster ID of the route reflector. reflector cluster-id { cluster-id | ip-address } By default, a route reflector uses its own router ID as the cluster ID. Ignoring the ORIGINATOR_ID attribute This section describes a specific scenario where BGP routers must ignore the ORIGINATOR_ID attribute.
Step Command Remarks By default, BGP does not ignore the ORIGINATOR_ID attribute. Ignore the ORIGINATOR_ID attribute. 3. Make sure that this command does not result in a routing loop. peer { group-name | ip-address } ignore-originatorid After you execute this command, BGP also ignores the CLUSTER_LIST attribute. To ignore the ORIGINATOR_ID attribute (IPv6): Step 1. Enter system view. Command Remarks system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure a confederation ID. confederation id as-number By default, no confederation ID is configured. 4. Specify peering sub-ASs in the confederation. confederation peer-as as-number-list By default, no peering sub-AS is specified.
exchange is not completed within the time, the GR restarter does not receive new routes. Instead, the GR restarter updates its routing table and forwarding table with the BGP routes already learned to complete BGP route convergence. The GR helper removes the stale routes. Follow these guidelines when you configure BGP GR: • The End-Of-RIB indicates the end of route updates. • The maximum time to wait for the End-of-RIB marker configured on the local end is not advertised to the peer.
unicast log-info command. The logs are sent to the information center. The output rules of the logs (whether to output the logs and where to output) are determined by the information center configuration. For more information about information center configuration, see Network Management and Monitoring Configuration Guide. To enable the logging of session state changes: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3.
Step Command Remarks • Enter BGP view: 2. Enter BGP view or BGP-VPN instance view. bgp as-number • Enter BGP-VPN instance view: N/A a. bgp as-number b. ip vpn-instance vpn-instance-name 3. Enable BFD to detect the link to the specified IPv6 BGP peer. peer ipv6-address bfd By default, BFD is not enabled. Configuring 6PE IPv6 provider edge (6PE) is a transition technology that uses MPLS to connect sparsely populated IPv6 networks through an existing IPv4 backbone network.
• Configure basic MPLS on 6PE devices (see MPLS Configuration Guide). • Configure BGP on 6PE devices so that they can advertise tagged IPv6 routing information through BGP sessions. The following describes only BGP configurations on 6PE devices. To configure basic 6PE: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Specify a 6PE peer or peer group and its AS number.
Step Command Remarks peer { group-name | ip-address } prefix-list ipv6-prefix-name { export | import } By default, no IPv6 prefix list is specified. 10. Specify a routing policy to filter routes advertised to or received from the 6PE peer or peer group. peer { group-name | ip-address } route-policy route-policy-name { export | import } By default, no routing policy is specified. 11. Advertise a default route to the 6PE peer or peer group.
Task Command Display BGP IPv4 unicast peer group information. display bgp group ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ group-name ] Display BGP IPv4 unicast peer or peer group information. display bgp peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ ip-address { log-info | verbose } | group-name log-info | verbose ] Display BGP IPv4 unicast routing information.
Task Command Clear BGP IPv4 unicast route flap information. reset bgp flap-info ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ network-address [ mask | mask-length ] | as-path-acl as-path-acl-number | peer peer-address ] Execute display commands in any view and reset commands in user view (IPv6). Task Command Display BGP IPv6 unicast peer group information.
Task Command Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. display bgp network ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] Display BGP path attribute information. display bgp paths [ as-regular-expression ] Display BGP IPv6 unicast address family update group information. Reset IPv6 unicast BGP sessions.
The EBGP peers, Router A and Router B (usually in different ISPs), are located in different ASs. Typically, their loopback interfaces are not reachable to each other, so directly connected interfaces are used for establishing BGP sessions. To enable Router C to access the network 8.1.1.0/24 connected directly to Router A, inject network 8.1.1.0/24 to the BGP routing table of Router A. Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2.
2.2.2.2 65009 7 10 0 0 00:06:09 Established The output shows that Router C has established an IBGP peer relationship with Router B. 3. Configure EBGP: # Configure Router A. system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 3.1.1.1 enable [RouterA-bgp-ipv4] network 8.1.1.0 24 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router B.
[RouterB] display bgp routing-table ipv4 Total number of routes: 1 BGP local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - damped, h - history, s - suppressed, S - Stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network * >e 8.1.1.0/24 NextHop MED 3.1.1.2 0 LocPrf PrefVal Path/Ogn 0 65008i # Display the BGP routing table on Router C. [RouterC] display bgp routing-table ipv4 Total number of routes: 1 BGP local router ID is 3.3.3.
* >e 2.2.2.2/32 3.1.1.1 0 0 65009? e 3.1.1.0/24 3.1.1.1 0 0 65009? 8.1.1.0/24 8.1.1.1 0 0 i * >e 9.1.1.0/24 3.1.1.1 0 0 65009? * > Two routes 2.2.2.2/32 and 9.1.1.0/24 have been added in Router A's routing table. # Display the BGP routing table on Router C. [RouterC] display bgp routing-table ipv4 Total number of routes: 4 BGP local router ID is 3.3.3.
Figure 63 Network diagram AS 65009 AS 65008 Loop0 1.1.1.1/32 Loop0 2.2.2.2/32 Eth1/1 8.1.1.1/24 Loop0 3.3.3.3/32 EBGP Router A Eth1/2 3.1.1.2/24 Eth1/1 3.1.1.1/24 OSPF Router B Eth1/2 9.1.1.1/24 Eth1/1 9.1.1.2/24 Eth1/2 9.1.2.1/24 Router C Configuration considerations Configure BGP to redistribute routes from OSPF on Router B, so Router A can obtain the route to 9.1.2.0/24. Configure OSPF to redistribute routes from BGP on Router B, so that Router C can obtain the route to 8.1.1.0/24.
# Configure Router B. [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 3.1.1.2 as-number 65008 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 3.1.1.2 enable 4. Configure BGP and IGP route redistribution: # Configure route redistribution between BGP and OSPF on Router B.
Verifying the configuration # Use ping to test connectivity. [RouterA] ping -a 8.1.1.1 9.1.2.1 Ping 9.1.2.1 (9.1.2.1) from 8.1.1.1: 56 data bytes, press escape sequence to break 56 bytes from 9.1.2.1: icmp_seq=0 ttl=254 time=10.000 ms 56 bytes from 9.1.2.1: icmp_seq=1 ttl=254 time=12.000 ms 56 bytes from 9.1.2.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 9.1.2.1: icmp_seq=3 ttl=254 time=7.000 ms 56 bytes from 9.1.2.1: icmp_seq=4 ttl=254 time=9.000 ms --- Ping statistics for 9.1.2.
Figure 64 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure static routing between Router A and Router B: # Configure a default route with the next hop 192.168.212.1 on Router A. system-view [RouterA] ip route-static 0.0.0.0 0 192.168.212.1 # Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B. system-view [RouterB] ip route-static 192.
Summary Count : 5 OSPF Routing table Status : Summary Count : 3 Destination/Mask Proto Pre Cost NextHop Interface 192.168.64.0/24 OSPF 150 1 172.17.100.1 Eth1/1 192.168.74.0/24 OSPF 150 1 172.17.100.1 Eth1/1 192.168.99.0/24 OSPF 150 1 172.17.100.1 Eth1/1 OSPF Routing table Status : Summary Count : 2 Destination/Mask Proto Pre Cost NextHop Interface 10.220.2.0/24 OSPF 10 1 10.220.2.16 Eth1/2 172.17.100.0/24 OSPF 10 1 172.17.100.
192.168.99.0/24 BGP 255 1 10.220.2.16 Eth1/1 BGP Routing table Status : Summary Count : 0 The output shows that Router D has learned routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 through BGP. After the above configurations, ping the hosts on networks 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 from Router D. The ping operations succeed. 5. Configure route summarization on Router C to summarize 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.
