hit counter code
HP VSR1000 Configuration Manual
  1. Manuals
  2. Brands
  3. HP Manuals
  4. Network Router
  5. VSR1000
  6. Configuration manual
HP VSR1000 Configuration Manual

HP VSR1000 Configuration Manual

Virtual services router
Hide thumbs Also See for VSR1000:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
Table of Contents

Advertisement

Quick Links

HP VSR1000 Virtual Services Router
Layer 3 - IP Routing

Configuration Guide

Part number: 5998-6025
Software version: VSR1000_HP-CMW710-R0202-X64
Document version: 6W100-20140418

Advertisement

Table of Contents
loading

Related Manuals for HP VSR1000

Summary of Contents for HP VSR1000

  • Page 1: Configuration Guide

    HP VSR1000 Virtual Services Router Layer 3 - IP Routing Configuration Guide Part number: 5998-6025 Software version: VSR1000_HP-CMW710-R0202-X64 Document version: 6W100-20140418...
  • Page 2 The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an...

  • Page 3: Table Of Contents

    Contents Configuring basic IP routing ········································································································································ 1   Routing table ······································································································································································ 1   Dynamic routing protocols ··············································································································································· 2   Route preference ······························································································································································· 2   Load sharing ······································································································································································ 3   Route backup ····································································································································································· 3   Route recursion ·································································································································································· 3   Route redistribution ··························································································································································· 4  ...
  • Page 4 Tuning and optimizing RIP networks ···························································································································· 30   Configuration prerequisites ·································································································································· 30   Configuring RIP timers ··········································································································································· 30   Configuring split horizon and poison reverse ···································································································· 31   Configuring the maximum number of ECMP routes ·························································································· 32   Enabling zero field check on incoming RIPv1 messages ·················································································· 32  ...
  • Page 5 Configuring the NBMA network type for an interface ······················································································ 72   Configuring the P2MP network type for an interface ························································································ 73   Configuring the P2P network type for an interface ··························································································· 73   Configuring OSPF route control ··································································································································· 73   Configuration prerequisites ··································································································································...
  • Page 6 OSPF stub area configuration example ············································································································ 103   OSPF NSSA area configuration example ········································································································ 105   OSPF DR election configuration example ········································································································· 107   OSPF virtual link configuration example ··········································································································· 111   OSPF GR configuration example ······················································································································· 113   BFD for OSPF configuration example ··············································································································· 116  ...
  • Page 7 Configuring IS-IS network management ············································································································ 149   Configuring IS-IS PIC ··········································································································································· 150   Enhancing IS-IS network security ································································································································ 150   Configuration prerequisites ································································································································ 150   Configuring neighbor relationship authentication ··························································································· 151   Configuring area authentication ························································································································ 151   Configuring routing domain authentication ······································································································ 152  ...
  • Page 8 Configuring the MED attribute ··························································································································· 226   Configuring the NEXT_HOP attribute ················································································································ 231   Configuring the AS_PATH attribute ··················································································································· 232   Configuring the SoO attribute ···························································································································· 238   Tuning and optimizing BGP networks ························································································································ 239   Configuring the keepalive interval and hold time ···························································································· 240  ...
  • Page 9 Configuring PBR ······················································································································································ 326   Introduction to PBR ······················································································································································· 326   Policy ···································································································································································· 326   PBR and Track ······················································································································································ 328   PBR configuration task list ··········································································································································· 328   Configuring a policy ···················································································································································· 329   Creating a node ·················································································································································· 329   Configuring match criteria for a node ··············································································································...
  • Page 10 Configuring RIPng route redistribution ·············································································································· 362   Configuring RIPng IPsec profiles ························································································································ 364   Configuring OSPFv3 ··············································································································································· 368   OSPFv3 overview ························································································································································· 368   OSPFv3 packets··················································································································································· 368   OSPFv3 LSA types ··············································································································································· 368   Protocols and standards ····································································································································· 369   OSPFv3 configuration task list ····································································································································...
  • Page 11 Configuring basic IPv6 IS-IS ········································································································································ 405   Configuring IPv6 IS-IS route control ··························································································································· 406   Configuring IPv6 IS-IS link cost ·························································································································· 407   Tuning and optimizing IPv6 IS-IS networks················································································································ 408   Configuration prerequisites ································································································································ 408   Assigning a convergence priority to IPv6 IS-IS routes ····················································································· 408  ...
  • Page 12 Applying a routing policy to IPv4 route redistribution ····················································································· 442   Applying a routing policy to IPv6 route redistribution ····················································································· 445   Support and other resources ·································································································································· 447   Contacting HP ······························································································································································ 447   Subscription service ············································································································································ 447   Related information ······················································································································································ 447  ...

  • Page 13: Configuring Basic Ip Routing

    Configuring basic IP routing IP routing directs IP packet forwarding on routers based on a routing table. This chapter focuses on unicast routing protocols. For more information about multicast routing protocols, see IP Multicast Configuration Guide. Routing table A RIB contains the global routing information and related information, including route recursion, route redistribution, and route extension information.

  • Page 14: Dynamic Routing Protocols

    Pre—Preference of the route. Among routes to the same destination, the route with the highest • preference is optimal. Cost—If multiple routes to a destination have the same preference, the one with the smallest cost is • the optimal route. NextHop—Next hop.

  • Page 15: Load Sharing

    Route type Preference Multicast static route OSPF IS-IS Unicast static route OSPF ASE OSPF NSSA IBGP EBGP Unknown (route from an untrusted source) Load sharing A routing protocol might find multiple optimal equal-cost routes to the same destination. You can use these routes to implement equal-cost multi-path (ECMP) load sharing.

  • Page 16: Route Redistribution

    Route redistribution Route redistribution enables routing protocols to learn routing information from each other. A dynamic routing protocol can redistribute routes from other routing protocols, including direct and static routing. For more information, see the respective chapters on those routing protocols in this configuration guide. The RIB records redistribution relationships of routing protocols.

  • Page 17: Configuring The Maximum Lifetime For Routes In The Fib

    Configuring the maximum lifetime for routes in the When GR is disabled, FIB entries must be retained for some time after a protocol process switchover or RIB process switchover. When GR is enabled, FIB entries must be removed immediately after a protocol or RIB process switchover to avoid routing issues.
  • Page 18 Task Command Display information about routes display ip routing-table [ vpn-instance vpn-instance-name ] prefix-list permitted by an IP prefix list. prefix-list-name [ verbose ] Display information about routes display ip routing-table [ vpn-instance vpn-instance-name ] protocol installed by a protocol. protocol [ inactive | verbose ] Display IPv4 route statistics.

  • Page 19: Configuring Static Routing

    Configuring static routing Static routes are manually configured. If a network's topology is simple, you only need to configure static routes for the network to work correctly. Static routes cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually.

  • Page 20: Configuring Bfd For Static Routes

    Step Command Remarks (Optional.) Delete all To delete one static route, static routes, delete [ vpn-instance vpn-instance-name ] use the undo ip route-static including the default static-routes all command. route. Configuring BFD for static routes IMPORTANT: Enabling BFD for a flapping route could worsen the situation. BFD provides a general-purpose, standard, medium-, and protocol-independent fast failure detection mechanism.

  • Page 21: Single-Hop Echo Mode

    Step Command Remarks • Method 1: ip route-static dest-address { mask-length | mask } { next-hop-address bfd control-packet bfd-source ip-address | vpn-instance d-vpn-instance-name next-hop-address bfd control-packet bfd-source ip-address } [ preference preference-value ] [ tag Use either method. Configure BFD tag-value ] [ description description-text ] By default, BFD control control mode for a...

  • Page 22: Configuring Static Route Frr

    Configuring static route FRR A link or router failure on a path can cause packet loss and even routing loop. Static route fast reroute (FRR) enables fast rerouting to minimize the impact of link or node failures. Figure 1 Network diagram As shown in Figure 1, upon a link failure, packets are directed to the backup next hop to avoid traffic...

  • Page 23: Displaying And Maintaining Static Routes

    Step Command Remarks • Method 1: ip route-static dest-address { mask-length | mask } interface-type interface-number [ next-hop-address [ backup-interface interface-type interface-number [ backup-nexthop backup-nexthop-address ] ] ] [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ] Use either method.

  • Page 24: Static Route Configuration Examples

    Task Command Display static route information. display ip routing-table protocol static [ inactive | verbose ] Display static route next hop display route-static nib [ nib-id ] [ verbose ] information. Display static routing table display route-static routing-table [ vpn-instance vpn-instance-name ] information.

  • Page 25: Verifying The Configuration

    Verifying the configuration # Display the static route information on Router A. [RouterA] display ip routing-table protocol static Summary Count : 1 Static Routing table Status : <Active> Summary Count : 1 Destination/Mask Proto Cost NextHop Interface 0.0.0.0/0 Static 60 1.1.4.2 GE2/0 Static Routing table Status : <Inactive>...

  • Page 26: Bfd For Static Routes Configuration Example (Direct Next Hop)

    <1 ms <1 ms <1 ms 1.1.6.1 <1 ms <1 ms <1 ms 1.1.4.1 1 ms <1 ms <1 ms 1.1.2.2 Trace complete. BFD for static routes configuration example (direct next hop) Network requirements As shown in Figure Configure a static route to subnet 120.1.1.0/24 on Router A. •...
  • Page 27 <RouterA> system-view [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] bfd min-transmit-interval 500 [RouterA-GigabitEthernet1/0] bfd min-receive-interval 500 [RouterA-GigabitEthernet1/0] bfd detect-multiplier 9 [RouterA-GigabitEthernet1/0] quit [RouterA] ip route-static 120.1.1.0 24 gigabitethernet 1/0 12.1.1.2 bfd control-packet [RouterA] ip route-static 120.1.1.0 24 gigabitethernet 2/0 10.1.1.100 preference 65 [RouterA] quit # Configure static routes on Router B and enable BFD control mode for the static route that traverses the Layer 2 switch.

  • Page 28: Bfd For Static Routes Configuration Example (Indirect Next Hop)

    120.1.1.0/24 Static 60 12.1.1.2 GE1/0 Static Routing table Status : <Inactive> Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 1/0. Then the link over GigabitEthernet 1/0 fails. # Display static routes on Router A. <RouterA>...
  • Page 29 Figure 4 Network diagram Table 5 Interface and IP address assignment Device Interface IP address Router A GigabitEthernet 1/0 12.1.1.1/24 Router A GigabitEthernet 2/0 10.1.1.102/24 Router A Loopback 1 1.1.1.9/32 Router B GigabitEthernet 1/0 11.1.1.2/24 Router B GigabitEthernet 2/0 13.1.1.2/24 Router B Loopback 1 2.2.2.9/32...
  • Page 30 [RouterB] ip route-static 121.1.1.0 24 1.1.1.9 bfd control-packet bfd-source 2.2.2.9 [RouterB] ip route-static 121.1.1.0 24 gigabitethernet 2/0 13.1.1.2 preference 65 [RouterB] quit # Configure static routes on Router C. <RouterC> system-view [RouterC] ip route-static 120.1.1.0 24 13.1.1.1 [RouterC] ip route-static 121.1.1.0 24 10.1.1.102 # Configure static routes on Router D.

  • Page 31: Static Route Frr Configuration Example

    120.1.1.0/24 Static 65 10.1.1.100 GE2/0 Static Routing table Status : <Inactive> Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 2/0. Static route FRR configuration example Network requirements As shown in Figure 5, configure static routes on Router S, Router A, and Router D, and configure static route FRR.
  • Page 32 [RouterD] ip route-static fast-reroute auto Configure static routes on Router A. <RouterA> system-view [RouterA] ip route-static 4.4.4.4 32 gigabitethernet 2/0 24.24.24.4 [RouterA] ip route-static 1.1.1.1 32 gigabitethernet 1/0 12.12.12.1 Verifying the configuration # Display route 4.4.4.4/32 on Router S to view the backup next hop information. [RouterS] display ip routing-table 4.4.4.4 verbose Summary Count : 1 Destination: 4.4.4.4/32...

  • Page 33: Configuring A Default Route

    Configuring a default route A default route is used to forward packets that do not match any specific routing entry in the routing table. Without a default route, packets that do not match any routing entries are discarded and an ICMP destination-unreachable packet is sent to the source.

  • Page 34: Configuring Rip

    Configuring RIP Routing Information Protocol (RIP) is a distance-vector IGP suited to small-sized networks. It employs UDP to exchange route information through port 520. Overview RIP uses a hop count to measure the distance to a destination. The hop count from a router to a directly connected network is 0.

  • Page 35: Rip Versions

    RIP uses the received responses to update the local routing table and sends triggered update messages to its neighbors. All RIP routers on the network do this to learn latest routing information. RIP periodically sends the local routing table to its neighbors. After a RIP neighbor receives the message, it updates its routing table, selects optimal routes, and sends an update to other neighbors.

  • Page 36: Rip Configuration Task List

    RIP configuration task list Tasks at a glance Configuring basic RIP: • (Required.) Enabling RIP • (Optional.) Controlling RIP reception and advertisement on interfaces • (Optional.) Configuring a RIP version (Optional.) Configuring RIP route control: • Configuring an additional routing metric •...

  • Page 37: Controlling Rip Reception And Advertisement On Interfaces

    Enabling RIP on a network You can enable RIP on a network and specify a wildcard mask for the network. After that, only the interface attached to the network runs RIP. To enable RIP on a network: Step Command Remarks Enter system view.

  • Page 38: Configuring A Rip Version

    Step Command Remarks Enable an interface to receive By default, a RIP-enabled interface rip input RIP messages. can receive RIP messages. Enable an interface to send By default, a RIP-enabled interface rip output RIP messages. can send RIP messages. Configuring a RIP version You can configure a global RIP version in RIP view or an interface-specific RIP version in interface view.

  • Page 39: Configuring An Additional Routing Metric

    Configuring an additional routing metric An additional routing metric (hop count) can be added to the metric of an inbound or outbound RIP route. An outbound additional metric is added to the metric of a sent route, and it does not change the route's metric in the routing table.

  • Page 40: Disabling Host Route Reception

    For example, suppose contiguous subnets routes 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 exist in the routing table. You can create a summary route 10.1.0.0/16 on GigabitEthernet 1/0 to advertise the summary route instead of the more specific routes. To configure a summary route: Step Command Remarks...

