HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7) Part number: 5998-5678 Software version: CMW710-R0106 Document version: 6PW100-20140607
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring basic IP routing········································································································································ 1 Routing table ······································································································································································ 1 Dynamic routing protocols ·······························································································································
Configuring received/redistributed route filtering ····························································································· 33 Configuring a preference for RIP ························································································································· 33 Configuring RIP route redistribution····················································································································· 33 Tuning and optimizing RIP networks ··············
Configuring a virtual link ······································································································································ 74 Configuring OSPF network types ································································································································· 75 Configuration prerequisites ·································································································································· 75 Configuring the broad
Basic OSPF configuration example ··················································································································· 100 OSPF route redistribution configuration example ···························································································· 103 OSPF summary route advertisement configuration example ·········································································· 104 OSPF stub area configuration example ···········································
Configuring system ID to host name mappings································································································ 155 Enabling the logging of neighbor state changes ····························································································· 156 Enabling IS-IS ISPF ··············································································································································· 156 Enabling prefix suppression ···························
Limiting routes received from a peer or peer group ························································································ 231 Configuring BGP route filtering policies ··········································································································· 233 Configuring BGP route dampening ··················································································································· 238 Controlling BGP path selection ································
IPv6 BGP configuration examples ······························································································································ 331 IPv6 BGP basic configuration example ············································································································· 331 IPv6 BGP route reflector configuration example ······························································································ 334 6PE configuration example ··························
Configuring received/redistributed route filtering ··························································································· 384 Configuring a preference for RIPng··················································································································· 384 Configuring RIPng route redistribution ·············································································································· 385 Tuning and optimizing the RIPng network ·················
Configuring OSPFv3 NSR ··········································································································································· 412 Configuring BFD for OSPFv3 ······································································································································ 413 Applying an IPsec profile ············································································································································ 413 Displayi
Configuring filters ························································································································································· 468 Configuration prerequisites ································································································································ 468 Configuring an IP prefix list ································································································································ 469 Configurin
Configuring basic IP routing In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. IP routing directs IP packet forwarding on routers based on a routing table. This chapter focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide.
• Destination—IP address of the destination host or network. • Mask—Mask length of the IP address. • Proto—Protocol that installs the route. The protocol can be direct, static, or a dynamic protocol such as OSPF. • Pre—Preference of the route. Among routes to the same destination, the route with the highest preference is optimal. • Cost—If multiple routes to a destination have the same preference, the one with the smallest cost is the optimal route. • NextHop—Next hop.
Table 3 Route types and default route preferences Route type Preference Direct route 0 Multicast static route 1 OSPF 10 IS-IS 15 Unicast static route 60 RIP 100 OSPF ASE 150 OSPF NSSA 150 IBGP 255 EBGP 255 Unknown (route from an untrusted source) 256 Load sharing A routing protocol might find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing.
Route redistribution Route redistribution enables routing protocols to learn routing information from each other. A dynamic routing protocol can redistribute routes from other routing protocols, including direct and static routing. For more information, see the respective chapters on those routing protocols in this configuration guide. The RIB records redistribution relationships of routing protocols.
Configuring the maximum lifetime for routes in the FIB When GR or NSR is disabled, FIB entries must be retained for some time after a protocol process switchover or RIB process switchover. When GR or NSR is enabled, FIB entries must be removed immediately after a protocol or RIB process switchover to avoid routing issues. Perform this task to meet such requirements. To configure the maximum lifetime for routes in the FIB (IPv4): Step Command Remarks 1. Enter system view. system-view N/A 2.
RIB NSR provides faster route convergence than protocol NSR during an active/standby switchover. Configuring IPv4 RIB NSR Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIB view. rib N/A 3. Create a RIB IPv4 address family and enter its view. address-family ipv4 By default, no RIB IPv4 address family is created. 4. Enable IPv4 RIB NSR. non-stop-routing By default, RIB NSR is disabled. Configuring IPv6 RIB NSR Step Command Remarks 1. Enter system view.
Task Command Display information about routes to a range of destination addresses (MSR2000/MSR3000). display ip routing-table [ topology topo-name | vpn-instance vpn-instance-name ] ip-address1 to ip-address2 [ verbose ] Display information about routes to a range of destination addresses (MSR4000).
Task Command Display information about routes to an IPv6 destination address (MSR2000/MSR3000). display ipv6 routing-table [ vpn-instance vpn-instance-name ] ipv6-address [ prefix-length ] [ longer-match ] [ verbose ] Display information about routes to an IPv6 destination address (MSR4000).
Task Command Display next hop information for IPv6 direct routes. display ipv6 route-direct nib [ nib-id ] [ verbose ] Clear IPv6 route statistics (MSR2000/MSR3000). reset ipv6 routing-table statistics protocol [ vpn-instance vpn-instance-name ] { protocol | all } Clear IPv6 route statistics (MSR4000).
Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. Configuring a static route Before you configure a static route, complete the following tasks: • Configure the physical parameters for related interfaces.
Step Command Remarks 3. (Optional.) Configure the default preference for static routes. ip route-static default-preference default-preference-value The default setting is 60. 4. (Optional.) Delete all static routes, including the default route. delete [ topology topo-name | vpn-instance vpn-instance-name ] static-routes all To delete one static route, use the undo ip route-static command. Configuring BFD for static routes IMPORTANT: Enabling BFD for a flapping route could worsen the situation.
Step Command Remarks • Method 1: 2. Configure BFD control mode for a static route.
Configuring static route FRR A link or router failure on a path can cause packet loss and even routing loop. Static route fast reroute (FRR) enables fast rerouting to minimize the impact of link or node failures. Figure 1 Network diagram As shown in Figure 1, upon a link failure, packets are directed to the backup next hop to avoid traffic interruption. You can either specify a backup next hop for FRR or enable FRR to automatically select a backup next hop (which must be configured in advance).
Step Command Remarks • Method 1: ip route-static dest-address { mask-length | mask } interface-type interface-number [ next-hop-address [ backup-interface interface-type interface-number [ backup-nexthop backup-nexthop-address ] ] ] [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ] • Method 2: ip route-static vpn-instance s-vpn-instance-name dest-address { mask-length | mask } interface-type interface-number [ next-hop-address [ backup-interface interface-
Step Command Remarks 3. Enable BFD echo packet mode for static route FRR. ip route-static primary-path-detect bfd echo By default, BFD echo mode for static route FRR is disabled. Displaying and maintaining static routes Execute display commands in any view. Task Command Display static route information. display ip routing-table protocol static [ inactive | verbose ] Display static route next hop information.
system-view [RouterB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1 [RouterB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6 # Configure a default route on Router C. system-view [RouterC] ip route-static 0.0.0.0 0.0.0.0 1.1.5.5 3. Configure the default gateways of Host A, Host B, and Host C as 1.1.2.3, 1.1.6.1, and 1.1.3.1. (Details not shown.) Verifying the configuration # Display the static route information on Router A.
Ping statistics for 1.1.2.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms # Use the tracert command on Host B to test the reachability of Host A. C:\Documents and Settings\Administrator>tracert 1.1.2.2 Tracing route to 1.1.2.2 over a maximum of 30 hops 1 <1 ms <1 ms <1 ms 1.1.6.1 2 <1 ms <1 ms <1 ms 1.1.4.1 3 1 ms <1 ms <1 ms 1.1.2.2 Trace complete.
Device Interface IP address Router C GigabitEthernet 2/1/1 10.1.1.100/24 Router C GigabitEthernet 2/1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure static routes and BFD: # Configure static routes on Route A and enable BFD control mode for the static route that traverses the Layer 2 switch.
The output shows that the BFD session has been created. # Display static routes on Router A. display ip routing-table protocol static Summary Count : 1 Static Routing table Status : Summary Count : 1 Destination/Mask Proto 120.1.1.0/24 Static 60 Pre Cost NextHop Interface 0 12.1.1.2 GE2/1/1 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 2/1/1.
Configure a static route to subnet 120.1.1.0/24 and a static route to subnet 121.1.1.0/24 on both Router C and Router D. • When the link between Router A and Router B through Router D fails, BFD can detect the failure immediately and inform Router A and Router B to communicate through Router C. Figure 4 Network diagram Table 5 Interface and IP address assignment Device Interface IP address Router A GigabitEthernet 2/1/1 12.1.1.1/24 Router A GigabitEthernet 2/1/2 10.1.1.
# Configure static routes on Router B and enable BFD control mode for the static route that traverses Router D. system-view [RouterB] bfd multi-hop min-transmit-interval 500 [RouterB] bfd multi-hop min-receive-interval 500 [RouterB] bfd multi-hop detect-multiplier 9 [RouterB] ip route-static 121.1.1.0 24 1.1.1.9 bfd control-packet bfd-source 2.2.2.9 [RouterB] ip route-static 121.1.1.0 24 gigabitethernet 2/1/2 13.1.1.2 preference 65 [RouterB] quit # Configure static routes on Router C.
Summary Count : 1 Static Routing table Status : Summary Count : 1 Destination/Mask Proto Pre 120.1.1.0/24 Static 65 Cost NextHop Interface 0 10.1.1.100 GE2/1/2 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 2/1/2. Static route FRR configuration example Network requirements As shown in Figure 5, configure static routes on Router S, Router A, and Router D, and configure static route FRR.
[RouterS] ip route-static 4.4.4.4 32 gigabitethernet 2/1/1 12.12.12.2 preference 70 [RouterS] ip route-static fast-reroute auto # Configure static routes on Router D, and enable static route FRR. system-view [RouterD] ip route-static 1.1.1.1 32 gigabitethernet 2/1/2 13.13.13.1 [RouterD] ip route-static 1.1.1.1 32 gigabitethernet 2/1/1 24.24.24.2 preference 70 [RouterD] ip route-static fast-reroute auto 3. Configure static routes on Router A. system-view [RouterA] ip route-static 4.4.
Flags: 0x1008c OrigNextHop: 13.13.13.1 Label: NULL RealNextHop: 13.13.13.1 BkLabel: NULL BkNextHop: 24.24.24.
Configuring a default route A default route is used to forward packets that do not match any specific routing entry in the routing table. Without a default route, packets that do not match any routing entries are discarded and an ICMP destination-unreachable packet is sent to the source. A default route can be configured in either of the following ways: • The network administrator can configure a default route with both destination and mask being 0.0.0.0.
Configuring RIP Overview Routing Information Protocol (RIP) is a distance-vector IGP suited to small-sized networks. It employs UDP to exchange route information through port 520. RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0. The hop count from a router to a directly connected router is 1. To limit convergence time, RIP restricts the metric range from 0 to 15.
3. RIP periodically sends the local routing table to its neighbors. After a RIP neighbor receives the message, it updates its routing table, selects optimal routes, and sends an update to other neighbors. RIP ages routes to keep only valid routes. RIP versions There are two RIP versions, RIPv1 and RIPv2. RIPv1 is a classful routing protocol. It advertises messages through broadcast only. RIPv1 messages do not carry mask information, so RIPv1 can only recognize natural networks such as Class A, B, and C.
Tasks at a glance • Advertising a default route • Configuring received/redistributed route filtering • Configuring a preference for RIP • Configuring RIP route redistribution (Optional.
Step Command Remarks By default, RIP is disabled on a network. network network-address [ wildcard-mask ] The network 0.0.0.0 command can enable RIP on all interfaces in a single process, but does not apply to multiple RIP processes. Step Command Remarks 1. Enter system view. system-view N/A 2. Enable RIP and enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] By default, RIP is disabled. 3. Return to system view. quit N/A 4. Enter interface view.
An interface preferentially uses the interface-specific RIP version. If no interface-specific version is specified, the interface uses the global RIP version. If neither a global nor interface-specific RIP version is configured, the interface sends RIPv1 broadcasts and can receive the following: • RIPv1 broadcasts and unicasts. • RIPv2 broadcasts, multicasts, and unicasts. To configure a RIP version: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify an inbound additional routing metric. rip metricin [ route-policy route-policy-name ] value The default setting is 0. 4. Specify an outbound additional routing metric. rip metricout [ route-policy route-policy-name ] value The default setting is 1.
Step Command Remarks 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Configure a summary route. rip summary-address ip-address { mask-length | mask } By default, no summary route is configured. Disabling host route reception Perform this task to disable RIPv2 from receiving host routes from the same network to save network resources. This feature does not apply to RIPv1.
NOTE: The router enabled to advertise a default route does not accept default routes from RIP neighbors. Configuring received/redistributed route filtering Perform this task to filter received and redistributed routes by using an IP prefix list. You can also configure RIP to receive routes only from a specified neighbor. To configure route filtering: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3.
To configure RIP route redistribution: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Redistribute routes from another routing protocol. import-route protocol [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost cost | route-policy route-policy-name | tag tag ] * 4. (Optional.) Configure a default cost for redistributed routes.
Step Command Remarks 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure RIP timers. timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } * By default: • The garbage-collect timer is 120 seconds. • The suppress timer is 120 seconds. • The timeout timer is 180 seconds. • The update timer is 30 seconds.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIP view. rip [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure the maximum number of ECMP routes. maximum load-balancing number The default maximum number of RIP ECMP routes is 32. Enabling zero field check on incoming RIPv1 messages Some fields in the RIPv1 message must be set to zero. These fields are called "zero fields." You can enable zero field check on incoming RIPv1 messages.
Configuring RIPv2 message authentication Perform this task to enable authentication on RIPv2 messages. This feature does not apply to RIPv1 because RIPv1 does not support authentication. Although you can specify an authentication mode for RIPv1 in interface view, the configuration does not take effect. RIPv2 supports two authentication modes: simple authentication and MD5 authentication. To configure RIPv2 message authentication: Step Command Remarks 1. Enter system view. system-view N/A 2.
Step Command Remarks 1. Enter system view. system-view N/A 2. Bind MIB to a RIP process. rip mib-binding process-id By default, MIB is bound to the RIP process with the smallest process ID. Configuring the RIP packet sending rate Perform this task to specify the interval for sending RIP packets and the maximum number of RIP packets that can be sent at each interval. This feature can avoid excessive RIP packets from affecting system performance and consuming too much bandwidth.
Configuring RIP GR GR ensures forwarding continuity when a routing protocol restarts or an active/standby switchover occurs. Two routers are required to complete a GR process. The following are router roles in a GR process. • GR restarter—Graceful restarting router. It must have GR capability. • GR helper—A neighbor of the GR restarter. It helps the GR restarter to complete the GR process.
Step Command Remarks 2. Configure the source IP address of BFD echo packets. bfd echo-source-ip ip-address By default, the source IP address of BFD echo packets is not configured. 3. Enter interface view. interface interface-type interface-number N/A 4. Enable BFD for RIP. rip bfd enable By default, BFD for RIP is disabled.
Step 5. Enable BFD interface. on the RIP Command Remarks rip bfd enable By default, BFD is disabled on a RIP interface. Configuring RIP FRR A link or router failure on a path can cause packet loss and even routing loop until RIP completes routing convergence based on the new network topology. FRR enables fast rerouting to minimize the impact of link or node failures.
Enabling BFD for RIP FRR By default, RIP FRR does not use BFD to detect primary link failures. To speed up RIP convergence, enable BFD single-hop echo detection for RIP FRR to detect primary link failures. To configure BFD for RIP FRR: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the source IP address of BFD echo packets. bfd echo-source-ip ip-address By default, the source IP address of BFD echo packets is not configured. 3. Enter interface view.
Figure 7 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure basic RIP by using either of the following methods: (Method 1) # Enable RIP on the specified networks on Router A. system-view [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] network 3.0.0.0 [RouterA-rip-1] quit (Method 2) # Enable RIP on the specified interfaces on Router B.
# Configure RIPv2 on Router A. [RouterA] rip [RouterA-rip-1] version 2 [RouterA-rip-1] undo summary [RouterA-rip-1] quit # Configure RIPv2 on Router B. [RouterB] rip [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] quit # Display the RIP routing table on Router A. [RouterA] display rip 1 route Route Flags: R - RIP A - Aging, S - Suppressed, G - Garbage-collect, D – Direct O - Optimal, F - Flush to RIB ---------------------------------------------------------------------------Peer 1.
# Use IP prefix lists on Router B to filter received and redistributed routes. [RouterB] ip prefix-list aaa index 10 permit 2.1.1.0 24 [RouterB] ip prefix-list bbb index 10 permit 10.1.1.0 24 [RouterB] rip 1 [RouterB-rip-1] filter-policy prefix-list aaa import [RouterB-rip-1] filter-policy prefix-list bbb export [RouterB-rip-1] quit # Display the RIP routing table on Router A.
Figure 8 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure basic RIP: # Enable RIP 100, and configure RIPv2 on Router A. system-view [RouterA] rip 100 [RouterA-rip-100] network 10.0.0.0 [RouterA-rip-100] network 11.0.0.0 [RouterA-rip-100] version 2 [RouterA-rip-100] undo summary [RouterA-rip-100] quit # Enable RIP 100 and RIP 200, and configure RIPv2 on Router B.
3. 12.3.1.0/24 Direct 0 0 12.3.1.2 GE2/1/1 12.3.1.0/32 Direct 0 0 12.3.1.2 GE2/1/1 12.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0 12.3.1.255/32 Direct 0 0 12.3.1.2 GE2/1/1 16.4.1.0/24 Direct 0 0 16.4.1.1 GE2/1/2 16.4.1.0/32 Direct 0 0 16.4.1.1 GE2/1/2 16.4.1.1/32 Direct 0 0 127.0.0.1 InLoop0 16.4.1.255/32 Direct 0 0 16.4.1.1 GE2/1/2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
Router A has two links to Router D. The link from Router B to Router D is more stable than that from Router C to Router D. Configure an additional metric for RIP routes received from GigabitEthernet 2/1/2 on Router A so Router A prefers route 1.1.5.0/24 learned from Router B. Figure 9 Network diagram GE2/1/1 1.1.1.2/24 GE2/1/1 1.1.1.1/24 GE2/1/2 1.1.3.1/24 GE2/1/2 1.1.3.2/24 Router B GE2/1/1 1.1.4.2/24 Router A GE2/1/2 1.1.2.1/24 Router D GE2/1/1 1.1.5.2/24 GE2/1/3 1.1.5.1/24 GE2/1/2 1.1.4.
[RouterE-rip-1] version 2 [RouterE-rip-1] undo summary # Display all active routes in the RIP database on Router A. [RouterA] display rip 1 database 1.0.0.0/8, auto-summary 1.1.1.0/24, cost 0, nexthop 1.1.1.1, RIP-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, RIP-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 1, nexthop 1.1.2.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.2.2 The output shows two RIP routes destined for network 1.1.5.
Figure 10 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure basic OSPF: # Configure Router A. system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit # Configure Router B. system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.
[RouterD] rip 1 [RouterD-rip-1] network 11.0.0.0 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary [RouterD-rip-1] quit # Configure RIP to redistribute routes from OSPF process 1 and direct routes on Router C. [RouterC-rip-1] import-route direct [RouterC-rip-1] import-route ospf 1 [RouterC-rip-1] quit # Display the IP routing table on Router D. [RouterD] display ip routing-table Destinations : 15 4. Destination/Mask Proto 0.0.0.0/32 10.1.1.
11.4.1.2/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 Configuring BFD for RIP (single-hop echo detection for a directly connected neighbor) Network requirements As shown in Figure 11, GigabitEthernet 2/1/1 of Router A and Router C runs RIP process 1. GigabitEthernet 2/1/2 of Router A runs RIP process 2.
[RouterA] rip 2 [RouterA-rip-2] network 192.168.2.0 [RouterA-rip-2] quit # Configure Router B. system-view [RouterB] rip 1 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C. system-view [RouterC] rip 1 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary [RouterC-rip-1] network 192.168.1.0 [RouterC-rip-1] network 192.168.3.
Protocol: RIP SubProtID: 0x1 Cost: 1 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff Process ID: 1 Age: 04h20m37s Preference: 100 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 192.168.1.2 Flags: 0x1008c OrigNextHop: 192.168.1.2 Label: NULL RealNextHop: 192.168.1.
has a smaller cost than that redistributed from Router C, so Router B uses the route through GigabitEthernet 2/1/1. • Enable BFD for RIP on GigabitEthernet 2/1/2 of Router A, and specify GigabitEthernet 2/1/1 of Router B as the destination. When a unidirectional link occurs between Router A and Router B, BFD can quickly detect the link failure and notify RIP. RIP then deletes the neighbor relationship and the route information learned on GigabitEthernet 2/1/2.
[RouterC-rip-1] quit 3. Configure BFD parameters on GigabitEthernet 2/1/2 of Router A. [RouterA] bfd echo-source-ip 11.11.11.11 [RouterA] interface gigabitethernet 2/1/2 [RouterA-GigabitEthernet2/1/2] bfd min-echo-receive-interval 500 [RouterA-GigabitEthernet2/1/2] quit 4. Configure static routes: # Configure a static route on Router A. [RouterA] ip route-static 100.1.1.0 24 null 0 # Configure a static route on Router C. [RouterC] ip route-static 100.1.1.
Destination: 100.1.1.0/24 Protocol: RIP Process ID: 1 SubProtID: 0x1 Age: 00h21m23s Cost: 4 Preference: 100 Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: default-vrf TableID: 0x2 OrigAs: 0 NBRID: 0x12000003 AttrID: 0xffffffff LastAs: 0 Neighbor: 192.168.3.2 Flags: 0x1008c OrigNextHop: 192.168.3.2 Label: NULL RealNextHop: 192.168.3.