Figure 65 Network diagram Configuration considerations On Router A, establish EBGP connections with Router B and Router C. Configure BGP to advertise network 8.1.1.0/24 to Router B and Router C, so that Router B and Router C can access the internal network connected to Router A. On Router B, establish an EBGP connection with Router A and an IBGP connection with Router C. Configure BGP to advertise network 9.1.1.0/24 to Router A, so that Router A can access the intranet through Router B.
[RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 3.1.1.2 as-number 65008 [RouterB-bgp] peer 3.3.3.3 as-number 65009 [RouterB-bgp] peer 3.3.3.3 connect-interface loopback 0 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 3.1.1.2 enable [RouterB-bgp-ipv4] peer 3.3.3.3 enable [RouterB-bgp-ipv4] network 9.1.1.0 24 [RouterB-bgp-ipv4] quit [RouterB-bgp] quit [RouterB] ip route-static 3.3.3.3 32 9.1.1.2 # Configure Router C. system-view [RouterC] bgp 65009 [RouterC-bgp] router-id 3.
[RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] balance 2 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit Verifying the configuration # Display the BGP routing table on Router A. [RouterA] display bgp routing-table ipv4 Total number of routes: 3 BGP local router ID is 1.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, s - suppressed, S - Stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete * > Network NextHop MED LocPrf PrefVal Path/Ogn 8.1.1.0/24 8.
Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure EBGP connections: # Configure Router A. system-view [RouterA] bgp 10 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 200.1.2.2 as-number 20 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 200.1.2.2 enable [RouterA-bgp-ipv4] network 9.1.1.0 255.255.255.0 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router B.
Origin : igp Attribute value : pref-val 0 State : valid, external, best, # Display advertisement information for the route 9.1.1.0 on Router B. [RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info BGP local router ID: 2.2.2.2 Local AS number: 20 Paths: 1 best BGP routing table information of 9.1.1.0/24: Advertised to peers (1 in total): 200.1.3.2 The output shows that Router B can advertise the route with the destination 9.1.1.0/24 to other ASs through BGP.
Paths: 1 available, 1 best BGP routing table information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Relay nexthop : 200.1.2.1 Original nexthop: 200.1.2.1 OutLabel : NULL Community : No-Export AS-path : 10 Origin : igp Attribute value : pref-val 0 State : valid, external, best, # Display advertisement information for the route 9.1.1.0 on Router B. [RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info BGP local router ID: 2.2.2.
Figure 67 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure BGP connections: # Configure Router A. system-view [RouterA] bgp 100 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 192.1.1.2 as-number 200 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 192.1.1.2 enable # Inject network 20.0.0.0/8 to the BGP routing table. [RouterA-bgp-ipv4] network 20.0.0.
[RouterC-bgp-ipv4] peer 194.1.1.2 enable [RouterC-bgp-ipv4] quit [RouterC-bgp] quit # Configure Router D. system-view [RouterD] bgp 200 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] peer 194.1.1.1 as-number 200 [RouterD-bgp] address-family ipv4 unicast [RouterD-bgp-ipv4] peer 194.1.1.1 enable [RouterD-bgp-ipv4] quit [RouterD-bgp] quit 3. Configure Router C as the route reflector. [RouterC] bgp 200 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 193.1.1.
Router D has learned the route 20.0.0.0/8 from Router C. BGP confederation configuration example Network requirements As shown in Figure 68, to reduce IBGP connections, AS 200 is split into three sub-ASs: AS65001, AS65002, and AS65003. Routers in AS65001 are fully meshed.
[RouterA-bgp-ipv4] peer 10.1.2.2 next-hop-local [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router B. system-view [RouterB] bgp 65002 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] confederation id 200 [RouterB-bgp] confederation peer-as 65001 65003 [RouterB-bgp] peer 10.1.1.1 as-number 65001 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 10.1.1.1 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C.
[RouterD-bgp-ipv4] quit [RouterD-bgp] quit # Configure Router E. system-view [RouterE] bgp 65001 [RouterE-bgp] router-id 5.5.5.5 [RouterE-bgp] confederation id 200 [RouterE-bgp] peer 10.1.4.1 as-number 65001 [RouterE-bgp] peer 10.1.5.1 as-number 65001 [RouterE-bgp] address-family ipv4 unicast [RouterE-bgp-ipv4] peer 10.1.4.1 enable [RouterE-bgp-ipv4] peer 10.1.5.1 enable [RouterE-bgp-ipv4] quit [RouterE-bgp] quit 4. Configure the EBGP connection between AS 100 and AS 200: # Configure Router A.
[RouterB] display bgp routing-table ipv4 9.1.1.0 BGP local router ID: 2.2.2.2 Local AS number: 65002 Paths: 1 available, 1 best BGP routing table information of 9.1.1.0/24: From : 10.1.1.1 (1.1.1.1) Relay nexthop : 10.1.1.1 Original nexthop: 10.1.1.1 OutLabel : NULL AS-path : (65001) 100 Origin : igp Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, external-confed, best, # Display the BGP routing table on Router D.
Router B and Router D are in the same confederation, but belong to different sub-ASs. They obtain external route information from Router A and generate identical BGP route entries although they have no direct connection in between. • BGP path selection configuration example Network requirements As shown in Figure 69, all routers run BGP. EBGP runs between Router A and Router B, and between Router A and Router C. IBGP runs between Router B and Router D, and between Router D and Router C.
[RouterC-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] ospf [RouterD-ospf] area 0 [RouterD-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 195.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit [RouterD-ospf-1] quit 3. Configure BGP connections: # Configure Router A. system-view [RouterA] bgp 100 [RouterA-bgp] peer 192.1.1.
[RouterD-bgp-ipv4] peer 194.1.1.2 enable [RouterD-bgp-ipv4] peer 195.1.1.2 enable [RouterD-bgp-ipv4] quit [RouterD-bgp] quit 4. Configure different attribute values for the route 1.0.0.0/8 to make Router D give priority to the route learned from Router C: { (Method 1.) Specify a higher MED value for the route 1.0.0.0/8 advertised to 192.1.1.2 to make Router D give priority to the route learned from Router C: # Define ACL 2000 to permit the route 1.0.0.0/8.
# Define ACL 2000 to permit the route 1.0.0.0/8 on Router C. [RouterC] acl number 2000 [RouterC-acl-basic-2000] rule permit source 1.0.0.0 0.255.255.255 [RouterC-acl-basic-2000] quit # Define routing policy localpref on Router C to set the local preference of route 1.0.0.0/8 to 200 (the default is 100).
Configuration procedure 1. Configure Router A: # Configure IP addresses for interfaces. (Details not shown.) # Configure the EBGP connection. system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 200.1.1.1 as-number 65009 # Enable GR capability for BGP. [RouterA-bgp] graceful-restart # Inject network 8.0.0.0/8 to the IPv4 BGP routing table. [RouterA-bgp] address-family ipv4 [RouterA-bgp-ipv4] network 8.0.0.
[RouterC-bgp-ipv4] peer 9.1.1.1 enable Verifying the configuration Ping Router C on Router A. Meanwhile, perform an active/standby switchover on Router B. The ping operation is successful during the whole switchover process. BFD for BGP configuration example Network requirements As shown in Figure 71, • Run OSPF in AS 200. • Establish two IBGP connections between Router A and Router C. When both paths are working, Router C adopts the path Router A<—>Router B<—>Router C to communicate with network 1.1.
[RouterA-acl-basic-2000] quit # Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the MED for route 1.1.1.0/24 to 50. Policy apply_med_100 sets that to 100.
Session State: Up Interface: N/A Min Tx Inter: 500ms Act Tx Inter: 500ms Min Rx Inter: 500ms Detect Inter: 2500ms Rx Count: 135 Tx Count: 135 Connect Type: Indirect Running Up for: 00:00:58 Hold Time: 2457ms Auth mode: None Detect Mode: Async Slot: 0 Protocol: BGP Diag Info: No Diagnostic The output shows that a BFD session has been established between Router A and Router C. # Display BGP peer information on Router C. display bgp peer ipv4 BGP local router ID: 3.3.3.
display ip routing-table 1.1.1.0 24 verbose Summary Count : 1 Destination: 1.1.1.0/24 Protocol: BGP Process ID: 0 SubProtID: 0x1 Cost: 100 Tag: 0 OrigTblID: 0x1 TableID: 0x2 NBRID: 0x15000000 AttrID: 0x0 Age: 00h03m08s Preference: 255 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 2.0.1.1 Flags: 0x10060 OrigNextHop: 2.0.1.1 Label: NULL RealNextHop: 2.0.2.