  • Page 41: Configuring Received/Redistributed Route Filtering

    Step Command Remarks Enable RIP to advertise a default-route { only | originate } By default, RIP does not advertise a default route. [ cost cost ] default route. Return to system view. quit interface interface-type Enter interface view. interface-number By default, a RIP interface can rip default-route { { only | Configure the RIP interface to...

  • Page 42: Configuring Rip Route Redistribution

    To configure a preference for RIP: Step Command Remarks Enter system view. system-view rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] Configure a preference for preference [ route-policy The default setting is 100. RIP. route-policy-name ] value Configuring RIP route redistribution Perform this task to configure RIP to redistribute routes from other routing protocols, including OSPF, IS-IS, BGP, static, and direct.

  • Page 43: Configuring Split Horizon And Poison Reverse

    Suppress timer—Specifies how long a RIP route stays in suppressed state. When the metric of a • route is 16, the route enters the suppressed state. A suppressed route can be replaced by an updated route that is received from the same neighbor before the suppress timer expires and has a metric less than 16.

  • Page 44: Configuring The Maximum Number Of Ecmp Routes

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, poison reverse is Enable poison reverse. rip poison-reverse disabled. Configuring the maximum number of ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command...

  • Page 45: Configuring Ripv2 Message Authentication

    Upon receiving a message on a serial interface, RIP checks whether the source address of the message is the IP address of the peer interface. If not, RIP discards the message. To enable source IP address check on incoming RIP updates: Step Command Remarks...

  • Page 46: Configuring Rip Network Management

    Step Command Remarks rip [ process-id ] [ vpn-instance Enter RIP view. vpn-instance-name ] By default, RIP does not Specify a RIP neighbor. peer ip-address unicast updates to any peer. Disable source IP By default, source IP address check on undo validate-source-address address check on inbound inbound RIP updates...

  • Page 47: Configuring Bfd For Rip

    The packet length of RIP packets determines how many routes can be carried in a RIP packet. Set the maximum length of RIP packets to make good use of link bandwidth. When authentication is enabled, follow these guidelines to ensure packet forwarding: For simple authentication, the maximum length of RIP packets must be no less than 52 bytes.

  • Page 48: Configuring Single-Hop Echo Detection (For A Specific Destination)

    Step Command Remarks Enable BFD for RIP. rip bfd enable By default, BFD for RIP is disabled. Configuring single-hop echo detection (for a specific destination) When a unidirectional link occurs between the local device and a specific neighbor, BFD can detect the failure and the local device does not receive or send any RIP packets through the interface connected to the neighbor to improve convergence speed.

  • Page 49: Configuring Rip Frr

    Configuring RIP FRR A link or router failure on a path can cause packet loss and even routing loop until RIP completes routing convergence based on the new network topology. FRR enables fast rerouting to minimize the impact of link or node failures. Figure 6 Network diagram for RIP FRR Figure 6, configure FRR on Router B by using a routing policy to specify a backup next hop.

  • Page 50: Displaying And Maintaining Rip

    Enabling BFD for RIP FRR By default, RIP FRR does not use BFD to detect primary link failures. To speed up RIP convergence, enable BFD single-hop echo detection for RIP FRR to detect primary link failures. To configure BFD for RIP FRR: Step Command Remarks...
  • Page 51 Figure 7 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP by using either of the following methods: (Method 1) # Enable RIP on the specified networks on Router A. <RouterA> system-view [RouterA] rip [RouterA-rip-1] network 1.0.0.0 [RouterA-rip-1] network 2.0.0.0 [RouterA-rip-1] network 3.0.0.0...
  • Page 52 # Configure RIPv2 on Router A. [RouterA] rip [RouterA-rip-1] version 2 [RouterA-rip-1] undo summary [RouterA-rip-1] quit # Configure RIPv2 on Router B. [RouterB] rip [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] quit # Display the RIP routing table on Router A. [RouterA] display rip 1 route Route Flags: R - RIP A - Aging, S - Suppressed, G - Garbage-collect, D –...

  • Page 53: Configuring Rip Route Redistribution

    # Use IP prefix lists on Router B to filter received and redistributed routes. [RouterB] ip prefix-list aaa index 10 permit 2.1.1.0 24 [RouterB] ip prefix-list bbb index 10 permit 10.1.1.0 24 [RouterB] rip 1 [RouterB-rip-1] filter-policy prefix-list aaa import [RouterB-rip-1] filter-policy prefix-list bbb export [RouterB-rip-1] quit # Display the RIP routing table on Router A.
  • Page 54 Figure 8 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP: # Enable RIP 100, and configure RIPv2 on Router A. <RouterA> system-view [RouterA] rip 100 [RouterA-rip-100] network 10.0.0.0 [RouterA-rip-100] network 11.0.0.0 [RouterA-rip-100] version 2 [RouterA-rip-100] undo summary [RouterA-rip-100] quit # Enable RIP 100 and RIP 200, and configure RIPv2 on Router B.

  • Page 55: Configuring An Additional Metric For A Rip Interface

    12.3.1.0/24 Direct 0 12.3.1.2 GE1/0 12.3.1.0/32 Direct 0 12.3.1.2 GE1/0 12.3.1.2/32 Direct 0 127.0.0.1 InLoop0 12.3.1.255/32 Direct 0 12.3.1.2 GE1/0 16.4.1.0/24 Direct 0 16.4.1.1 GE2/0 16.4.1.0/32 Direct 0 16.4.1.1 GE2/0 16.4.1.1/32 Direct 0 127.0.0.1 InLoop0 16.4.1.255/32 Direct 0 16.4.1.1 GE2/0 127.0.0.0/8 Direct 0 127.0.0.1...
  • Page 56 Router A has two links to Router D. The link from Router B to Router D is more stable than that from Router C to Router D. Configure an additional metric for RIP routes received from GigabitEthernet 2/0 on Router A so Router A prefers route 1.1.5.0/24 learned from Router B.

  • Page 57: Configuring Rip To Advertise A Summary Route

    [RouterE-rip-1] version 2 [RouterE-rip-1] undo summary # Display all active routes in the RIP database on Router A. [RouterA] display rip 1 database 1.0.0.0/8, auto-summary 1.1.1.0/24, cost 0, nexthop 1.1.1.1, RIP-interface 1.1.2.0/24, cost 0, nexthop 1.1.2.1, RIP-interface 1.1.3.0/24, cost 1, nexthop 1.1.1.2 1.1.4.0/24, cost 1, nexthop 1.1.2.2 1.1.5.0/24, cost 2, nexthop 1.1.1.2 1.1.5.0/24, cost 2, nexthop 1.1.2.2...
  • Page 58 Figure 10 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic OSPF: # Configure Router A. <RouterA> system-view [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.5.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit # Configure Router B. <RouterB>...
  • Page 59 [RouterD] rip 1 [RouterD-rip-1] network 11.0.0.0 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary [RouterD-rip-1] quit # Configure RIP to redistribute routes from OSPF process 1 and direct routes on Router C. [RouterC-rip-1] import-route direct [RouterC-rip-1] import-route ospf 1 [RouterC-rip-1] quit # Display the IP routing table on Router D. [RouterD] display ip routing-table Destinations : 15 Routes : 15...

  • Page 60: Configuring Bfd For Rip (Single-Hop Echo Detection For A Directly Connected Neighbor)

    11.4.1.2/32 Direct 0 127.0.0.1 InLoop0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 127.255.255.255/32 Direct 0 127.0.0.1 InLoop0 Configuring BFD for RIP (single-hop echo detection for a directly connected neighbor) Network requirements As shown in Figure 1 1, GigabitEthernet 1/0 of Router A and Router C runs RIP process 1.
  • Page 61 [RouterA-rip-2] network 192.168.2.0 [RouterA-rip-2] quit # Configure Router B. <RouterB> system-view [RouterB] rip 1 [RouterB-rip-1] version 2 [RouterB-rip-1] undo summary [RouterB-rip-1] network 192.168.2.0 [RouterB-rip-1] network 192.168.3.0 [RouterB-rip-1] quit # Configure Router C. <RouterC> system-view [RouterC] rip 1 [RouterC-rip-1] version 2 [RouterC-rip-1] undo summary [RouterC-rip-1] network 192.168.1.0 [RouterC-rip-1] network 192.168.3.0...

  • Page 62: Configure Bfd For Rip (Single-Hop Echo Detection For A Specific Destination)

    SubProtID: 0x1 Age: 04h20m37s Cost: 1 Preference: 100 Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: default-vrf TableID: 0x2 OrigAs: 0 NBRID: 0x26000002 LastAs: 0 AttrID: 0xffffffff Neighbor: 192.168.1.2 Flags: 0x1008c OrigNextHop: 192.168.1.2 Label: NULL RealNextHop: 192.168.1.2 BkLabel: NULL BkNextHop: N/A Tunnel ID: Invalid Interface: GigabitEthernet1/0 BkTunnel ID: Invalid...
  • Page 63 Enable BFD for RIP on GigabitEthernet 2/0 of Router A, and specify GigabitEthernet 1/0 of Router B as the destination. When a unidirectional link occurs (packets from Router A can reach Router B, but packets from Router B cannot reach Router A), BFD can quickly detect the link failure and notify RIP. RIP then deletes the neighbor relationship and the route information learned on GigabitEthernet 2/0, and does not receive or send any packets on GigabitEthernet 2/0.

  • Page 64: Configure Static Routes

    [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] bfd min-echo-receive-interval 500 [RouterA-GigabitEthernet2/0] quit Configure static routes: # Configure a static route on Router A. [RouterA] ip route-static 100.1.1.0 24 null 0 # Configure a static route on Router C. [RouterC] ip route-static 100.1.1.0 24 null 0 Verifying the configuration # Display the BFD session information on Router A.

  • Page 65: Configuring Bfd For Rip (Bidirectional Control Detection)

    Tag: 0 State: Active Adv OrigTblID: 0x0 OrigVrf: default-vrf TableID: 0x2 OrigAs: 0 NBRID: 0x12000003 LastAs: 0 AttrID: 0xffffffff Neighbor: 192.168.3.2 Flags: 0x1008c OrigNextHop: 192.168.3.2 Label: NULL RealNextHop: 192.168.3.2 BkLabel: NULL BkNextHop: N/A Tunnel ID: Invalid Interface: GigabitEthernet2/0 BkTunnel ID: Invalid BkInterface: N/A Configuring BFD for RIP (bidirectional control detection) Network requirements...
  • Page 66 Device Interface IP address Router B GigabitEthernet 2/0 192.168.1.2/24 Router C GigabitEthernet 1/0 192.168.2.2/24 Router C GigabitEthernet 2/0 192.168.4.2/24 Router D GigabitEthernet 1/0 192.168.3.2/24 Router D GigabitEthernet 2/0 192.168.4.1/24 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic RIP and enable static route redistribution into RIP so Router A and Router C have routes to send to each other: # Configure Router A.
  • Page 67 # Configure Router D. <RouterD> system-view [RouterD] rip 1 [RouterD-rip-1] version 2 [RouterD-rip-1] undo summary [RouterD-rip-1] network 192.168.3.0 [RouterD-rip-1] network 192.168.4.0 [RouterD-rip-1] quit Configure BFD parameters for the interfaces: # Configure Router A. [RouterA] bfd session init-mode active [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ip address 192.168.3.1 24 [RouterA-GigabitEthernet1/0] quit [RouterA] interface gigabitethernet 2/0...
  • Page 68 [RouterA] ip route-static 192.168.2.0 24 gigabitethernet2/0 192.168.1.2 [RouterA] quit # Configure a static route to Router A on Router C. [RouterC] ip route-static 192.168.1.0 24 gigabitethernet1/0 192.168.2.1 Verifying the configuration # Display the BFD session information on Router A. <RouterA> display bfd session Total Session Num: 1 Up Session Num: 1 Init Mode: Active...

  • Page 69: Configuring Rip Frr

    AttrID: 0xffffffff Neighbor: 192.168.3.2 Flags: 0x1008c OrigNextHop: 192.168.3.2 Label: NULL RealNextHop: 192.168.3.2 BkLabel: NULL BkNextHop: N/A Tunnel ID: Invalid Interface: GigabitEthernet2/0 BkTunnel ID: Invalid BkInterface: N/A Configuring RIP FRR Network requirements As shown in Figure 14, Router S, Router A, and Router D run RIPv2. Configure RIP FRR so that when Link A becomes unidirectional, traffic can be switched to Link B immediately.
  • Page 70 [RouterD] rip 1 [RouterD-rip-1] fast-reroute route-policy frr [RouterD-rip-1] quit Verifying the configuration # Display route 4.4.4.4/32 on Router S to view the backup next hop information. [RouterS] display ip routing-table 4.4.4.4 verbose Destination: 4.4.4.4/32 Protocol: RIP Process ID: 1 SubProtID: 0x1 Age: 04h20m37s Cost: 1 Preference: 100...

  • Page 71: Configuring Ospf

    Configuring OSPF Open Shortest Path First (OSPF) is a link-state IGP developed by the OSPF working group of the IETF. OSPF version 2 is used for IPv4. OSPF refers to OSPFv2 throughout this chapter. Overview OSPF has the following features: Wide scope—Supports various network sizes and up to several hundred routers in an OSPF routing •...

  • Page 72: Lsa Types

    LSA types OSPF advertises routing information in Link State Advertisements (LSAs). The following LSAs are commonly used: • Router LSA—Type- 1 LSA, originated by all routers and flooded throughout a single area only. This LSA describes the collected states of the router's interfaces to an area. Network LSA—Type-2 LSA, originated for broadcast and NBMA networks by the designated router, •...
  • Page 73 Figure 15 Area-based OSPF network partition Area 4 Area 1 Area 0 Area 2 Area 3 Backbone area and virtual links Each AS has a backbone area that distributes routing information between non-backbone areas. Routing information between non-backbone areas must be forwarded by the backbone area. OSPF has the following requirements: •...

  • Page 74: Router Types

    Figure 17 Virtual link application 2 Area 1 Virtual link Area 0 The virtual link between the two ABRs acts as a point-to-point connection. You can configure interface parameters, such as hello interval, on the virtual link as they are configured on a physical interface. The two ABRs on the virtual link unicast OSPF packets to each other, and the OSPF routers in between convey these OSPF packets as normal IP packets.

  • Page 75: Route Types

    Internal router—All interfaces on an internal router belong to one OSPF area. • • ABR—Belongs to more than two areas, one of which must be the backbone area. ABR connects the backbone area to a non-backbone area. An ABR and the backbone area can be connected through a physical or logical link.