Device Interface IP address Router B GigabitEthernet 2/1/1 192.168.2.1/24 Router B GigabitEthernet 2/1/2 192.168.1.2/24 Router C GigabitEthernet 2/1/1 192.168.2.2/24 Router C GigabitEthernet 2/1/2 192.168.4.2/24 Router D GigabitEthernet 2/1/1 192.168.3.2/24 Router D GigabitEthernet 2/1/2 192.168.4.1/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2.
[RouterC-GigabitEthernet2/1/1] quit # Configure Router D. system-view [RouterD] rip 1 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary [RouterD-rip-1] network 192.168.3.0 [RouterD-rip-1] network 192.168.4.0 [RouterD-rip-1] quit 3. Configure BFD parameters for the interfaces: # Configure Router A. [RouterA] bfd session init-mode active [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ip address 192.168.3.
# Configure a static route to Router C on Router A. [RouterA] ip route-static 192.168.2.0 24 gigabitethernet2/1/2 192.168.1.2 [RouterA] quit # Configure a static route to Router A on Router C. [RouterC] ip route-static 192.168.1.0 24 gigabitethernet2/1/1 192.168.2.1 Verifying the configuration # Display the BFD session information on Router A.
NBRID: 0x12000003 AttrID: 0xffffffff LastAs: 0 Neighbor: 192.168.3.2 Flags: 0x1008c OrigNextHop: 192.168.3.2 Label: NULL RealNextHop: 192.168.3.2 BkLabel: NULL Tunnel ID: Invalid BkTunnel ID: Invalid BkNextHop: N/A Interface: GigabitEthernet2/1/2 BkInterface: N/A Configuring RIP FRR Network requirements As shown in Figure 14, Router S, Router A, and Router D run RIPv2. Configure RIP FRR so that when Link A becomes unidirectional, traffic can be switched to Link B immediately.
[RouterD-route-policy-frr-10] quit [RouterD] rip 1 [RouterD-rip-1] fast-reroute route-policy frr [RouterD-rip-1] quit Verifying the configuration # Display route 4.4.4.4/32 on Router S to view the backup next hop information. [RouterS] display ip routing-table 4.4.4.4 verbose Destination: 4.4.4.
Configuring OSPF In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Open Shortest Path First (OSPF) is a link-state IGP developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. OSPF refers to OSPFv2 throughout this chapter.
LSA types OSPF advertises routing information in Link State Advertisements (LSAs). The following LSAs are commonly used: • Router LSA—Type-1 LSA, originated by all routers and flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. • Network LSA—Type-2 LSA, originated for broadcast and NBMA networks by the designated router, and flooded throughout a single area only. This LSA contains the list of routers connected to the network.
Figure 15 Area-based OSPF network partition Area 4 Area 1 Area 0 Area 2 Area 3 Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF has the following requirements: • All non-backbone areas must maintain connectivity to the backbone area. • The backbone area must maintain connectivity within itself.
Figure 17 Virtual link application 2 Area 1 Virtual link R2 R1 Area 0 The virtual link between the two ABRs acts as a point-to-point connection. You can configure interface parameters, such as hello interval, on the virtual link as they are configured on a physical interface. The two ABRs on the virtual link unicast OSPF packets to each other, and the OSPF routers in between convey these OSPF packets as normal IP packets.
• Internal router—All interfaces on an internal router belong to one OSPF area. • ABR—Belongs to more than two areas, one of which must be the backbone area. ABR connects the backbone area to a non-backbone area. An ABR and the backbone area can be connected through a physical or logical link. • Backbone router—At least one interface of a backbone router must reside in the backbone area. All ABRs and internal routers in Area 0 are backbone routers.
Route calculation OSPF computes routes in an area as follows: • Each router generates LSAs based on the network topology around itself, and sends them to other routers in update packets. • Each OSPF router collects LSAs from other routers to compose an LSDB. An LSA describes the network topology around a router, and the LSDB describes the entire network topology of the area. • Each router transforms the LSDB to a weighted directed graph that shows the topology of the area.
The role of a router is subnet (or interface) specific. It might be a DR on one interface and a BDR or DROther on another interface. In Figure 20, solid lines are Ethernet physical links, and dashed lines represent OSPF adjacencies. With the DR and BDR, only seven adjacencies are established. Figure 20 DR and BDR in a network DR DR other BDR DR other Physical links DR other Adjacencies NOTE: In OSPF, "neighbor" and "adjacency" are different concepts.
OSPF configuration task list To run OSPF, you must first enable OSPF on the router. Make a proper configuration plan to avoid incorrect settings that can result in route blocking and routing loops. To configure OSPF, perform the following tasks: Tasks at a glance (Required.) Enabling OSPF (Optional.) Configuring OSPF areas: • Configuring a stub area • Configuring an NSSA area • Configuring a virtual link (Optional.
Tasks at a glance (Optional.
• If you specify a router ID when you create an OSPF process, any two routers in an AS must have different router IDs. A common practice is to specify the IP address of an interface as the router ID. • If you specify no router ID when you create the OSPF process, the global router ID is used. HP recommends specifying a router ID when you create the OSPF process. OSPF supports multiple processes and VPNs: • To run multiple OSPF processes, you must specify an ID for each process.
Step Command Remarks By default, OSPF is disabled on an interface. 3. Enable an OSPF process on the interface. ospf process-id area area-id [ exclude-subip ] If the specified OSPF process and area do not exist, the command creates the OSPF process and area. Disabling an OSPF process on an interface does not delete the OSPF process or the area.
Configuring an NSSA area A stub area cannot import external routes, but an NSSA area can import external routes into the OSPF routing domain while retaining other stub area characteristics. Do not configure the backbone area as an NSSA area or totally NSSA area. To configure an NSSA area, configure the nssa command on all the routers attached to the area. To configure a totally NSSA area, configure the nssa command on all the routers attached to the area and configure the nssa no-summary command on the ABR.
Step Command Remarks By default, no virtual link is configured. 4. Configure a virtual link. vlink-peer router-id [ dead seconds | hello seconds | { { hmac-md5 | md5 } key-id { cipher cipher-string | plain plain-string } | simple { cipher cipher-string | plain plain-string } } | retransmit seconds | trans-delay seconds ] * Configure this command on both ends of a virtual link. The hello and dead intervals must be identical on both ends of the virtual link.
Step Command Remarks 3. Configure the OSPF network type for the interface as broadcast. ospf network-type broadcast By default, the network type of an interface depends on the link layer protocol. 4. (Optional.) Configure a router priority for the interface. ospf dr-priority priority The default router priority is 1.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A By default, the network type of an interface depends on the link layer protocol. After you configure the OSPF network type for an interface as P2MP unicast, all packets are unicast over the interface. The interface cannot broadcast hello packets to discover neighbors, so you must manually specify the neighbors. 3. Configure the OSPF network type for the interface as P2MP. ospf network-type p2mp [ unicast ] 4.
Configuring OSPF route summarization Configure route summarization on an ABR or ASBR to summarize contiguous networks into a single network and distribute it to other areas. Route summarization reduces the routing information exchanged between areas and the size of routing tables, and improves routing performance. For example, three internal networks 19.1.1.0/24, 19.1.2.0/24, and 19.1.3.0/24 are available within an area. You can summarize the three networks into network 19.1.0.
The following filtering methods are available: • Use an ACL or IP prefix list to filter routing information by destination address. • Use the gateway keyword to filter routing information by next hop. • Use an ACL or IP prefix list to filter routing information by destination address. At the same time use the gateway keyword to filter routing information by next hop. • Use a routing policy to filter routing information.
To configure an OSPF cost for an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A ospf cost value By default, the OSPF cost is calculated according to the interface bandwidth. For a loopback interface, the OSPF cost is 0 by default. 3. Configure an OSPF cost for the interface. To configure a bandwidth reference value: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view.
Step Command Remarks 3. Configure a preference for OSPF. preference [ ase ] [ route-policy route-policy-name ] value By default, the preference of OSPF internal routes is 10 and the preference of OSPF external routes is 150. Configuring OSPF route redistribution On a router running OSPF and other routing protocols, you can configure OSPF to redistribute static routes, direct routes, or routes from other protocols, such as RIP, IS-IS, and BGP. OSPF advertises the routes in Type-5 LSAs or Type-7 LSAs.
Step 3. Redistribute a default route. Command Remarks By default, no default route is redistributed. default-route-advertise [ [ [ always | permit-calculate-other ] | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] This command is applicable only to VPNs. The PE router advertises a default route in a Type-3 LSA to a CE router.
Configuration prerequisites Before you configure OSPF network optimization, complete the following tasks: • Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes. • Enable OSPF. Configuring OSPF timers An OSPF interface includes the following timers: • Hello timer—Interval for sending hello packets. It must be identical on OSPF neighbors. • Poll timer—Interval for sending hello packets to a neighbor that is down on the NBMA network.
Specifying LSA transmission delay To avoid LSAs from aging out during transmission, set an LSA retransmission delay especially for low speed links. To specify the LSA transmission delay on an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify the LSA transmission delay. ospf trans-delay seconds The default setting is 1 second.
Step Command Remarks 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Configure interval. the LSA arrival The default setting is 1000 milliseconds. lsa-arrival-interval interval Make sure this interval is smaller than or equal to the interval set with the lsa-generation-interval command.
Step Command Remarks By default, an OSPF interface can receive and send OSPF packets. 3. Disable interfaces from receiving and sending OSPF packets. silent-interface { interface-type interface-number | all } The silent-interface command disables only the interfaces associated with the current process rather than other processes. Multiple OSPF processes can disable the same interface from receiving and sending OSPF packets. Configuring stub routers A stub router is used for traffic control.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enter area view. area area-id N/A • Configure MD5 authentication: 4. Configure area authentication mode. authentication-mode { hmac-md5 | md5 } key-id { cipher | plain } password • Configure simple authentication: authentication-mode simple { cipher | plain } password Use either method. By default, no authentication is configured.
Configuring a DSCP value for OSPF packets Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Configure a DSCP value for OSPF packets. dscp dscp-value By default, the DSCP value for OSPF packets is 48. Configuring the maximum number of external LSAs in LSDB Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view.
{ { If RFC 2328 is compatible with RFC 1583, all these routes have equal preference. If RFC 2328 is not compatible with RFC 1583, the intra-area route in a non-backbone area is preferred to reduce the burden of the backbone area. The inter-area route and intra-area route in the backbone area have equal preference. 2. Selects the route with the lower cost if two routes have equal preference. 3. Selects the route with the larger originating area ID if two routes have equal cost.
Step Command Remarks 1. Enter system view. system-view N/A 2. Bind OSPF MIB to an OSPF process. ospf mib-binding process-id By default, OSPF MIB is bound to the process with the smallest process ID. 3. Enable SNMP notifications for OSPF.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPF view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enable OSPF ISPF. ispf enable By default, OSPF ISPF is enabled. Configuring prefix suppression An OSPF interface by default advertises all its prefixes in LSAs. You can suppress interfaces from advertising all their prefixes to speed up OSPF convergence.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable prefix suppression on the interface. ospf prefix-suppression [ disable ] By default, prefix suppression is disabled on an interface. Configuring prefix prioritization This feature enables the device to install prefixes in descending priority order: critical, high, medium, and low. The prefix priorities are assigned through routing policies.
Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the source IP address of BFD echo packets. bfd echo-source-ip ip-address By default, the source IP address of BFD echo packets is not configured. 3. Enter interface view. interface interface-type interface-number N/A 4. Enable BFD for OSPF PIC. ospf primary-path-detect bfd echo By default, BFD for OSPF PIC is disabled. Configuring the number of OSPF logs OSPF logs include route calculation logs and neighbor logs.
IMPORTANT: You cannot enable OSPF NSR on a device that acts as GR restarter. Configuring the IETF OSPF GR restarter Step Command Remarks 1. Enter system view. system-view N/A 2. Enable OSPF and enter its view. ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * N/A 3. Enable opaque LSA reception and advertisement capability. opaque-capability enable By default, opaque LSA reception and advertisement capability is enabled. 4. Enable the IETF GR.
Step Command Remarks 3. Enable opaque LSA reception and advertisement capability. opaque-capability enable By default, opaque LSA reception and advertisement capability is enabled. 4. (Optional.) Enable GR helper capability. graceful-restart helper enable [ planned-only ] By default, GR helper capability is enabled. 5. (Optional.) Enable strict LSA checking for the GR helper. graceful-restart helper strict-lsa-checking By default, strict LSA checking for the GR helper is disabled.
Nonstop routing (NSR) backs up OSPF link state information from the active process to the standby process. After an active/standby switchover, NSR can complete link state recovery and route regeneration without tearing down adjacencies or impacting forwarding services. NSR does not require the cooperation of neighboring devices to recover routing information, and is used more often than GR. IMPORTANT: A device that has OSPF NSR enabled cannot act as GR restarter.
Step Command Remarks 2. Configure the source address of echo packets. bfd echo-source-ip ip-address By default, the source address of echo packets is not configured. 3. Enter interface view. interface interface-type interface-number N/A 4. Enable BFD single-hop echo detection. ospf bfd enable echo By default, BFD single-hop echo detection is disabled.
Configuration procedure Configuring OSPF FRR to calculate a backup next hop using the LFA algorithm Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable LFA calculation on an interface. ospf fast-reroute lfa-backup By default, the interface on which LFA calculation is enabled can be selected as a backup interface. 4. Return to system view. quit N/A 5. Enter OSPF view.
Step Command Remarks 4. Enable BFD for OSPF FRR. ospf primary-path-detect bfd echo By default, BFD for OSPF FRR is disabled. Displaying and maintaining OSPF Execute display commands in any view and reset commands in user view. Task Command Display OSPF process information. display ospf [ process-id ] [ verbose ] Display OSPF GR information. display ospf [ process-id ] graceful-restart [ verbose ] Display OSPF FRR backup next hop information.
Task Command Display OSPF ASBR route summarization information. display ospf [ process-id ] asbr-summary [ ip-address { mask-length | mask } ] Display the global route ID. display router id Clear OSPF statistics. reset ospf [ process-id ] statistics Clear OSPF log information. reset ospf [ process-id ] event-log [ peer | spf ] Reset an OSPF process. reset ospf [ process-id ] process [ graceful-restart ] Re-enable OSPF route redistribution.
[RouterA-ospf-1-area-0.0.0.1] quit [RouterA-ospf-1] quit # Configure Router B. system-view [RouterB] router id 10.3.1.1 [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] area 2 [RouterB-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.2] quit [RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] router id 10.4.1.
Area 0.0.0.1 interface 10.2.1.1(GigabitEthernet2/1/2)'s neighbors Router ID: 10.4.1.1 State: Full DR: 10.2.1.1 Address: 10.2.1.2 Mode: Nbr is Master BDR: 10.2.1.2 GR State: Normal Priority: 1 MTU: 0 Options is 0x02 (-|-|-|-|-|-|E|-) Dead timer due in 32 sec Neighbor is up for 06:03:12 Authentication Sequence: [ 0 ] Neighbor state change count: 5 # Display OSPF routing information on Router A. [RouterA] display ospf routing OSPF Process 1 with Router ID 10.2.1.
56 bytes from 10.4.1.1: icmp_seq=2 ttl=253 time=0.779 ms 56 bytes from 10.4.1.1: icmp_seq=3 ttl=253 time=1.702 ms 56 bytes from 10.4.1.1: icmp_seq=4 ttl=253 time=1.471 ms --- Ping statistics for 10.4.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.779/1.408/1.702/0.323 ms OSPF route redistribution configuration example Network requirements As shown in Figure 23: • Enable OSPF on all the routers. • Split the AS into three areas.
Type Destination Area Cost Nexthop RtType Intra 10.3.1.1 0.0.0.2 10 10.3.1.1 ABR Inter 10.4.1.1 0.0.0.2 22 10.3.1.1 ASBR # Display the OSPF routing information on Router D. display ospf routing OSPF Process 1 with Router ID 10.5.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 25 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.
Figure 24 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Enable OSPF: # Configure Router A. system-view [RouterA] router id 11.2.1.2 [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B. system-view [RouterB] router id 11.2.1.1 [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.
# Configure Router D. system-view [RouterD] router id 10.3.1.1 [RouterD] ospf [RouterD-ospf-1] area 0 [RouterD-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.0] quit # Configure Router E. system-view [RouterE] router id 10.4.1.1 [RouterE] ospf [RouterE-ospf-1] area 0 [RouterE-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterE-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [RouterE-ospf-1-area-0.
5. 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 10.1.1.0/24 OSPF 150 1 11.2.1.1 GE2/1/1 10.2.1.0/24 OSPF 150 1 11.2.1.1 GE2/1/1 10.3.1.0/24 OSPF 150 1 11.2.1.1 GE2/1/1 10.4.1.0/24 OSPF 150 1 11.2.1.1 GE2/1/1 11.2.1.0/24 Direct 0 0 11.2.1.2 GE2/1/1 11.2.1.0/32 Direct 0 0 11.2.1.2 GE2/1/1 11.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0 11.2.1.255/32 Direct 0 0 11.2.1.2 GE2/1/1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 0 127.0.0.
• Configure Router D as the ASBR to redistribute static routes. • Configure Area 1 as a stub area to reduce advertised LSAs without influencing reachability. Figure 25 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Enable OSPF (see "Basic OSPF configuration example"). 3. Configure route redistribution: # Configure Router D to redistribute static routes. system-view [RouterD] ip route-static 3.1.2.1 24 10.5.1.
10.1.1.0/24 5 Inter 10.2.1.1 10.2.1.1 0.0.0.1 Destination Cost Type Tag NextHop AdvRouter 3.1.2.0/24 1 Type2 1 10.2.1.1 10.5.1.1 Routing for ASEs Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 Because Router C resides in a normal OSPF area, its routing table contains an AS external route. 4. Configure Area 1 as a stub area: # Configure Router A. system-view [RouterA] ospf [RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] stub [RouterA-ospf-1-area-0.0.0.
[RouterA-ospf-1-area-0.0.0.1] quit # Display OSPF routing information on Router C. [RouterC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 4 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 3 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.4.1.0/24 3 Stub 10.4.1.1 0.0.0.1 10.4.1.
[RouterA-ospf-1] area 1 [RouterA-ospf-1-area-0.0.0.1] nssa [RouterA-ospf-1-area-0.0.0.1] quit # Configure Router C. system-view [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] nssa [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] quit NOTE: • To allow Router C in the NSSA area to reach other areas within the AS, Router A needs to obtain a default route.
10.2.1.0/24 22 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.3.1.0/24 10 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 25 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 10 Stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 12 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Destination Cost Type Tag NextHop AdvRouter 3.1.2.0/24 1 Type2 1 10.3.1.1 10.2.1.
[RouterB] router id 2.2.2.2 [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] router id 3.3.3.3 [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] router id 4.4.4.
Options is 0x02 (-|-|-|-|-|-|E|-) Dead timer due in 31 sec Neighbor is up for 00:01:28 Authentication Sequence: [ 0 ] The output shows that Router D is the DR and Router C is the BDR. 3. Configure router priorities on interfaces: # Configure Router A. [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ospf dr-priority 100 [RouterA-GigabitEthernet2/1/1] quit # Configure Router B.
Authentication Sequence: [ 0 ] The output shows that the DR and BDR are not changed, because the new router priority settings do not take effect immediately. 4. Restart the OSPF process: # Restart the OSPF process on Router D. reset ospf 1 process Warning : Reset OSPF process? [Y/N]:y # Display neighbor information of Router D. display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(GigabitEthernet2/1/1)'s neighbors Router ID: 1.
IP Address Type 192.168.1.1 Broadcast DR State Cost Pri DR BDR 1 100 192.168.1.1 192.168.1.3 [RouterB] display ospf interface OSPF Process 1 with Router ID 2.2.2.2 Interfaces Area: 0.0.0.0 IP Address Type 192.168.1.2 Broadcast DROther State Cost Pri DR BDR 1 0 192.168.1.1 192.168.1.3 The interface state DROther means the interface is not the DR or BDR.
# Configure Router C. system-view [RouterC] ospf 1 router-id 3.3.3.3 [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] area 2 [RouterC–ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterC–ospf-1-area-0.0.0.2] quit [RouterC-ospf-1] quit # Configure Router D. system-view [RouterD] ospf 1 router-id 4.4.4.4 [RouterD-ospf-1] area 2 [RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.
Routing for Network Destination Cost Type 10.2.1.0/24 2 10.3.1.0/24 5 10.1.1.0/24 2 NextHop AdvRouter Area Transit 10.2.1.1 3.3.3.3 0.0.0.1 Inter 10.2.1.2 3.3.3.3 0.0.0.0 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 3 Intra Area: 2 Inter Area: 1 ASE: 0 NSSA: 0 The output shows that Router B has learned the route 10.3.1.0/24 to Area 2.
[RouterB] ospf 100 [RouterB-ospf-100] area 0 [RouterB-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterB-ospf-100-area-0.0.0.0] quit # Configure Router C system-view [RouterC] router id 3.3.3.3 [RouterC] ospf 100 [RouterC-ospf-100] area 0 [RouterC-ospf-100-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterC-ospf-100-area-0.0.0.0] quit 3.