[RouterB-bgp] address-family ipv6 [RouterB-bgp-ipv6] peer 9::2 enable [RouterB-bgp-ipv6] quit # Configure Router C. system-view [RouterC] bgp 65009 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 9::1 as-number 65009 [RouterC-bgp] address-family ipv6 [RouterC-bgp-ipv6] peer 9::1 enable 3. Configure EBGP: # Configure Router A. system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.
9::2 65009 41 43 0 1 00:29:00 Established 10::2 65008 38 38 0 2 00:27:20 Established The output shows that Router A and Router B have established an EBGP connection, and Router B and Router C have established an IBGP connection. # Display IPv6 BGP routing table information on Router A. [RouterA] display bgp routing-table ipv6 Total number of routes: 4 BGP local router ID is 1.1.1.
Origin: i - IGP, e - EGP, ? - incomplete * > Network : 9:: PrefixLen : 64 NextHop : :: LocPrf : PrefVal : 32768 OutLabel : NULL MED : 0 Path/Ogn: i * i Network : 9:: PrefixLen : 64 NextHop : 9::1 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: i * >i Network : 10:: PrefixLen : 64 NextHop : 9::1 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: i * >i Network : 50:: PrefixLen : 64 NextHop : 10::2 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0
Configuration procedure 1. Configure IPv6 addresses for interfaces and IPv4 addresses for loopback interfaces. (Details not shown.) 2. Configure IBGP and EBGP connections and advertise network routes through IPv6 BGP: # Configure Router A. system-view [RouterA] bgp 100 [RouterA-bgp] router-id 1.1.1.
[RouterD-bgp-ipv6] network 102:: 96 Configure Router C as a route reflector, and configure Router B and Router D as its clients. 3. [RouterC-bgp-ipv6] peer 101::2 reflect-client [RouterC-bgp-ipv6] peer 102::2 reflect-client [RouterC-bgp-ipv6] quit [RouterC-bgp] quit Verifying the configuration # Execute the display bgp routing-table ipv6 command on Router D. [RouterD] display bgp routing-table ipv6 Total number of routes: 5 BGP local router ID is 4.4.4.
6PE configuration example Network requirements Use 6PE to connect two isolated IPv6 networks over an IPv4/MPLS network: • The ISP uses OSPF as the IGP. • PE 1 and PE 2 are edge devices of the ISP, and establish an IPv4 IBGP connection between them. • CE 1 and CE 2 are edge devices of the IPv6 networks, and they connect the IPv6 networks to the ISP. • A CE and a PE exchange IPv6 packets through IPv6 static routing. Figure 74 Network diagram Configuration procedure 1.
[PE1-bgp-ipv6] import-route static [PE1-bgp-ipv6] peer 3.3.3.3 enable [PE1-bgp-ipv6] peer 3.3.3.3 label-route-capability [PE1-bgp-ipv6] quit [PE1-bgp] quit # Configure the static route to CE 1. [PE1] ipv6 route-static 1::1 128 10::1 # Configure OSPF for the ISP. [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit 3.
[PE2-ospf-1] quit 4. Configure a static route, with PE 1 as the default next hop. system-view [CE1] ipv6 route-static :: 0 10::2 5. Configure a static route on CE 2, with PE 2 as the default next hop. system-view [CE2] ipv6 route-static :: 0 20::2 Verifying the configuration # Display the IPv6 BGP routing table on PE 1. [PE1] display bgp routing-table ipv6 Total number of routes: 5 BGP local router ID is 2.2.2.
# Ping the IPv6 address 4::4 (loopback interface address) of CE 2 from CE 1. The ping operation succeeds. BFD for IPv6 BGP configuration example Network requirements As shown in Figure 75, configure OSPFv3 as the IGP in AS 200. Establish two IBGP connections between Router A and Router C. When both paths are working, Router C adopts the path Router A<—>Router B<—>Router C to exchange packets with network 1200::0/64. Configure BFD over the path.
[RouterA] route-policy apply_med_50 permit node 10 [RouterA-route-policy-apply_med_50-10] if-match ipv6 address acl 2000 [RouterA-route-policy-apply_med_50-10] apply cost 50 [RouterA-route-policy-apply_med_50-10] quit [RouterA] route-policy apply_med_100 permit node 10 [RouterA-route-policy-apply_med_100-10] if-match ipv6 address acl 2000 [RouterA-route-policy-apply_med_100-10] apply cost 100 [RouterA-route-policy-apply_med_100-10] quit # Apply routing policy apply_med_50 to routes outgoing to peer 3002::2
Connect Type: Indirect Running Up for: 00:00:05 Hold Time: 2243ms Auth mode: None Detect Mode: Async Slot: 0 Protocol: BGP6 Diag Info: No Diagnostic The output shows that a BFD session has been established between Router A and Router C. # Display BGP peer information on Router C. display bgp peer ipv6 BGP local router ID: 3.3.3.
Destination: 1200::/64 Protocol: BGP4+ Process ID: 0 SubProtID: 0x1 Cost: 100 Tag: 0 OrigTblID: 0x1 TableID: 0xa NBRID: 0x25000000 AttrID: 0x0 Age: 00h00m57s Preference: 255 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 2001::1 Flags: 0x10060 OrigNextHop: 2001::1 Label: NULL RealNextHop: FE80::20C:29FF:FE40:715 BkLabel: NULL Tunnel ID: Invalid BkTunnel ID: Invalid BkNextHop: N/A Interface: Ethernet1/2 BkInterface: N/A The output shows that Router C communicates with network
[RouterB] bgp 65008 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] group ibgp internal [RouterB-bgp] peer 1::1 group ibgp [RouterB-bgp] address-family ipv6 unicast [RouterB-bgp-ipv6] peer ibgp enable [RouterB-bgp-ipv6] quit 3. Establish an EBGP connection between Router B and Router C: # Configure Router C. system-view [RouterC] bgp 65009 [RouterC-bgp] router-id 3.3.3.
algorithm to SHA1. Create IPsec profile named policy001, specify the manual mode for it, reference IPsec transform set tran1, and set the SPIs of the inbound and outbound SAs to 12345 and the keys for the inbound and outbound SAs using ESP to abcdefg. Create an IPsec transform set named tran2, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication algorithm to SHA1.
5. Configure IPsec to protect IPv6 BGP packets between Router A and Router B: # Configure Router A. [RouterA] bgp 65008 [RouterA-bgp] peer 1::2 ipsec-profile policy001 [RouterA-bgp] quit # Configure Router B. [RouterB] bgp 65008 [RouterB-bgp] peer 1::1 ipsec-profile policy001 [RouterB-bgp] quit 6. Configure IPsec to protect IPv6 BGP packets between Router B and Router C: # Configure Router C. [RouterC] bgp 65009 [RouterC-bgp] peer ebgp ipsec-profile policy002 [RouterC-bgp] quit # Configure Router B.
Peer preferred value: 0 IPsec profile name: policy001 Routing policy configured: No routing policy is configured Peer: 3::2 Local: 2.2.2.2 Type: EBGP link BGP version 4, remote router ID 3.3.3.
Analysis To become BGP peers, any two routers must establish a TCP connection using port 179 and exchange Open messages successfully. Solution 1. Use the display current-configuration command to verify the current configuration, and verify that the peer's AS number is correct. 2. Use the display bgp peer ipv4 unicast or display bgp peer ipv6 unicast command to verify that the peer's IP address/IPv6 address is correct. 3.