  • Page 76: Route Calculation

    Type-2 routes to the same destination have the same cost, OSPF takes the cost from the router to the ASBR into consideration to determine the best route. Route calculation OSPF computes routes in an area as follows: Each router generates LSAs based on the network topology around itself, and sends them to other •...

  • Page 77: Protocols And Standards

    DR—Elected to advertise routing information among other routers. If the DR fails, routers on the • network must elect another DR and synchronize information with the new DR. Using this mechanism alone is time-consuming and prone to route calculation errors. •...

  • Page 78: Ospf Configuration Task List

    RFC 2328, OSPF Version 2 • • RFC 3101, OSPF Not-So-Stubby Area (NSSA) Option RFC 3137, OSPF Stub Router Advertisement • RFC 481 1, OSPF Out-of-Band LSDB Resynchronization • • RFC 4812, OSPF Restart Signaling RFC 4813, OSPF Link-Local Signaling •...

  • Page 79: Enabling Ospf

    Tasks at a glance (Optional.) Tuning and optimizing OSPF networks: • Configuring OSPF timers • Specifying LSA transmission delay • Specifying SPF calculation interval • Specifying the LSA arrival interval • Specifying the LSA generation interval • Disabling interfaces from receiving and sending OSPF packets •...

  • Page 80: Enabling Ospf On A Network

    • different router IDs. A common practice is to specify the IP address of an interface as the router ID. If you specify no router ID when you create the OSPF process, the global router ID is used. HP •...

  • Page 81: Configuring Ospf Areas

    Step Command Remarks interface interface-type Enter interface view. interface-number By default, OSPF is disabled on an interface. If the specified OSPF process and area do Enable an OSPF process on ospf process-id area area-id not exist, the command creates the OSPF the interface.

  • Page 82: Configuring An Nssa Area

    Configuring an NSSA area A stub area cannot import external routes, but an NSSA area can import external routes into the OSPF routing domain while retaining other stub area characteristics. Do not configure the backbone area as an NSSA area or totally NSSA area. To configure an NSSA area, configure the nssa command on all the routers attached to the area.

  • Page 83: Configuring Ospf Network Types

    Step Command Remarks vlink-peer router-id [ dead seconds By default, no virtual link is | hello seconds | { { hmac-md5 | configured. md5 } key-id { cipher cipher-string Configure this command on both Configure a virtual link. | plain plain-string } | simple ends of a virtual link, and the hello { cipher cipher-string | plain and dead intervals must be identical...

  • Page 84: Configuring The Nbma Network Type For An Interface

    Step Command Remarks Configure the OSPF network By default, the network type of an type for the interface as ospf network-type broadcast interface depends on the link layer broadcast. protocol. (Optional.) Configure a router ospf dr-priority priority The default router priority is 1. priority for the interface.

  • Page 85: Configuring The P2Mp Network Type For An Interface

    Configuring the P2MP network type for an interface Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, the network type of an interface depends on the link layer protocol. After you configure the OSPF Configure the OSPF network network type for an interface as type for the interface as...

  • Page 86: Configuring Ospf Route Summarization

    Enable OSPF. • • Configure filters if routing information filtering is needed. Configuring OSPF route summarization Configure route summarization on an ABR or ASBR to summarize contiguous networks into a single network and distribute it to other areas. Route summarization reduces the routing information exchanged between areas and the size of routing tables, and improves routing performance.

  • Page 87: Configuring Received Ospf Route Filtering

    Configuring received OSPF route filtering Perform this task to filter routes calculated using received LSAs. The following filtering methods are available: Use an ACL or IP prefix list to filter routing information by destination address. • • Use the gateway keyword to filter routing information by next hop. Use an ACL or IP prefix list to filter routing information by destination address.

  • Page 88: Configuring The Maximum Number Of Ecmp Routes

    used. If the calculated cost is less than 1, the value of 1 is used. If no cost or bandwidth reference value is configured for an interface, OSPF computes the interface cost based on the interface bandwidth and default bandwidth reference value. To configure an OSPF cost for an interface: Step Command...

  • Page 89: Configuring Ospf Route Redistribution

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id Enter OSPF view. | vpn-instance vpn-instance-name ] * By default, the preference of OSPF Configure a preference [ ase ] [ route-policy internal routes is 10 and the preference preference for OSPF.

  • Page 90: Advertising A Host Route

    Step Command Remarks ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * By default, no default route is redistributed. default-route-advertise [ [ [ always | Redistribute a default permit-calculate-other ] | cost cost | This command is applicable route.

  • Page 91: Configuration Prerequisites

    Change the SPF calculation interval to reduce resource consumption caused by frequent network • changes. Configure OSPF authentication to improve security. • Configuration prerequisites Before you configure OSPF network optimization, complete the following tasks: Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes. •...

  • Page 92: Specifying Lsa Transmission Delay

    Step Command Remarks The default setting is 5 seconds. A retransmission interval setting that is too small Specify the can cause unnecessary LSA retransmissions. retransmission ospf timer retransmit interval This interval is typically set bigger than the interval. round-trip time of a packet between two neighbors.

  • Page 93: Specifying The Lsa Arrival Interval

    Specifying the LSA arrival interval If OSPF receives an LSA that has the same LSA type, LS ID, and router ID as the previously received LSA within the LSA arrival interval, OSPF discards the LSA to save bandwidth and route resources. To configure the LSA arrival interval: Step Command...

  • Page 94: Configuring Stub Routers

    To disable interfaces from receiving and sending routing information: Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id Enter OSPF view. | vpn-instance vpn-instance-name ] * By default, an OSPF interface can receive and send OSPF packets. The silent-interface command disables only the interfaces Disable interfaces from...

  • Page 95: Adding The Interface Mtu Into Dd Packets

    Configuring OSPF area authentication You must configure the same authentication mode and password on all the routers in an area. To configure OSPF area authentication: Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Enter area view.

  • Page 96: Configuring A Dscp Value For Ospf Packets

    Step Command Remarks Enable the interface to add its By default, the interface adds an ospf mtu-enable MTU into DD packets. MTU value of 0 into DD packets. Configuring a DSCP value for OSPF packets Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view.

  • Page 97: Enabling Compatibility With Rfc 1583

    Selects the route with the lower cost if two routes have equal preference. Selects the route with the larger originating area ID if two routes have equal cost. To avoid routing loops, HP recommends setting identical RFC 1583-compatibility on all routers in a routing domain.

  • Page 98: Configuring The Lsu Transmit Rate

    Enable SNMP notifications for OSPF to report important events. • • Configure the SNMP notification output interval and the maximum number of SNMP notifications that can be output at each interval. SNMP notifications are sent to the SNMP module, which outputs SNMP notifications according to the configured output rules.

  • Page 99: Enabling Ospf Ispf

    If no neighbors exist, the DR does not advertise the primary IP addresses of interfaces in Router LSAs. IMPORTANT: If you want to use prefix suppression, HP recommends that you configure prefix suppression on all OSPF routers. Configuring prefix suppression for an OSPF process Enabling prefix suppression for an OSPF process does not suppress the prefixes of secondary IP addresses, loopback interfaces, and passive interfaces.

  • Page 100: Configuring Prefix Suppression On An Interface

    Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Enable prefix By default, prefix suppression suppression for the prefix-suppression is disabled for an OSPF OSPF process. process. Configuring prefix suppression on an interface Interface prefix suppression does not suppress prefixes of secondary IP addresses.

  • Page 101: Configuring The Number Of Ospf Logs

    Enabling OSPF PIC Step Command Remarks Enter system view. system-view ospf [ process-id | router-id router-id | Enter OSPF view. vpn-instance vpn-instance-name ] * Enable PIC for By default, OSPF PIC is pic [ additional-path-always ] OSPF. enabled. Configuring BFD for OSPF PIC By default, OSPF PIC does not use BFD to detect primary link failures.

  • Page 102: Configuring The Ospf Gr Restarter

    LSDB. A device can act as a GR restarter and GR helper at the same time. An active/standby switchover cannot trigger GR on the VSR1000 router. Configuring the OSPF GR restarter You can configure the IETF or non IETF OSPF GR restarter.

  • Page 103: Configuring Ospf Gr Helper

    Configuring OSPF GR helper You can configure the IETF or non IETF OSPF GR helper. Configuring the IETF OSPF GR helper Step Command Remarks Enter system view. system-view ospf [ process-id | router-id Enable OSPF and enter its router-id | vpn-instance view.

  • Page 104: Configuring Bfd For Ospf

    Configuring BFD for OSPF BFD provides a single mechanism to quickly detect and monitor the connectivity of links between OSPF neighbors, which improves the network convergence speed. For more information about BFD, see High Availability Configuration Guide. OSPF supports the following BFD detection modes: Bidirectional control detection—Requires BFD configuration to be made on both OSPF routers on •...

  • Page 105: Configuration Prerequisites

    Figure 21 Network diagram for OSPF FRR Figure 21, configure FRR on Router B by using a routing policy to specify a backup next hop. When the primary link fails, OSPF directs packets to the backup next hop. At the same time, OSPF calculates the shortest path based on the new network topology, and forwards packets over the path after network convergence.

  • Page 106: Displaying And Maintaining Ospf

    Step Command Remarks By default, OSPF FRR is not configured. Enable OSPF FRR to calculate a backup next hop by using fast-reroute lfa [ abr-only ] If abr-only is specified, the route to the the LFA algorithm. ABR is selected as the backup path. Configuring OSPF FRR to specify a backup next hop using a routing policy Before you configure this task, use the apply fast-reroute backup-interface command to specify a backup next hop in the routing policy to be referenced.
  • Page 107 Task Command display ospf [ process-id ] lsdb [ area area-id | brief | [ { ase | router | network | summary | asbr | nssa | opaque-link | opaque-area | Display OSPF LSDB information. opaque-as } [ link-state-id ] ] [ originate-router advertising-router-id | self-originate ] ] Display OSPF next hop display ospf [ process-id ] nexthop...

  • Page 108: Ospf Configuration Examples

    OSPF configuration examples Basic OSPF configuration example Network requirements • Enable OSPF on all routers, and split the AS into three areas. Configure Router A and Router B as ABRs. • Figure 22 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable OSPF: # Configure Router A.
  • Page 109 # Configure Router C. <RouterC> system-view [RouterC] router id 10.4.1.1 [RouterC] ospf [RouterC-ospf-1] area 1 [RouterC-ospf-1-area-0.0.0.1] network 10.2.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255 [RouterC-ospf-1-area-0.0.0.1] quit [RouterC-ospf-1] quit # Configure Router D. <RouterD> system-view [RouterD] router id 10.5.1.1 [RouterD] ospf [RouterD-ospf-1] area 2 [RouterD-ospf-1-area-0.0.0.2] network 10.3.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] network 10.5.1.0 0.0.0.255 [RouterD-ospf-1-area-0.0.0.2] quit...

  • Page 110: Ospf Route Redistribution Configuration Example

    OSPF Process 1 with Router ID 10.2.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 10.2.1.1 0.0.0.1 10.3.1.0/24 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.4.1.0/24 Stub 10.2.1.2 10.4.1.1 0.0.0.1 10.5.1.0/24 Inter 10.1.1.2 10.3.1.1 0.0.0.0 10.1.1.0/24 Transit 10.1.1.1 10.2.1.1 0.0.0.0 Total Nets: 5...
  • Page 111 Configure Router A and Router B as ABRs. • • Configure Router C as an ASBR to redistribute external routes (static routes). Figure 23 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable OSPF (see "Basic OSPF configuration example").

  • Page 112: Ospf Summary Route Advertisement Configuration Example

    10.3.1.0/24 Transit 10.3.1.2 10.3.1.1 0.0.0.2 10.4.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 10.5.1.0/24 Stub 10.5.1.1 10.5.1.1 0.0.0.2 10.1.1.0/24 Inter 10.3.1.1 10.3.1.1 0.0.0.2 Routing for ASEs Destination Cost Type NextHop AdvRouter 3.1.2.0/24 Type2 10.3.1.1 10.4.1.1 Total Nets: 6 Intra Area: 2 Inter Area: 3 ASE: 1 NSSA: 0 OSPF summary route advertisement configuration example...
  • Page 113 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B. <RouterB> system-view [RouterB] router id 11.2.1.1 [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 11.2.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C. <RouterC> system-view [RouterC] router id 11.1.1.2 [RouterC] ospf [RouterC-ospf-1] area 0...
  • Page 114 [RouterB-bgp] quit # Configure Router C. [RouterC] bgp 100 [RouterC-bgp] peer 11.1.1.1 as-number 200 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 11.1.1.1 enable [RouterC-bgp-ipv4] import-route ospf [RouterC-bgp-ipv4] import-route direct [RouterB-bgp-ipv4] quit [RouterC-bgp] quit Configure Router B and Router C to redistribute BGP routes into OSPF: # Configure OSPF to redistribute routes from BGP on Router B.

  • Page 115: Ospf Stub Area Configuration Example

    Destination/Mask Proto Cost NextHop Interface 0.0.0.0/32 Direct 0 127.0.0.1 InLoop0 10.0.0.0/8 O_ASE2 150 11.2.1.1 GE1/0 11.2.1.0/24 Direct 0 11.2.1.2 GE1/0 11.2.1.0/32 Direct 0 11.2.1.2 GE1/0 11.2.1.2/32 Direct 0 127.0.0.1 InLoop0 11.2.1.255/32 Direct 0 11.2.1.2 GE1/0 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.0/32 Direct 0 127.0.0.1...
  • Page 116 [RouterD-ospf-1] quit # Display ABR/ASBR information on Router C. <RouterC> display ospf abr-asbr OSPF Process 1 with Router ID 10.4.1.1 Routing Table to ABR and ASBR Type Destination Area Cost Nexthop RtType Intra 10.2.1.1 0.0.0.1 10.2.1.1 Inter 10.5.1.1 0.0.0.1 10.2.1.1 ASBR # Display OSPF routing information on Router C.

  • Page 117: Ospf Nssa Area Configuration Example

    [RouterC] display ospf routing OSPF Process 1 with Router ID 10.4.1.1 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 0.0.0.0/0 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.2.1.0/24 Transit 10.2.1.2 10.2.1.1 0.0.0.1 10.3.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 10.5.1.0/24...
  • Page 118 Configure Area 1 as an NSSA area and configure Router C as an ASBR to redistribute static routes • into the AS. Figure 26 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable OSPF (see "Basic OSPF configuration example").