OSPF 100 created OOB Progress timer for neighbor 192.1.1.2. %Oct 21 15:29:29:902 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.2(GigabitEthernet2/1/1) from Loading to Full. *Oct 21 15:29:29:902 2011 RouterA OSPF/7/DEBUG: -MDC=1; OSPF 100 deleted OOB Progress timer for neighbor 192.1.1.2. %Oct 21 15:29:30:897 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.3(GigabitEthernet2/1/1) from Loading to Full.
Verifying the configuration After Router S establishes neighbor relationships with Router A and Router B, they start to exchange routing information. Verify the configuration after network convergence. # Perform an active/standby switchover on Router S.
# Display OSPF neighbors on Router B to verify the neighbor relationship between Router B and Router S. display ospf peer OSPF Process 1 with Router ID 4.4.4.1 Neighbor Brief Information Area: 0.0.0.0 Router ID Address Pri Dead-Time State Interface 3.3.3.1 14.14.14.2 1 Full/BDR GE2/1/1 39 # Display OSPF routes on Router B to verify if there are routes from Router B to the loopback interface on Router A. display ospf routing OSPF Process 1 with Router ID 4.4.4.
Figure 31 Network diagram Table 7 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A GE2/1/1 192.168.0.102/24 Router B GE2/1/2 13.1.1.1/24 Router A GE2/1/2 10.1.1.102/24 Router C GE2/1/1 10.1.1.100/24 Router B GE2/1/1 192.168.0.100/24 Router C GE2/1/2 13.1.1.2/24 Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Enable OSPF: # Configure Router A.
system-view [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit Configure BFD: 3. # Enable BFD on Router A and configure BFD parameters.
Flags: 0x1008c OrigNextHop: 192.168.0.100 Label: NULL RealNextHop: 192.168.0.100 BkLabel: NULL Tunnel ID: Invalid BkTunnel ID: Invalid BkNextHop: N/A Interface: GigabitEthernet2/1/1 BkInterface: N/A The output shows that Router A communicates with Router B through GigabitEthernet 2/1/1. Then the link over GigabitEthernet 2/1/1 fails. # Display routes destined for 120.1.1.0/24 on Router A. display ip routing-table 120.1.1.0 verbose Summary Count : 1 Destination: 120.1.1.
2. Configure OSPF on the routers to make sure Router S, Router A, and Router D can communicate with each other at the network layer. (Details not shown.) 3. Configure OSPF FRR: You can enable OSPF FRR to either calculate a backup next hop by using the LFA algorithm, or specify a backup next hop by using a routing policy. { (Method 1.) Enable OSPF FRR to calculate a backup next hop by using the LFA algorithm: # Configure Router S.
Protocol: OSPF SubProtID: 0x1 Cost: 1 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff Process ID: 1 Age: 04h20m37s Preference: 10 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 13.13.13.2 Label: NULL RealNextHop: 13.13.13.2 BkLabel: NULL BkNextHop: 12.12.12.2 Tunnel ID: Invalid Interface: GigabitEthernet2/1/2 BkTunnel ID: Invalid BkInterface: GigabitEthernet2/1/1 # Display route 1.1.1.
2. Use the display ospf interface command to verify OSPF interface information. 3. Ping the neighbor router's IP address to verify that the connectivity is normal. 4. Verify OSPF timers. The dead interval on an interface must be at least four times the hello interval. 5. On an NBMA network, use the peer ip-address command to manually specify the neighbor. 6. At least one interface must have a router priority higher than 0 on an NBMA or a broadcast network.
Configuring IS-IS In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the ISO to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1195 by the IETF for application in both TCP/IP and OSI reference models, called "Integrated IS-IS" or "Dual IS-IS.
• System ID—Identifies the host. • SEL—Identifies the type of service. The IDP and DSP are variable in length. The length of an NSAP address ranges from 8 bytes to 20 bytes. Figure 33 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain. Different routing domains cannot have the same area address. Typically, a router only needs one area address, and all nodes in the same area must have the same area address.
• Area ID—Has a length of 1 to 13 bytes. • System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6 bytes. • SEL—Has a value of 0 and a fixed length of 1 byte. For example, for a NET ab.cdef.1234.5678.9abc.00, the area ID is ab.cdef, the system ID is 1234.5678.9abc, and the SEL is 00. Typically, a router only needs one NET, but it can have a maximum of three NETs for smooth area merging and partitioning.
Figure 34 IS-IS topology 1 Area 3 Area 2 L1/L2 L1/L2 L2 L2 L1 Area 1 L2 L2 Area 5 L1/L2 Area 4 L1 L1/L2 L1 L1 L1 L1 Figure 35 shows another IS-IS topology. The Level-1-2 routers connect to the Level-1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology. The backbone comprises all contiguous Level-2 and Level-1-2 routers in different areas. The IS-IS backbone does not need to be a specific area.
passing through the Level-1-2 router might not be the best. To solve this problem, IS-IS provides the route leaking feature. Route leaking enables a Level-1-2 router to advertise the routes of other Level-1 areas and the Level-2 area to the connected Level-1 area so that the Level-1 routers can select the optimal routes for packets. IS-IS network types Network types IS-IS supports broadcast networks (for example, Ethernet and Token Ring) and point-to-point networks (for example, PPP and HDLC).
NOTE: On an IS-IS broadcast network, all routers establish adjacency relationships, but they synchronize their LSDBs through the DIS. IS-IS PDUs PDU IS-IS PDUs are encapsulated into link layer frames. An IS-IS PDU has two parts, the headers and the variable length fields. The headers comprise the PDU common header and the PDU specific header. All PDUs have the same PDU common header. The specific headers vary by PDU type.
A PSNP only contains the sequence numbers of one or multiple latest received LSPs. It can acknowledge multiple LSPs at one time. When LSDBs are not synchronized, a PSNP is used to request missing LSPs from a neighbor. CLV The variable fields of PDU comprise multiple Code-Length-Value (CLV) triplets. Figure 38 CLV format Table 9 shows that different PDUs contain different CLVs. Codes 1 through 10 are defined in ISO 10589 (code 3 and 5 are not shown in the table).
• RFC 1195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments • RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS • RFC 2966, Domain-wide Prefix Distribution with Two-Level IS-IS • RFC 2973, IS-IS Mesh Groups • RFC 3277, IS-IS Transient Blackhole Avoidance • RFC 3358, Optional Checksums in ISIS • RFC 3373, Three-Way Handshake for IS-IS Point-to-Point Adjacencies • RFC 3567, Intermediate System to Intermediate System (IS-IS) Cryptographic Authentication • RFC 3719, Recommend
Tasks at a glance (Optional.
Step Command Remarks 2. Create an IS-IS process and enter its view. isis [ process-id ] [ vpn-instance vpn-instance-name ] By default, the IS-IS process is disabled. 3. Assign a NET. network-entity net By default, NET is not assigned. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A 6. Enable an IS-IS process on the interface. isis enable [ process-id ] By default, no IS-IS process is enabled.
If only two routers exist on a broadcast network, configure the network type of attached interfaces as P2P to avoid DIS election and CSNP flooding, saving network bandwidth and speeding up network convergence. To configure P2P network type for an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A isis circuit-type p2p By default, the network type of an interface depends on the physical media.
Interface bandwidth Interface cost > 2500 Mbps 10 4. If none of the above costs is used, a default cost of 10 applies. Configuring an IS-IS cost for an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. (Optional.) Specify an IS-IS cost style. cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible } [ relax-spf-limit ] } By default, the IS-IS cost type is narrow. 4.
Step Command Remarks • Enter IS-IS view: isis [ process-id ] [ vpn-instance vpn-instance-name ] 2. Enter IS-IS view or IS-IS IPv4 unicast topology view. • Enter IS-IS IPv4 unicast topology view: a. isis [ process-id ] [ vpn-instance vpn-instance-name ] Use either method. b. cost-style { wide | wide-compatible } c. address-family ipv4 [ unicast ] d. topology topo-name tid tid 3. Enable automatic IS-IS cost calculation. auto-cost enable By default, automatic IS-IS cost calculation is disabled. 4.
Step Command Remarks 1. Enter system view. system-view N/A • Enter IS-IS IPv4 unicast address family view: a. isis [ process-id ] [ vpn-instance vpn-instance-name ] 2. Enter IS-IS IPv4 unicast address family view or IS-IS IPv4 unicast topology view. b. cost-style { wide | wide-compatible } c. address-family ipv4 [ unicast ] • Enter IS-IS IPv4 unicast topology view: Use either method. d. isis [ process-id ] [ vpn-instance vpn-instance-name ] e. cost-style { wide | wide-compatible } f.
Advertising a default route IS-IS cannot redistribute a default route to its neighbors. This task enables IS-IS to advertise a default route of 0.0.0.0/0 in an LSP to the same-level neighbors. Upon receiving the default route, the neighbors add it into their routing table. To advertise a default route: Step Command Remarks 1. Enter system view. system-view N/A • Enter IS-IS IPv4 unicast address family view: a. isis [ process-id ] [ vpn-instance vpn-instance-name ] 2.
Step Command Remarks By default, no route is redistributed. 3. Redistribute routes from other routing protocols or other IS-IS processes. 4. (Optional.) Configure the maximum number of redistributed Level 1/Level 2 IPv4 routes.
Step Command Remarks 3. Filter routes calculated using received LSPs. filter-policy { acl-number | prefix-list prefix-list-name | route-policy route-policy-name } import By default, IS-IS route filtering is not configured. Filtering redistributed routes IS-IS can redistribute routes from other routing protocols or other IS-IS processes, add them to the IS-IS routing table, and advertise them in LSPs. Perform this task to filter redistributed routes.
Step Command Remarks • Enter IS-IS IPv4 unicast address family view: a. isis [ process-id ] [ vpn-instance vpn-instance-name ] 2. Enter IS-IS IPv4 unicast address family view or IS-IS IPv4 unicast topology view. b. cost-style { wide | wide-compatible } c. address-family ipv4 [ unicast ] • Enter IS-IS IPv4 unicast topology view: Use either method. d. isis [ process-id ] [ vpn-instance vpn-instance-name ] e. cost-style { wide | wide-compatible } f. address-family ipv4 [ unicast ] g.
Specifying the IS-IS hello multiplier The hello multiplier is the number of hello packets a neighbor must miss before it declares that the router is down. If a neighbor receives no hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes. The hold time is the hello multiplier multiplied by the hello interval. On a broadcast link, Level-1 and Level-2 hello packets are advertised separately. You must set a hello multiplier for each level.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure a DIS priority for the interface. isis dis-priority value [ level-1 | level-2 ] The default setting is 64. Enabling source address check for hello packets on a PPP interface An IS-IS PPP interface can have a peer on a different network. Perform this task to configure an IS-IS PPP interface to establish neighbor relationship only with a peer on the same network.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable the interface to send small hello packets without CLVs. isis small-hello By default, the interface can send standard hello packets. Configuring LSP parameters Configuring LSP timers 1. Specify the maximum age of LSPs. Each LSP has an age that decreases in the LSDB. Any LSP with an age of 0 is deleted from the LSDB.
Step Command Remarks By default: 4. Specify the generation interval. LSP timer lsp-generation maximum-interval [ minimum-interval [ incremental-interval ] ] [ level-1 | level-2 ] • The maximum interval is 5 seconds. • The minimum interval is 20 milliseconds. • The incremental interval is 200 milliseconds. 3. Specify LSP sending intervals. If a change occurs in the LSDB, IS-IS advertises the changed LSP to neighbors.
Enabling LSP flash flooding Changed LSPs can trigger SPF recalculation. To advertise the changed LSPs before the router recalculates routes for faster network convergence, enable LSP flash flooding. To enable LSP flash flooding: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable LSP flash flooding.
Figure 39 Network diagram of a fully meshed network To avoid this problem, you can add interfaces to a mesh group or block some interfaces. • An interface in a mesh group floods a received LSP only to interfaces not in the mesh group. • A blocked interface sends LSPs only after receiving LSP requests. Before you configure this task, you must consider redundancy for interfaces in case LSP packets cannot be flooded because of link failures.
Step Command Remarks • Enter IS-IS view: isis [ process-id ] [ vpn-instance vpn-instance-name ] • Enter IS-IS IPv4 unicast address family view: 2. Enter IS-IS view or IS-IS IPv4 unicast address family view. a. isis [ process-id ] [ vpn-instance vpn-instance-name ] Use either method. b. cost-style { wide | wide-compatible } c. address-family ipv4 [ unicast ] d. topology topo-name tid tid By default: • The maximum interval is 5 3. Configure the SPF calculation interval.
Setting the LSDB overload bit By setting the overload bit in sent LSPs, a router informs other routers of failures that make it unable to select routes and forward packets. When an IS-IS router cannot record the complete LSDB, for example, because of memory insufficiency, it will calculate wrong routes. To make troubleshooting easier, temporarily isolate the router from the IS-IS network by setting the overload bit. To set the LSDB overload bit: Step Command Remarks 1. Enter system view.
Configuring the tag value for an interface Perform this task when the link cost style is wide, wide-compatible, or compatible. When IS-IS advertises a prefix with a tag value, IS-IS adds the tag to the IP reachability information TLV of the prefix. To configure the tag value for an interface: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the tag value for the interface.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Specify a host name for the IS and enable dynamic system ID to host name mapping. is-name sys-name By default, no host name is specified for the router. 4. Return to system view. quit N/A 5. Enter interface view. interface interface-type interface-number N/A By default, no DIS name is configured. 6. Configure a DIS name.
Step Command Remarks • Enter IS-IS IPv4 unicast address family view: a. isis [ process-id ] [ vpn-instance vpn-instance-name ] 2. Enter IS-IS IPv4 unicast address family view or IS-IS IPv4 unicast topology view. b. cost-style { wide | wide-compatible } c. address-family ipv4 [ unicast ] • Enter IS-IS IPv4 unicast topology view: Use either method. d. isis [ process-id ] [ vpn-instance vpn-instance-name ] e. cost-style { wide | wide-compatible } f. address-family ipv4 [ unicast ] g.
To configure IS-IS network management: Step Command Remarks 1. Enter system view. system-view N/A 2. Bind MIB to an IS-IS process. isis mib-binding process-id By default, MIB is bound to the IS-IS process with the smallest process ID. 3. Enable IS-IS notification sending.
Step Command Remarks 2. Configure the source IP address of BFD echo packets. bfd echo-source-ip ip-address By default, the source IP address of BFD echo packets is not configured. 3. Enter interface view. interface interface-type interface-number N/A 4. Enable BFD for IS-IS PIC. isis primary-path-detect bfd echo By default, BFD for IS-IS PIC is disabled. Enhancing IS-IS network security To enhance the security of an IS-IS network, you can configure IS-IS authentication.
Configuring area authentication Area authentication prevents the router from installing routing information from untrusted routers into the Level-1 LSDB. The router encapsulates the authentication password in the specified mode in Level-1 packets (LSP, CSNP, and PSNP). It also checks the password in received Level-1 packets. Routers in a common area must have the same authentication mode and password.
Step Command Remarks 3. Specify the routing domain authentication mode and password. domain-authentication-mode { md5 | simple | gca key-id { hmac-sha-1 | hmac-sha-224 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 } } { cipher cipher-string | plain plain-string } [ ip | osi ] By default, no routing domain authentication is configured.
Step Command Remarks 3. Enable IS-IS GR. graceful-restart By default, the GR capability for IS-IS is disabled. By default, the SA bit is not suppressed. 4. (Optional.) Suppress the SA bit during restart. graceful-restart suppress-sa 5. (Optional.) Configure the T1 timer. graceful-restart t1 seconds count count By default, the T1 timer is 3 seconds and can expire 10 times. 6. (Optional.) Configure the T2 timer. graceful-restart t2 seconds By default, the T2 timer is 60 seconds. 7. (Optional.
Configuring BFD for IS-IS BFD provides a single mechanism to quickly detect and monitor the connectivity of links between IS-IS neighbors, reducing network convergence time. For more information about BFD, see High Availability Configuration Guide. To configure BFD for IS-IS: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Enable IS-IS on an interface. isis enable [ process-id ] N/A 4.
• The automatic backup next hop calculation of FRR and that of TE are mutually exclusive. Configuration procedure Configuring IS-IS FRR to automatically calculate a backup next hop Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. (Optional.) Disable LFA calculation on the interface.
Step Command Remarks • Enter IS-IS IPv4 unicast address family view: a. isis [ process-id ] [ vpn-instance vpn-instance-name ] 5. Enter IS-IS IPv4 unicast address family view or IS-IS IPv4 unicast topology view. b. cost-style { wide | wide-compatible } c. address-family ipv4 [ unicast ] • Enter IS-IS IPv4 unicast topology view: Use either method. d. isis [ process-id ] [ vpn-instance vpn-instance-name ] e. cost-style { wide | wide-compatible } address-family ipv4 [ unicast ] f. g.
Figure 41 Network diagram As shown in Figure 41, the base topology is split into two topologies, topology A and topology B. You can forward voice traffic through topology A and video traffic through topology B. Router B does not belong to topology A. In topology B, the links between Router A and Router D and the links between Router B and Router C do not exist. Route calculation and traffic forwarding are performed in each topology independently.
Step Command Remarks 9. Enable IS-IS for the specified topology on the interface. isis topology enable By default, IS-IS is disabled for the topology. Displaying and maintaining IS-IS Execute display commands in any view and the reset command in user view. Task Command Display IS-IS process information (MSR2000/MSR3000). display isis [ process-id ] Display IS-IS backup process information (MSR4000).
Task Command Display IS-IS IPv4 topology information. display isis spf-tree [ ipv4 [ topology topo-name ] ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ] Display IS-IS statistics. display isis statistics [ ipv4 [ topology topo-name ] ] [ level-1 | level-1-2 | level-2 ] [ process-id ] Display OSI connection information (MSR2000/MSR3000). display osi Display OSI connection information (MSR4000). display osi [ slot slot-number ] Display OSI connection statistics (MSR2000/MSR3000).
Figure 42 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IS-IS: # Configure Router A system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] isis enable 1 [RouterA-GigabitEthernet2/1/1] quit # Configure Router B.
[RouterC] interface gigabitethernet 2/1/2 [RouterC-GigabitEthernet2/1/2] isis enable 1 [RouterC-GigabitEthernet2/1/2] quit # Configure Router D system-view [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.
0000.0000.0003.00-00 0x00000014 0x194a 1190 111 1/0/0 0000.0000.0003.01-00 0x00000002 0xabdb 995 55 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [RouterC] display isis lsdb Database information for ISIS(1) -------------------------------Level-1 Link State Database --------------------------LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------0000.0000.0001.
[RouterA] display isis route Route information for IS-IS(1) ------------------------------ Level-1 IPv4 Forwarding Table ----------------------------- IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------10.1.1.0/24 10 NULL GE2/1/1 Direct D/L/- 10.1.2.0/24 20 NULL GE2/1/1 10.1.1.1 R/-/- 192.168.0.0/24 20 NULL GE2/1/1 10.1.1.1 R/-/- 0.0.0.0/0 10 NULL GE2/1/1 10.1.1.
Level-2 IPv4 Forwarding Table ----------------------------IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------192.168.0.0/24 10 NULL GE2/1/2 Direct D/L/- 10.1.1.0/24 20 NULL GE2/1/2 192.168.0.1 R/-/- 10.1.2.0/24 20 NULL GE2/1/2 192.168.0.1 R/-/- 172.16.0.
[RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] isis enable 1 [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
Interface: GigabitEthernet2/1/1 State: Up HoldTime: 23s Circuit Id: 0000.0000.0004.01 Type: L2 PRI: 64 # Display information about IS-IS interfaces of Router A. [RouterA] display isis interface Interface information for IS-IS(1) --------------------------------Interface: GigabitEthernet2/1/1 Id IPv4.State IPv6.State MTU Type DIS 001 Up Down 1497 L1/L2 No/No # Display IS-IS interfaces of Router C.
State: Up HoldTime: 22s Type: L1 PRI: 64 System Id: 0000.0000.0002 Interface: GigabitEthernet2/1/1 State: Up HoldTime: 22s Circuit Id: 0000.0000.0001.01 Type: L2(L1L2) PRI: 64 System Id: 0000.0000.0004 Interface: GigabitEthernet2/1/1 State: Up HoldTime: 22s Circuit Id: 0000.0000.0001.01 Type: L2 PRI: 64 # Display information about IS-IS interfaces of Router A.
Interface: GigabitEthernet2/1/1 State: Up HoldTime: 7s Circuit Id: 0000.0000.0001.01 Type: L2 PRI: 100 System Id: 0000.0000.0002 Interface: GigabitEthernet2/1/1 State: Up HoldTime: 26s Circuit Id: 0000.0000.0001.01 Type: L2 PRI: 64 [RouterD] display isis interface Interface information for IS-IS(1) --------------------------------- Interface: GigabitEthernet2/1/1 Id IPv4.State IPv6.
[RouterA-GigabitEthernet2/1/1] isis enable 1 [RouterA-GigabitEthernet2/1/1] quit # Configure Router B. system-view [RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable 1 [RouterB-GigabitEthernet2/1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
0.0.0.0/0 10 NULL GE2/1/1 10.1.1.1 R/-/- Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set [RouterC] display isis route Route information for IS-IS(1) ----------------------------- Level-1 IPv4 Forwarding Table ----------------------------- IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------10.1.1.0/24 10 NULL GE2/1/1 Direct D/L/- 10.1.2.