Configuring PBR Introduction to PBR Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify the next hop, output interface, default next hop, default output interface, and other parameters for packets that match specific criteria such as ACLs or that have specific lengths. A device forwards received packets using the following process: 1. The device uses PBR to forward matching packets. 2.
apply clause PBR supports the following types of apply clauses, as shown in Table 8. You can specify multiple apply clauses for a node, but some of them might not be executed. The apply clauses that determine the packet forwarding paths are apply access-vpn vpn-instance, apply next-hop, apply output-interface, apply default-next-hop, and apply default-output-interface in a descending priority order.
Relationship between the match mode and clauses on the node Does a packet match all the if-match clauses on the node? Match mode permit Deny • If the node is configured with an apply clause, PBR executes the apply clause on the node. { { Yes. { If PBR successfully guides the forwarding of the packet, PBR does not match the packet against the next node.
Configuring a policy Creating a node Step Command Remarks 1. Enter system view. system-view N/A 2. Create a node for a policy, and enter policy node view. policy-based-route policy-name [ deny | permit ] node node-number By default, no policy node is created. Configuring match criteria for a node Step Command Remarks 1. Enter system view. system-view N/A 2. Enter policy node view. policy-based-route policy-name [ deny | permit ] node node-number N/A 3.
Step Command Remarks By default, no VPN instance is specified. 5. Set VPN instances. apply access-vpn vpn-instance vpn-instance-name&<1-n> You can specify up to m VPN instances for a node. The matching packets are forwarded according to the forwarding table of the first available VPN instance. The value of m depends on the device model. By default, no next hop is specified. 6. 7. Set next hops. Enable load sharing among multiple next hops.
Step Command Remarks By default, no default output interface is specified. 12. Set default output interfaces. apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n> You can specify multiple default output interfaces for backup or load sharing by executing this command once or multiple times. You can specify up to m default output interfaces for a node. The value of m depends on the device model. 13.
You can apply only one policy to an interface. Before you apply a new policy, you must first remove the current policy from the interface. You can apply a policy to multiple interfaces. To configure interface PBR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Apply a policy to the interface. ip policy-based-route policy-name By default, no policy is applied to the interface.
Figure 77 Network diagram Configuration procedure 1. Configure Router A: # Configure the IP addresses of the serial interfaces. system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 1.1.2.1 24 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ip address 1.1.3.1 24 [RouterA-Serial2/1] quit # Configure ACL 3101 to match TCP packets.
Packet type-based interface PBR configuration example Network requirements As shown in Figure 78, configure PBR on Router A to forward all TCP packets received on Ethernet 1/1 to the next hop 1.1.2.2. Router A forwards other packets according to the routing table. Figure 78 Network diagram Router B Router C S2/0 1.1.2.2/24 S2/1 1.1.3.2/24 S2/0 1.1.2.1/24 Router A S2/1 1.1.3.1/24 Eth1/1 10.110.0.10/24 Subnet 10.110.0.0/24 Host A Host B 10.110.0.20/24 Gateway: 10.110.0.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ip address 10.110.0.10 24 [RouterA-Ethernet1/1] ip policy-based-route aaa [RouterA-Ethernet1/1] quit 2. Configure Router B: # Configure the IP address of the serial interface. system-view [RouterB] interface serial 2/0 [RouterB-Serial2/0] ip address 1.1.2.2 24 [RouterB-Serial2/0] quit # Configure a static route to subnet 10.110.0.0/24. [RouterB] ip route-static 10.110.0.0 24 1.1.2.1 3.
Figure 79 Network diagram Configuration procedure 1. Configure Router A: # Configure the IP addresses of the serial interfaces. system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] ip address 150.1.1.1 24 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ip address 151.1.1.1 24 [RouterA-Serial2/1] quit # Configure RIP. [RouterA] rip [RouterA-rip-1] network 192.1.1.0 [RouterA-rip-1] network 150.1.0.0 [RouterA-rip-1] network 151.1.0.
[RouterB-Serial2/0] ip address 150.1.1.2 24 [RouterB-Serial2/0] quit [RouterB] interface serial 2/1 [RouterB-Serial2/1] ip address 151.1.1.2 24 [RouterB-Serial2/1] quit # Configure the loopback interface address. [RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 10.1.1.1 32 [RouterB-LoopBack0] quit # Configure RIP. [RouterB] rip [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] network 150.1.0.0 [RouterB-rip-1] network 151.1.0.
Ping statistics for 10.1.1.1: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms The debugging information about PBR displayed on Router A is as follows: *Jun 26 12:20:33:610 2012 RouterA PBR4/7/PBR Forward Info: -MDC=1; Policy:lab1, Node: 20,match succeeded. *Jun 151 26 12:20:33:610 2012 RouterA PBR4/7/PBR Forward Info: -MDC=1; apply next-hop .1.1.2.
Configuring IPv6 static routing Static routes are manually configured and cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. IPv6 static routing works well in a simple IPv6 network. Configuring an IPv6 static route Before you configure an IPv6 static route, complete the following tasks: • Configure parameters for the related interfaces.
Configuring BFD for IPv6 static routes BFD provides a general purpose, standard, and medium- and protocol-independent fast failure detection mechanism. It can uniformly and quickly detect the failures of the bidirectional forwarding paths between two routers for protocols, such as routing protocols and MPLS. For more information about BFD, see High Availability Configuration Guide. IMPORTANT: Enabling BFD for a flapping route could worsen the situation.
Step Command Remarks • Method 1: 2. Configure BFD control mode for an IPv6 static route.
Step Command Remarks • Method 1: 3. Configure BFD echo mode for an IPv6 static route.
Figure 80 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 static routes: # Configure the default IPv6 route on Router A. system-view [RouterA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on Router B. system-view [RouterB] ipv6 route-static 1:: 64 4::1 [RouterB] ipv6 route-static 3:: 64 5::1 # Configure the default IPv6 route on Router C.
[RouterB] display ipv6 routing-table protocol static Summary Count : 2 Static Routing table Status : Summary Count : 2 Destination: 1::/64 Protocol : Static NextHop : 4::1 Preference: 60 Interface : Eth1/1 Cost : 0 Destination: 3::/64 Protocol : Static NextHop : 5::1 Preference: 60 Interface : Eth1/2 Cost : 0 Static Routing table Status : Summary Count : 0 # Use the ping command to test reachability.
BFD for IPv6 static routes configuration example (direct next hop) Network requirements In Figure 81, configure an IPv6 static route to subnet 120::/64 on Router A, and configure an IPv6 static route to subnet 121::/64 on Router B. Enable BFD for both routes. Configure an IPv6 static route to subnet 120::/64 and an IPv6 static route to subnet 121::/64 on Router C.
[RouterB-Ethernet1/1] bfd min-receive-interval 500 [RouterB-Ethernet1/1] bfd detect-multiplier 9 [RouterB-Ethernet1/1] quit [RouterB] ipv6 route-static 121:: 64 ethernet 1/1 FE80::2A0:FCFF:FE00:580A bfd control-packet [RouterB] ipv6 route-static 121:: 64 13::2 preference 65 [RouterB] quit # Configure IPv6 static routes on Router C. system-view [RouterC] ipv6 route-static 120:: 64 13::1 [RouterC] ipv6 route-static 121:: 64 10::102 Verifying the configuration # Display BFD sessions on Router A.
Summary Count : 1 Static Routing table Status : Summary Count : 1 Destination: 120::/64 Protocol : Static NextHop : 10::100 Preference: 65 Interface : Eth1/2 Cost : 0 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through Ethernet 1/2.
Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 static routes and BFD: # Configure IPv6 static routes on Router A and enable BFD control packet mode for the IPv6 static route that traverses Router D.
The output shows that the BFD session has been created. # Display IPv6 static routes on Router A. display ipv6 routing-table protocol static Summary Count : 1 Static Routing table Status : Summary Count : 1 Destination: 120::/64 Protocol NextHop : 2::9 Preference: 60 : Static Interface : Eth1/1 Cost : 0 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through Ethernet 1/1. The link over Ethernet 1/1 fails.