  • Page 119: Ospf Dr Election Configuration Example

    Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.2 10.4.1.1 0.0.0.1 10.3.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.4.1.0/24 Stub 10.4.1.1 10.4.1.1 0.0.0.1 10.5.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 10.1.1.0/24 Inter 10.2.1.1 10.2.1.1 0.0.0.1 Total Nets: 5 Intra Area: 2 Inter Area: 3 ASE: 0 NSSA: 0 Configure route redistribution:...
  • Page 120 Figure 27 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable OSPF: # Configure Router A. <RouterA> system-view [RouterA] router id 1.1.1.1 [RouterA] ospf [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit # Configure Router B. <RouterB>...
  • Page 121 [RouterD-ospf-1] return # Display neighbor information of Router A. [RouterA] display ospf peer verbose OSPF Process 1 with Router ID 1.1.1.1 Neighbors Area 0.0.0.0 interface 192.168.1.1(GigabitEthernet1/0)'s neighbors Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 1 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0...
  • Page 122 <RouterD> display ospf peer verbose OSPF Process 1 with Router ID 4.4.4.4 Neighbors Area 0.0.0.0 interface 192.168.1.4(GigabitEthernet1/0)'s neighbors Router ID: 1.1.1.1 Address: 192.168.1.1 GR State: Normal State: Full Mode:Nbr is Slave Priority: 100 DR: 192.168.1.4 BDR: 192.168.1.3 MTU: 0 Options is 0x02 (-|-|-|-|-|-|E|-) Dead timer due in 31 Neighbor is up for 00:11:17 Authentication Sequence: [ 0 ]...

  • Page 123: Ospf Virtual Link Configuration Example

    Authentication Sequence: [ 0 ] Router ID: 2.2.2.2 Address: 192.168.1.2 GR State: Normal State: 2-Way Mode: None Priority: 0 DR: 192.168.1.1 BDR: 192.168.1.3 MTU: 0 Options is 0x02 (-|-|-|-|-|-|E|-) Dead timer due in 35 Neighbor is up for 00:01:44 Authentication Sequence: [ 0 ] Router ID: 3.3.3.3 Address: 192.168.1.3 GR State: Normal...
  • Page 124 Figure 28 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable OSPF: # Configure Router A. <RouterA> system-view [RouterA] ospf 1 router-id 1.1.1.1 [RouterA-ospf-1] area 0 [RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [RouterA-ospf-1-area-0.0.0.0] quit # Configure Router B. <RouterB>...

  • Page 125: Ospf Gr Configuration Example

    [RouterB] display ospf routing OSPF Process 1 with Router ID 2.2.2.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.2.1.0/24 Transit 10.2.1.1 3.3.3.3 0.0.0.1 10.1.1.0/24 Transit 10.1.1.2 2.2.2.2 0.0.0.0 Total Nets: 2 Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0 Area 0 has no direct connection to Area 2, so the OSPF routing table of Router B has no route to...
  • Page 126 Router A acts as the non-IETF GR restarter; Router B and Router C are the GR helpers and • re-synchronize their LSDB with Router A through OOB communication of GR. Figure 29 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable OSPF: # Configure Router A <RouterA>...
  • Page 127 [RouterA-ospf-100] graceful-restart [RouterA-ospf-100] return # Configure Router B as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100. [RouterB-ospf-100] enable link-local-signaling [RouterB-ospf-100] enable out-of-band-resynchronization # Configure Router C as the GR helper: enable the link-local signaling capability and the out-of-band re-synchronization capability for OSPF process 100.

  • Page 128: Bfd For Ospf Configuration Example

    %Oct 21 15:29:30:921 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.3(GigabitEthernet1/0) from Full to Down. %Oct 21 15:29:33:815 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.3(GigabitEthernet1/0) from Loading to Full. %Oct 21 15:29:35:578 2011 RouterA OSPF/5/OSPF_NBR_CHG: -MDC=1; OSPF 100 Neighbor 192.1.1.2(GigabitEthernet1/0) from Loading to Full.
  • Page 129 [RouterA-ospf-1-area-0.0.0.0] quit [RouterA-ospf-1] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ospf cost 2 # Configure Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 120.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit [RouterB] interface gigabitethernet 2/0 [RouterB-GigabitEthernet2/0] ospf cost 2 # Configure Router C.
  • Page 130 IPv4 Session Working Under Ctrl Mode: LD/RD SourceAddr DestAddr State Holdtime Interface 192.168.0.102 192.168.0.100 1700ms GE1/0 # Display routes destined for 120.1.1.0/24 on Router A. <RouterA> display ip routing-table 120.1.1.0 verbose Summary Count : 1 Destination: 120.1.1.0/24 Protocol: OSPF Process ID: 1 SubProtID: 0x1 Age: 04h20m37s Cost: 2...

  • Page 131: Ospf Frr Configuration Example

    OSPF FRR configuration example Network requirements As shown in Figure 31, Router S, Router A, and Router D reside in the same OSPF domain. Configure OSPF FRR so that when Link A fails, traffic is immediately switched to Link B. Figure 31 Network diagram Configuration procedure Configure IP addresses and subnet masks for interfaces on the routers.
  • Page 132 [RouterS-ospf-1] quit # Configure Router D. <RouterD> system-view [RouterD] bfd echo-source-ip 4.4.4.4 [RouterD] ip prefix-list abc index 10 permit 1.1.1.1 32 [RouterD] route-policy frr permit node 10 [RouterD-route-policy-frr-10] if-match ip address prefix-list abc [RouterD-route-policy-frr-10] apply fast-reroute backup-interface gigabitethernet 1/0 backup-nexthop 24.24.24.2 [RouterD-route-policy-frr-10] quit [RouterD] ospf 1 [RouterD-ospf-1] fast-reroute route-policy frr...

  • Page 133: Troubleshooting Ospf Configuration

    Flags: 0x1008c OrigNextHop: 13.13.13.1 Label: NULL RealNextHop: 13.13.13.1 BkLabel: NULL BkNextHop: 24.24.24.2 Tunnel ID: Invalid Interface: GigabitEthernet2/0 BkTunnel ID: Invalid BkInterface: GigabitEthernet1/0 Troubleshooting OSPF configuration No OSPF neighbor relationship established Symptom No OSPF neighbor relationship can be established. Analysis If the physical link and lower layer protocols work well, verify OSPF parameters configured on interfaces. Two neighbors must have the same parameters, such as the area ID, network segment, and mask (a P2P or virtual link can have different network segments and masks).
  • Page 134 In a stub area, all routers attached are configured with the stub command. In an NSSA area, all routers attached are configured with the nssa command. If a virtual link is configured, use the display ospf vlink command to verify the state of the virtual link.

  • Page 135: Configuring Is-Is

    Configuring IS-IS This chapter describes how to configure IS-IS for IPv4 networks. Overview Intermediate System-to-Intermediate System (IS-IS) is a dynamic routing protocol designed by the ISO to operate on the connectionless network protocol (CLNP). IS-IS was modified and extended in RFC 1 195 by the IETF for application in both TCP/IP and OSI reference models, called "Integrated IS-IS"...

  • Page 136: Net

    System ID—Identifies the host. • • SEL—Identifies the type of service. The IDP and DSP are variable in length. The length of an NSAP address ranges from 8 bytes to 20 bytes. Figure 32 NSAP address format Area address The area address comprises the IDP and the HO-DSP of the DSP, which identify the area and the routing domain.

  • Page 137: Is-Is Area

    Area ID—Has a length of 1 to 13 bytes. • • System ID—A system ID uniquely identifies a host or router in the area and has a fixed length of 6 bytes. SEL—Has a value of 0 and a fixed length of 1 byte. •...
  • Page 138 Figure 33 IS-IS topology 1 Area 3 Area 2 L1/L2 L1/L2 Area 1 Area 5 L1/L2 L1/L2 Area 4 Figure 34 shows another IS-IS topology. The Level- 1 -2 routers connect to the Level- 1 and Level-2 routers, and form the IS-IS backbone together with the Level-2 routers. No area is defined as the backbone in this topology.

  • Page 139: Is-Is Network Types

    passing through the Level- 1 -2 router might not be the best. To solve this problem, IS-IS provides the route leaking feature. Route leaking enables a Level- 1 -2 router to advertise the routes of other Level- 1 areas and the Level-2 area to the connected Level- 1 area so that the Level- 1 routers can select the optimal routes for packets.

  • Page 140: Is-Is Pdus

    NOTE: On an IS-IS broadcast network, all routers establish adjacency relationships, but they synchronize their LSDBs through the DIS. IS-IS PDUs IS-IS PDUs are encapsulated into link layer frames. An IS-IS PDU has two parts, the headers and the variable length fields. The headers comprise the PDU common header and the PDU specific header. All PDUs have the same PDU common header.
  • Page 141 A CSNP describes the summary of all LSPs for LSDB synchronization between neighboring routers. On broadcast networks, CSNPs are sent by the DIS periodically (every 10 seconds by default). On point-to-point networks, CSNPs are sent only during the first adjacency establishment. A PSNP only contains the sequence numbers of one or multiple latest received LSPs.

  • Page 142: Protocols And Standards

    Protocols and standards ISO 10589 ISO IS-IS Routing Protocol • • ISO 9542 ES-IS Routing Protocol ISO 8348/Ad2 Network Services Access Points • RFC 1 195, Use of OSI IS-IS for Routing in TCP/IP and Dual Environments • RFC 2763, Dynamic Hostname Exchange Mechanism for IS-IS •...

  • Page 143: Configuring Basic Is-Is

    Tasks at a glance (Optional.) Tuning and optimizing IS-IS networks: • Specifying the interval for sending IS-IS hello packets • Specifying the IS-IS hello multiplier • Specifying the interval for sending IS-IS CSNP packets • Configuring a DIS priority for an interface •...

  • Page 144: Configuring The Is Level And Circuit Level

    Step Command Remarks Assign a NET. network-entity net By default, NET is not assigned. Return to system view. quit interface interface-type Enter interface view. interface-number Enable an IS-IS process on the By default, no IS-IS process is isis enable [ process-id ] interface.

  • Page 145: Configuring Is-Is Route Control

    To configure P2P network type for an interface: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, the network type of an Configure P2P network type for an isis circuit-type p2p interface depends on the physical interface.

  • Page 146: Specifying A Preference For Is-Is

    If none of the above costs is used, a default cost of 10 applies. Configuring an IS-IS cost for an interface Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] cost-style { narrow | wide | wide-compatible (Optional.) Specify an By default, the IS-IS cost type | { compatible | narrow-compatible }...

  • Page 147: Configuring The Maximum Number Of Ecmp Routes

    Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance vpn-instance-name ] Enter IS-IS IPv4 unicast address family view. cost-style { wide | wide-compatible } address-family ipv4 [ unicast ] Configure a preference for preference { preference | route-policy The default setting is IS-IS.

  • Page 148: Advertising A Default Route

    Advertising a default route IS-IS cannot redistribute a default route to its neighbors. This task enables IS-IS to advertise a default route of 0.0.0.0/0 in an LSP to the same-level neighbors. Upon receiving the default route, the neighbors add it into their routing table. To advertise a default route: Step Command...

  • Page 149: Configuring Is-Is Route Filtering

    Configuring IS-IS route filtering You can use an ACL, IP prefix list, or routing policy to filter routes calculated using received LSPs and routes redistributed from other routing protocols. Filtering routes calculated from received LSPs IS-IS saves LSPs received from neighbors in the LSDB, uses the SPF algorithm to calculate the shortest path tree with itself as the root, and installs the routes to the IS-IS routing table.

  • Page 150: Tuning And Optimizing Is-Is Networks

    You can configure IS-IS to advertise routes from Level-2 to Level- 1 , and to not advertise routes from Level- 1 to Level-2. To configure IS-IS route leaking: Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance vpn-instance-name ] Enter IS-IS IPv4 unicast address family view.

  • Page 151: Specifying The Is-Is Hello Multiplier

    Specifying the IS-IS hello multiplier The hello multiplier is the number of hello packets a neighbor must miss before it declares that the router is down. If a neighbor receives no hello packets from the router within the advertised hold time, it considers the router down and recalculates the routes.

  • Page 152: Enabling Source Address Check For Hello Packets On A Ppp Interface

    Step Command Remarks interface interface-type Enter interface view. interface-number Configure a DIS priority for isis dis-priority value [ level-1 | The default setting is 64. the interface. level-2 ] Enabling source address check for hello packets on a PPP interface An IS-IS PPP interface can have a peer on a different network.

  • Page 153: Configuring Lsp Parameters

    To enable an interface to send small hello packets: Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Enable the interface to send By default, the interface can send small hello packets without isis small-hello standard hello packets. CLVs.
  • Page 154 IS-IS routers in an area must send LSPs smaller than the smallest interface MTU in the area. If the IS-IS routers have different interface MTUs, HP recommends configuring the maximum size of generated LSP packets to be smaller than the smallest interface MTU in the area. Otherwise, the routers must dynamically adjust the LSP packet size to fit the smallest interface MTU, which takes time and affects other services.
  • Page 155 Step Command Remarks Specify the maximum length By default, the maximum length lsp-length receive size of received LSPs. of received LSPs is 1497 bytes. Enabling LSP flash flooding Changed LSPs can trigger SPF recalculation. To advertise the changed LSPs before the router recalculates routes for faster network convergence, enable LSP flash flooding.

  • Page 156: Controlling Spf Calculation Interval

    Figure 38 Network diagram of a fully meshed network Router D Router A Eth1/1 Eth1/3 Eth1/2 Eth1/2 Eth1/3 Eth1/1 Eth1/1 Eth1/1 Eth1/2 Eth1/2 Eth1/3 Eth1/3 Router B Router C To avoid this problem, you can add interfaces to a mesh group or block some interfaces. An interface in a mesh group floods a received LSP only to interfaces not in the mesh group.

  • Page 157: Configuring Convergence Priorities For Specific Routes

    Step Command Remarks isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] By default: • The maximum interval is 5 seconds. Configure the SPF timer spf maximum-interval • The minimum interval is 50 calculation interval. [ minimum-interval [ incremental-interval ] ] milliseconds.

  • Page 158: Configuring The Att Bit

    Step Command Remarks set-overload [ on-startup [ [ start-from-nbr system-id By default, the Set the overload bit. [ timeout1 [ nbr-timeout ] ] ] | timeout2 ] [ allow { external overload bit is not | interlevel } * ] set.