[RouterD] rip 1 [RouterD-rip-1] network 10.0.0.0 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary # Configure RIPv2 on Router E. [RouterE] rip 1 [RouterE-rip-1] network 10.0.0.0 [RouterE-rip-1] version 2 [RouterE-rip-1] undo summary # On Router D, configure IS-IS to redistribute routes from RIP. [RouterD-rip-1] quit [RouterD] isis 1 [RouterD–isis-1] address-family ipv4 [RouterD–isis-1-ipv4] import-route rip level-2 # Display IS-IS routing information on Router C.
IS-IS authentication configuration example Network requirements As shown in Figure 45, Router A, Router B, Router C, and Router D reside in the same IS-IS routing domain. Router A, Router B, and Router C belong to Area 10, and Router D belongs to Area 20. • Configure neighbor relationship authentication between neighbors. • Configure area authentication in Area 10 to prevent untrusted routes from entering into the area.
# Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
4. Configure the area authentication mode as MD5 and set the plaintext password to 10Sec on Router A, Router B, and Router C. [RouterA] isis 1 [RouterA-isis-1] area-authentication-mode md5 plain 10Sec [RouterA-isis-1] quit [RouterB] isis 1 [RouterB-isis-1] area-authentication-mode md5 plain 10Sec [RouterB-isis-1] quit [RouterC] isis 1 [RouterC-isis-1] area-authentication-mode md5 plain 10Sec [RouterC-isis-1] quit 5.
Verifying the configuration After Router A establishes adjacencies with Router B and Router C, they begin to exchange routing information. # Restart the IS-IS process on Router A. reset isis all 1 graceful-restart Reset IS-IS process? [Y/N]:y Router A enters the restart state and sends connection requests to its neighbors through the GR mechanism to synchronize the LSDB. # Check the IS-IS GR state on Router A.
2. Configure IS-IS on the routers to make sure Router S, Router A, and Router B can communicate with each other at Layer 3 and dynamic route update can be implemented among them with IS-IS. (Details not shown.) 3. Enable IS-IS NSR on Router S. system-view [RouterS] isis 1 [RouterS-isis-1] non-stop-routing [RouterS-isis-1] return Verifying the configuration After Router S establishes adjacencies with Router A and Router B, they begin to exchange routing information.
ifnet NA NA isis 0/0 1/0 Continue? [y/n]:y Re-optimization of the placement start. You will be notified on completion Re-optimization of the placement complete. Use 'display placement' to view the new placement # During the switchover period, display IS-IS neighbor information on Router A to verify the neighborship between Router A and Router S. display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set # Display IS-IS neighbor information on Router B to verify the neighborship between Router B and Router S. display isis peer Peer information for ISIS(1) ---------------------------- System Id: 0000.0000.0001 Interface: GE2/1/1 State: Up Circuit Id: 0000.0000.0001.01 HoldTime: 23s Type: L1(L1L2) PRI: 64 System Id: 0000.0000.0001 Interface: GE2/1/1 State: Up Circuit Id: 0000.0000.0001.
The output shows that the neighbor information and routing information on Router A and Router B have not changed during the active/standby switchover on Router S. The neighbors are unaware of the switchover. BFD for IS-IS configuration example Network requirements • As shown in Figure 48, run IS-IS on Router A, Router B and Router C so that they can reach each other at the network layer.
system-view [RouterB] isis [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis enable [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] isis enable [RouterB-GigabitEthernet2/1/2] quit # Configure Router C. system-view [RouterC] isis [RouterC-isis-1] network-entity 10.0000.0000.0003.
# Display routes destined for 120.1.1.0/24 on Router A. display ip routing-table 120.1.1.0 verbose Summary Count : 1 Destination: 120.1.1.0/24 Protocol: ISIS SubProtID: 0x1 Cost: 10 Tag: 0 OrigTblID: 0x0 TableID: 0x2 NBRID: 0x26000002 AttrID: 0xffffffff Process ID: 1 Age: 04h20m37s Preference: 10 State: Active Adv OrigVrf: default-vrf OrigAs: 0 LastAs: 0 Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 192.168.0.100 Label: NULL RealNextHop: 192.168.0.
• Configure IS-IS FRR so that when Link A fails, traffic can be switched to Link B immediately. Figure 49 Network diagram Configuration procedure 1. Configure IP addresses and subnet masks for interfaces on the routers. (Details not shown.) 2. Configure IS-IS on the routers to make sure Router A, Router D, and Router S can communicate with each other at the network layer. (Details not shown.) 3.
[RouterS-isis-1] quit # Configure Router D. system-view [RouterD] ip prefix-list abc index 10 permit 1.1.1.1 32 [RouterD] route-policy frr permit node 10 [RouterD-route-policy-frr-10] if-match ip address prefix-list abc [RouterD-route-policy-frr-10] apply fast-reroute backup-interface gigabitethernet 2/1/1 backup-nexthop 24.24.24.
AttrID: 0xffffffff Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 13.13.13.1 Label: NULL RealNextHop: 13.13.13.1 BkLabel: NULL BkNextHop: 24.24.24.
Configuring BGP In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP). It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271).
• Notification—BGP sends a Notification message upon detecting an error and immediately closes the connection. BGP path attributes BGP uses the following path attributes in update messages for route filtering and selection: • ORIGIN The ORIGIN attribute specifies the origin of BGP routes. This attribute has the following types: { IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute. { EGP—Has the second highest priority.
a routing policy to control BGP route selection by modifying the AS_PATH length. For more information about routing policy, see "Configuring routing policies." { • Filter routes—By using an AS path list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about AS path list, see "Configuring routing policies." NEXT_HOP The NEXT_HOP attribute may not be the IP address of a directly-connected router.
Figure 52 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 MED = 0 EBGP IBGP 9.0.0.0 IBGP Router A D = 9.0.0.0 Next_hop = 3.1.1.1 MED = 100 AS 10 EBGP Router D IBGP 3.1.1.1 Router C MED = 100 AS 20 Generally BGP only compares MEDs of routes received from the same AS. You can also use the compare-different-as-med command to force BGP to compare MED values of routes received from different ASs.
Figure 53 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a 4-byte integer).
The device supports the route target and Site of Origin (SoO) extended community attributes. For information about route target, see MPLS Configuration Guide. The SoO attribute specifies the site where the route originated. It prevents advertising a route back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops. The SoO attribute has the following formats: { 16-bit AS number:32-bit user-defined number. For example, 100:3.
• After establishing a session with a new BGP peer, BGP advertises all the routes matching the above rules to the peer. After that, BGP advertises only incremental updates to the peer. BGP load balancing BGP implements load balancing through route recursion and route selection. • BGP load balancing through route recursion. The next hop of a BGP route may not be directly connected. One of the reasons is next hops in routing information exchanged between IBGP peers are not modified.
After that, Router C forwards to Router A and Router B a single route that has NEXT_HOP changed to Router C and other attributes changed to those of the optimal route. NOTE: BGP load balancing is applicable between EBGP peers, between IBGP peers, and between confederations. Settlements for problems in large-scale BGP networks You can use the following methods to facilitate management and improve route distribution efficiency on a large-scale BGP network.
• Peer group You can organize BGP peers with the same attributes into a group to simplify their configurations. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed. • Community You can apply a community list or an extended community list to a routing policy for route control. For more information, see "BGP path attributes.
Figure 57 Network diagram for route reflectors When the BGP routers in an AS are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. You can use commands to disable route reflection instead of modifying network configuration or changing network topology. After route reflection is disabled between clients, routes can still be reflected between a client and a non-client. • Confederation Confederation is another method to manage growing IBGP connections in an AS.
In large-scale BGP networks, you can use both route reflector and confederation. MP-BGP BGP-4 can only carry IPv4 unicast routing information. Multiprotocol Extensions for BGP-4 (MP-BGP) can carry routing information for the following address families: • IPv6 unicast address family. • IPv4 multicast and IPv6 multicast address families. PIM uses static and dynamic unicast routes to perform RPF check before creating multicast routing entries.
BGP configuration views BGP uses different views to manage routing information for different address families and different VPN instances. Most BGP commands are available in all BGP views. BGP supports multiple VPN instances by establishing a separate routing table for each VPN instance. Table 11 describes different BGP configuration views.
View names BGP L2VPN address family view Ways to enter the views Remarks system-view Configurations in this view apply to L2VPN information and L2VPN peers. [Sysname] bgp 100 [Sysname-bgp] address-family l2vpn [Sysname-bgp-l2vpn] For more information about BGP l2VPN address family view, see MPLS Configuration Guide.
• RFC 3392, Capabilities Advertisement with BGP-4 • RFC 4271, A Border Gateway Protocol 4 (BGP-4) • RFC 4360, BGP Extended Communities Attribute • RFC 4724, Graceful Restart Mechanism for BGP • RFC 4760, Multiprotocol Extensions for BGP-4 • RFC 5082, The Generalized TTL Security Mechanism (GTSM) • RFC 6037, Cisco Systems' Solution for Multicast in BGP MPLS IP VPNs BGP configuration task list In a basic BGP network, you only need to perform the following configurations: • Enable BGP.
Tasks at a glance Remarks (Optional.
Tasks at a glance Remarks (Optional.) Controlling route distribution and reception: • • • • • • Configuring BGP route summarization Advertising optimal routes in the IP routing table Advertising a default route to a peer or peer group N/A Limiting routes received from a peer or peer group Configuring BGP route filtering policies Configuring BGP route dampening (Optional.
Configuring basic BGP This section describes the basic settings required for a BGP network to run. Enabling BGP A router ID is the unique identifier of a BGP router in an AS. • To ensure the uniqueness of a router ID and enhance availability, specify in BGP view the IP address of a local loopback interface as the router ID. • If no router ID is specified in BGP view, the global router ID is used.
Configuring a BGP peer Configuring a BGP peer (IPv4 unicast address family) Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Create an IPv4 BGP peer and specify its AS number. peer ip-address as-number as-number By default, no IPv4 BGP peer is created. 4. (Optional.) Configure description for a peer.
Configuring a BGP peer (IPv4 multicast address family) Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view bgp as-number N/A 3. Create an IPv4 BGP peer and specify its AS number. peer ip-address as-number as-number By default, no IPv4 BGP peer is created. 4. (Optional.) Configure description for the peer. peer ip-address description description-text By default, no description is configured for a peer.
To configure an IBGP peer group (IPv4 unicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name By default, no IBGP peer group is created. 3. Create an IBGP peer group. group group-name [ internal ] 4. Add a peer into the IBGP peer group. peer ip-address group group-name [ as-number as-number ] 5.
Step Command Remarks 6. Create the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family and enter its view. address-family ipv6 [ unicast ] By default, the BGP IPv6 unicast address family or BGP-VPN IPv6 unicast address family is not created. 7. Enable the router to exchange IPv6 unicast routing information with peers in the specified peer group. peer group-name enable By default, the router cannot exchange IPv6 unicast routing information with the peers.
Step Command Remarks 6. Create the BGP IPv6 multicast address family and enter its view. address-family ipv6 multicast By default, the BGP IPv6 multicast address family is not created. peer group-name enable By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the peer group. 7. Enable the router to exchange IPv6 unicast routing information used for RPF check with peers in the specified peer group.
Step Command Remarks 6. (Optional.) Configure a description for the peer group. peer group-name description description-text By default, no description is configured for the peer group. 7. Create the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family and enter its view. address-family ipv4 [ unicast ] By default, the BGP IPv4 unicast address family or BGP-VPN IPv4 unicast address family is not created. 8.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Specify the AS number of the group. peer group-name as-number as-number By default, no AS number is specified. If a peer group contains peers, you cannot remove or change its AS number. By default, no peer exists in the peer group. 5. Add an IPv6 BGP peer into the EBGP peer group.
Step Command Remarks 6. (Optional.) Configure a description for the peer group. peer group-name description description-text By default, no description is configured for the peer group. 7. Create the BGP IPv6 multicast address family. address-family ipv6 multicast By default, the BGP IPv6 multicast address family is not created. peer group-name enable By default, the router cannot exchange IPv6 unicast routing information used for RPF check with the peers in the group. 8.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Create an IPv6 BGP peer and specify its AS number. peer ipv6-address as-number as-number By default, no IPv6 BGP peer is created. By default, no peer exists in the peer group. 5.
Step Command Remarks 7. Create the BGP IPv4 multicast address family and enter its view. address-family ipv4 multicast By default, the BGP IPv4 multicast address family is not created. peer group-name enable By default, the router cannot exchange IPv4 unicast routing information used for RPF check with the peers in the group. 8. Enable the router to exchange IPv4 unicast routing information used for RPF check with peers in the specified peer group.
Step Command Remarks 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Add a peer into the EBGP peer group. peer ip-address group group-name as-number as-number By default, no peer exists in the peer group. 5. (Optional.) Configure a description for the peer group. peer group-name description description-text By default, no description is configured for the peer group. 6.
Step Command Remarks 3. Create an EBGP peer group. group group-name external By default, no EBGP peer group is created. 4. Add an IPv4 BGP peer into the EBGP peer group. peer ip-address group group-name as-number as-number By default, no peer exists in the peer group. 5. (Optional.) Configure a description for the peer group. peer group-name description description-text By default, no description is configured for the peer group. 6.
• If the source interface fails on a BGP router that has multiple links to a peer, BGP must reestablish TCP connections. To avoid this problem, use a loopback interface as the source interface or use the IP address of a loopback interface as the source address. • If the BGP sessions use the IP addresses of different interfaces, specify a source address or source interface for each peer to establish multiple BGP sessions to a router.
• Redistribute IGP routes. Injecting a local network Perform this task to inject a network in the local routing table to the BGP routing table, so BGP can advertise the network to BGP peers. The ORIGIN attribute of BGP routes advertised in this way is IGP. You can also use a routing policy to control route advertisement. The specified network must be available and active in the local IP routing table. To inject a local network (IPv4 unicast/multicast address family): Step Command Remarks 1.
Step Command Remarks • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv6 • Enter BGP IPv6 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast ipv4 3.
Step Command Remarks 3. Enable route redistribution from the specified IGP into BGP. import-route protocol [ { process-id | all-processes } [ allow-direct | med med-value | route-policy route-policy-name ] * ] By default, BGP does not redistribute IGP routes. 4. (Optional.) Enable default route redistribution into BGP. default-route imported By default, BGP does not redistribute default routes.
Step 3. Configure automatic summarization. route Command Remarks summary automatic By default, automatic route summarization is not configured. Configuring manual route summarization By configuring manual route summarization, you can do the following: • Summarize both redistributed routes and routes injected using the network command. • Determine the mask length for a summary route. To configure BGP manual route summarization (IPv4 unicast/multicast address family): Step Command Remarks 1.
Step Command Remarks • Enter BGP IPv6 unicast address family view: a. bgp as-number 2. Enter BGP IPv6 unicast address family view, or BGP IPv6 multicast address family view. b. address-family [ unicast ] N/A • Enter BGP IPv6 multicast address family view: c. bgp as-number d. address-family multicast 3. Create a summary route in the IPv6 BGP routing table.
Step 4. Enable BGP to advertise optimal routes in the IP routing table to a peer or peer group. Command Remarks advertise-rib-active By default, BGP advertises optimal routes in the BGP routing table to a peer or peer group. To enable BGP to advertise optimal routes in the IPv6 routing table to a peer or peer group: Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: 2. Enter BGP view or BGP-VPN instance view. bgp as-number • Enter BGP-VPN instance view: N/A a.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
• Continues to receive routes from the peer or peer group and generates a log message. • Retains the session to the peer or peer group, but it discards excess routes and generates a log message. • Tears down the BGP session to the peer or peer group and, after a specified period of time, reestablishes a BGP session to the peer or peer group. You can specify a percentage threshold for the router to generate a log message.
Step Command Remarks • Enter BGP IPv6 unicast address family view: a. bgp as-number 2. Enter BGP IPv6 unicast address family view, or BGP IPv6 multicast address family view. b. address-family [ unicast ] N/A • Enter BGP IPv6 multicast address family view: c. bgp as-number d. address-family multicast 3. Specify the maximum number of routes that a router can receive from a peer or peer group.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv6 • Enter BGP IPv6 multicast address family view: f.
Configuring BGP route reception filtering policies You can use the following methods to configure BGP route reception filtering policies: • Use an ACL or prefix list to filter routing information received from all peers. • Use a routing policy, ACL, AS path list, or prefix list to filter routing information received from a peer or peer group. If you configure multiple filtering policies, apply them in the following sequence: 1. filter-policy import 2. peer filter-policy import 3.
Step Command Remarks • Reference an ACL or IP prefix list to filter BGP routes received from all peers: filter-policy { acl-number | prefix-list prefix-list-name } import • Reference a routing policy to filter BGP routes received from a peer or peer group: peer { group-name | ip-address } route-policy route-policy-name import 3. Configure BGP route reception filtering policies.
Step Command Remarks • Reference ACL or IPv6 prefix list to filter BGP routes received from all peers: filter-policy { acl6-number | prefix-list ipv6-prefix-name } import • Reference a routing policy to filter BGP routes received from a peer or peer group: peer { group-name | ipv6-address } route-policy route-policy-name import 3. Configure BGP route reception filtering policies.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Controlling BGP path selection By configuring BGP path attributes, you can control BGP path selection. Specifying a preferred value for routes received Perform this task to set a preferred value for specific routes to control BGP path selection. Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the optimal route.
Step Command Remarks • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv6 • Enter BGP IPv6 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast ipv4 3.
Step Command Remarks 3. Configure preferences for EBGP, IBGP, and local BGP routes. preference { external-preference internal-preference local-preference | route-policy route-policy-name } The default preferences for EBGP, IBGP, and local BGP routes are 255, 255, and 130. 4. Configure an EBGP route as a shortcut route. network ipv6-address prefix-length short-cut By default, an EBGP route has a preference of 255.
Step Command Remarks • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv6 • Enter BGP IPv6 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f.
Figure 59 Route selection based on MED (in an IPv4 network) As shown in Figure 59, Router D learns network 10.0.0.0 from both Router A and Router B. Because Router B has a smaller router ID, the route learned from Router B is optimal. Network *>i 10.0.0.0 * i NextHop MED LocPrf PrefVal Path/Ogn 2.2.2.2 50 0 300e 3.3.3.3 50 0 200e When Router D learns network 10.0.0.0 from Router C, it compares the route with the optimal route in its routing table.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f.
IP address 1.1.1.1/24, you must configure Router B to set itself 3.1.1.1/24 as the next hop for the network 2.1.1.1/24 advertised to Router C. Figure 60 NEXT_HOP attribute configuration If a BGP router has two peers on a broadcast network, it does not set itself as the next hop for routes sent to an EBGP peer by default. As shown in Figure 61, Router A and Router B establish an EBGP neighbor relationship, and Router B and Router C establish an IBGP neighbor relationship.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Configuring the AS_PATH attribute Permitting local AS number to appear in routes from a peer or peer group In general, BGP checks whether the AS_PATH attribute of a route from a peer contains the local AS number. If yes, it discards the route to avoid routing loops. In certain network environments (for example, a Hub&Spoke network in MPLS L3VPN), however, the AS_PATH attribute of a route from a peer must be allowed to contain the local AS number. Otherwise, the route cannot be advertised correctly.
Step Command Remarks • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv6 • Enter BGP IPv6 multicast address family view: f. bgp as-number g. address-family multicast 3.
To disable BGP from considering AS_PATH during optimal route selection (IPv6 unicast/multicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view. address family view: c. bgp as-number d.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Advertise a fake AS number to a peer or peer group. peer { group-name | ipv6-address } fake-as as-number By default, no fake AS number is advertised to a peer or peer group. This command applies to only EBGP peers or EBGP peer groups.
Step Command Remarks • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Configure AS number substitution for a peer or peer group. peer { group-name | ip-address } substitute-as By default, AS number substitution is not configured. To configure AS number substitution for a peer or peer group (IPv6 unicast/multicast address family): Step Command Remarks 1. Enter system view.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step 3. Configure BGP to remove private AS numbers from the AS_PATH attribute of updates sent to an EBGP peer or peer group. Command Remarks By default, this feature is not configured. peer { group-name | ipv6-address } public-as-only This command is only applicable to EBGP peers or peer groups. Ignoring the first AS number of EBGP route updates By default, BGP checks whether the first AS number in the AS_PATH attribute of a route update received from a peer is the AS number of that peer.
Step Command Remarks 3. Configure the SoO attribute for a peer or peer group. peer { group-name | ip-address } soo site-of-origin By default, no SoO attribute is configured for a peer or peer group. To configure the SoO attribute (IPv6 unicast/multicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP IPv6 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv6 • Enter BGP-VPN IPv6 unicast 2.
• If the keepalive interval is 0 and the negotiated hold time is not 0, the actual keepalive interval equals 1/3 of the hold time. If the keepalive interval is not 0, the actual keepalive interval is the smaller one between 1/3 of the hold time and the keepalive interval. To configure the keepalive interval and hold time (IPv4 unicast/multicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view.
Configuring the interval for sending updates for the same route A BGP router sends an update message to its peers when a route is changed. If the route changes frequently, the BGP router keeps sending updates for the same route, resulting route flapping. To prevent this situation, perform this task to configure the interval for sending updates for the same route to a peer or peer group.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Enable BGP to establish EBGP session to indirectly-connected peer peer group and specify maximum hop count.