Configuring an IPv6 default route A default IPv6 route is used to forward packets that match no entry in the routing table. A default IPv6 route can be configured in either of the following ways: • The network administrator can configure a default route with a destination prefix of ::/0. For more information, see "Configuring an IPv6 static route." • Some dynamic routing protocols, such as OSPFv3, IPv6 IS-IS, and RIPng, can generate a default IPv6 route.
Configuring RIPng RIP next generation (RIPng) is an extension of RIP-2 for support of IPv6. Most RIP concepts are applicable to RIPng. Overview RIPng is a distance vector routing protocol. It employs UDP to exchange route information through port 521. RIPng uses a hop count to measure the distance to a destination. The hop count is the metric or cost. The hop count from a router to a directly connected network is 0. The hop count between two directly connected routers is 1.
2. When a RIPng neighbor receives the request packet, it sends back a response packet that contains the local routing table. RIPng can also advertise route updates in response packets periodically or advertise a triggered update caused by a route change. 3. After RIPng receives the response, it checks the validity of the response before adding routes to its routing table, such as whether the source IPv6 address is the link-local address and whether the port number is correct.
Step Command Remarks 3. Return to system view. quit N/A 4. Enter interface view. interface interface-type interface-number N/A By default, RIPng is disabled. Enable RIPng on the interface. 5. ripng process-id enable If RIPng is not enabled on an interface, the interface does not send or receive any RIPng route.
For example, RIPng has two specific routes to be advertised through an interface: 1:11:11::24 with a metric of a 2 and 1:11:12::34 with a metric of 3. Configure route summarization on the interface, so RIPng advertises a single route 11::0/16 with a metric of 2. To configure RIPng route summarization: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Advertise a summary IPv6 prefix.
Configuring a preference for RIPng Routing protocols each have a preference. When they find routes to the same destination, the route found by the routing protocol with the highest preference is selected as the optimal route. You can manually set a preference for RIPng. The smaller the value, the higher the preference. To configure a preference for RIPng: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A Configure RIPng timers. timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } * 3. By default: • • • • The update timer is 30 seconds. The timeout timer is 180 seconds. The suppress timer is 120 seconds. The garbage-collect timer is 120 seconds.
RIPng does not process the packets. If you are certain that all packets are trustworthy, disable the zero field check to save CPU resources. To configure RIPng zero field check: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable the zero field check on incoming RIPng packets. checkzero By default, this feature is enabled. Configuring the maximum number of ECMP routes Step Command Remarks 1.
Applying an IPsec profile To protect routing information and prevent attacks, RIPng supports using an IPsec profile to authenticate protocol packets. For more information about IPsec profiles, see Security Configuration Guide. Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile. A device uses the SPI carried in a received packet to match against the configured IPsec profile. If they match, the device accepts the packet.
Task Command Reset a RIPng process. reset ripng process-id process Clear statistics of a RIPng process. reset ripng process-id statistics RIPng configuration examples Basic RIPng configuration example Network requirements As shown in Figure 83, all routers learn IPv6 routing information through RIPng. Configure Router B to filter the route (2::/64) learned from Router A, which means the route will not be added to the routing table of Router B, and Router B forwards only the route 4::/64 to Router A.
# Configure Router C. system-view [RouterC] ripng 1 [RouterC-ripng-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ripng 1 enable [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] ripng 1 enable [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/3 [RouterC-Ethernet1/3] ripng 1 enable [RouterC-Ethernet1/3] quit # Display the RIPng routing table on Router B.
# Use IPv6 prefix lists on Router B to filter received and redistributed routes. [RouterB] ipv6 prefix-list aaa permit 4:: 64 [RouterB] ipv6 prefix-list bbb deny 2:: 64 [RouterB] ipv6 prefix-list bbb permit :: 0 less-equal 128 [RouterB] ripng 1 [RouterB-ripng-1] filter-policy prefix-list aaa export [RouterB-ripng-1] filter-policy prefix-list bbb import [RouterB-ripng-1] quit # Display the RIPng routing tables on Router B and Router A.
Figure 84 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic RIPng: # Enable RIPng 100 on Router A. system-view [RouterA] ripng 100 [RouterA-ripng-100] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ripng 100 enable [RouterA-Ethernet1/1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] ripng 100 enable # Enable RIPng 100 and RIPng 200 on Router B.
3.
NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2::/64 Protocol : Direct NextHop : 2::1 Preference: 0 Interface : Eth1/1 Cost : 0 Destination: 2::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 4::/64 Protocol : RIPng NextHop : FE80::200:BFF:FE01:1C02 Preference: 100 Interface : Eth1/2 Cost : 1 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Destin
[RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ripng 1 enable [RouterB-Ethernet1/1] quit [RouterB] interface ethernet 1/2 [RouterB-Ethernet1/2] ripng 1 enable [RouterB-Ethernet1/2] quit # Configure Router C. system-view [RouterC] ripng 1 [RouterC-ripng-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ripng 1 enable [RouterC-Ethernet1/1] quit 3.
[RouterB-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc [RouterB-ipsec-profile-profile001-manual] quit # On Router C, create an IPsec transform set named protrf1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to 3DES, and authentication algorithm to MD5.
Configuring OSPFv3 This chapter describes how to configure RFC 2740-compliant Open Shortest Path First version 3 (OSPFv3) for an IPv6 network. For more information about OSPFv2, see "Configuring OSPF.
• Inter-Area-Router LSA—Type-4 LSA, originated by ABRs and flooded throughout the LSA's associated area. Each Inter-Area-Router LSA describes a route to ASBR. • AS External LSA—Type-5 LSA, originated by ASBRs, and flooded throughout the AS, except stub and NSSA areas. Each AS External LSA describes a route to another AS. A default route can be described by an AS External LSA. • Link LSA—Type-8 LSA. A router originates a separate Link LSA for each attached link. Link LSAs have link-local flooding scope.
Tasks at a glance (Optional.) Tuning and optimizing OSPFv3 networks: • • • • • • • • Configuring OSPFv3 timers Specifying LSA transmission delay Configuring a DR priority for an interface Specifying SPF calculation interval Specifying the LSA generation interval Ignoring MTU check for DD packets Disabling interfaces from receiving and sending OSPFv3 packets Enabling the logging of neighbor state changes (Optional.) Configuring OSPFv3 GR: • Configuring GR restarter • Configuring GR helper (Optional.
Configuring OSPFv3 area parameters OSPFv3 has the same stub area and virtual link features as OSPFv2. After you split an OSPFv3 AS into multiple areas, the LSA number is reduced and OSPFv3 applications are extended. To further reduce the size of routing tables and the number of LSAs, configure the non-backbone areas at an AS edge as stub areas.
To configure a virtual link: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Enter OSPFv3 area view. area area-id N/A Configure a virtual link. vlink-peer router-id [ dead seconds | hello seconds | instance instance-id | ipsec-profile profile-name | retransmit seconds | trans-delay seconds ] * By default, no virtual link is configured. 4.
Configuring an NBMA or P2MP neighbor For NBMA and P2MP interfaces (only when in unicast mode), you must specify the link-local IP addresses of their neighbors because these interfaces cannot find neighbors through broadcasting hello packets. For NBMA interfaces, you can also specify DR priorities for neighbors. To configure an NBMA or P2MP (unicast) neighbor and its DR priority: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view.
Configuring OSPFv3 received route filtering According to some rules, you can configure OSPFv3 to filter routes calculated using received LSAs. To configure OSPFv3 to filter routes calculated using received LSAs: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A Configure OSPFv3 to filter routes calculated using received LSAs.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure an OSPFv3 cost for the interface. ospfv3 cost value [ instance instance-id ] By default, the OSPFv3 cost is 1 for a VLAN interface, is 0 for a loopback interface, and is automatically computed according to the interface bandwidth for other interfaces. To configure a bandwidth reference value: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view.