  • Page 159: Configuring System Id To Host Name Mappings

    Configuring system ID to host name mappings A 6-byte system ID in hexadecimal notation uniquely identifies a router or host in an IS-IS network. To make a system ID easy to read, the system allows you to use host names to identify devices and provides mappings between system IDs and host names.

  • Page 160: Enabling The Logging Of Neighbor State Changes

    Step Command Remarks By default, no DIS name is configured. This command takes effect only on a router enabled with dynamic system ID to Configure a DIS name. isis dis-name symbolic-name host name mapping. This command is not available on P2P interfaces.

  • Page 161: Configuring Is-Is Network Management

    Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number By default, prefix suppression is disabled on Enable prefix the interface. suppression on the isis prefix-suppression This command is also interface. applicable to the secondary IP address of the interface. Configuring IS-IS network management This task includes the following configurations: Bind an IS-IS process to MIB so that you can use network management software to manage the...

  • Page 162: Configuring Is-Is Pic

    Step Command Remarks Configure the context By default, no context name is set name for the SNMP snmp context-name context-name for the SNMP object for managing object for managing IS-IS. IS-IS. Configuring IS-IS PIC Prefix Independent Convergence (PIC) enables the device to speed up network convergence by ignoring the number of prefixes.

  • Page 163: Configuring Neighbor Relationship Authentication

    Configure IP addresses for interfaces to ensure IP connectivity between neighboring nodes. • • Enable IS-IS. Configuring neighbor relationship authentication With neighbor relationship authentication configured, an interface adds the password in the specified mode into hello packets to the peer and checks the password in the received hello packets. If the authentication succeeds, it forms the neighbor relationship with the peer.

  • Page 164: Configuring Routing Domain Authentication

    Step Command Remarks area-authentication-mode { md5 | simple | gca key-id { hmac-sha-1 | Specify the area hmac-sha-224 | hmac-sha-256 | By default, no area authentication authentication mode and hmac-sha-384 | hmac-sha-512 } } is configured. password. { cipher cipher-string | plain plain-string } [ ip | osi ] (Optional.) Configure When the authentication mode...

  • Page 165: Configuring Bfd For Is-Is

    • By default, the device acts as the GR helper. NOTE: An active/standby switchover cannot trigger GR on the VSR1000 router. Configure IS-IS GR on the GR restarter. GR restarter uses the following timers: T1 timer—Specifies the times that GR restarter can send a Restart TLV with the RR bit set. When •...

  • Page 166: Configuring Is-Is Frr

    Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Enable IS-IS on an interface. isis enable [ process-id ] Enable BFD on an IS-IS By default, an IS-IS interface isis bfd enable interface. is not enabled with BFD. Configuring IS-IS FRR A link or router failure on a path can cause packet loss and routing loop.

  • Page 167: Configuration Procedure

    Configuration procedure Configuring IS-IS FRR to automatically calculate a backup next hop Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number By default, the interface (Optional.) Disable LFA participates in LFA calculation, isis fast-reroute lfa-backup exclude calculation on the interface.

  • Page 168: Displaying And Maintaining Is-Is

    Configuring BFD for IS-IS FRR By default, IS-IS FRR does not use BFD to detect primary link failures. To speed up IS-IS convergence, enable BFD single-hop echo detection for IS-IS FRR to detect primary link failures. To configure BFD for IS-IS FRR: Step Command Remarks...

  • Page 169: Is-Is Configuration Examples

    Task Command Clear IS-IS process data structure reset isis all [ process-id ] [ graceful-restart ] information. Clear IS-IS GR log information. reset isis graceful-restart event-log Clear the data structure information of an reset isis peer system-id [ process-id ] IS-IS neighbor.
  • Page 170 # Configure Router B. <RouterB> system-view [RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] quit [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] isis enable 1 [RouterB-GigabitEthernet1/0] quit # Configure Router C. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 3/0 [RouterC-GigabitEthernet3/0] isis enable 1 [RouterC-GigabitEthernet3/0] quit...
  • Page 171 0000.0000.0001.00-00* 0x00000004 0xdf5e 1096 0/0/0 0000.0000.0002.00-00 0x00000004 0xee4d 1102 0/0/0 0000.0000.0002.01-00 0x00000001 0xdaaf 1102 0/0/0 0000.0000.0003.00-00 0x00000009 0xcaa3 1161 1/0/0 0000.0000.0003.01-00 0x00000001 0xadda 1112 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [RouterB] display isis lsdb Database information for ISIS(1) -------------------------------- Level-1 Link State Database ---------------------------...
  • Page 172 0000.0000.0004.00-00 0x00000026 0x331 1173 0/0/0 0000.0000.0004.01-00 0x00000001 0xee95 0/0/0 *-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload [RouterD] display isis lsdb Database information for ISIS(1) -------------------------------- Level-2 Link State Database --------------------------- LSPID Seq Num Checksum Holdtime Length ATT/P/OL -------------------------------------------------------------------------- 0000.0000.0003.00-00 0x00000013 0xc73d 1003 0/0/0...

  • Page 173: Dis Election Configuration Example

    192.168.0.0/24 NULL GE2/0 Direct D/L/- Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set Level-2 IPv4 Forwarding Table ----------------------------- IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 10.1.1.0/24 NULL D/L/- 10.1.2.0/24 NULL D/L/- 192.168.0.0/24 NULL D/L/- 172.16.0.0/16 NULL GE2/0 192.168.0.2 R/-/-...
  • Page 174 Figure 41 Network diagram Router A Router B L1/L2 L1/L2 GE1/0 GE1/0 10.1.1.1/24 10.1.1.2/24 GE1/0 GE1/0 10.1.1.3/24 10.1.1.4/24 Router D Router C Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Enable IS-IS: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit...
  • Page 175 [RouterD] isis 1 [RouterD-isis-1] network-entity 10.0000.0000.0004.00 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] quit [RouterD] interface gigabitethernet 1/0 [RouterD-GigabitEthernet1/0] isis enable 1 [RouterD-GigabitEthernet1/0] quit # Display information about IS-IS neighbors of Router A. [RouterA] display isis peer Peer information for IS-IS(1) ---------------------------- System Id: 0000.0000.0002 Interface: GigabitEthernet1/0 Circuit Id: 0000.0000.0003.01 State: Up...
  • Page 176 [RouterD] display isis interface Interface information for IS-IS(1) --------------------------------- Interface: GigabitEthernet1/0 IPv4.State IPv6.State Type Down 1497 L1/L2 No/Yes The output shows that when the default DIS priority is used, Router C is the DIS for Level-1, and Router D is the DIS for Level-2. The pseudonodes of Level-1 and Level-2 are 0000.0000.0003.01 and 0000.0000.0004.01.

  • Page 177: Is-Is Route Redistribution Configuration Example

    [RouterC] display isis peer Peer information for IS-IS(1) ---------------------------- System Id: 0000.0000.0001 Interface: GigabitEthernet1/0 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 7s Type: L1 PRI: 100 System Id: 0000.0000.0002 Interface: GigabitEthernet1/0 Circuit Id: 0000.0000.0001.01 State: Up HoldTime: 23s Type: L1 PRI: 64 [RouterC] display isis interface Interface information for IS-IS(1) ---------------------------------...
  • Page 178 Redistribute RIP routes into IS-IS on Router D. Figure 42 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic IS-IS: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] isis enable 1...
  • Page 179 [RouterC-GigabitEthernet2/0] quit [RouterC] interface gigabitethernet 3/0 [RouterC-GigabitEthernet3/0] isis enable 1 [RouterC-GigabitEthernet3/0] quit # Configure Router D. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] network-entity 20.0000.0000.0004.00 [RouterD-isis-1] quit [RouterD] interface gigabitethernet 1/0 [RouterD-GigabitEthernet1/0] isis enable 1 [RouterD-GigabitEthernet1/0] quit # Display IS-IS routing information on each router. [RouterA] display isis route Route information for IS-IS(1) ------------------------------...
  • Page 180 ----------------------------- IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 10.1.1.0/24 NULL D/L/- 10.1.2.0/24 NULL D/L/- 192.168.0.0/24 NULL D/L/- 172.16.0.0/16 NULL GE2/0 192.168.0.2 R/-/- Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set [RouterD] display isis route Route information for IS-IS(1) ----------------------------- Level-2 IPv4 Forwarding Table -----------------------------...

  • Page 181: Is-Is Authentication Configuration Example

    ----------------------------- Level-1 IPv4 Forwarding Table ----------------------------- IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 10.1.1.0/24 NULL GE1/0 Direct D/L/- 10.1.2.0/24 NULL GE3/0 Direct D/L/- 192.168.0.0/24 NULL GE2/0 Direct D/L/- Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down Bit Set Level-2 IPv4 Forwarding Table ----------------------------- IPv4 Destination...
  • Page 182 Figure 43 Network diagram Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic IS-IS: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] isis enable 1 [RouterA-GigabitEthernet1/0] quit # Configure Router B.
  • Page 183 [RouterC] interface gigabitethernet 3/0 [RouterC-GigabitEthernet3/0] isis enable 1 [RouterC-GigabitEthernet3/0] quit # Configure Router D. <RouterD> system-view [RouterD] isis 1 [RouterD-isis-1] network-entity 20.0000.0000.0001.00 [RouterD-isis-1] is-level level-2 [RouterD-isis-1] quit [RouterD] interface gigabitethernet 1/0 [RouterD-GigabitEthernet1/0] isis enable 1 [RouterD-GigabitEthernet1/0] quit Configure neighbor relationship authentication between neighbors: # Configure the authentication mode as MD5 and set the plaintext password to eRq on GigabitEthernet 1/0 of Router A and on GigabitEthernet 3/0 of Router C.

  • Page 184: Is-Is Gr Configuration Example

    [RouterC-isis-1] quit Configure routing domain authentication mode as MD5 and set the plaintext password to 1020Sec on Router C and Router D. [RouterC] isis 1 [RouterC-isis-1] domain-authentication-mode md5 plain 1020Sec [RouterC-isis-1] quit [RouterD] isis 1 [RouterD-isis-1] domain-authentication-mode md5 plain 1020Sec IS-IS GR configuration example Network requirements As shown in...

  • Page 185: Bfd For Is-Is Configuration Example

    <RouterA> display isis graceful-restart status Restart information for IS-IS(1) -------------------------------- Restart status: COMPLETE Restart phase: Finish Restart t1: 3, count 10; Restart t2: 60; Restart t3: 300 SA Bit: supported Level-1 restart information --------------------------- Total number of interfaces: 1 Number of waiting LSPs: 0 Level-2 restart information --------------------------- Total number of interfaces: 1...
  • Page 186 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure basic IS-IS: # Configure Router A. <RouterA> system-view [RouterA] isis [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] quit [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] isis enable [RouterA-GigabitEthernet1/0] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] isis enable [RouterA-GigabitEthernet2/0] quit # Configure Router B.
  • Page 187 [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] isis bfd enable [RouterB-GigabitEthernet1/0] bfd min-receive-interval 500 [RouterB-GigabitEthernet1/0] bfd min-transmit-interval 500 [RouterB-GigabitEthernet1/0] bfd detect-multiplier 8 Verifying the configuration # Display the BFD session information on Router A. <RouterA> display bfd session Total Session Num: 1 Up Session Num: 1 Init Mode: Active IPv4 Session Working Under Ctrl Mode:...

  • Page 188: Is-Is Frr Configuration Example

    TableID: 0x2 OrigAs: 0 NBRID: 0x26000002 LastAs: 0 AttrID: 0xffffffff Neighbor: 0.0.0.0 Flags: 0x1008c OrigNextHop: 10.1.1.100 Label: NULL RealNextHop: 10.1.1.100 BkLabel: NULL BkNextHop: N/A Tunnel ID: Invalid Interface: GigabitEthernet2/0 BkTunnel ID: Invalid BkInterface: N/A The output shows that Router A and Router B communicate through GigabitEthernet 2/0. IS-IS FRR configuration example Network requirements As shown in...
  • Page 189 [RouterS-isis-1-ipv4] fast-reroute auto [RouterD-isis-1-ipv4] quit [RouterD-isis-1] quit (Method 2.) Enable IS-IS FRR to designate a backup next hop by using a routing policy: # Configure Router S. <RouterS> system-view [RouterS] ip prefix-list abc index 10 permit 4.4.4.4 32 [RouterS] route-policy frr permit node 10 [RouterS-route-policy-frr-10] if-match ip address prefix-list abc [RouterS-route-policy-frr-10] apply fast-reroute backup-interface gigabitethernet 1/0 backup-nexthop 12.12.12.2...
  • Page 190 BkLabel: NULL BkNextHop: 12.12.12.2 Tunnel ID: Invalid Interface: GigabitEthernet2/0 BkTunnel ID: Invalid BkInterface: GigabitEthernet1/0 # Display route 1.1.1.1/32 on Router D to view the backup next hop information. [RouterD] display ip routing-table 1.1.1.1 verbose Summary Count : 1 Destination: 1.1.1.1/32 Protocol: ISIS Process ID: 1 SubProtID: 0x1...

  • Page 191: Configuring Bgp

    Configuring BGP Overview Border Gateway Protocol (BGP) is an exterior gateway protocol (EGP). It is called internal BGP (IBGP) when it runs within an AS and called external BGP (EBGP) when it runs between ASs. The current version in use is BGP-4 (RFC 4271). BGP has the following characteristics: Focuses on route control and selection rather than route discovery and calculation.

  • Page 192: Bgp Path Attributes

    BGP path attributes BGP uses the following path attributes in update messages for route filtering and selection: • ORIGIN The ORIGIN attribute specifies the origin of BGP routes. This attribute has the following types: IGP—Has the highest priority. Routes generated in the local AS have the IGP attribute. EGP—Has the second highest priority.
  • Page 193 Filter routes—By using an AS path list, you can filter routes based on AS numbers contained in the AS_PATH attribute. For more information about AS path list, see "Configuring routing policies." NEXT_HOP • The NEXT_HOP attribute may not be the IP address of a directly-connected router. Its value is determined as follows: When a BGP speaker advertises a self-originated route to a BGP peer, it sets the address of the sending interface as the NEXT_HOP.
  • Page 194 Figure 49 MED attribute MED = 0 Router B 2.1.1.1 D = 9.0.0.0 Next_hop = 2.1.1.1 EBGP IBGP MED = 0 9.0.0.0 IBGP Router A Router D D = 9.0.0.0 EBGP IBGP Next_hop = 3.1.1.1 MED = 100 AS 10 3.1.1.1 Router C AS 20...
  • Page 195 Figure 50 LOCAL_PREF attribute • COMMUNITY The COMMUNITY attribute identifies the community of BGP routes. A BGP community is a group of routes with the same characteristics. It has no geographical boundaries. Routes of different ASs can belong to the same community. A route can carry one or more COMMUNITY attribute values (each of which is represented by a 4-byte integer).