Enabling 4-byte AS number suppression BGP supports 4-byte AS numbers. The 4-byte AS number occupies four bytes, in the range of 1 to 4294967295. By default, a device sends an Open message to the peer device for session establishment. The Open message indicates that the device supports 4-byte AS numbers. If the peer device supports 2-byte AS numbers instead of 4-byte AS numbers, the session cannot be established. To resolve this issue, enable the 4-byte AS number suppression function.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number Use either method. b. ip vpn-instance vpn-instance-name 3. Enable MD5 authentication for a BGP peer group or peer. peer { group-name | ip-address } password { cipher | simple } password By default, MD5 authentication is disabled.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Configuring IPsec for IPv6 BGP Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication for IPv6 BGP packets exchanged between BGP peers. When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B.
To disable BGP to establish a session to a peer or peer group (IPv6 unicast/multicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Disable BGP to establish a session to a peer or peer group. peer { group-name | ipv6-address } ignore By default, BGP can establish a session to a peer.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Configure GTSM for the specified BGP peer or peer group. peer { group-name | ipv6-address } ttl-security hops hop-count By default, GTSM is not configured.
Step Command Remarks • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ip-address } capability-advertise route-refresh 3. Enable BGP route refresh for a peer or peer group. • Enable BGP route refresh and multi-protocol extension capability for the specified peer or peer group: undo peer { group-name | ip-address } capability-advertise conventional Use either method. By default, BGP route refresh is enabled.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g. address-family multicast 3.
Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ip-address } capability-advertise route-refresh 3. Enable BGP route refresh for a peer or peer group. • Enable BGP route refresh and By default, BGP route refresh is enabled. 4.
Step Command Remarks • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ipv6-address } capability-advertise route-refresh 3. Enable BGP route refresh for a peer or peer group. • Enable BGP route refresh and 4. Return to user view. return N/A 5. Perform manual soft-reset.
To configure BGP to protect an EBGP peer or peer group when the memory usage reaches level 2 threshold (IPv6 unicast/multicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2. Enter BGP view or BGP-VPN instance view. • Enter BGP-VPN instance view: a. bgp as-number N/A b. ip vpn-instance vpn-instance-name 3. Configure BGP to protect an EBGP peer or peer group when the memory usage reaches level 2 threshold.
Step Command Remarks • Enter BGP IPv4 unicast address family view: a. bgp as-number b. address-family [ unicast ] ipv4 • Enter BGP-VPN IPv4 unicast 2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view. address family view: c. bgp as-number d. ip vpn-instance vpn-instance-name e. address-family [ unicast ] N/A ipv4 • Enter BGP IPv4 multicast address family view: f. bgp as-number g.
Step Command Remarks • Advertise the COMMUNITY attribute to a peer or peer group: peer { group-name | ipv6-address } advertise-community 3. Advertise the COMMUNITY or extended community attribute to a peer or peer group. • Advertise the extended 4. (Optional.) Apply a routing policy to routes advertised to a peer or peer group.
Step Command Remarks 3. Configure the router as a route reflector and specify a peer or peer group as its client. peer { group-name | ip-address } reflect-client By default, no route reflector or client is configured. 4. Enable route between clients. reflect between-clients By default, route reflection between clients is enabled. reflector cluster-id { cluster-id | ip-address } By default, a route reflector uses its own router ID as the cluster ID. reflection 5. (Optional.
Step Command Remarks By default, BGP does not ignore the ORIGINATOR_ID attribute. 3. Ignore the ORIGINATOR_ID attribute. peer { group-name | ip-address } ignore-originatorid Make sure that this command does not result in a routing loop. After you execute this command, BGP also ignores the CLUSTER_LIST attribute. To ignore the ORIGINATOR_ID attribute (IPv6 unicast/multicast address family): Step Command Remarks 1. Enter system view. system-view N/A • Enter BGP view: bgp as-number 2.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter BGP view. bgp as-number N/A 3. Configure a confederation ID. confederation id as-number By default, no confederation ID is configured. 4. Specify peering sub-ASs in the confederation. confederation peer-as as-number-list By default, no peering sub-AS is specified.
{ Control the route convergence speed. If routing information exchange is not completed within the time, the GR restarter does not receive new routes. Instead, the GR restarter updates its routing table and forwarding table with the BGP routes already learned to complete BGP route convergence. The GR helper removes the stale routes. Follow these guidelines when you configure BGP GR: • The End-Of-RIB indicates the end of route updates.
• GR requires GR-capable neighbors to help restore routing information. NSR does not need help because the standby process has all the BGP state and data information of the active process. When both GR and NSR are configured for BGP, NSR has a higher priority than GR. The device will not act as the GR restarter. If the device acts as a GR helper, it cannot help the restarter to complete GR. To implement BGP NSR in MPLS L3VPN, you must enable RIB NSR. For information about RIB NSR, see "Configuring RIB.
Configuring BFD for BGP IMPORTANT: If you have enabled GR, use BFD with caution because BFD might detect a failure before the system performs GR, which will result in GR failure. If you have enabled both BFD and GR for BGP, do not disable BFD during a GR process to avoid GR failure. BGP maintains neighbor relationships based on the keepalive timer and hold timer in seconds. It requires that the hold time must be at least three times the keepalive interval. This mechanism slows down link failure detection.
You can enable BGP fast reroute (FRR) to resolve this issue. Figure 63 Network diagram for BGP FRR Backup nexthop: Router C Router A Router B Nexthop: Router D Router E After you configure FRR on Router B as shown in Figure 63, BGP generates a backup next hop Router C for the primary route. BGP uses ARP (for IPv4), echo-mode BFD (for IPv4), or ND (for IPv6) to detect the connectivity to Router D. When the link to Router D fails, BGP directs packets to the backup next hop.
Step Command Remarks By default, no routing policy is created. 3. Create a routing policy and enter routing policy view. This step is required when Method 2 is used to enable BGP FRR. route-policy route-policy-name permit node node-number For more information about this command, see Layer 3—IP Routing Command Reference. By default, no backup next hop is set. 4. Set the backup next hop for FRR. apply fast-reroute backup-nexthop ip-address This step is required when Method 2 is used to enable BGP FRR.
Step Command Remarks By default, no routing policy is created. 2. Create a routing policy and enter routing policy view. route-policy route-policy-name permit node node-number This step is required when Method 2 is used to enable BGP FRR. For more information about this command, see Layer 3—IP Routing Command Reference. By default, no backup next hop is set. 3. Set the backup next hop for FRR. apply ipv6 fast-reroute backup-nexthop ipv6-address 4. Return to system view.
Configuring 6PE IPv6 provider edge (6PE) is a transition technology that uses MPLS to connect sparsely populated IPv6 networks through an existing IPv4 backbone network. It is an efficient solution for ISP IPv4/MPLS networks to provide IPv6 traffic switching capability.
Step Command Remarks 4. Enter BGP IPv6 unicast address family view. address-family ipv6 [ unicast ] N/A 5. Enable BGP to exchange IPv6 unicast routing information with the 6PE peer or peer group. peer { group-name | ip-address } enable This function is disabled by default. 6. Enable BGP to exchange labeled IPv6 routes with the 6PE peer or peer group. peer { group-name | ip-address } label-route-capability This function is disabled by default.
Step Command Remarks 12. Save all routes from the 6PE peer or peer group. peer { group-name | ip-address } keep-all-routes By default, routes from a peer or peer group are not saved. 13. Configure BGP updates sent to the 6PE peer or peer group to carry only the public AS number. peer { group-name | ip-address } public-as-only By default, this feature is not configured. 14. Specify the maximum number of routes that BGP can receive from the 6PE peer or peer group.
Task Command Display BGP IPv4 unicast peer or peer group information (MSR2000/MSR3000). display bgp peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] [ { ip-address | group-name group-name } log-info | [ ip-address ] verbose ] Display BGP IPv4 unicast peer or peer group information (MSR4000).
Task Display BGP IPv6 unicast peer or peer group information (MSR2000/MSR3000). Display BGP IPv6 unicast peer or peer group information (MSR4000). Display BGP IPv6 unicast routing information (MSR2000/MSR3000).
Task Command Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. display bgp network ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] Display BGP path attribute information. display bgp paths [ as-regular-expression ] Display BGP IPv6 unicast address family update group information.
Task Command Display information about routes advertised by the network command and shortcut routes configured by the network short-cut command. display bgp network ipv4 multicast Display BGP path attribute information. display bgp paths [ as-regular-expression ] Display BGP IPv4 multicast address family update group information. display bgp update-group ipv4 multicast [ ip-address ] Execute display commands in any view (IPv6 multicast address family).
Resetting BGP sessions Execute reset commands in user view. Task Command Reset all BGP sessions. reset bgp all Reset BGP sessions for IPv4 unicast address family. reset bgp { as-number | ip-address | all | external | group group-name | internal } ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] Reset BGP sessions for IPv6 unicast address family.
IPv4 BGP configuration examples Basic BGP configuration example Network requirements As shown in Figure 65, run EBGP between Router A and Router B, and run IBGP between Router B and Router C so that Router C can access the network 8.1.1.0/24 connected to Router A. Figure 65 Network diagram Configuration considerations To prevent route flapping caused by port state changes, this example uses loopback interfaces to establish IBGP connections.
[RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] bgp 65009 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 2.2.2.2 as-number 65009 [RouterC-bgp] peer 2.2.2.2 connect-interface loopback 0 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 2.2.2.2 enable [RouterC-bgp-ipv4] quit [RouterC-bgp] quit [RouterC] ospf 1 [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.
BGP local router ID : 2.2.2.2 Local AS number : 65009 Total number of peers : 2 Peer Peers in established state : 2 AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 3.3.3.3 65009 12 10 0 3 00:09:16 Established 3.1.1.2 65008 3 3 0 1 00:00:08 Established The output shows that Router B has established an IBGP peer relationship with Router C and an EBGP peer relationship with Router A. # Display the BGP routing table on Router A.
i 8.1.1.0/24 3.1.1.2 0 100 0 65008i The outputs show that Router A has no route to AS 65009, and Router C has learned network 8.1.1.0, but the next hop 3.1.1.2 is unreachable. As a result, the route is invalid. 4. Redistribute direct routes: Configure BGP to redistribute direct routes on Router B, so Router A can obtain the route to 9.1.1.0/24, and Router C can obtain the route to 3.1.1.0/24. # Configure Router B.
Verifying the configuration # Verify that Router C can ping 8.1.1.1. [RouterC] ping 8.1.1.1 Ping 8.1.1.1 (8.1.1.1): 56 data bytes, press CTRL_C to break 56 bytes from 8.1.1.1: icmp_seq=0 ttl=255 time=2.000 ms 56 bytes from 8.1.1.1: icmp_seq=1 ttl=255 time=0.000 ms 56 bytes from 8.1.1.1: icmp_seq=2 ttl=255 time=0.000 ms 56 bytes from 8.1.1.1: icmp_seq=3 ttl=255 time=0.000 ms 56 bytes from 8.1.1.1: icmp_seq=4 ttl=255 time=1.000 ms --- Ping statistics for 8.1.1.
[RouterB-ospf-1] quit # Configure Router C. system-view [RouterC] ospf 1 [RouterC-ospf-1] import-route direct [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 9.1.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit 3. Configure the EBGP connection: Configure the EBGP connection and inject network 8.1.1.0/24 to the BGP routing table of Router A, so Router B can obtain the route to 8.1.1.0/24. # Configure Router A.
* >e 3.3.3.3/32 3.1.1.1 1 0 65009? * > 8.1.1.0/24 8.1.1.1 0 32768 * >e 9.1.2.0/24 3.1.1.1 1 0 i 65009? # Display the OSPF routing table on Router C. [RouterC] display ospf routing OSPF Process 1 with Router ID 3.3.3.3 Routing Tables Routing for Network Destination Cost Type AdvRouter Area 9.1.1.0/24 1 Transit 9.1.1.2 NextHop 3.3.3.3 0.0.0.0 2.2.2.2/32 1 Stub 9.1.1.1 2.2.2.2 0.0.0.0 Destination Cost Type Tag NextHop AdvRouter 8.1.1.0/24 1 Type2 1 9.1.1.1 2.2.2.
BGP route summarization configuration example Network requirements As shown in Figure 67, run EBGP between Router C and Router D, so the internal network and external network can communicate with each other. • • In AS 65106, perform the following configurations so the devices in the internal network can communicate: { Configure static routing between Router A and Router B. { Configure OSPF between Router B and Router C. { Configure OSPF to redistribute static routes.
[RouterB-ospf-1-area-0.0.0.0] network 172.17.100.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] import-route static [RouterB-ospf-1] quit # Configure OSPF to advertise local networks on Router C. [RouterC] ospf [RouterC-ospf-1] area 0 [RouterC-ospf-1-area-0.0.0.0] network 172.17.100.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] network 10.220.2.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.0] quit [RouterC-ospf-1] quit # Display the IP routing table on Router C.
[RouterD-bgp-ipv4] peer 10.220.2.16 enable [RouterD-bgp-ipv4] quit [RouterD-bgp] quit # Display routing table information on Router D. [RouterD] display ip routing-table protocol bgp Summary Count : 3 BGP Routing table Status : Summary Count : 3 Destination/Mask Proto Pre Cost NextHop Interface 192.168.64.0/24 BGP 255 1 10.220.2.16 GE2/1/1 192.168.74.0/24 BGP 255 1 10.220.2.16 GE2/1/1 192.168.99.0/24 BGP 255 1 10.220.2.
BGP Routing table Status : Summary Count : 0 The output shows that Router D has only one route 192.168.64.0/18 to AS 65106. # Verify that Router D can ping the hosts on subnets 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24. (Details not shown.) BGP load balancing configuration example Network requirements As shown in Figure 68, run EBGP between Router A and Router B and between Router A and Router C. Run IBGP between Router B and Router C.
# Configure Router A. system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 3.1.1.1 as-number 65009 [RouterA-bgp] peer 3.1.2.1 as-number 65009 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 3.1.1.1 enable [RouterA-bgp-ipv4] peer 3.1.2.1 enable [RouterA-bgp-ipv4] network 8.1.1.0 24 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router B. system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 3.1.1.
Origin: i - IGP, e - EGP, ? - incomplete * > NextHop MED LocPrf PrefVal Path/Ogn 8.1.1.0/24 8.1.1.1 0 32768 * >e 9.1.1.0/24 3.1.1.1 0 0 65009i * 3.1.2.1 0 0 65009i { { 3. Network e i The output shows two valid routes to destination 9.1.1.0/24. The route with next hop 3.1.1.1 is marked with a greater-than sign (>), indicating it is the optimal route. The route with next hop 3.1.2.1 is marked with an asterisk (*), indicating it is a valid route, but not the optimal route.
BGP community configuration example Network requirements As shown in Figure 69, Router B establishes EBGP connections to Router A and Router C. Configure NO_EXPORT community attribute on Router A so that AS 20 does not advertise routes received from AS 10 to any other AS. Figure 69 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure EBGP connections: # Configure Router A. system-view [RouterA] bgp 10 [RouterA-bgp] router-id 1.1.1.
[RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 200.1.3.1 as-number 20 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 200.1.3.1 enable [RouterC-bgp-ipv4] quit [RouterC-bgp] quit # Display the BGP route 9.1.1.0 on Router B. [RouterB] display bgp routing-table ipv4 9.1.1.0 BGP local router ID: 2.2.2.2 Local AS number: 20 Paths: 1 available, 1 best BGP routing table information of 9.1.1.0/24: From : 200.1.2.1 (1.1.1.1) Rely nexthop : 200.1.2.1 Original nexthop: 200.1.2.
Network NextHop * >e 9.1.1.0/24 MED LocPrf 200.1.3.1 PrefVal Path/Ogn 0 Router C has learned the route to the destination 9.1.1.0/24 from Router B. 3. Configure BGP COMMUNITY attribute: # Configure a routing policy. [RouterA] route-policy comm_policy permit node 0 [RouterA-route-policy-comm_policy-0] apply community no-export [RouterA-route-policy-comm_policy-0] quit # Apply the routing policy. [RouterA] bgp 10 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 200.1.2.
[RouterC] display bgp routing-table ipv4 Total number of routes: 0 The output shows that BGP has not learned any route. BGP route reflector configuration example Network requirements As shown in Figure 70, run EBGP between Router A and Router B, run IBGP between Router C and Router B, and between Router C and Router D. Router C is a route reflector with clients Router B and D. Router D can learn route 20.0.0.0/8 from Router C. Figure 70 Network diagram Configuration procedure 1.
[RouterB-bgp-ipv4] peer 193.1.1.1 enable [RouterB-bgp-ipv4] peer 193.1.1.1 next-hop-local [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C. system-view [RouterC] bgp 200 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 193.1.1.2 as-number 200 [RouterC-bgp] peer 194.1.1.2 as-number 200 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 193.1.1.2 enable [RouterC-bgp-ipv4] peer 194.1.1.2 enable [RouterC-bgp-ipv4] quit [RouterC-bgp] quit # Configure Router D.
Total number of routes: 1 BGP local router ID is 4.4.4.4 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network i 20.0.0.0 NextHop MED LocPrf PrefVal Path/Ogn 193.1.1.2 0 100 0 100i The output shows that Router D has learned the route 20.0.0.0/8 from Router C.
Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure the BGP confederation: # Configure Router A. system-view [RouterA] bgp 65001 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] confederation id 200 [RouterA-bgp] confederation peer-as 65002 65003 [RouterA-bgp] peer 10.1.1.2 as-number 65002 [RouterA-bgp] peer 10.1.2.2 as-number 65003 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 10.1.1.2 enable [RouterA-bgp-ipv4] peer 10.1.2.
[RouterA-bgp-ipv4] peer 10.1.4.2 enable [RouterA-bgp-ipv4] peer 10.1.3.2 next-hop-local [RouterA-bgp-ipv4] peer 10.1.4.2 next-hop-local [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router D. system-view [RouterD] bgp 65001 [RouterD-bgp] router-id 4.4.4.4 [RouterD-bgp] confederation id 200 [RouterD-bgp] peer 10.1.3.1 as-number 65001 [RouterD-bgp] peer 10.1.5.2 as-number 65001 [RouterD-bgp] address-family ipv4 unicast [RouterD-bgp-ipv4] peer 10.1.3.1 enable [RouterD-bgp-ipv4] peer 10.1.5.
Verifying the configuration # Display the BGP routing table on Router B. [RouterB] display bgp routing-table ipv4 Total number of routes: 1 BGP local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network * >i 9.1.1.0/24 NextHop MED LocPrf PrefVal Path/Ogn 10.1.1.1 0 100 0 (65001) 100i [RouterB] display bgp routing-table ipv4 9.1.1.0 BGP local router ID: 2.2.2.
BGP local router ID: 4.4.4.4 Local AS number: 65001 Paths: 1 available, 1 best BGP routing table information of 9.1.1.0/24: From : 10.1.3.1 (1.1.1.1) Rely nexthop : 10.1.3.1 Original nexthop: 10.1.3.
Table 13 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A GE2/1/1 1.0.0.1/8 Router D GE2/1/1 195.1.1.1/24 GE2/1/2 192.1.1.1/24 GE2/1/2 194.1.1.1/24 GE2/1/3 193.1.1.1/24 GE2/1/1 193.1.1.2/24 GE2/1/1 192.1.1.2/24 GE2/1/2 195.1.1.2/24 GE2/1/2 194.1.1.2/24 Router B Router C Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2.
# Inject network 1.0.0.0/8 into the BGP routing table of Router A. [RouterA-bgp-ipv4] network 1.0.0.0 8 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router B. [RouterB] bgp 200 [RouterB-bgp] peer 192.1.1.1 as-number 100 [RouterB-bgp] peer 194.1.1.1 as-number 200 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 192.1.1.1 enable [RouterB-bgp-ipv4] peer 194.1.1.1 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.
[RouterA-route-policy-apply_med_100-10] apply cost 100 [RouterA-route-policy-apply_med_100-10] quit # Apply routing policy apply_med_50 to the route advertised to 193.1.1.2 (Router C). [RouterA] bgp 100 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 193.1.1.2 route-policy apply_med_50 export # Apply routing policy apply_med_100 to the route advertised to 192.1.1.2 (Router B). [RouterA-bgp-ipv4] peer 192.1.1.
BGP local router ID is 195.1.1.1 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn * >i 1.0.0.0 193.1.1.1 200 0 100i * 192.1.1.1 100 0 100i i The route 1.0.0.0/8 learned from Router C is the optimal route.
# Configure the EBGP connection. system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 200.1.1.2 as-number 65008 # Configure the IBGP connection. [RouterB-bgp] peer 9.1.1.2 as-number 65009 # Enable GR capability for BGP. [RouterB-bgp] graceful-restart # Inject networks 200.1.1.0/24 and 9.1.1.0/24 to the IPv4 BGP routing table. [RouterB-bgp] address-family ipv4 [RouterB-bgp-ipv4] network 200.1.1.0 24 [RouterB-bgp-ipv4] network 9.1.1.
Figure 74 Network diagram Router B GE2/1/2 3.0.1.2/24 GE2/1/1 3.0.2.1/24 GE2/1/2 3.0.1.1/24 AS 100 GE2/1/1 3.0.2.2/24 AS 200 1.1.1.0/24 AS 300 Router A GE2/1/1 Router C GE2/1/2 2.0.2.2/24 2.0.1.1/24 GE2/1/1 2.0.1.2/24 GE2/1/2 2.0.2.1/24 Router D Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure OSPF so that Router A and Router C can reach each other. (Details not shown.) 3.