Configuring OSPFv3 route redistribution Because OSPFv3 is a link state routing protocol, it cannot directly filter LSAs to be advertised. OSPFv3 filters only redistributed routes. Only routes that are not filtered out can be advertised in LSAs. Executing the import-route or default-route-advertise command on a router makes it become an ASBR. To configure OSPFv3 route redistribution: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view.
Configuring OSPFv3 timers Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the hello interval. ospfv3 timer hello seconds [ instance instance-id ] By default, the hello interval on P2P and broadcast interfaces is 10 seconds. By default, the dead interval on P2P and broadcast interfaces is 40 seconds. 4. Configure the dead interval.
To configure SPF calculation interval: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A By default: • The maximum interval is 5 3. Specify the SPF calculation interval. seconds. spf-schedule-interval maximum-interval [ minimum-interval [ incremental-interval ] ] • The minimum interval is 50 milliseconds. • The incremental interval is 200 milliseconds.
Ignoring MTU check for DD packets When LSAs are few in DD packets, it is unnecessary to check the MTU in DD packets to improve efficiency. To ignore MTU check for DD packets: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Ignore MTU check for DD packets. ospfv3 mtu-ignore [ instance instance-id ] By default, OSPFv3 does not ignore MTU check for DD packets.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Enable the logging of neighbor state changes. log-peer-change By default, this feature is enabled. Configuring OSPFv3 GR GR ensures forwarding continuity when a routing protocol restarts or an active/standby switchover occurs: Two routers are required to complete a GR process. The following are router roles in a GR process.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Enable the GR helper capability. graceful-restart helper enable By default, the GR helper capability is enabled. 4. Enable strict LSA checking. graceful-restart helper strict-lsa-checking By default, strict LSA checking is disabled.
match, the device accepts the packet. Otherwise, the device discards the packet and will not establish a neighbor relationship with the sending device. You can configure an IPsec profile for an area, an interface, or a virtual link. • To implement area-based IPsec protection, configure the same IPsec profile on the routers in the target area. • To implement interface-based IPsec protection, configure the same IPsec profile on the interfaces between two neighboring routers.
Displaying and maintaining OSPFv3 Execute display commands in any view. Purpose Command Display information about the routes to OSPFv3 ABR and ASBR. display ospfv3 [ process-id ] abr-asbr Display summary route information on the OSPFv3 ABR. display ospfv3 [ process-id ] [ area area-id ] abr-summary [ ipv6-address prefix-length ] [ verbose ] Display OSPFv3 process information. display ospfv3 [ process-id ] [ verbose ] Display OSPFv3 GR information.
Figure 86 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic OSPFv3: # Configure Router A: enable OSPFv3 and specify the router ID as 1.1.1.1. system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
[RouterC-Ethernet1/2] ospfv3 1 area 2 [RouterC-Ethernet1/2] quit # Configure Router D: enable OSPFv3 and specify the router ID as 4.4.4.4. system-view [RouterD] ospfv3 1 [RouterD-ospfv3-1] router-id 4.4.4.4 [RouterD-ospfv3-1] quit [RouterD] interface ethernet 1/2 [RouterD-Ethernet1/2] ospfv3 1 area 2 [RouterD-Ethernet1/2] quit # Display OSPFv3 neighbors on Router B. [RouterB] display ospfv3 peer OSPFv3 Process 1 with Router ID 2.2.2.2 Area: 0.0.0.
NextHop : FE80::F40D:0:93D0:1 Interface: Eth1/2 *Destination: 2001:1::/64 Type : IA Cost : 3 NextHop : FE80::F40D:0:93D0:1 Interface: Eth1/2 *Destination: 2001:2::/64 Type : I Cost : 1 NextHop : directly-connected Interface: Eth1/2 *Destination: 2001:3::/64 Type : IA Cost : 4 NextHop : FE80::F40D:0:93D0:1 Interface: Eth1/2 Total: 4 Intra area: 1 3. Inter area: 3 ASE: 0 Configure Area 2 as a stub area: # Configure Router D.
*Destination: 2001:2::/64 Type : I Cost : 1 NextHop : directly-connected Interface: Eth1/2 *Destination: 2001:3::/64 Type : IA Cost : 4 NextHop : FE80::F40D:0:93D0:1 Interface: Eth1/2 Total: 5 Intra area: 1 Inter area: 4 ASE: 0 The output shows that a default route is added and its cost is the cost of a direct route plus the configured cost. 4. Configure Area 2 as a totally stub area to further reduce the stub area routing table size: # Configure Area 2 as a totally stub area on Router C.
Figure 87 Network diagram Router A Eth1/1 2001::1/64 Eth1/1 2001::3/64 Router B Eth1/1 2001::2/64 Eth1/1 2001::4/64 Router C Router D Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic OSPFv3: # Configure Router A: enable OSPFv3, and specify the router ID as 1.1.1.1. system-view [RouterA] ospfv3 [RouterA-ospfv3-1] router-id 1.1.1.
[RouterD] interface ethernet 1/1 [RouterD-Ethernet1/1] ospfv3 1 area 0 [RouterD-Ethernet1/1] quit # Display neighbors on Router A. The routers have the same default router priority 1, so Router D (the router with the highest Router ID) is elected as the DR, and Router C is the BDR. [RouterA] display ospfv3 peer OSPFv3 Process 1 with Router ID 1.1.1.1 Area: 0.0.0.0 ------------------------------------------------------------------------Router ID Pri State Dead-Time Interface Inst ID 2.2.2.
Router ID Pri State Dead-Time Interface Inst ID 2.2.2.2 0 2-Way/DROther 00:00:36 Eth1/1 0 3.3.3.3 2 Full/Backup 00:00:35 Eth1/1 0 4.4.4.4 1 Full/DR 00:00:33 Eth1/1 0 # Display neighbors on Router D. [RouterD] display ospfv3 peer OSPFv3 Process 1 with Router ID 4.4.4.4 Area: 0.0.0.0 ------------------------------------------------------------------------Router ID Pri State Dead-Time Interface Inst ID 1.1.1.1 100 Full/DROther 00:00:30 Eth1/1 0 2.2.2.
Configuring OSPFv3 route redistribution Network requirements As shown in Figure 88: • Router A, Router B, and Router C are in Area 2. • OSPFv3 process 1 and OSPFv3 process 2 run on Router B. Router B communicates with Router A and Router C through OSPFv3 process 1 and OSPFv3 process 2. • Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B, and set the default metric for redistributed routes to 3.
[RouterB-ospfv3-2] router-id 3.3.3.3 [RouterB-ospfv3-2] quit [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ospfv3 2 area 2 [RouterB-Ethernet1/1] quit # Enable OSPFv3 process 2 on Router C. system-view [RouterC] ospfv3 2 [RouterC-ospfv3-2] router-id 4.4.4.
3. Configure OSPFv3 route redistribution: # Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B. [RouterB] ospfv3 2 [RouterB-ospfv3-2] default cost 3 [RouterB-ospfv3-2] import-route ospfv3 1 [RouterB-ospfv3-2] import-route direct [RouterB-ospfv3-2] quit # Display the routing table on Router C.
Configuring OSPFv3 GR Network requirements • As shown in Figure 89, Router A, Router B, and Router C that reside in the same AS and the same OSPFv3 routing domain are GR capable. • Router A acts as the GR restarter. Router B and Router C act as GR helpers, and synchronize their LSDBs with Router A through out-of-band (OOB) communication of GR. Figure 89 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2.
[RouterC] ospfv3 1 [RouterC-ospfv3-1] router-id 3.3.3.3 [RouterC-ospfv3-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] ospfv3 1 area 1 [RouterC-Ethernet1/1] quit Verifying the configuration After all routers function correctly, perform an active/standby switchover on Router A to trigger an OSPFv3 GR operation.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ospfv3 1 area 0 [RouterA-Ethernet1/1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] ospfv3 1 area 0 [RouterA-Ethernet1/2] quit # Enable OSPFv3 and set the router ID to 2.2.2.2 on Router B. system-view [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.
display bfd session Total Session Num: 1 Up Session Num: 1 Init Mode: Active IPv6 Session Working Under Ctrl Mode: Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of Ethernet1/1 on Router A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of Ethernet1/1 on Router B) Session State: Up Interface: Eth1/1 Hold Time: 2319ms # Display routes destined for 2001:4::0/64 on Router A.