  • Page 196: Bgp Route Selection

    The device supports the Route-Target attribute for VPN in the current software version. For more information, see MPLS Configuration Guide. The SoO attribute specifies the site where the route originated. It prevents advertising a route back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.

  • Page 197: Bgp Load Balancing

    After establishing a session with a new BGP peer, BGP advertises all the routes matching the above • rules to the peer. After that, BGP advertises only incremental updates to the peer. BGP load balancing BGP implements load balancing through route recursion and route selection. BGP load balancing through route recursion.

  • Page 198: Settlements For Problems In Large-Scale Bgp Networks

    NOTE: BGP load balancing is applicable between EBGP peers, between IBGP peers, and between confederations. Settlements for problems in large-scale BGP networks You can use the following methods to facilitate management and improve route distribution efficiency on a large-scale BGP network. Route summarization •...
  • Page 199 Peer group • You can organize BGP peers with the same attributes into a group to simplify their configurations. When a peer joins the peer group, the peer obtains the same configuration as the peer group. If the configuration of the peer group is changed, the configuration of group members is changed. Community •...
  • Page 200 Figure 54 Network diagram for route reflectors When the BGP routers in an AS are fully meshed, route reflection is unnecessary because it consumes more bandwidth resources. You can use commands to disable route reflection instead of modifying network configuration or changing network topology. After route reflection is disabled between clients, routes can still be reflected between a client and a non-client.

  • Page 201: Mp-Bgp

    In large-scale BGP networks, you can use both route reflector and confederation. MP-BGP BGP-4 can only advertise IPv4 unicast routing information. Multiprotocol Extensions for BGP-4 (MP-BGP) can advertise routing information for the following address families: IPv6 unicast address family. • IPv4 multicast and IPv6 multicast address families.

  • Page 202: Bgp Configuration Views

    BGP configuration views BGP uses different views to manage routing information for different address families and different VPN instances. Most BGP commands are available in all BGP views. BGP supports multiple VPN instances by establishing a separate routing table for each VPN instance. Table 1 1 describes different BGP configuration views.

  • Page 203: Protocols And Standards

    View names Ways to enter the views Remarks Configurations in this view apply to <Sysname> system-view L2VPN information and L2VPN peers. [Sysname] bgp 100 BGP L2VPN address family view [Sysname-bgp] address-family For more information about BGP l2vpn l2VPN address family view, see [Sysname-bgp-l2vpn] MPLS Configuration Guide.

  • Page 204: Bgp Configuration Task List

    To control BGP route distribution and path selection, you must perform additional configuration tasks. To configure BGP, perform the following tasks (IPv4 unicast/IPv4 multicast): Tasks at a glance Remarks Configuring basic BGP: HP recommends that • (Required.) Enabling BGP you configure BGP peer •...
  • Page 205 Configuring BGP FRR To configure BGP, perform the following tasks (IPv6 unicast/IPv6 multicast): Tasks at a glance Remarks Configuring basic BGP: HP recommends that • (Required.) Enabling BGP you configure BGP peer • (Required.) Perform one of the following tasks:...

  • Page 206: Configuring Basic Bgp

    Tasks at a glance Remarks (Optional.) Controlling BGP path selection: • Specifying a preferred value for routes received • Configuring preferences for BGP routes • Configuring the default local preference • Configuring the MED attribute • Configuring the NEXT_HOP attribute •...

  • Page 207: Configuring A Bgp Peer

    To ensure the uniqueness of a router ID and enhance availability, specify in BGP view the IP address • of a local loopback interface as the router ID. If no router ID is specified in BGP view, the global router ID is used. •...
  • Page 208 Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name Create an IPv4 BGP peer and peer ip-address as-number By default, no IPv4 BGP peer is specify its AS number.

  • Page 209: Configuring A Bgp Peer Group

    Step Command Remarks Enter BGP view. bgp as-number Create an IPv4 BGP peer By default, no IPv4 BGP peer is peer ip-address as-number as-number and specify its AS number. created. (Optional.) Configure a peer ip-address description By default, no description is description for the peer.
  • Page 210 Configuring an IBGP peer group After you create an IBGP peer group and then add a peer into it, the system creates the peer in BGP view and specifies the local AS number for the peer. To configure an IBGP peer group (IPv4 unicast address family): Step Command Remarks...
  • Page 211 Step Command Remarks By default, no peer exists in the peer group. peer ipv6-address group Add a peer into the IBGP peer group-name [ as-number To use the as-number as-number group. as-number ] option, you must specify the local AS number. (Optional.) Configure a peer group-name description By default, no description is...
  • Page 212 Step Command Remarks By default, no IBGP peer Create an IBGP peer group. group group-name [ internal ] group is created. By default, no peer exists in the peer group. Add an IPv6 peer into the peer ipv6-address group group-name The as-number as-number IBGP peer group.
  • Page 213 Step Command Remarks By default, no AS number is specified. Specify the AS number for the peer group-name as-number If a peer group contains peers, you group. as-number cannot remove or change its AS number. By default, no peer exists in the peer group.
  • Page 214 Step Command Remarks Create the BGP IPv6 unicast By default, the BGP IPv6 unicast address family or BGP-VPN address family or BGP-VPN IPv6 address-family ipv6 [ unicast ] IPv6 unicast address family unicast address family is not and enter its view. created.
  • Page 215 Step Command Remarks By default, no AS number is specified. Specify the AS number of peer group-name as-number If a peer group contains peers, you the group. as-number cannot remove or change its AS number. By default, no peer exists in the peer group.
  • Page 216 Step Command Remarks Create the BGP IPv4 unicast By default, the BGP IPv4 unicast address family or BGP-VPN address family or BGP-VPN IPv4 address-family ipv4 [ unicast ] IPv4 unicast address family unicast address family is not and enter its view. created.
  • Page 217 Step Command Remarks Create an EBGP peer By default, no EBGP peer group is group group-name external group. created. Create an IPv4 BGP peer peer ip-address as-number By default, no IPv4 BGP peer is and specify its AS number. as-number created.
  • Page 218 Step Command Remarks Enable the router to By default, the router cannot exchange IPv6 unicast exchange IPv6 unicast routing routing information used for peer group-name enable information used for RPF check with RPF check with peers in the the peers in the group. specified peer group.
  • Page 219 Step Command Remarks (Optional.) Configure a peer group-name description By default, no description is description for the peer group. description-text configured for the peer group. Create the BGP IPv6 unicast By default, the BGP IPv6 unicast address family or BGP-VPN address family or BGP-VPN IPv6 address-family ipv6 [ unicast ] IPv6 unicast address family...

  • Page 220: Specifying The Source Address Of Tcp Connections

    Step Command Remarks Enable the router to exchange By default, the router cannot IPv6 unicast routing exchange IPv6 unicast routing information used for RPF check peer group-name enable information used for RPF check with with peers in the specified the peers. peer group.

  • Page 221: Generating Bgp Routes

    Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name Specify the source IPv6 peer { group-name | By default, BGP uses the outbound address of TCP connections to ipv6-address } source-address interface of the best route to the...

  • Page 222: Redistributing Igp Routes

    Step Command Remarks • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] • Enter BGP-VPN IPv4 unicast address Enter BGP IPv4 unicast family view: address family view, bgp as-number BGP-VPN IPv4 unicast address family view, or BGP ip vpn-instance IPv4 multicast address vpn-instance-name...
  • Page 223 The ORIGIN attribute of BGP routes redistributed from IGPs is INCOMPLETE. To configure BGP to redistribute IGP routes (IPv4 unicast/multicast address family): Step Command Remarks Enter system view. system-view • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] •...

  • Page 224: Controlling Route Distribution And Reception

    Step Command Remarks (Optional.) Enable default By default, BGP does not route redistribution into default-route imported redistribute default routes. BGP. Controlling route distribution and reception This section describes how to control route distribution and reception. Configuring BGP route summarization Route summarization can reduce the number of redistributed routes and the routing table size. IPv4 BGP supports automatic route summarization and manual route summarization.
  • Page 225 Configuring manual route summarization By configuring manual route summarization, you can summarize both redistributed routes and routes injected using the network command and determine the mask length for a summary route as needed. To configure BGP manual route summarization (IPv4 unicast/multicast address family): Step Command Remarks...

  • Page 226: Advertising Optimal Routes In The Ip Routing Table

    Advertising optimal routes in the IP routing table By default, BGP advertises optimal routes in the BGP routing table, which may not be optimal in the IP routing table. This task allows you to advertise BGP routes that are optimal in the IP routing table to all BGP peers.

  • Page 227: Advertising A Default Route To A Peer Or Peer Group

    Advertising a default route to a peer or peer group Perform this task to advertise a default BGP route with the next hop being the advertising router to a peer or peer group. To advertise a default route to a peer or peer group (IPv4 unicast/multicast address family): Step Command Remarks...
  • Page 228 If the number of routes received from a peer or peer group exceeds the upper limit, the router takes one of the following actions based on your configuration: Tears down the BGP session to the peer or peer group and does not attempt to re-establish the •...

  • Page 229: Configuring Bgp Route Filtering Policies

    Step Command Remarks Specify the maximum peer { group-name | ipv6-address } By default, the number of number of routes that a route-limit prefix-number [ { alert-only | routes that a router can receive router can receive from a discard | reconnect reconnect-time } | from a peer or peer group is peer or peer group.
  • Page 230 Step Command Remarks • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] Enter BGP IPv4 unicast • Enter BGP-VPN IPv4 unicast address address family view, family view: BGP-VPN IPv4 unicast bgp as-number address family view, or ip vpn-instance vpn-instance-name BGP IPv4 multicast address-family ipv4 [ unicast ]...

  • Page 231: Configuring Bgp Route Reception Filtering Policies

    Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] • Enter BGP-VPN IPv6 unicast address Enter BGP IPv6 unicast family view: address family view, bgp as-number BGP-VPN IPv6 unicast address family view, or vpn-instance BGP IPv6 multicast vpn-instance-name...
  • Page 232 filter-policy import peer filter-policy import peer as-path-acl import peer prefix-list import peer route-policy import Only routes passing all the configured policies can be received. To configure BGP route reception filtering policies (IPv4 unicast/multicast address family): Step Command Remarks Enter system view. system-view •...

  • Page 233: Configuring Bgp Route Dampening

    Step Command Remarks Enter system view. system-view • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] • Enter BGP-VPN IPv6 unicast address Enter BGP IPv6 unicast family view: address family view, bgp as-number BGP-VPN IPv6 unicast address family view, or ip vpn-instance BGP IPv6 multicast...

  • Page 234: Controlling Bgp Path Selection

    Step Command Remarks • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] • Enter BGP-VPN IPv4 unicast address Enter BGP IPv4 unicast family view: address family view, bgp as-number BGP-VPN IPv4 unicast address family view, or ip vpn-instance BGP IPv4 multicast vpn-instance-name...

  • Page 235: Specifying A Preferred Value For Routes Received

    Specifying a preferred value for routes received Perform this task to set a preferred value for specific routes to control BGP path selection. Among multiple routes that have the same destination/mask and are learned from different peers, the one with the greatest preferred value is selected as the optimal route. To specify a preferred value for routes from a peer or peer group (IPv4 unicast/multicast address family): Step Command...

  • Page 236: Configuring Preferences For Bgp Routes

    Step Command Remarks Specify a preferred value for routes received peer { group-name | ipv6-address } The default preferred value is 0. from a peer or peer preferred-value value group. Configuring preferences for BGP routes Routing protocols each have a default preference. If they find multiple routes destined for the same network, the route found by the routing protocol with the highest preference is selected as the optimal route.

  • Page 237: Configuring The Default Local Preference

    Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] • Enter BGP-VPN IPv6 unicast address Enter BGP IPv6 unicast family view: address family view, bgp as-number BGP-VPN IPv6 unicast address family view, or ip vpn-instance BGP IPv6 multicast vpn-instance-name...

  • Page 238: Configuring The Med Attribute

    To specify the default local preference (IPv6 unicast/multicast address family): Step Command Remarks Enter system view. system-view • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] Enter BGP IPv6 unicast • Enter BGP-VPN IPv6 unicast address address family view, family view: BGP-VPN IPv6 unicast...
  • Page 239 To configure the default MED value (IPv6 unicast/multicast address family): Step Command Remarks Enter system view. system-view • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] Enter BGP IPv6 unicast • Enter BGP-VPN IPv6 unicast address address family view, family view: BGP-VPN IPv6 unicast...
  • Page 240 Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number Enter BGP IPv6 unicast address-family ipv6 [ unicast ] address family view or BGP IPv6 multicast • Enter BGP IPv6 multicast address family address family view. view: bgp as-number address-family ipv6 multicast Enable MED...
  • Page 241 However, Router C and Router A reside in the same AS, and Router C has a greater MED, so network 10.0.0.0 learned from Router C should not be optimal. You can configure the bestroute compare-med command to enable MED comparison for routes from the same AS on Router D.
  • Page 242 Enabling MED comparison for routes from confederation peers This task enables BGP to compare the MEDs of routes received from confederation peers. However, if a route received from a confederation peer has an AS number that does not belong to the confederation, BGP does not compare the route with other routes.

  • Page 243: Configuring The Next_Hop Attribute

    Configuring the NEXT_HOP attribute By default, a BGP router does not set itself as the next hop for routes advertised to an IBGP peer or peer group. In some cases, however, you must configure the advertising router as the next hop to make sure the BGP peer can find the correct next hop.