[RouterA-bgp-ipv4] peer 2.0.2.2 route-policy apply_med_100 export [RouterA-bgp-ipv4] quit # Enable BFD for peer 3.0.2.2. [RouterA-bgp] peer 3.0.2.2 bfd [RouterA-bgp] quit 4. Configure BGP on Router C: # Establish two IBGP connections to Router A. system-view [RouterC] bgp 200 [RouterC-bgp] peer 3.0.1.1 as-number 200 [RouterC-bgp] peer 2.0.1.1 as-number 200 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 3.0.1.1 enable [RouterC-bgp-ipv4] peer 2.0.1.
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 2.0.1.1 200 4 5 0 0 00:01:55 Established 3.0.1.1 200 4 5 0 0 00:01:52 Established The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state. # Display route 1.1.1.0/24 on Router C. display ip routing-table 1.1.1.0 24 verbose Summary Count : 1 Destination: 1.1.1.
BkTunnel ID: Invalid BkInterface: N/A The output shows that Router C communicates with network 1.1.1.0/24 through the path Router C<—>Router D<—>Router A. BGP FRR configuration example Network requirements As shown in Figure 75, configure BGP FRR so that when Link B fails, BGP uses Link A to forward traffic. Figure 75 Network diagram Loop0 2.2.2.2/32 GE2/1/1 10.1.1.2/24 Router B GE2/1/1 10.1.1.1/24 GE2/1/2 30.1.1.1/24 Router D Loop0 4.4.4.4/32 AS 100 AS 200 GE2/1/1 20.1.1.4/24 Link B Loop0 1.1.
[RouterB-bgp] peer 10.1.1.1 as-number 100 [RouterB-bgp] peer 4.4.4.4 as-number 200 [RouterB-bgp] peer 4.4.4.4 connect-interface loopback 0 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 10.1.1.1 enable [RouterB-bgp-ipv4] peer 4.4.4.4 enable [RouterB-bgp-ipv4] peer 4.4.4.4 next-hop-local [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C to establish an EBGP session with Router A, and an IBGP session with Router D.
[RouterA] bfd echo-source-ip 11.1.1.1 # Create routing policy frr to set a backup next hop 30.1.1.3 (Router C) for the route destined for 4.4.4.4/32. [RouterA] ip prefix-list abc index 10 permit 4.4.4.4 32 [RouterA] route-policy frr permit node 10 [RouterA-route-policy] if-match ip address prefix-list abc [RouterA-route-policy] apply fast-reroute backup-nexthop 30.1.1.3 [RouterA-route-policy] quit # Use echo-mode BFD to detect the connectivity to Router D.
OrigTblID: 0x0 TableID: 0x2 NibID: 0x15000003 AttrID: 0x5 OrigVrf: default-vrf OrigAs: 200 LastAs: 200 Neighbor: 10.1.1.2 Flags: 0x10060 OrigNextHop: 10.1.1.2 Label: NULL RealNextHop: 10.1.1.2 BkLabel: NULL BkNextHop: 30.1.1.3 Tunnel ID: Invalid Interface: GigabitEthernet2/1/1 BkTunnel ID: Invalid BkInterface: GigabitEthernet2/1/2 FtnIndex: 0x0 # Display detailed information about the route to 1.1.1.1/32 on Router D. The output shows the backup next hop for the route.
Figure 76 Network diagram AS 100 AS 200 Loop0 Loop0 POS2/1/0 Router A Router B POS2/1/0 Receiver GE2/1/1 Source Router D S2/1/1 S2/1/0 Router C PIM-SM 1 Loop0 Loop0 PIM-SM 2 MBGP peers Table 14 Interface and IP address assignment Device Interface IP address Device Interface IP address Source N/A 10.110.1.100/2 4 Router C GE2/1/1 10.110.2.1/24 Router A GE2/1/1 10.110.1.1/24 S2/1/0 192.168.4.1/24 POS2/1/0 192.168.1.1/24 S2/1/1 192.168.2.2/24 Loop0 1.1.1.1/32 Loop0 3.3.
# On Router C, enable multicast routing globally. system-view [RouterC] multicast routing [RouterC-mrib] quit # Enable PIM-SM on interfaces, and enable IGMP on GigabitEthernet 2/1/1.
# Enable exchange of IPv4 unicast routes used for RPF check with Router B. [RouterA-bgp] address-family ipv4 multicast [RouterA-bgp-mul-ipv4] peer 192.168.1.2 enable # Redistribute direct routes into BGP. [RouterA-bgp-mul-ipv4] import-route direct [RouterA-bgp-mul-ipv4] quit [RouterA-bgp] quit # On Router B, establish an EBGP session with Router A. [RouterB] bgp 200 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 192.168.1.
IPv6 BGP configuration examples IPv6 BGP basic configuration example Network requirements As shown in Figure 77, run EBGP between Router A and Router B, and run IBGP between Router B and Router C so that Router C can access the network 50::/64 connected to Router A. Figure 77 Network diagram Configuration procedure 1. Configure IP addresses for interfaces. (Details not shown.) 2. Configure IBGP: # Configure Router B. system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.
[RouterB-bgp] address-family ipv6 [RouterB-bgp-ipv6] peer 10::2 enable 4. Inject network routes to the BGP routing table: # Configure Router A. [RouterA-bgp-ipv6] network 10:: 64 [RouterA-bgp-ipv6] network 50:: 64 [RouterA-bgp-ipv6] quit [RouterA-bgp] quit # Configure Router B. [RouterB-bgp-ipv6] network 10:: 64 [RouterB-bgp-ipv6] network 9:: 64 [RouterB-bgp-ipv6] quit [RouterB-bgp] quit # Configure Router C.
* > Network : 10:: PrefixLen : 64 NextHop : :: LocPrf : PrefVal : 32768 OutLabel : NULL MED : 0 Path/Ogn: i * e Network : 10:: PrefixLen : 64 NextHop : 10::1 LocPrf : PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: 65009i * > Network : 50:: PrefixLen : 64 NextHop : :: LocPrf : PrefVal : 32768 OutLabel : NULL MED : 0 Path/Ogn: i The output shows that Router A has learned routing information of AS 65009. # Display IPv6 BGP routing table information on Router C.
NextHop : 10::2 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: 65008i The output shows that Router C has learned the route 50::/64. # Verify that Router C can ping hosts on network 50::/64. (Details not shown.) IPv6 BGP route reflector configuration example Network requirements As shown in Figure 78, run EBGP between Router A and Router B, run IBGP between Router C and Router B, and between Router C and Router D. Router C is a route reflector with clients Router B and D.
[RouterB-bgp] address-family ipv6 [RouterB-bgp-ipv6] peer 100::1 enable [RouterB-bgp-ipv6] peer 101::1 enable [RouterB-bgp-ipv6] peer 101::1 next-hop-local [RouterB-bgp-ipv6] network 100:: 96 [RouterB-bgp-ipv6] network 101:: 96 [RouterB-bgp-ipv6] quit [RouterB-bgp] quit # Configure Router C. system-view [RouterC] bgp 200 [RouterC-bgp] router-id 3.3.3.
Path/Ogn: 100i * >i Network : 100:: PrefixLen : 96 NextHop : 101::2 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: i * >i Network : 101:: PrefixLen : 96 NextHop : 102::1 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: i * > Network : 102:: PrefixLen : 96 NextHop : :: LocPrf : PrefVal : 32768 OutLabel : NULL MED : 0 Path/Ogn: i * i Network : 102:: PrefixLen : 96 NextHop : 102::1 LocPrf : 100 PrefVal : 0 OutLabel : NULL MED : 0 Path/Ogn: i
Figure 79 Network diagram Configuration procedure 1. Configure IPv6 addresses and IPv4 addresses for interfaces. (Details not shown.) 2. Configure PE 1: # Enable LDP globally, and configure the LSP generation policy. system-view [PE1] mpls lsr-id 2.2.2.2 [PE1] mpls ldp [PE1-ldp] lsp-trigger all [PE1-ldp] quit # Enable MPLS and LDP on GigabitEthernet 2/1/2.
[PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit 3. Configure PE 2: # Enable LDP globally, and configure the LSP generation policy. system-view [PE2] mpls lsr-id 3.3.3.3 [PE2] mpls ldp [PE2-mpls-ldp] lsp-trigger all [PE2-mpls-ldp] quit # Enable MPLS and LDP on GigabitEthernet 2/1/2.
[PE1] display bgp routing-table ipv6 Total number of routes: 5 BGP local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete * > Network : 1::1 PrefixLen : 128 NextHop : 10::1 LocPrf : PrefVal : 32768 OutLabel : NULL MED : 0 Path/Ogn: ? * >i Network : 4::4 PrefixLen : 128 NextHop : ::FFFF:3.3.3.
• Configure BFD over the path. Then if the path fails, BFD can quickly detect the failure and notify it to IPv6 BGP. Then the path Router A<—>Router D<—>Router C takes effect immediately. Figure 80 Network diagram Router B GE2/1/2 3001::2/64 GE2/1/1 3002::1/64 GE2/1/2 3001::1/64 AS 100 GE2/1/1 3002::2/64 AS 300 AS 200 1200::0/64 Router A GE2/1/1 Router C GE2/1/2 2002::2/64 2001::1/64 GE2/1/1 2001::2/64 GE2/1/2 2002::1/64 Router D Configuration procedure 1.
# Apply routing policy apply_med_50 to routes outgoing to peer 3002::2, and apply routing policy apply_med_100 to routes outgoing to peer 2002::2. [RouterA] bgp 200 [RouterA-bgp] address-family ipv6 unicast [RouterA-bgp-ipv6] peer 3002::2 route-policy apply_med_50 export [RouterA-bgp-ipv6] peer 2002::2 route-policy apply_med_100 export [RouterA-bgp-ipv6] quit # Enable BFD for peer 3002::2. [RouterA-bgp] peer 3002::2 bfd [RouterA-bgp] quit 4.
display bgp peer ipv6 BGP local router ID: 3.3.3.3 Local AS number: 200 Total number of peers: 2 Peer Peers in established state: 2 AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State 2001::1 200 8 8 0 0 00:04:45 Established 3001::1 200 5 4 0 0 00:01:53 Established The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state. # Display route 1200::0/64 on Router C.
AttrID: 0x0 Neighbor: 2001::1 Flags: 0x10060 OrigNextHop: 2001::1 Label: NULL RealNextHop: FE80::20C:29FF:FE40:715 BkLabel: NULL Tunnel ID: Invalid BkTunnel ID: Invalid BkNextHop: N/A Interface: GigabitEthernet2/1/2 BkInterface: N/A The output shows that Router C communicates with network 1200::0/64 through the path Router C<—>Router D<—>Router A. IPsec for IPv6 BGP packets configuration example Network requirements As shown in Figure 81, all routers run IPv6 BGP.
# Configure Router C. system-view [RouterC] bgp 65009 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] group ebgp external [RouterC-bgp] peer 3::1 as-number 65008 [RouterC-bgp] peer 3::1 group ebgp [RouterC-bgp] address-family ipv6 unicast [RouterC-bgp-ipv6] peer ebgp enable [RouterC-bgp-ipv6] quit [RouterC-bgp] quit # Configure Router B.
[RouterB-ipsec-transform-set-tran1] esp encryption-algorithm des [RouterB-ipsec-transform-set-tran1] esp authentication-algorithm sha1 [RouterB-ipsec-transform-set-tran1] quit # Create IPsec profile named policy001, and specify the manual mode for it. [RouterB] ipsec profile policy001 manual # Reference IPsec transform set tran1. [RouterB-ipsec-profile-policy001-manual] transform-set tran1 # Set the SPIs of the inbound and outbound SAs to 12345.
# Reference IPsec transform set tran2. [RouterC-ipsec-profile-policy002-manual] transform-set tran2 # Set the SPIs of the inbound and outbound SAs to 54321. [RouterC-ipsec-profile-policy002-manual] sa spi outbound esp 54321 [RouterC-ipsec-profile-policy002-manual] sa spi inbound esp 54321 # Set the keys for the inbound and outbound SAs using ESP to gfedcba.
InQ updates: 0, OutQ updates: 0 NLRI statistics: Rcvd: UnReach NLRI 0, Reach NLRI 0 Sent: UnReach NLRI 0, Reach NLRI 3 Message statistics: Msg type Open Update Last rcvd time/ Current rcvd count/ History rcvd count/ Last sent time Current sent count History sent count 18:59:15-2013.4.24 1 1 18:59:15-2013.4.24 1 2 - 0 0 18:59:16-2013.4.24 1 1 0 0 18:59:15-2013.4.24 0 1 18:59:15-2013.4.24 1 1 18:59:15-2013.4.
Address family IPv6 Unicast: advertised and received Received: Total 8 messages, Update messages 1 Sent: Total 8 messages, Update messages 1 Maximum allowed prefix number: 4294967295 Threshold: 75% Minimum time between advertisements is 30 seconds Optional capabilities: Multi-protocol extended capability has been enabled Route refresh capability has been enabled Peer preferred value: 0 IPsec profile name: policy002 Routing policy configured: No routing policy is configured The output shows that IBGP and
system-view [RouterA] bgp 100 [RouterA] router-id 1.1.1.1 [RouterA-bgp] peer 3001::2 as-number 200 [RouterA-bgp] peer 2001::2 as-number 200 [RouterA-bgp] address-family ipv6 unicast [RouterA-bgp-ipv6] peer 3001::2 enable [RouterA-bgp-ipv6] peer 2001::2 enable [RouterA-bgp-ipv6] network 1:: 64 [RouterA-bgp-ipv6] quit [RouterA-bgp] quit # Configure Router B to establish an EBGP session with Router A, and an IBGP session with Router D. system-view [RouterB] bgp 200 [RouterB] router-id 2.2.
[RouterD-bgp] quit 4. Configure preferred values so Link B is used to forward traffic between Router A and Router D: # Configure Router A to set the preferred value to 100 for routes received from Router B. [RouterA-bgp-ipv6] peer 3001::2 preferred-value 100 [RouterA-bgp-ipv6] quit [RouterA-bgp] quit # Configure Router D to set the preferred value to 100 for routes received from Router B. [RouterD-bgp-ipv6] peer 3002::1 preferred-value 100 [RouterD-bgp-ipv6] quit [RouterD-bgp] quit 5.
Destination: 4::/64 Protocol: BGP4+ SubProtID: 0x2 Process ID: 0 Age: 00h00m58s Cost: 0 Preference: 255 IpPre: N/A QosLocalID: N/A Tag: 0 OrigTblID: 0x0 TableID: 0xa NibID: 0x25000003 AttrID: 0x3 State: Active Adv OrigVrf: default-vrf OrigAs: 200 LastAs: 200 Neighbor: 3001::2 Flags: 0x10060 OrigNextHop: 3001::2 Label: NULL RealNextHop: 3001::2 BkLabel: NULL BkNextHop: 2001::2 Tunnel ID: Invalid Interface: GigabitEthernet2/1/1 BkTunnel ID: Invalid BkInterface: GigabitEthernet2/1/2 FtnIndex:
Figure 83 Network diagram AS 100 AS 200 Router A Router B POS2/1/0 POS2/1/0 Receiver GE2/1/1 Source S2/1/1 IPv6 PIM-SM 1 S2/1/0 Router D Router C IPv6 PIM-SM 2 IPv6 MBGP peers Table 15 Interface and IP address assignment Device Interface IP address Device Interface IP address Source - 1002::100/64 Router C GE2/1/1 3002::1/64 Router A GE2/1/1 1002::1/64 S2/1/0 3001::1/64 POS2/1/0 1001::1/64 S2/1/1 2001::2/64 POS2/1/0 1001::2/64 S2/1/0 2002::2/64 S2/1/0 2001::1/64 S2/1/1
# Enable IPv6 PIM-SM on interfaces, and enable MLD on GigabitEthernet 2/1/1. [RouterC] interface serial 2/1/0 [RouterC-Serial2/1/0] ipv6 pim sm [RouterC-Serial2/1/0] quit [RouterC] interface serial 2/1/1 [RouterC-Serial2/1/1] ipv6 pim sm [RouterC-Serial2/1/1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ipv6 pim sm [RouterC-GigabitEthernet2/1/1] mld enable [RouterC-GigabitEthernet2/1/1] quit # Configure the BSR boundary on Router A.
[RouterB-bgp-mul-ipv6] import-route ospfv3 1 [RouterB-bgp-mul-ipv6] quit [RouterB-bgp] quit Verifying the configuration # Use the display bgp peer ipv6 multicast command to display BGP IPv6 multicast peers. This example uses Router B. [RouterB] display bgp peer ipv6 multicast BGP local router ID : 2.2.2.
Configuring PBR In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify parameters for packets that match specific criteria such as ACLs or that have specific lengths. The parameters include the next hop, output interface, default next hop, and default output interface.
apply clause PBR supports the types of apply clauses shown in Table 16. You can specify multiple apply clauses for a node, but some of them might not be executed. The following apply clauses determine the packet forwarding paths in a descending order: • apply access-vpn vpn-instance • apply next-hop • apply output-interface • apply default-next-hop • apply default-output-interface Table 16 Priorities and meanings of apply clauses Clause Meaning Priority apply precedence Sets an IP precedence.
Clause apply continue Meaning Priority Matches packets against the next node upon failure on the current node. The apply continue clause applies when the apply access-vpn vpn-instance, apply next-hop, apply output-interface, apply default-next-hop, and apply default-output-interface clauses are not configured or become invalid. For example, the specified next hop is unreachable, the specified output interface is down, or the packets cannot be forwarded in the specified VPN instance.
PBR configuration task list Tasks at a glance (Required.) Configuring a policy: • Creating a node • Configuring match criteria for a node • Configuring actions for a node (Required.) Configuring PBR: • Configuring local PBR • Configuring interface PBR Configuring a policy Creating a node Step Command Remarks 1. Enter system view. system-view N/A 2. Create a node for a policy, and enter policy node view.
Step Command Remarks 2. Enter policy node view. policy-based-route policy-name [ deny | permit ] node node-number N/A 3. Set an IP precedence. apply precedence { type | value } By default, no IP precedence is specified. 4. Set the DF bit in the IP header. apply ip-df df-value By default, the DF bit in the IP header is not set. By default, no VPN instance is specified. 5. Set VPN instances. apply access-vpn vpn-instance vpn-instance-name&<1-n> You can specify up to m VPN instances for a node.
Step Command Remarks By default, no default output interface is specified. 12. Set default output interfaces. apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n> You can specify multiple default output interfaces for backup or load sharing by executing this command once or multiple times. You can specify up to m default output interfaces for a node. The value of m is 16. 13. Enable load sharing among multiple default output interfaces. 14.
You can apply a policy to multiple interfaces. To configure interface PBR: Step 1. Enter view. 2. Enter view. system interface 3. Apply a policy to the interface. Command Remarks system-view N/A interface interface-type interface-number N/A ip policy-based-route policy-name By default, no policy is applied to the interface. Displaying and maintaining PBR Execute display commands in any view and reset commands in user view. Task Command Display PBR policy information.
Configuration procedure 1. Configure Router A: # Configure the IP addresses of the serial interfaces. system-view [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] ip address 1.1.2.1 24 [RouterA-Serial2/1/0] quit [RouterA] interface serial 2/1/1 [RouterA-Serial2/1/1] ip address 1.1.3.1 24 [RouterA-Serial2/1/1] quit # Configure ACL 3101 to match TCP packets.
Figure 85 Network diagram Router B Router C S2/1/0 1.1.2.2/24 S2/1/1 1.1.3.2/24 S2/1/0 1.1.2.1/24 Router A S2/1/1 1.1.3.1/24 GE2/1/1 10.110.0.10/24 Subnet 10.110.0.0/24 Host A Host B 10.110.0.20/24 Gateway: 10.110.0.10 Configuration procedure 1. Configure Router A: # Configure the IP addresses of the serial interfaces. system-view [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] ip address 1.1.2.
system-view [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] ip address 1.1.2.2 24 [RouterB-Serial2/1/0] quit # Configure a static route to subnet 10.110.0.0/24. [RouterB] ip route-static 10.110.0.0 24 1.1.2.1 3. Configure Router C: # Configure the IP address of the serial interface. system-view [RouterC] interface serial 2/1/1 [RouterC-Serial2/1/1] ip address 1.1.3.2 24 [RouterC-Serial2/1/1] quit # Configure a static route to subnet 10.110.0.0/24. [RouterC] ip route-static 10.
Figure 86 Network diagram Configuration procedure 1. Configure Router A: # Configure the IP addresses of the serial interfaces. system-view [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] ip address 150.1.1.1 24 [RouterA-Serial2/1/0] quit [RouterA] interface serial 2/1/1 [RouterA-Serial2/1/1] ip address 151.1.1.1 24 [RouterA-Serial2/1/1] quit # Configure RIP. [RouterA] rip [RouterA-rip-1] network 192.1.1.0 [RouterA-rip-1] network 150.1.0.0 [RouterA-rip-1] network 151.1.0.
system-view [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] ip address 150.1.1.2 24 [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] ip address 151.1.1.2 24 [RouterB-Serial2/1/1] quit # Configure the loopback interface address. [RouterB] interface loopback 0 [RouterB-LoopBack0] ip address 10.1.1.1 32 [RouterB-LoopBack0] quit # Configure RIP. [RouterB] rip [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] network 150.1.0.0 [RouterB-rip-1] network 151.1.0.