Figure 91 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure OSPFv3 basic functions: # On Router A, enable OSPFv3 and configure the router ID as 1.1.1.1. system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface ethernet 1/2 [RouterA-Ethernet1/2] ospfv3 1 area 1 [RouterA-Ethernet1/2] quit # On Router B, enable OSPFv3 and configure the router ID as 2.2.2.2.
reference IPsec transform set trans, and set the SPIs of the inbound and outbound SAs to 123 and the keys for the inbound and outbound SAs to abc using ESP.
[RouterB-ipsec-profile-profile002-manual] sa string-key outbound ah simple hello [RouterB-ipsec-profile-profile002-manual] sa string-key inbound esp simple byebye [RouterB-ipsec-profile-profile002-manual] sa string-key outbound esp simple byebye [RouterB-ipsec-profile-profile002-manual] quit # On Router C, create an IPsec transform set named trans, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to 3DES, and authentication algorithm to MD5.
Verifying the configuration OSPFv3 packets between Routers A, B, and C are protected by IPsec.
Configuring IPv6 IS-IS IPv6 IS-IS supports all IPv4 IS-IS features except that it advertises IPv6 routing information. This chapter describes only IPv6 IS-IS specific configuration tasks. For information about IS-IS, see "Configuring IS-IS." Overview Intermediate System-to-Intermediate System (IS-IS) supports multiple network protocols, including IPv6. To support IPv6, the IETF added two type-length-values (TLVs) and a new network layer protocol identifier (NLPID).
Configuring IPv6 IS-IS route control Before you configure IPv6 IS-IS route control, complete basic IPv6 IS-IS configuration. To configure IPv6 IS-IS route control: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Specify a preference for IPv6 IS-IS routes. ipv6 preference { route-policy route-policy-name | preference } * By default, the default setting is 15. 4. Configure an IPv6 IS-IS summary route.
Tuning and optimizing IPv6 IS-IS networks Configuration prerequisites Before you tune and optimize IPv6 IS-IS networks, complete basic IPv6 IS-IS tasks. Assigning a convergence priority to IPv6 IS-IS routes A topology change causes IS-IS routing convergence. To improve convergence speed, you can assign different convergence priorities to specific IPv6 IS-IS routes, including critical, high, medium, and low. The higher the convergence priority, the faster the convergence speed.
Step Enable BFD for IPv6 IS-IS. 8. Command Remarks isis ipv6 bfd enable By default, BFD for IPv6 IS-IS is disabled. Displaying and maintaining IPv6 IS-IS Execute display commands in any view. For other display and reset commands, see "Configuring IS-IS." Task Command Display information about routes redistributed by IPv6 IS-IS. display isis redistribute ipv6 [ ipv6-address mask-length ] [ level-1 | level-2 ] [ process-id ] Display IPv6 IS-IS routing information.
Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 IS-IS: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] ipv6 enable [RouterA-isis-1] quit [RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] isis ipv6 enable 1 [RouterA-Ethernet1/1] quit # Configure Router B.
[RouterD-Ethernet1/1] quit [RouterD] interface ethernet 1/2 [RouterD-Ethernet1/2] isis ipv6 enable 1 [RouterD-Ethernet1/2] quit Verifying the configuration # Display the IPv6 IS-IS routing table on Router A.
Next Hop : FE80::200:FF:FE0F:4 Interface: Eth1/1 Destination : 2001:2:: PrefixLen: 64 Flag : R/-/- Cost Next Hop : Direct Interface: Eth1/1 : 20 Destination : 2001:3:: PrefixLen: 64 Flag : R/-/- Cost Next Hop : FE80::200:FF:FE0F:4 Interface: Eth1/1 : 20 Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set # Display the IPv6 IS-IS routing table on Router C.
Destination : 2001:4::1 PrefixLen: 128 Flag : R/-/- Cost Next Hop : FE80::20F:E2FF:FE3E:FA3D Interface: Eth1/3 : 10 Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set # Display the IPv6 IS-IS routing table on Router D.
Figure 93 Network diagram Device Interface IPv6 address Device Interface IPv6 address Router A Eth1/1 2001::1/64 Router B Eth1/1 2001::2/64 Eth1/2 2001:2::1/64 Eth1/2 2001:3::2/64 Router C Eth1/1 2001:2::2/64 Eth1/2 2001:3::1/64 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IPv6 IS-IS: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.
[RouterB-Ethernet1/2] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] ipv6 enable [RouterC-isis-1] quit [RouterC] interface ethernet 1/1 [RouterC-Ethernet1/1] isis ipv6 enable 1 [RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis ipv6 enable 1 [RouterC-Ethernet1/2] quit 3. Configure BFD functions: # Enable BFD and configure BFD parameters on Router A.
Summary Count : 2 Destination: 2001:4::/64 Protocol NextHop : FE80::20F:FF:FE00:1200 Preference: 15 : ISISv6 Interface : Eth1/1 Cost : 10 The output shows that Router A and Router B communicate through Ethernet 1/1. Then the link over Ethernet 1/1 fails. # Display routes destined for 2001:4::0/64 on Router A.
Configuring IPv6 PBR Introduction to IPv6 PBR Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify the next hop, output interface, default next hop, default output interface, and other parameters for packets that match specific criteria such as ACLs or that have specific lengths. A device forwards received packets using the following process: 1. The device uses PBR to forward matching packets. 2.
apply clause IPv6 PBR supports the following types of apply clauses, as shown in Table 9. You can specify multiple apply clauses for a node, but some of them might not be executed. The apply clauses that determine the packet forwarding paths are apply access-vpn vpn-instance, apply next-hop, apply output-interface, apply default-next-hop, and apply default-output-interface in a descending priority order.
Relationship between the match mode and clauses on the node Does a packet match all the if-match clauses on the node? Match mode In permit mode In deny mode • If the node is configured with an apply clause, IPv6 PBR executes the apply clause on the node. { { Yes { If PBR successfully guides the forwarding of the packet, PBR does not match the packet against the next node.
Tasks at a glance (Required.) Configuring IPv6 PBR: • Configuring IPv6 local PBR • Configuring IPv6 interface PBR Configuring an IPv6 policy Creating an IPv6 node Step Command Remarks 1. Enter system view. system-view N/A 2. Create an IPv6 policy or policy node, and enter IPv6 policy node view. ipv6 policy-based-route policy-name [ deny | permit ] node node-number By default, no IPv6 policy node is created. Configuring match criteria for an IPv6 node Step Command Remarks 1.
Step Command Remarks By default, no VPN instance is specified. 4. Set VPN instances. apply access-vpn vpn-instance vpn-instance-name&<1-n> You can specify up to m VPN instances for a node. The matching packets are forwarded according to the forwarding table of the first available VPN instance. The value of m depends on the device model. By default, no next hop is specified. 5. 6. Set next hops for permitted IPv6 packets.
Step Command Remarks By default, no default output interface is specified. 11. Set default output interfaces. 12. Enable load sharing among multiple default output interfaces. 13. Match packets against the next node upon match failure on the current node.
You can apply only one policy to an interface. Before you apply a new policy, you must first remove the current policy from the interface. You can apply a policy to multiple interfaces. To configure IPv6 interface PBR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Apply an IPv6 policy to the interface. ipv6 policy-based-route policy-name By default, no IPv6 policy is applied to the interface.
Figure 94 Network diagram Configuration procedure 1. Configure Router A: # Configure the IPv6 addresses of the serial interfaces. system-view [RouterA] interface serial 2/0 [RouterA-Serial2/0] ipv6 address 1::1 64 [RouterA-Serial2/0] quit [RouterA] interface serial 2/1 [RouterA-Serial2/1] ipv6 address 2::1 64 [RouterA-Serial2/1] quit # Configure ACL 3001 to match TCP packets.