  • Page 244: Configuring The As_Path Attribute

    Step Command Remarks • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] Enter BGP IPv4 unicast • Enter BGP-VPN IPv4 unicast address address family view, family view: BGP-VPN IPv4 unicast bgp as-number address family view, or ip vpn-instance vpn-instance-name BGP IPv4 multicast address-family ipv4 [ unicast ]...
  • Page 245 In certain network environments (for example, a Hub&Spoke network in MPLS L3VPN), however, the AS_PATH attribute of a route from a peer must be allowed to contain the local AS number. Otherwise, the route cannot be advertised correctly. To permit the local AS number to appear in routes from a peer or peer group and specify the appearance times (IPv4 unicast/multicast address family): Step Command...
  • Page 246 Step Command Remarks Permit the local AS number to appear in By default, the local AS number peer { group-name | ipv6-address } routes from a peer or is not allowed in routes from a allow-as-loop [ number ] peer group and specify peer or peer group.
  • Page 247 Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] Enter BGP IPv6 unicast • Enter BGP-VPN IPv6 unicast address address family view, family view: BGP-VPN IPv6 unicast bgp as-number address family view, or ip vpn-instance vpn-instance-name BGP IPv6 multicast address-family ipv6 [ unicast ]...
  • Page 248 Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name By default, no fake AS number is advertised to a peer or peer group. Advertise a fake AS number to peer { group-name | a peer or peer group.
  • Page 249 To configure AS number substitution for a peer or peer group (IPv6 unicast/multicast address family): Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name...

  • Page 250: Configuring The Soo Attribute

    Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] • Enter BGP-VPN IPv6 unicast address Enter BGP IPv6 unicast family view: address family view, bgp as-number BGP-VPN IPv6 unicast address family view, or vpn-instance BGP IPv6 multicast vpn-instance-name...

  • Page 251: Tuning And Optimizing Bgp Networks

    Step Command Remarks • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] • Enter BGP-VPN IPv4 unicast address Enter BGP IPv4 unicast family view: address family view, bgp as-number BGP-VPN IPv4 unicast address family view, or ip vpn-instance BGP IPv4 multicast address vpn-instance-name...

  • Page 252: Configuring The Keepalive Interval And Hold Time

    Configuring the keepalive interval and hold time BGP sends keepalive messages at a specific interval to keep the BGP session between two routers. If a router receives no keepalive or update message from a peer within the hold time, it tears down the session.

  • Page 253: Configuring The Interval For Sending Updates For The Same Route

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name Use either method. • Configure the global keepalive By default, the keepalive interval is interval and hold time: 60 seconds, and hold time is 180 timer keepalive keepalive hold...

  • Page 254: Enabling Bgp To Establish An Ebgp Session Over Multiple Hops

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name Configure the interval for peer { group-name | By default, the interval is 15 sending updates for the same ipv6-address } seconds for an IBGP peer and 30...

  • Page 255: Enabling Immediate Reestablishment Of Direct Ebgp Connections Upon Link Failure

    Step Command Remarks Enable BGP to establish an By default, BGP cannot establish EBGP session to an peer { group-name | an EBGP session to an indirectly-connected peer or ipv6-address } ebgp-max-hop indirectly-connected peer or peer peer group and specify the [ hop-count ] group.

  • Page 256: Enabling Md5 Authentication For Bgp Peers

    Step Command Remarks peer { group-name | ip-address } Enable 4-byte AS number By default, 4-byte AS number capability-advertise suppression. suppression is not enabled. suppress-4-byte-as To enable 4-byte AS number suppression (IPv6 unicast/multicast address family): Step Command Remarks Enter system view. system-view •...

  • Page 257: Configuring Bgp Load Balancing

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: Use either method. instance view. bgp as-number ip vpn-instance vpn-instance-name peer { group-name | Enable MD5 authentication By default, MD5 authentication is ipv6-address } password { cipher | for a BGP peer group or peer.

  • Page 258: Configuring Ipsec For Ipv6 Bgp

    Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 [ unicast ] • Enter BGP-VPN IPv6 unicast address Enter BGP IPv6 unicast family view: address family view, bgp as-number BGP-VPN IPv6 unicast address family view, or BGP ip vpn-instance IPv6 multicast address family vpn-instance-name...

  • Page 259: Disabling Bgp To Establish A Session To A Peer Or Peer Group

    Disabling BGP to establish a session to a peer or peer group This task enables you to temporarily tear down the BGP session to a specific peer or peer group so that you can perform network upgrade and maintenance without needing to delete and reconfigure the peer or peer group.

  • Page 260: Configuring Bgp Soft-Reset

    When GTSM is configured, the BGP packets sent by the device have a TTL of 255. GTSM provides best protection for directly connected EBGP sessions, but not for multihop EBGP or IBGP sessions because the TTL of packets might be modified by intermediate devices. To configure GTSM for BGP (IPv4 unicast/multicast address family): Step Command...
  • Page 261 Manual soft-reset—Use the refresh bgp command to enable BGP to send local routing information • or advertise a route-refresh message to the specified peer so the peer resends its routing information. After receiving the routing information, the router filters the routing information by using the new policy.
  • Page 262 Step Command Remarks • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ipv6-address } capability-advertise route-refresh Use either method. Enable BGP route refresh for a • Enable BGP route refresh and By default, BGP route refresh is peer or peer group.
  • Page 263 Step Command Remarks • Enter BGP IPv6 unicast address family view: bgp as-number address-family ipv6 Enter BGP IPv6 unicast [ unicast ] address family view or BGP IPv6 multicast address family • Enter BGP IPv6 multicast view. address family view: bgp as-number address-family ipv6 multicast...

  • Page 264: Protecting An Ebgp Peer When Memory Usage Reaches Level 2 Threshold

    Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name • Enable BGP route refresh for the specified peer or peer group: peer { group-name | ipv6-address } capability-advertise...

  • Page 265: Configuring A Large-Scale Bgp Network

    Step Command Remarks • Enter BGP view: bgp as-number • Enter BGP view or BGP-VPN Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name Configure BGP to protect an By default, BGP periodically tears EBGP peer or peer group peer { group-name | ip-address } down an EBGP session to release when the memory usage...
  • Page 266 Step Command Remarks Enter system view. system-view • Enter BGP IPv4 unicast address family view: bgp as-number address-family ipv4 [ unicast ] • Enter BGP-VPN IPv4 unicast Enter BGP IPv4 unicast address family view: address family view, bgp as-number BGP-VPN IPv4 unicast ip vpn-instance address family view, or BGP vpn-instance-name...

  • Page 267: Configuring Bgp Route Reflection

    Step Command Remarks • Advertise the COMMUNITY attribute to a peer or peer group: peer { group-name | ipv6-address } Advertise the COMMUNITY By default, the COMMUNITY or advertise-community or extended community extended community attribute is attribute to a peer or peer •...
  • Page 268 Step Command Remarks (Optional.) Configure the By default, a route reflector uses reflector cluster-id { cluster-id | cluster ID of the route its own router ID as the cluster ip-address } reflector. To configure a BGP route reflector (IPv6 unicast/multicast address family): Step Command Remarks...

  • Page 269: Configuring A Bgp Confederation

    Step Command Remarks By default, BGP does not ignore the ORIGINATOR_ID attribute. Make sure that this command does Ignore the ORIGINATOR_ID peer { group-name | ip-address } not result in a routing loop. attribute. ignore-originatorid After you execute this command, BGP also ignores the CLUSTER_LIST attribute.

  • Page 270: Configuring Bgp Gr

    Step Command Remarks Enter system view. system-view Enter BGP view. bgp as-number By default, no confederation ID is Configure a confederation ID. confederation id as-number configured. Specify peering sub-ASs in the confederation peer-as By default, no peering sub-AS is confederation. as-number-list specified.

  • Page 271: Enabling Snmp Notifications For Bgp

    It controls the time for the local end to receive updates from the peer. NOTE: An active/standby switchover cannot trigger GR on the VSR1000 router. Perform the following configuration on the GR restarter and GR helper. To configure BGP GR:...

  • Page 272: Enabling Logging Of Session State Changes

    Enabling logging of session state changes Perform this task to enable BGP to log BGP session establishment and disconnection events. To view the log information, use the display bgp peer ipv4 unicast log-info command or the display bgp peer ipv6 unicast log-info command.

  • Page 273: Configuring Bgp Frr

    To enable BFD for a BGP peer (IPv6 unicast/multicast address family): Step Command Remarks Enter system view. system-view • Enter BGP view: bgp as-number Enter BGP view or BGP-VPN • Enter BGP-VPN instance view: instance view. bgp as-number ip vpn-instance vpn-instance-name Enable BFD to detect the link to the peer ipv6-address bfd [ multi-hop | By default, BFD is...
  • Page 274 Step Command Remarks Enter system view. system-view By default, no source address is specified for echo packets. This step is required when echo-mode BFD is used to detect the connectivity to the next hop of the bfd echo-source-ip ip-address primary route. Configure the source address of echo packets.
  • Page 275 Step Command Remarks Use either method. By default, BGP FRR is disabled. • (Method 1) Enable BGP FRR for Method 1 might result in routing the address family: loops. Use it with caution. By default, no routing policy is • (Method 2) Reference a routing referenced.

  • Page 276: Configuring 6Pe

    Step Command Remarks Use either method. By default, BGP FRR is disabled. • (Method 1) Enable BGP FRR for Method 1 might result in routing the address family: loops. Use it with caution. By default, no routing policy is • (Method 2) Reference a routing referenced.

  • Page 277: Configuring Basic 6Pe

    Configuring basic 6PE Before you configure 6PE, complete the following tasks: • Establish tunnels in the IPv4 backbone network (see Layer 3—IP Services Configuration Guide). Configure basic MPLS on 6PE devices (see MPLS Configuration Guide). • Configure BGP on 6PE devices so that they can advertise tagged IPv6 routing information through •...
  • Page 278 Step Command Remarks Specify an IPv6 ACL to filter peer { group-name | ip-address } routes advertised to or filter-policy acl6-number { export | By default, no ACL is specified. received from the 6PE peer or import } peer group. Specify an IPv6 prefix list to peer { group-name | ip-address } filter routes advertised to or...

  • Page 279: Displaying And Maintaining Bgp

    Displaying and maintaining BGP Execute display commands in any view and reset commands in user view (IPv4 unicast address family). Task Command Display BGP IPv4 unicast peer group display bgp group ipv4 [ unicast ] [ vpn-instance information. vpn-instance-name ] [ group-name ] display bgp peer ipv4 [ unicast ] [ vpn-instance Display BGP IPv4 unicast peer or peer vpn-instance-name ] [ { ip-address | group-name group-name }...
  • Page 280 Task Command display bgp peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] [ { ipv6-address | group-name group-name } Display BGP IPv6 unicast routing log-info | [ ipv6-address ] verbose ] information. display bgp peer ipv6 [ unicast ] [ ip-address log-info | [ ip-address ] verbose ] display bgp routing-table ipv6 [ unicast ] peer { ip-address | ipv6-address } { advertised-routes | received-routes }...
  • Page 281 Task Command Display BGP IPv4 multicast peer or peer display bgp peer ipv4 multicast [ { ip-address | group-name group information. group-name } log-info | [ ip-address ] verbose ] display bgp routing-table ipv4 multicast [ network-address [ { mask | mask-length } [ longest-match ] ] | network-address [ mask | mask-length ] advertise-info | as-path-acl Display BGP IPv4 multicast routing as-path-acl-number | community-list...

  • Page 282: Resetting Bgp Sessions

    Task Command Display information about routes advertised by the network command and shortcut display bgp network ipv6 multicast routes configured by the network short-cut command. Display BGP path attribute information. display bgp paths [ as-regular-expression ] Display BGP IPv6 multicast address family display bgp update-group ipv6 multicast [ ipv6-address ] update group information.

  • Page 283: Ipv4 Bgp Configuration Examples

    Task Command Clear dampening information for BGP IPv4 reset bgp dampening ipv4 multicast [ network-address [ mask | multicast routes and release suppressed mask-length ] ] BGP IPv4 multicast routes. reset bgp flap-info ipv4 multicast [ network-address [ mask | Clear flap information for BGP IPv4 mask-length ] | as-path-acl as-path-acl-number | peer multicast routes.
  • Page 284 <RouterB> system-view [RouterB] bgp 65009 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] peer 3.3.3.3 as-number 65009 [RouterB-bgp] peer 3.3.3.3 connect-interface loopback 0 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 3.3.3.3 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit [RouterB] ospf 1 [RouterB-ospf-1] area 0 [RouterB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [RouterB-ospf-1-area-0.0.0.0] network 9.1.1.1 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit...
  • Page 285 [RouterA-bgp-ipv4] peer 3.1.1.1 enable [RouterA-bgp-ipv4] network 8.1.1.0 24 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router B. [RouterB] bgp 65009 [RouterB-bgp] peer 3.1.1.2 as-number 65008 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 3.1.1.2 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Display BGP peer information on Router B. [RouterB] display bgp peer ipv4 BGP local router ID : 2.2.2.2 Local AS number : 65009...
  • Page 286 Network NextHop LocPrf PrefVal Path/Ogn * >e 8.1.1.0/24 3.1.1.2 65008i # Display the BGP routing table on Router C. [RouterC] display bgp routing-table ipv4 Total number of routes: 1 BGP local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network...

  • Page 287: Bgp And Igp Route Redistribution Configuration Example

    Total number of routes: 4 BGP local router ID is 3.3.3.3 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network NextHop LocPrf...

  • Page 288: Configuration Considerations

    Configuration considerations Configure BGP to redistribute routes from OSPF on Router B, so Router A can obtain the route to 9.1.2.0/24. Configure OSPF to redistribute routes from BGP on Router B, so that Router C can obtain the route to 8.1.1.0/24. Configuration procedure Configure IP addresses for interfaces.
  • Page 289 [RouterB-bgp-ipv4] import-route ospf 1 [RouterB-bgp-ipv4] quit [RouterB-bgp] quit [RouterB] ospf 1 [RouterB-ospf-1] import-route bgp [RouterB-ospf-1] quit # Display the BGP routing table on Router A. [RouterA] display bgp routing-table ipv4 Total number of routes: 3 BGP local router ID is 1.1.1.1 Status codes: * - valid, >...