Reply from 10.1.1.1: bytes=200 time=1ms TTL=64 Ping statistics for 10.1.1.1: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms The debugging information about PBR displayed on Router A is as follows: *Jun 26 12:20:33:610 2012 RouterA PBR4/7/PBR Forward Info: -MDC=1; Policy:lab1, Node: 20,match succeeded. *Jun 151 26 12:20:33:610 2012 RouterA PBR4/7/PBR Forward Info: -MDC=1; apply next-hop .1.1.2.
Configuration procedure 1. Configure Router A: # Configure the IP addresses of the serial interfaces. system-view [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] ip address 4.1.1.1 24 [RouterA-Serial2/1/0] quit [RouterA] interface serial 2/1/1 [RouterA-Serial2/1/1] ip address 5.1.1.1 24 [RouterA-Serial2/1/1] quit # Configure ACL 2000 to match packets sourced from 192.168.10.2. [RouterA] acl number 2000 [RouterA-acl-basic-2000] rule 10 permit source 192.168.10.
Verifying the configuration # Configure IP address 192.168.10.2/24 for Host A, and specify its gateway address as 192.168.10.1. (Details not shown.) # Configure IP address 192.168.10.3/24 for Host B, and specify its gateway address as 192.168.10.1. (Details not shown.) # Ping Router B from Host A. The operation succeeds. (Details not shown.) # Ping Router B from Host B. The operation fails. (Details not shown.) # Ping Router C from Host A. The operation fails. (Details not shown.
Configuring IPv6 static routing Static routes are manually configured and cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. IPv6 static routing works well in a simple IPv6 network. Configuring an IPv6 static route Before you configure an IPv6 static route, complete the following tasks: • Configure parameters for the related interfaces.
two routers for protocols, such as routing protocols and MPLS. For more information about BFD, see High Availability Configuration Guide. IMPORTANT: Enabling BFD for a flapping route could worsen the situation. Bidirectional control mode To use BFD bidirectional control detection between two devices, enable BFD control mode for each device's static route destined to the peer.
Single-hop echo mode With BFD echo mode enabled for a static route, the output interface sends BFD echo packets to the destination device, which loops the packets back to test the link reachability. IMPORTANT: Do not use BFD for a static route with the output interface in spoofing state. To configure BFD echo mode for an IPv6 static route: Step Command Remarks 1. Enter system view. system-view N/A By default, the source address of echo packets is not configured. 2.
IPv6 static routing configuration examples Basic IPv6 static route configuration example Network requirements As shown in Figure 88, configure IPv6 static routes so that hosts can reach each other. Figure 88 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 static routes: # Configure the default IPv6 route on Router A. system-view [RouterA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on Router B.
Destination: :: Protocol : Static NextHop : 4::2 Preference: 60 Interface : GE2/1/2 Cost : 0 Destination: 1::/64 Protocol : Static NextHop : 4::1 Preference: 60 Interface : GE2/1/1 Cost : 0 Destination: 3::/64 Protocol : Static NextHop : 5::1 Preference: 60 Interface : GE2/1/2 Cost Static Routing table Status : Summary Count : 0 # Display the IPv6 static route information on Router B.
Configure an IPv6 static route to subnet 120::/64 and an IPv6 static route to subnet 121::/64 on Router C. • When the link between Router A and Router B through the Layer 2 switch fails, BFD can detect the failure immediately and inform Router A and Router B to communicate through Router C.
[RouterB] ipv6 route-static 121:: 64 13::2 preference 65 [RouterB] quit # Configure IPv6 static routes on Router C. system-view [RouterC] ipv6 route-static 120:: 64 13::1 [RouterC] ipv6 route-static 121:: 64 10::102 Verifying the configuration # Display BFD sessions on Router A.
Destination: 120::/64 Protocol NextHop : 10::100 Preference: 65 : Static Interface : GE2/1/2 Cost : 0 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 2/1/2. BFD for IPv6 static routes configuration example (indirect next hop) Network requirements As shown in Figure 90: • Router A has a route to interface Loopback 1 (2::9/128) on Router B, and the output interface is GigabitEthernet 2/1/1.
Device Interface IPv6 address Device Interface IPv6 address Router A Loop1 1::9/128 Router B Loop1 2::9/128 Router C GE2/1/1 10::100/64 Router D GE2/1/1 12::2/64 Router C GE2/1/2 13::2/64 Router D GE2/1/2 11::1/64 Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 static routes and BFD: # Configure IPv6 static routes on Router A and enable BFD control packet mode for the IPv6 static route that traverses Router D.
Hold Time: 2012ms The output shows that the BFD session has been created. # Display IPv6 static routes on Router A. display ipv6 routing-table protocol static Summary Count : 1 Static Routing table Status : Summary Count : 1 Destination: 120::/64 Protocol : Static NextHop : 2::9 Preference: 60 Interface : GE2/1/1 Cost : 0 Static Routing table Status : Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 2/1/1.
Configuring an IPv6 default route A default IPv6 route is used to forward packets that match no entry in the routing table. A default IPv6 route can be configured in either of the following ways: • The network administrator can configure a default route with a destination prefix of ::/0. For more information, see "Configuring an IPv6 static route." • Some dynamic routing protocols, such as OSPFv3, IPv6 IS-IS, and RIPng, can generate a default IPv6 route.
Configuring RIPng RIP next generation (RIPng) is an extension of RIP-2 for support of IPv6. Most RIP concepts are applicable to RIPng. Overview RIPng is a distance vector routing protocol. It employs UDP to exchange route information through port 521. RIPng uses a hop count to measure the distance to a destination. The hop count is the metric or cost. The hop count from a router to a directly connected network is 0. The hop count between two directly connected routers is 1.
3. 4. After RIPng receives the response, it checks the validity of the response before adding routes to its routing table, including the following details: { Whether the source IPv6 address is the link-local address. { Whether the port number is correct. A response packet that fails the check is discarded. Protocols and standards • RFC 2080, RIPng for IPv6 • RFC 2081, RIPng Protocol Applicability Statement RIPng configuration task list Tasks at a glance (Required.
Step Command Remarks 4. Enter interface view. interface interface-type interface-number N/A By default, RIPng is disabled. 5. Enable RIPng on the interface. ripng process-id enable If RIPng is not enabled on an interface, the interface does not send or receive any RIPng route. Configuring RIPng route control Before you configure RIPng, complete the following tasks: • Configure IPv6 addresses for interfaces to ensure IPv6 connectivity between neighboring nodes. • Configure basic RIPng.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Advertise a summary IPv6 prefix. ripng summary-address ipv6-address prefix-length By default, the summary IPv6 prefix is not configured. Advertising a default route Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A By default, RIPng does not advertise a default route. 3.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure a preference for RIPng. preference [ route-policy route-policy-name ] value The default setting is 100. Configuring RIPng route redistribution Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Redistribute routes from other routing protocols.
Step Command Remarks 3. Configure RIPng timers. timers { garbage-collect garbage-collect-value | suppress suppress-value | timeout timeout-value | update update-value } * By default: • • • • The update timer is 30 seconds. The timeout timer is 180 seconds. The suppress timer is 120 seconds. The garbage-collect timer is 120 seconds. Configuring split horizon and poison reverse If both split horizon and poison reverse are configured, only the poison reverse function takes effect.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Enable the zero field check on incoming RIPng packets. checkzero By default, this feature is enabled. Configuring the maximum number of ECMP routes Step Command Remarks 1. Enter system view. system-view N/A 2. Enter RIPng view. ripng [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Configure the maximum number of ECMP routes.
Applying an IPsec profile To protect routing information and prevent attacks, RIPng supports using an IPsec profile to authenticate protocol packets. For more information about IPsec profiles, see Security Configuration Guide. Outbound RIPng packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile. A device uses the SPI carried in a received packet to match against the configured IPsec profile. If they match, the device accepts the packet.
Task Command Clear statistics for a RIPng process. reset ripng process-id statistics RIPng configuration examples Basic RIPng configuration example Network requirements As shown in Figure 91, all routers learn IPv6 routing information through RIPng. Configure Router B to filter the route (2::/64) learned from Router A. The route will not be added to the routing table of Router B, and Router B forwards only the route 4::/64 to Router A. Figure 91 Network diagram Configuration procedure 1.
system-view [RouterC] ripng 1 [RouterC-ripng-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ripng 1 enable [RouterC-GigabitEthernet2/1/1] quit [RouterC] interface gigabitethernet 2/1/2 [RouterC-GigabitEthernet2/1/2] ripng 1 enable [RouterC-GigabitEthernet2/1/2] quit [RouterC] interface gigabitethernet 2/1/3 [RouterC-GigabitEthernet2/1/3] ripng 1 enable [RouterC-GigabitEthernet2/1/3] quit # Display the RIPng routing table on Router B.
[RouterB] ipv6 prefix-list aaa permit 4:: 64 [RouterB] ipv6 prefix-list bbb deny 2:: 64 [RouterB] ipv6 prefix-list bbb permit :: 0 less-equal 128 [RouterB] ripng 1 [RouterB-ripng-1] filter-policy prefix-list aaa export [RouterB-ripng-1] filter-policy prefix-list bbb import [RouterB-ripng-1] quit # Display the RIPng routing tables on Router B and Router A.
Figure 92 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic RIPng: # Enable RIPng 100 on Router A. system-view [RouterA] ripng 100 [RouterA-ripng-100] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ripng 100 enable [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface gigabitethernet 2/1/2 [RouterA-GigabitEthernet2/1/2] ripng 100 enable # Enable RIPng 100 and RIPng 200 on Router B.
3.
NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 2::/64 Protocol : Direct NextHop : 2::1 Preference: 0 Interface : GE2/1/1 Cost : 0 Destination: 2::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost : 0 Destination: 4::/64 Protocol : RIPng NextHop : FE80::200:BFF:FE01:1C02 Preference: 100 Interface : GE2/1/2 Cost : 1 Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost : 0 Dest
[RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] ripng 1 enable [RouterB-GigabitEthernet2/1/1] quit [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] ripng 1 enable [RouterB-GigabitEthernet2/1/2] quit # Configure Router C. system-view [RouterC] ripng 1 [RouterC-ripng-1] quit [RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ripng 1 enable [RouterC-GigabitEthernet2/1/1] quit 3.
# Create a manual IPsec profile named profile001. [RouterB] ipsec profile profile001 manual # Reference IPsec transform set protrf1. [RouterB-ipsec-profile-profile001-manual] transform-set protrf1 # Configure the inbound and outbound SPIs for ESP. [RouterB-ipsec-profile-profile001-manual] sa spi inbound esp 256 [RouterB-ipsec-profile-profile001-manual] sa spi outbound esp 256 # Configure the inbound and outbound SA keys for ESP.
Verifying the configuration RIPng packets between Routers A, B, and C are protected by IPsec.
Configuring OSPFv3 In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. This chapter describes how to configure RFC 2740-compliant Open Shortest Path First version 3 (OSPFv3) for an IPv6 network. For more information about OSPFv2, see "Configuring OSPF.
• Inter-Area-Prefix LSA—Type-3 LSA, originated by ABRs and flooded throughout the LSA's associated area. Each Inter-Area-Prefix LSA describes a route with IPv6 address prefix to a destination outside the area, yet still inside the AS. • Inter-Area-Router LSA—Type-4 LSA, originated by ABRs and flooded throughout the LSA's associated area. Each Inter-Area-Router LSA describes a route to ASBR. • AS External LSA—Type-5 LSA, originated by ASBRs, and flooded throughout the AS, except stub and NSSA areas.
Tasks at a glance (Optional.) Configuring OSPFv3 route control: • • • • • • • Configuring OSPFv3 route summarization Configuring OSPFv3 received route filtering Configuring Inter-Area-Prefix LSA filtering Configuring an OSPFv3 cost for an interface Configuring the maximum number of OSPFv3 ECMP routes Configuring a preference for OSPFv3 Configuring OSPFv3 route redistribution (Optional.
Step Command Remarks 2. Enable an OSPFv3 process and enter its view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * By default, no OSPFv3 process is enabled. 3. Specify a router ID. router-id router-id By default, no router ID is configured. 4. Enter interface view. interface interface-type interface-number N/A 5. Enable an OSPFv3 process on the interface. ospfv3 process-id area area-id [ instance instance-id ] No OSPFv3 process is enabled on an interface by default.
Step Command Remarks 5. (Optional.) Specify a cost for the default route advertised to the stub area. default-cost value The default setting is 1. Configuring an NSSA area An NSSA area can import external routes into the OSPFv3 routing domain while retaining other stub area characteristics. To configure an NSSA area, configure the nssa command on all the routers attached to the area. To configure a totally NSSA area, configure the nssa no-summary command on the ABR.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Enter OSPFv3 area view. area area-id N/A 4. Configure a virtual link. vlink-peer router-id [ dead seconds | hello seconds | instance instance-id | ipsec-profile profile-name | retransmit seconds | trans-delay seconds ] * By default, no virtual link is configured.
To configure an NBMA or P2MP (unicast) neighbor and its DR priority: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Specify an NBMA or P2MP (unicast) neighbor and its DR priority. ospfv3 peer ipv6-address [ cost value | dr-priority dr-priority ] [ instance instance-id ] By default, no link-local address is specified for the neighbor interface.
Step Command Remarks 3. Configure OSPFv3 to filter routes calculated using received LSAs. filter-policy { acl6-number [ gateway prefix-list-name ] | prefix-list prefix-list-name [ gateway prefix-list-name ] | gateway prefix-list-name | route-policy route-policy-name } import By default, OSPFv3 accepts all routes calculated using received LSAs. This command can only filter routes computed by OSPFv3. Only routes not filtered out can be added into the local routing table.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Configure a reference value. bandwidth-reference value The default setting is 100 Mbps. bandwidth Configuring the maximum number of OSPFv3 ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view.
Step Command Remarks 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. (Optional.) Specify a default cost for redistributed routes. default cost value The default setting is 1. 4. Configure OSPFv3 to redistribute routes from other routing protocols. import-route protocol [ process-id | all-processes | allow-ibgp ] [ allow-direct | cost cost | nssa-only | route-policy route-policy-name | tag tag | type type ] * By default, route redistribution is disabled. 5.
Step Command Remarks By default, the dead interval on P2P and broadcast interfaces is 40 seconds. 4. Configure the dead interval. ospfv3 timer dead seconds [ instance instance-id ] The dead interval set on neighboring interfaces cannot be too short. Otherwise, a neighbor is easily considered down. 5. Configure the poll interval. ospfv3 timer poll seconds [ instance instance-id ] By default, the poll interval is 120 seconds. The default setting is 5 seconds. 6. Configure the retransmission interval.
Step Command Remarks By default: • The maximum interval is 5 3. Specify the SPF calculation interval. seconds. spf-schedule-interval maximum-interval [ minimum-interval [ incremental-interval ] ] • The minimum interval is 50 milliseconds. • The incremental interval is 200 milliseconds. Specifying the LSA generation interval You can adjust the LSA generation interval to protect network resources and routers from being over consumed by frequent network changes.
Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Ignore MTU check for DD packets. ospfv3 mtu-ignore [ instance instance-id ] By default, OSPFv3 does not ignore MTU check for DD packets.
Configuring the LSU transmit rate Sending large numbers of LSU packets affects router performance and consumes a large amount of network bandwidth. You can configure the router to send LSU packets at an interval and to limit the maximum number of LSU packets sent out of an OSPFv3 interface at each interval. To configure the LSU transmit rate: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view.
Step Command Remarks 4. (Optional.) Configure the GR interval. graceful-restart interval interval-value By default, the GR interval is 120 seconds. Configuring GR helper You can configure the GR helper capability on a GR helper. To configure GR helper: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Enable the GR helper capability.
Configuring BFD for OSPFv3 Bidirectional forwarding detection (BFD) provides a mechanism to quickly detect the connectivity of links between OSPFv3 neighbors, improving the convergence speed of OSPFv3. For more information about BFD, see High Availability Configuration Guide. After discovering neighbors by sending hello packets, OSPFv3 notifies BFD of the neighbor addresses, and BFD uses these addresses to establish sessions. Before a BFD session is established, it is in the down state.
• If a virtual link and area 0 each have an IPsec profile configured, the virtual link uses its own IPsec profile. To apply an IPsec profile to an area: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter OSPFv3 view. ospfv3 [ process-id | vpn-instance vpn-instance-name ] * N/A 3. Enter OSPFv3 area view. area area-id N/A 4. Apply an IPsec profile to the area. enable ipsec-profile profile-name By default, no IPsec profile is applied.
Purpose Command Display OSPFv3 interface information. display ospfv3 [ process-id ] interface [ interface-type interface-number | verbose ] Display OSPFv3 LSDB information. display ospfv3 [ process-id ] lsdb [ { external | grace | inter-prefix | inter-router | intra-prefix | link | network | nssa | router | unknown [ type ] } [ link-state-id ] [ originate-router router-id | self-originate ] | statistics | total | verbose ] Display OSPFv3 next hop information.
Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic OSPFv3: # Configure Router A: enable OSPFv3 and specify the router ID as 1.1.1.1. system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
OSPFv3 Process 1 with Router ID 2.2.2.2 Area: 0.0.0.0 ------------------------------------------------------------------------Router ID Pri State Dead-Time InstID Interface 3.3.3.3 1 00:00:40 Full/BDR 0 GE2/1/1 Area: 0.0.0.1 ------------------------------------------------------------------------Router ID Pri State Dead-Time InstID Interface 1.1.1.1 1 00:00:40 Full/DR 0 GE2/1/2 # Display OSPFv3 neighbors on Router C. [RouterC] display ospfv3 peer OSPFv3 Process 1 with Router ID 3.3.3.
Nexthop : :: Interface: GE2/1/2 AdvRouter : 4.4.4.4 Area : 0.0.0.2 : 4 Preference : 10 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: GE2/1/2 AdvRouter : 3.3.3.3 Area : 0.0.0.0 Preference : 10 Total: 4 Intra area: 1 3. Inter area: 3 ASE: 0 NSSA: 0 Configure Area 2 as a stub area: # Configure Router D. [RouterD] ospfv3 [RouterD-ospfv3-1] area 2 [RouterD-ospfv3-1-area-0.0.0.2] stub [RouterD-ospfv3-1-area-0.0.0.
AdvRouter : 3.3.3.3 Area : 0.0.0.0 : 1 Preference : 10 *Destination: 2001:2::/64 Type : I Cost Nexthop : :: Interface: GE2/1/2 AdvRouter : 4.4.4.4 Area : 0.0.0.2 : 4 Preference : 10 *Destination: 2001:3::/64 Type : IA Cost NextHop : FE80::F40D:0:93D0:1 Interface: GE2/1/2 AdvRouter : 3.3.3.3 Area : 0.0.0.
OSPFv3 NSSA area configuration example Network requirements • Configure OSPFv3 on all routers and split the AS into three areas. • Configure Router B and Router C as ABRs to forward routing information between areas. • Configure Area 1 as an NSSA area and configure Router A as an ASBR to redistribute static routes into the AS. Figure 95 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2.
# Display OSPFv3 routing information on Router A. [RouterA] display ospfv3 1 routing OSPFv3 Process 1 with Router ID 1.1.1.1 ------------------------------------------------------------------------I - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route * - Selected route *Destination: 2001::/64 Type : IA Cost NextHop : FE80::20C:29FF:FE74:59C6 Interface: GE2/1/1 : 2 AdvRouter : 2.2.2.2 Area : 0.0.
Preference : 10 *Destination: 2001:1::/64 Type : IA Cost : 3 NextHop : FE80::20C:29FF:FEB9:F2EF Interface: GE2/1/2 AdvRouter : 3.3.3.3 Area : 0.0.0.2 : 1 Preference : 10 *Destination: 2001:2::/64 Type : I Cost NextHop : :: Interface: GE2/1/2 AdvRouter : 4.4.4.4 Area : 0.0.0.2 : 1 Preference : 10 *Destination: 1234::/64 Type : E2 Cost NextHop : FE80::20C:29FF:FEB9:F2EF Interface: GE2/1/2 AdvRouter : 2.2.2.
Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic OSPFv3: # Configure Router A: enable OSPFv3, and specify the router ID as 1.1.1.1. system-view [RouterA] ospfv3 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ospfv3 1 area 0 [RouterA-GigabitEthernet2/1/1] quit # Configure Router B: enable OSPFv3, and specify the router ID as 2.2.2.2.
# Display neighbors on Router D. The neighbor states are all full. [RouterD] display ospfv3 peer OSPFv3 Process 1 with Router ID 4.4.4.4 Area: 0.0.0.0 ------------------------------------------------------------------------- 3. Router ID Pri State Dead-Time InstID Interface 1.1.1.1 1 Full/DROther 00:00:30 0 GE2/1/1 2.2.2.2 1 Full/DROther 00:00:37 0 GE2/1/1 3.3.3.
The output shows that the DR is still Router D. 4. Enable DR/BDR election: # Perform the shutdown and undo shutdown commands on each interface to enable a new DR/BD election. (Details not shown.) # Display neighbors on Router A. The output shows that Router C becomes the BDR. [RouterA] display ospfv3 peer OSPFv3 Process 1 with Router ID 1.1.1.1 Area: 0.0.0.0 ------------------------------------------------------------------------Router ID Pri State Dead-Time InstID Interface 2.2.2.