Packet type-based IPv6 interface PBR configuration example (on routers) Network requirements As shown in Figure 95, configure IPv6 PBR on Router A to forward all TCP packets received on Ethernet 1/1 to the next hop 1::2. Router A forwards other IPv6 packets according to the routing table. Figure 95 Network diagram Configuration procedure 1. Configure Router A: # Configure RIPng.
# Configure Node 5 for policy aaa to forward TCP packets to next hop 1::2. [RouterA] ipv6 policy-based-route aaa permit node 5 [RouterA-pbr6-aaa-5] if-match acl 3001 [RouterA-pbr6-aaa-5] apply next-hop 1::2 [RouterA-pbr6-aaa-5] quit # Configure IPv6 interface PBR by applying policy aaa to Ethernet 1/1.
Packet length-based IPv6 interface PBR configuration example (on routers) Network requirements As shown in Figure 96, configure IPv6 interface PBR to guide the forwarding of packets received on Ethernet 1/1 of Router A as follows: • Set the next hop of packets with a length of 64 to 100 bytes to 150::2/64. • Set the next hop of packets with a length of 101 to 1000 bytes to 151::2/64. Router A forwards other packets according to the routing table. Figure 96 Network diagram Configuration procedure 1.
[RouterA] interface ethernet 1/1 [RouterA-Ethernet1/1] ipv6 address 192::1 64 [RouterA-Ethernet1/1] undo ipv6 nd ra halt [RouterA-Ethernet1/1] ripng 1 enable [RouterA-Ethernet1/1] ipv6 policy-based-route lab1 [RouterA-Ethernet1/1] return 2. Configure RIPng on Router B.
*Jun 150 26 13:04:33:519 2012 RouterA PBR6/7/PBR Forward Info: -MDC=1; apply next-hop ::2. The output shows that Router A sets the next hop for the received packets to 150::2 according to IPv6 PBR. The packets are forwarded through Serial 2/0. # Ping Loopback 0 of Router B from Host A, and set the data length to 200 bytes.
Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: 1. Configure filters based on route attributes, such as destination address and the advertising router's address. 2.
For more information about extended community lists, see MPLS Configuration Guide. MAC list A MAC list matches the destination MAC address of EVI IS-IS routing information. A MAC list, identified by name, can comprise multiple items. Each item, identified by an index number, specifies a MAC address range. An item with a smaller index number is matched first. A route that matches one item matches the MAC list.
Configuring an IP prefix list Configuring an IPv4 prefix list If all the items are set to deny mode, no routes can pass the IPv4 prefix list. To allow other IPv4 routing information to pass, you must configure the permit 0.0.0.0 0 less-equal 32 item following multiple deny items. To configure an IPv4 prefix list: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure an IPv4 prefix list.
Step 1. Enter system view. Command Remarks system-view N/A • Configure a basic community list: 2. ip community-list { basic-comm-list-num | basic basic-comm-list-name } { deny | permit } [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] * Configure a community list. • Configure an advanced community list: Use either method.
Creating a routing policy For a routing policy that has more than one node, configure at least one permit-mode node. A route that does not match any node cannot pass the routing policy. If all the nodes are in deny mode, no routing information can pass the routing policy. To create a routing policy: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a routing policy and a node, and enter routing policy node view.
Step Command Remarks 5. Match BGP routes whose COMMUNITY attribute matches a specified community list. if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32> By default, no COMMUNITY match criterion is matched. 6. Match routes having the specified cost. if-match cost value By default, no cost match criterion is configured. 7. Match BGP routes whose extended community attribute matches a specified extended community list.
Step Command Remarks 2. Enter routing policy node view. route-policy route-policy-name { deny | permit } node node-number N/A 3. Set the AS_PATH attribute for BGP routes. apply as-path as-number&<1-32> [ replace ] By default, no AS_PATH attribute is set for BGP routes. 4. Delete the specified COMMUNITY attribute for BGP routes. apply comm-list { comm-list-number | comm-list-name } delete By default, no COMMUNITY attribute is deleted for BGP routes. 5.
Step Command Remarks 17. Set a tag value for RIP, OSPF, and IS-IS route. apply tag value By default, no tag value is set for RIP, OSPF, and IS-IS routes. 18. Set a backup link for fast reroute (FRR). apply fast-reroute backup-interface interface-type interface-number [ backup-nexthop ip-address ] By default, no backup link is set for FRR.
Task Command Display IPv6 prefix list statistics. display ipv6 prefix-list [ prefix-list-name ] Display MAC list statistics. display mac-list [ mac-list-name ] Display routing policy information. display route-policy [ route-policy-name ] Clear IPv4 prefix list statistics. reset ip prefix-list [ prefix-list-name ] Clear IPv6 prefix list statistics. reset ipv6 prefix-list [ prefix-list-name ] Clear MAC list statistics.
[RouterC-Ethernet1/1] quit [RouterC] interface ethernet 1/2 [RouterC-Ethernet1/2] isis enable [RouterC-Ethernet1/2] quit [RouterC] interface ethernet 1/3 [RouterC-Ethernet1/3] isis enable [RouterC-Ethernet1/3] quit [RouterC] interface ethernet 1/4 [RouterC-Ethernet1/4] isis enable [RouterC-Ethernet1/4] quit # Configure Router B. system-view [RouterB] isis [RouterB-isis-1] is-level level-2 [RouterB-isis-1] network-entity 10.0000.0000.0002.
172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.2.2 172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2 Total Nets: 4 Intra Area: 1 4. Inter Area: 0 ASE: 3 NSSA: 0 Configure filtering lists on Router B: # Configure ACL 2002 to allow route 172.17.2.0/24 to pass. [RouterB] acl number 2002 [RouterB-acl-basic-2002] rule permit source 172.17.2.0 0.0.0.255 [RouterB-acl-basic-2002] quit # Configure IP prefix list prefix-a to allow route 172.17.1.0/24 to pass.
The output shows that the cost of route 172.17.1.0/24 is 100 and the tag of route 172.17.2.0/24 is 20. Applying a routing policy to IPv6 route redistribution Network requirements • As shown in Figure 98, run RIPng on Router A and Router B. • Configure three static routes on Router A. • On Router A, enable static route redistribution into RIPng, and apply a routing policy to permit routes 20::/32 and 40::/32 and deny route 30::/32. Figure 98 Network diagram Configuration procedure 1.
[RouterA] ripng [RouterA-ripng-1] import-route static route-policy static2ripng 2. Configure Router B: # Configure the IPv6 address of Ethernet 1/1. system-view [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ipv6 address 10::2 32 # Enable RIPng. [RouterB] ripng [RouterB-ripng-1] quit # Enable RIPng on the interface. [RouterB] interface ethernet 1/1 [RouterB-Ethernet1/1] ripng 1 enable [RouterB-Ethernet1/1] quit Verifying the configuration # Display the RIPng routing table on Router B.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index ABCDEGILOPRST Configuring OSPF PIC,88 A Configuring OSPF route control,72 Applying an IPsec profile,351 Configuring OSPFv3 area parameters,341 Applying an IPsec profile,329 Configuring OSPFv3 GR,350 B Configuring OSPFv3 network types,342 BGP configuration task list,186 Configuring OSPFv3 route control,343 C Configuring PBR,302 Configuring prefix prioritization,88 Configuring 6PE,243 Configuring prefix suppression,87 Configuring a large-scale BGP network,235 Configuring RIP FRR,36 Conf
Overview,372 E Overview,396 Enabling logging of session state changes,241 Overview,174 Enabling OSPF,66 Enabling OSPFv3,340 Overview,122 Enabling SNMP notifications for BGP,241 P Enhancing IS-IS network security,147 PBR configuration examples,303 Extension attribute redistribution,4 PBR configuration task list,299 G R Generating BGP routes,197 Related information,409 I RIP configuration examples,37 Introduction to IPv6 PBR,383 RIP configuration task list,22 RIPng configuration examples,3