Figure 97 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic OSPFv3: # Enable OSPFv3 process 1 on Router A. system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
[RouterC] interface gigabitethernet 2/1/1 [RouterC-GigabitEthernet2/1/1] ospfv3 2 area 2 [RouterC-GigabitEthernet2/1/1] quit # Display the routing table on Router C. [RouterC] display ipv6 routing-table Destinations : 7 Routes : 7 3.
Destination: ::1/128 Protocol NextHop : ::1 Preference: 0 : Direct Interface : InLoop0 Cost : 0 Destination: 1::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : GE2/1/2 Cost : 3 Destination: 2::/64 Protocol : OSPFv3 NextHop : FE80::200:CFF:FE01:1C03 Preference: 150 Interface : GE2/1/2 Cost : 3 Destination: 3::/64 Protocol : Direct NextHop : 3::2 Preference: 0 Interface : GE2/1/2 Cost : 0 Destination: 3::2/128 Protocol : Direct Nex
Figure 98 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure basic OSPFv3: # On Router A, enable OSPFv3 process 1, enable GR, and set the router ID to 1.1.1.1. system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
Verifying the configuration After all routers function correctly, perform an active/standby switchover on Router A to trigger an OSPFv3 GR operation. OSPFv3 NSR configuration example Network requirements As shown in Figure 99, Router S, Router A, and Router B belong to the same AS and OSPFv3 routing domain. Enable OSPFv3 NSR on Router S to ensure correct routing when an active/standby switchover occurs on Router S. Figure 99 Network diagram Configuration procedure 1.
[RouterS-GigabitEthernet2/1/1] quit [RouterS] interface gigabitethernet 2/1/2 [RouterS-GigabitEthernet2/1/2] ospfv3 1 area 1 [RouterS-GigabitEthernet2/1/2] quit Verifying the configuration # Verify the following: • When an active/standby switchover occurs on Router S, the neighbor relationships and routing information on Router A and Router B have not changed. • The traffic from Router A to Router B has not been impacted.
[RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] ospfv3 1 area 0 [RouterA-GigabitEthernet2/1/1] quit [RouterA] interface gigabitethernet 2/1/2 [RouterA-GigabitEthernet2/1/2] ospfv3 1 area 0 [RouterA-GigabitEthernet2/1/2] quit # Enable OSPFv3 and set the router ID to 2.2.2.2 on Router B. system-view [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.
Verifying the configuration # Display the BFD information on Router A.
Figure 101 Network diagram Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure OSPFv3 basic functions: # On Router A, enable OSPFv3 and configure the router ID as 1.1.1.1. system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.
[RouterA] ipsec transform-set trans # Specify the encapsulation mode as transport. [RouterA-ipsec-transform-set-trans] encapsulation-mode transport # Specify the ESP encryption and authentication algorithms. [RouterA-ipsec-transform-set-trans] esp encryption-algorithm 3des-cbc [RouterA-ipsec-transform-set-trans] esp authentication-algorithm md5 # Specify the AH authentication algorithm.
# Configure the inbound and outbound SPIs for ESP. [RouterB-ipsec-profile-profile001-manual] sa spi inbound esp 200000 [RouterB-ipsec-profile-profile001-manual] sa spi outbound esp 200000 # Configure the inbound and outbound SA keys for AH. [RouterB-ipsec-profile-profile001-manual] sa string-key inbound ah simple abc [RouterB-ipsec-profile-profile001-manual] sa string-key outbound ah simple abc # Configure the inbound and outbound SA keys for ESP.
[RouterC-ipsec-profile-profile002-manual] sa spi outbound ah 400000 # Configure the inbound and outbound SPIs for ESP. [RouterC-ipsec-profile-profile002-manual] sa spi inbound esp 256 [RouterC-ipsec-profile-profile002-manual] sa spi outbound esp 256 # Configure the inbound and outbound SA keys for AH.
Configuring IPv6 IS-IS In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. IPv6 IS-IS supports all IPv4 IS-IS features except that it advertises IPv6 routing information. This chapter describes only IPv6 IS-IS specific configuration tasks. For information about IS-IS, see "Configuring IS-IS.
Step Command Remarks 8. Enable IPv6 for an IS-IS process on the interface. isis ipv6 enable [ process-id ] By default, IPv6 is disabled for an IS-IS process on the interface. Configuring IPv6 IS-IS route control Before you configure IPv6 IS-IS route control, complete basic IPv6 IS-IS configuration. To configure IPv6 IS-IS route control: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3.
Step Command Remarks 11. Configure route advertisement from Level-2 to Level-1. import-route isisv6 level-2 into level-1 [ filter-policy { acl6-number | prefix-list prefix-list-name | route-policy route-policy-name } | tag tag ] * By default, IPv6 IS-IS does not advertise routes from Level-2 to Level-1. 12. Configure route advertisement from Level-1 to Level-2.
Step Command Remarks 5. Enable IPv6 IS-IS MTR. multi-topology [ compatible ] By default, IPv6 IS-IS MTR is disabled. 6. Specify a global IPv6 IS-IS cost. circuit-cost value [ level-1 | level-2 ] By default, no global IPv6 cost is specified. Enabling automatic link cost calculation Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Specify an IS-IS cost style.
Step Command Remarks 3. Specify an IS-IS cost style. cost-style { wide | wide-compatible } By default, the IS-IS cost style is narrow. 4. Enter IPv6 address family view. address-family ipv6 [ unicast ] N/A 5. Enable IPv6 IS-IS MTR. multi-topology [ compatible ] By default, IPv6 IS-IS MTR is disabled. • prefix-priority { critical | high | 6. Assign a convergence priority to specific IPv6 IS-IS routes.
Controlling SPF calculation interval Step Command Remarks 1. Enter system view. system-view N/A 2. Enter IS-IS view. isis [ process-id ] [ vpn-instance vpn-instance-name ] N/A 3. Specify an IS-IS cost style. cost-style { wide | wide-compatible } By default, the IS-IS cost style is narrow. 4. Enter IPv6 address family view. address-family ipv6 [ unicast ] N/A 5. Enable IPv6 IS-IS MTR. multi-topology [ compatible ] By default, IPv6 IS-IS MTR is disabled.
Step Command Remarks 3. Enable prefix suppression on the interface. isis ipv6 prefix-suppression By default, prefix suppression is disabled on an interface. Configuring BFD for IPv6 IS-IS Bidirectional forwarding detection (BFD) can quickly detect faults between IPv6 IS-IS neighbors to improve the convergence speed of IPv6 IS-IS. For more information about BFD, see High Availability Configuration Guide. To configure BFD for IPv6 IS-IS: Step Command Remarks 1. Enter system view.
Figure 102 Network diagram Router A Router B IPv6 IPv6 4 IPv6 IPv4 3 36 IPv6 IPv4 5 IPv4 IPv4 Router D Router C As shown in Figure 102, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6. Router C supports only IPv4 and cannot forward IPv6 packets. Enable IPv6 IS-IS MTR on Router A, Router B, Router C, and Router D to make them perform route calculation separately in IPv4 and IPv6 topologies.
Task Command Display IPv6 IS-IS routing information. display isis route ipv6 [ ipv6-address ] [ [ level-1 | level-2 ] | verbose ] * [ process-id ] Display IPv6 IS-IS topology information. display isis spf-tree ipv6 [ [ level-1 | level-2 ] | verbose ] * [ process-id ] IPv6 IS-IS configuration examples IPv6 IS-IS basic configuration example Network requirements As shown in Figure 103, Router A, Router B, Router C, and Router D, all enabled with IPv6, reside in the same AS.
[RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] address-family ipv6 [RouterB-isis-1-ipv6] quit [RouterB-isis-1] quit [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] isis ipv6 enable 1 [RouterB-GigabitEthernet2/1/1] quit # Configure Router C. system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.
----------------------------- Destination : :: PrefixLen: 0 Flag : R/-/- Cost Next Hop : FE80::200:FF:FE0F:4 Interface: GE2/1/1 : 10 Destination : 2001:1:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: GE2/1/1 : 10 Destination : 2001:2:: PrefixLen: 64 Flag : R/-/- Cost Next Hop : FE80::200:FF:FE0F:4 Interface: GE2/1/1 : 20 Destination : 2001:3:: PrefixLen: 64 Flag : R/-/- Cost Next Hop : FE80::200:FF:FE0F:4 Interface: GE2/1/1 : 20 Flags: D-Direct, R-Added
Route information for IS-IS(1) ------------------------------ Level-1 IPv6 Forwarding Table ----------------------------- Destination : 2001:1:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: GE2/1/2 : 10 Destination : 2001:2:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: GE2/1/1 : 10 Destination : 2001:3:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: GE2/1/3 : 10 Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit S
----------------------------Destination : 2001:1:: PrefixLen: 64 Flag : R/-/- Cost Next Hop : FE80::200:FF:FE0F:4 Interface: GE2/1/1 : 20 Destination : 2001:2:: PrefixLen: 64 Flag : R/-/- Cost Next Hop : FE80::200:FF:FE0F:4 Interface: GE2/1/1 : 20 Destination : 2001:3:: PrefixLen: 64 Flag : D/L/- Cost Next Hop : Direct Interface: GE2/1/1 : 10 Destination : 2001:4::1 PrefixLen: 128 Flag : D/L/- Cost Next Hop : Direct Interface: GE2/1/2 : 0 Flags: D-Direct, R-Added to Rib,
Configuration procedure 1. Configure IPv6 addresses for interfaces. (Details not shown.) 2. Configure IPv6 IS-IS: # Configure Router A. system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.
[RouterA] bfd session init-mode active [RouterA] interface gigabitethernet 2/1/1 [RouterA-GigabitEthernet2/1/1] isis ipv6 bfd enable [RouterA-GigabitEthernet2/1/1] bfd min-transmit-interval 500 [RouterA-GigabitEthernet2/1/1] bfd min-receive-interval 500 [RouterA-GigabitEthernet2/1/1] bfd detect-multiplier 7 [RouterA-GigabitEthernet2/1/1] return # Enable BFD and configure BFD parameters on Router B.
The output shows that Router A and Router B communicate through GigabitEthernet 2/1/2.
Configuring IPv6 PBR In this chapter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024, MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080. Overview Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify parameters for packets that match specific criteria such as ACLs or that have specific lengths. The parameters include the next hop, output interface, default next hop, and default output interface.
apply clause IPv6 PBR supports the types of apply clauses shown in Table 21. You can specify multiple apply clauses for a node, but some of them might not be executed.
Relationship between the match mode and clauses on the node Does a packet match all the if-match clauses on the node? Match mode In permit mode In deny mode • If the node is configured with apply clauses, IPv6 PBR executes the apply clauses on the node. { { Yes { If the IPv6 PBR-based forwarding succeeds, IPv6 PBR does not match the packet against the next node.
Tasks at a glance (Required.) Configuring IPv6 PBR: • Configuring IPv6 local PBR • Configuring IPv6 interface PBR Configuring an IPv6 policy Creating an IPv6 node Step Command Remarks 1. Enter system view. system-view N/A 2. Create an IPv6 policy or policy node, and enter IPv6 policy node view. ipv6 policy-based-route policy-name [ deny | permit ] node node-number By default, no IPv6 policy node is created. Configuring match criteria for an IPv6 node Step Command Remarks 1. Enter system view.
Step Command Remarks By default, no VPN instance is specified. 4. Set VPN instances. apply access-vpn vpn-instance vpn-instance-name&<1-n> You can specify up to m VPN instances for a node. The matching packets are forwarded according to the forwarding table of the first available VPN instance. The value of m is 6. By default, no next hop is specified. 5. Set next hops for permitted IPv6 packets.
Step Command Remarks By default, no default output interface is specified. 11. Set default output interfaces. apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n> You can specify multiple default output interfaces for backup or load sharing by executing this command once or multiple times. You can specify up to m default output interfaces for a node. The value of m is 16. 12. Enable load sharing among multiple default output interfaces. 13.
To configure IPv6 interface PBR: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Apply an IPv6 policy to the interface. ipv6 policy-based-route policy-name By default, no IPv6 policy is applied to the interface. Displaying and maintaining IPv6 PBR Execute display commands in any view and reset commands in user view. Task Command Display IPv6 PBR policy information.
# Configure the IPv6 addresses of the serial interfaces. system-view [RouterA] interface serial 2/1/0 [RouterA-Serial2/1/0] ipv6 address 1::1 64 [RouterA-Serial2/1/0] quit [RouterA] interface serial 2/1/1 [RouterA-Serial2/1/1] ipv6 address 2::1 64 [RouterA-Serial2/1/1] quit # Configure ACL 3001 to match TCP packets. [RouterA] acl ipv6 number 3001 [RouterA-acl6-adv-3001] rule permit tcp [RouterA-acl6-adv-3001] quit # Configure Node 5 for policy aaa to forward TCP packets to next hop 1::2.
Figure 106 Network diagram Router B Router C S2/1/0 1::2/64 S2/1/1 2::2/64 S2/1/0 1::1/64 S2/1/1 2::1/64 Router A GE2/1/1 10::2/64 Subnet 10::1/64 Host A 10::3/64 Gateway: 10::2/64 Configuration procedure 1. Configure Router A: # Configure RIPng.
[RouterA-GigabitEthernet2/1/1] undo ipv6 nd ra halt [RouterA-GigabitEthernet2/1/1] ripng 1 enable [RouterA-GigabitEthernet2/1/1] ipv6 policy-based-route aaa [RouterA-GigabitEthernet2/1/1] quit 2. Configure RIPng on Router B. system-view [RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] ipv6 address 1::2 64 [RouterB-Serial2/1/0] ripng 1 enable [RouterB-Serial2/1/0] quit 3. Configure RIPng on Router C.
Figure 107 Network diagram Configuration procedure 1. Configure Router A: # Configure RIPng.
[RouterB-ripng-1] quit [RouterB] interface serial 2/1/0 [RouterB-Serial2/1/0] ipv6 address 150::2 64 [RouterB-Serial2/1/0] ripng 1 enable [RouterB-Serial2/1/0] quit [RouterB] interface serial 2/1/1 [RouterB-Serial2/1/1] ipv6 address 151::2 64 [RouterB-Serial2/1/1] ripng 1 enable [RouterB-Serial2/1/1] quit [RouterB] interface loopback 0 [RouterB-LoopBack0] ipv6 address 10::1 128 [RouterB-LoopBack0] ripng 1 enable Verifying the configuration # Execute the debugging ipv6 policy-based-route command on Router A
Reply from 10::1: time=1ms Ping statistics for 10::1: Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms The debugging information about IPv6 PBR displayed on Router A is as follows: *Jun 26 13:20:33:619 2012 RouterA PBR6/7/PBR Forward Info: -MDC=1; Policy:lab1, Node: 20,match succeeded. *Jun 151 26 13:20:33:619 2012 RouterA PBR6/7/PBR Forward Info: -MDC=1; apply next-hop ::2.
Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: 1. Configure filters based on route attributes, such as destination address and the advertising router's address. 2.
MAC list A MAC list matches MAC addresses contained in EVI IS-IS packets. A MAC list can contain multiple items that specify MAC address ranges. Each MAC address entry in an EVI IS-IS packet is compared with these items in ascending order of their index numbers. A MAC address entry matches the MAC list if it matches one item in the list. Routing policy A routing policy can contain multiple nodes, which are in a logical OR relationship. A node with a smaller number is matched first.
Configuring an IP prefix list Configuring an IPv4 prefix list If all the items are set to deny mode, no routes can pass the IPv4 prefix list. To allow other IPv4 routes to pass, you must configure the permit 0.0.0.0 0 less-equal 32 item following multiple deny items. To configure an IPv4 prefix list: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure an IPv4 prefix list.
Step Command Remarks 1. Enter system view. system-view N/A • Configure a basic community list: ip community-list { basic-comm-list-num | basic basic-comm-list-name } { deny | permit } [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] * 2. Configure a community list. • Configure an advanced community list: Use either method.
Creating a routing policy For a routing policy that has more than one node, configure at least one permit-mode node. A route that does not match any node cannot pass the routing policy. If all the nodes are in deny mode, no routes can pass the routing policy. To create a routing policy: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a routing policy and a node, and enter routing policy node view.
Step Command Remarks 5. Match BGP routes whose COMMUNITY attribute matches a specified community list. if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32> By default, no COMMUNITY match criterion is matched. 6. Match routes having the specified cost. if-match cost value By default, no cost match criterion is configured. 7. Match BGP routes whose extended community attribute matches a specified extended community list.
Step Command Remarks 4. Delete the specified COMMUNITY attribute for BGP routes. apply comm-list { comm-list-number | comm-list-name } delete By default, no COMMUNITY attribute is deleted for BGP routes. 5. Set the specified COMMUNITY attribute for BGP routes. apply community { none | additive | { community-number&<1-32> | aa:nn&<1-32> | internet | no-advertise | no-export | no-export-subconfed } * [ additive ] } By default, no community attribute is set for BGP routes. 6. Set a cost for routes.
Step Command Remarks • apply fast-reroute 20. Set a backup link for fast reroute (FRR). { backup-interface interface-type interface-number [ backup-nexthop ip-address ] | backup-nexthop ip-address } Use either command. By default, no backup link is set for FRR.
Task Command Display BGP community list information. display ip community-list [ basic-community-list-number | adv-community-list-number | name comm-list-name ] Display BGP extended community list information. display ip extcommunity-list [ ext-comm-list-number ] Display IPv4 prefix list statistics. display ip prefix-list [ name prefix-list-name ] Display IPv6 prefix list statistics. display ipv6 prefix-list [ name prefix-list-name ] Display MAC list statistics.
[RouterC-isis-1] is-level level-2 [RouterC-isis-1] network-entity 10.0000.0000.0001.
192.168.1.0/24 1 Transit 192.168.1.1 192.168.1.1 0.0.0.0 Destination Cost Type Tag NextHop AdvRouter 172.17.1.0/24 1 Type2 1 192.168.1.2 192.168.2.2 172.17.2.0/24 1 Type2 1 192.168.1.2 192.168.2.2 172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2 Routing for ASEs Total Nets: 4 Intra Area: 1 4. Inter Area: 0 ASE: 3 NSSA: 0 Configure filtering lists on Router B: # Configure ACL 2002 to allow route 172.17.2.0/24 to pass.
172.17.3.0/24 1 Type2 1 192.168.1.2 192.168.2.2 Total Nets: 4 Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: 0 The output shows that the cost of route 172.17.1.0/24 is 100 and the tag of route 172.17.2.0/24 is 20. Applying a routing policy to IPv6 route redistribution Network requirements • As shown in Figure 109, run RIPng on Router A and Router B. • Configure three static routes on Router A.
[RouterA] route-policy static2ripng permit node 10 [RouterA-route-policy-static2ripng-10] quit # Enable RIPng and apply routing policy static2ripng to filter redistributed static routes on Router A. [RouterA] ripng [RouterA-ripng-1] import-route static route-policy static2ripng 2. Configure Router B: # Configure the IPv6 address of GigabitEthernet 2/1/1. system-view [RouterB] interface gigabitethernet 2/1/1 [RouterB-GigabitEthernet2/1/1] ipv6 address 10::2 32 # Enable RIPng.
Configuring MTR Overview Multi-Topology Routing (MTR) splits a base topology into multiple topologies, which intersect or overlap with one another. Route calculation is performed on a per-topology basis. For example, IS-IS MTR splits an IS-IS routing domain into multiple independent IP topologies, such as an IPv4 topology and an IPv6 topology. It enables IS-IS to perform separate route calculation in the IPv4 and IPv6 topologies.
An MTR policy comprises multiple nodes. Each node, identified by a node number, contains multiple match criteria. A packet matches the nodes in the ascending order of their numbers. The nodes of an MTR policy are in an OR relationship. If a packet matches one of the nodes, it matches the MTR policy. Each node contains a set of if-match and apply clauses. • if-match—Defines a criterion to match packet attributes. The if-match clauses of a node are in an OR relationship.
Step Command Remarks • Configure an ACL match criterion: if-match ip acl acl-number • Configure a DSCP value match 11. Configure criteria. the match criterion: if-match ip dscp dscp-value Use one of the methods. • Configure an IP precedence match By default, no match criterion is configured. 12. Return to system view. quit N/A 13. Enter global address family view. global-address-family ipv4 [ unicast ] N/A 14. Enable the MTR policy.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point. Represents a mesh access point.
Index ABCDEGILOPRST Configuring MTR,480 A Configuring OSPF areas,73 Applying an IPsec profile,413 Configuring OSPF FRR,97 Applying an IPsec profile,388 Configuring OSPF GR,93 B Configuring OSPF network types,75 BGP configuration task list,207 Configuring OSPF NSR,95 C Configuring OSPF route control,77 Configuring OSPFv3 area parameters,401 Configuring 6PE,285 Configuring OSPFv3 GR,411 Configuring a large-scale BGP network,273 Configuring OSPFv3 network types,403 Configuring a policy,358 Co
Displaying and maintaining PBR,361 Overview,381 Displaying and maintaining RIP,42 Overview,194 Displaying and maintaining RIPng,388 Overview,26 Displaying and maintaining static routes,15 Overview,454 Displaying and maintaining the routing policy,474 Overview,467 Dynamic routing protocols,2 Overview,438 E Overview,129 Overview,480 Enabling IPv6 IS-IS MTR,444 Enabling logging of session state changes,280 P Enabling OSPF,71 PBR configuration examples,361 Enabling OSPFv3,400 PBR configuratio