  • Page 290: Bgp Route Summarization Configuration Example

    56 bytes from 9.1.2.1: icmp_seq=4 ttl=254 time=9.000 ms --- Ping statistics for 9.1.2.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.000/8.000/12.000/3.406 ms [RouterC] ping -a 9.1.2.1 8.1.1.1 Ping 8.1.1.1 (8.1.1.1) from 9.1.2.1: 56 data bytes, press CTRL_C to break 56 bytes from 8.1.1.1: icmp_seq=0 ttl=254 time=9.000 ms 56 bytes from 8.1.1.1: icmp_seq=1 ttl=254 time=4.000 ms 56 bytes from 8.1.1.1: icmp_seq=2 ttl=254 time=3.000 ms...
  • Page 291 <RouterA> system-view [RouterA] ip route-static 0.0.0.0 0 192.168.212.1 # Configure static routes to 192.168.64.0/24, 192.168.74.0/24, and 192.168.99.0/24 with the same next hop 192.168.212.161 on Router B. <RouterB> system-view [RouterB] ip route-static 192.168.64.0 24 192.168.212.161 [RouterB] ip route-static 192.168.74.0 24 192.168.212.161 [RouterB] ip route-static 192.168.99.0 24 192.168.212.161 Configure OSPF between Router B and Router C and configure OSPF on Router B to redistribute static routes:...
  • Page 292 Configure BGP between Router C and Router D and configure BGP on Router C to redistribute OSPF routes: # On Router C, enable BGP, specify Router D as an EBGP peer, and configure BGP to redistribute OSPF routes. [RouterC] bgp 65106 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 10.220.2.217 as-number 64631 [RouterC-bgp] address-family ipv4 unicast...

  • Page 293: Bgp Load Balancing Configuration Example

    192.168.64.0/24 OSPF 172.17.100.1 GE1/0 192.168.74.0/24 OSPF 172.17.100.1 GE1/0 192.168.99.0/24 OSPF 172.17.100.1 GE1/0 The output shows that Router C has a summary route 192.168.64.0/18 with the output interface Null 0. # Display the IP routing table information on Router D. [RouterD] display ip routing-table protocol bgp Summary Count : 1 BGP Routing table Status : <Active>...
  • Page 294 On Router B, establish an EBGP connection with Router A and an IBGP connection with Router C. Configure BGP to advertise network 9.1.1.0/24 to Router A, so that Router A can access the intranet through Router B. Configure a static route to interface loopback 0 on Router C (or use a routing protocol like OSPF) to establish the IBGP connection.
  • Page 295 [RouterC-bgp-ipv4] peer 3.1.2.2 enable [RouterC-bgp-ipv4] peer 2.2.2.2 enable [RouterC-bgp-ipv4] network 9.1.1.0 24 [RouterC-bgp-ipv4] quit [RouterC-bgp] quit [RouterC] ip route-static 2.2.2.2 32 9.1.1.1 # Display the BGP routing table on Router A. [RouterA] display bgp routing-table ipv4 Total number of routes: 3 BGP local router ID is 1.1.1.1 Status codes: * - valid, >...

  • Page 296: Bgp Community Configuration Example

    * >e 9.1.1.0/24 3.1.1.1 65009i * >e 3.1.2.1 65009i The output shows that there are two valid routes to the destination 9.1.1.0/24, and both of them are • the best routes. By using the display ip routing-table command, you can find there are two routes to 9.1.1.0/24. •...
  • Page 297 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 200.1.2.1 enable [RouterB-bgp-ipv4] peer 200.1.3.2 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C. <RouterC> system-view [RouterC] bgp 30 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 200.1.3.1 as-number 20 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 200.1.3.1 enable [RouterC-bgp-ipv4] quit [RouterC-bgp] quit # Display the BGP route 9.1.1.0 on Router B.
  • Page 298 Advertised to peers (1 in total): 200.1.3.2 The output shows that Router B can advertise the route with the destination 9.1.1.0/24 to other ASs through BGP. # Display the BGP routing table on Router C. [RouterC] display bgp routing-table ipv4 Total number of routes: 1 BGP local router ID is 3.3.3.3 Status codes: * - valid, >...

  • Page 299: Bgp Route Reflector Configuration Example

    State : valid, external, best, IP precedence : N/A QoS local ID : N/A IP precedence : N/A QoS local ID : N/A # Display advertisement information for the route 9.1.1.0 on Router B. [RouterB] display bgp routing-table ipv4 9.1.1.0 advertise-info BGP local router ID: 2.2.2.2 Local AS number: 20 Paths:...
  • Page 300 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure BGP connections: # Configure Router A. <RouterA> system-view [RouterA] bgp 100 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 192.1.1.2 as-number 200 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 192.1.1.2 enable # Inject network 20.0.0.0/8 to the BGP routing table. [RouterA-bgp-ipv4] network 20.0.0.0 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit...

  • Page 301: Bgp Confederation Configuration Example

    Configure Router C as the route reflector. [RouterC] bgp 200 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 193.1.1.2 reflect-client [RouterC-bgp-ipv4] peer 194.1.1.2 reflect-client [RouterC-bgp-ipv4] quit [RouterC-bgp] quit Verifying the configuration # Display the BGP routing table on Router B. [RouterB] display bgp routing-table ipv4 Total number of routes: 1 BGP local router ID is 2.2.2.2 Status codes: * - valid, >...
  • Page 302 Figure 68 Network diagram Table 12 Interface and IP address assignment Device Interface IP address Device Interface IP address Router A GE1/0 10.1.2.1/24 Router D GE1/0 10.1.5.1/24 GE2/0 10.1.3.1/24 GE2/0 10.1.3.2/24 GE3/0 10.1.4.1/24 Router E GE1/0 10.1.5.2/24 GE4/0 200.1.1.1/24 GE2/0 10.1.4.2/24 GE5/0 10.1.1.1/24...
  • Page 303 <RouterB> system-view [RouterB] bgp 65002 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] confederation id 200 [RouterB-bgp] confederation peer-as 65001 65003 [RouterB-bgp] peer 10.1.1.1 as-number 65001 [RouterB-bgp] address-family ipv4 unicast [RouterB-bgp-ipv4] peer 10.1.1.1 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C. <RouterC> system-view [RouterC] bgp 65003 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] confederation id 200...
  • Page 304 [RouterE] bgp 65001 [RouterE-bgp] router-id 5.5.5.5 [RouterE-bgp] confederation id 200 [RouterE-bgp] peer 10.1.4.1 as-number 65001 [RouterE-bgp] peer 10.1.5.1 as-number 65001 [RouterE-bgp] address-family ipv4 unicast [RouterE-bgp-ipv4] peer 10.1.4.1 enable [RouterE-bgp-ipv4] peer 10.1.5.1 enable [RouterE-bgp-ipv4] quit [RouterE-bgp] quit Configure the EBGP connection between AS 100 and AS 200: # Configure Router A.
  • Page 305 Local AS number: 65002 Paths: 1 available, 1 best BGP routing table information of 9.1.1.0/24: From : 10.1.1.1 (1.1.1.1) Rely nexthop : 10.1.1.1 Original nexthop: 10.1.1.1 OutLabel : NULL AS-path : (65001) 100 Origin : igp Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, external-confed, best, IP precedence...

  • Page 306: Bgp Path Selection Configuration Example

    Attribute value : MED 0, localpref 100, pref-val 0, pre 255 State : valid, internal-confed, best, IP precedence : N/A QoS local ID : N/A IP precedence : N/A QoS local ID : N/A The output indicates the following: Router F can send route information to Router B and Router C through the confederation by •...
  • Page 307 Configuration procedure Configure IP addresses for interfaces. (Details not shown.) Configure OSPF on Router B, Router C, and Router D: # Configure Router B. <RouterB> system-view [RouterB] ospf [RouterB-ospf] area 0 [RouterB-ospf-1-area-0.0.0.0] network 192.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] network 194.1.1.0 0.0.0.255 [RouterB-ospf-1-area-0.0.0.0] quit [RouterB-ospf-1] quit # Configure Router C.
  • Page 308 [RouterB-bgp-ipv4] peer 194.1.1.1 enable [RouterB-bgp-ipv4] quit [RouterB-bgp] quit # Configure Router C. [RouterC] bgp 200 [RouterC-bgp] peer 193.1.1.1 as-number 100 [RouterC-bgp] peer 195.1.1.1 as-number 200 [RouterC-bgp] address-family ipv4 unicast [RouterC-bgp-ipv4] peer 193.1.1.1 enable [RouterC-bgp-ipv4] peer 195.1.1.1 enable [RouterC-bgp-ipv4] quit [RouterC-bgp] quit # Configure Router D.
  • Page 309 # Display the BGP routing table on Router D. [RouterD] display bgp routing-table ipv4 Total number of routes: 2 BGP local router ID is 195.1.1.1 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete Network NextHop...

  • Page 310: Bfd For Bgp Configuration Example

    The route 1.0.0.0/8 learned from Router C is the optimal route. BFD for BGP configuration example Network requirements As shown in Figure Run OSPF in AS 200. • Establish two IBGP connections between Router A and Router C. When both paths are working, •...
  • Page 311 [RouterA] route-policy apply_med_50 permit node 10 [RouterA-route-policy-apply_med_50-10] if-match ip address acl 2000 [RouterA-route-policy-apply_med_50-10] apply cost 50 [RouterA-route-policy-apply_med_50-10] quit [RouterA] route-policy apply_med_100 permit node 10 [RouterA-route-policy-apply_med_100-10] if-match ip address acl 2000 [RouterA-route-policy-apply_med_100-10] apply cost 100 [RouterA-route-policy-apply_med_100-10] quit # Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing policy apply_med_100 to routes outgoing to peer 2.0.2.2.
  • Page 312 Connect Type: Indirect Running Up for: 00:00:58 Hold Time: 2457ms Auth mode: None Detect Mode: Async Slot: 0 Protocol: BGP Diag Info: No Diagnostic The output shows that a BFD session has been established between Router A and Router C. # Display BGP peer information on Router C.

  • Page 313: Bgp Frr Configuration Example

    Destination: 1.1.1.0/24 Protocol: BGP Process ID: 0 SubProtID: 0x1 Age: 00h03m08s Cost: 100 Preference: 255 Tag: 0 State: Active Adv OrigTblID: 0x1 OrigVrf: default-vrf TableID: 0x2 OrigAs: 0 NBRID: 0x15000000 LastAs: 0 AttrID: 0x0 Neighbor: 2.0.1.1 Flags: 0x10060 OrigNextHop: 2.0.1.1 Label: NULL RealNextHop: 2.0.2.1 BkLabel: NULL...
  • Page 314 [RouterA] bgp 100 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] peer 10.1.1.2 as-number 200 [RouterA-bgp] peer 30.1.1.3 as-number 200 [RouterA-bgp] address-family ipv4 unicast [RouterA-bgp-ipv4] peer 10.1.1.2 enable [RouterA-bgp-ipv4] peer 30.1.1.3 enable [RouterA-bgp-ipv4] network 1.1.1.1 32 # Configure Router B to establish an EBGP session with Router A, and an IBGP session with Router <RouterB>...
  • Page 315 [RouterD-bgp-ipv4] network 4.4.4.4 32 Configure preferred values so Link B is used to forward traffic between Router A and Router D: # Configure Router A to set the preferred value to 100 for routes received from Router B. [RouterA-bgp-ipv4] peer 10.1.1.2 preferred-value 100 [RouterA-bgp-ipv4] quit [RouterA-bgp] quit # Configure Router D to set the preferred value to 100 for routes received from Router B.
  • Page 316 Verifying the configuration # Display detailed information about the route to 4.4.4.4/32 on Router A. The output shows the backup next hop for the route. [RouterA] display ip routing-table 4.4.4.4 32 verbose Summary Count : 1 Destination: 4.4.4.4/32 Protocol: BGP Process ID: 0 SubProtID: 0x2 Age: 00h01m52s...

  • Page 317: Ipv6 Bgp Configuration Examples

    IPv6 BGP configuration examples IPv6 BGP basic configuration example Network requirements As shown in Figure 72, run EBGP between Router A and Router B, and run IBGP between Router B and Router C so that Router C can access the network 50::/64 connected to Router A. Figure 72 Network diagram Configuration procedure Configure IP addresses for interfaces.
  • Page 318 [RouterB-bgp] address-family ipv6 [RouterB-bgp-ipv6] peer 10::2 enable Inject network routes to the BGP routing table: # Configure Router A. [RouterA-bgp-ipv6] network 10:: 64 [RouterA-bgp-ipv6] network 50:: 64 [RouterA-bgp-ipv6] quit [RouterA-bgp] quit # Configure Router B. [RouterB-bgp-ipv6] network 10:: 64 [RouterB-bgp-ipv6] network 9:: 64 [RouterB-bgp-ipv6] quit [RouterB-bgp] quit # Configure Router C.
  • Page 319 Path/Ogn: 65009i * > Network : 10:: PrefixLen : 64 NextHop : :: LocPrf PrefVal : 32768 OutLabel : NULL Path/Ogn: i e Network : 10:: PrefixLen : 64 NextHop : 10::1 LocPrf PrefVal : 0 OutLabel : NULL Path/Ogn: 65009i * >...

  • Page 320: Ipv6 Bgp Route Reflector Configuration Example

    * >i Network : 50:: PrefixLen : 64 NextHop : 10::2 LocPrf : 100 PrefVal : 0 OutLabel : NULL Path/Ogn: 65008i The output shows that Router C has learned the route 50::/64. # Ping hosts on network 50::/64 on Router C. The ping operations succeed. IPv6 BGP route reflector configuration example Network requirements As shown in...
  • Page 321 [RouterB-bgp] peer 101::1 as-number 200 [RouterB-bgp] address-family ipv6 [RouterB-bgp-ipv6] peer 100::1 enable [RouterB-bgp-ipv6] peer 101::1 enable [RouterB-bgp-ipv6] peer 101::1 next-hop-local [RouterB-bgp-ipv6] network 100:: 96 [RouterB-bgp-ipv6] network 101:: 96 [RouterB-bgp-ipv6] quit [RouterB-bgp] quit # Configure Router C. <RouterC> system-view [RouterC] bgp 200 [RouterC-bgp] router-id 3.3.3.3 [RouterC-bgp] peer 101::2 as-number 200 [RouterC-bgp] peer 102::2 as-number 200...

  • Page 322: 6Pe Configuration Example

    Path/Ogn: 100i * >i Network : 100:: PrefixLen : 96 NextHop : 101::2 LocPrf : 100 PrefVal : 0 OutLabel : NULL Path/Ogn: i * >i Network : 101:: PrefixLen : 96 NextHop : 102::1 LocPrf : 100 PrefVal : 0 OutLabel : NULL Path/Ogn: i...
  • Page 323 Figure 74 Network diagram Configuration procedure Configure IPv6 addresses and IPv4 addresses for interfaces. (Details not shown.) Configure PE 1: # Enable LDP globally, and configure the LSP generation policy. <PE1> system-view [PE1] mpls lsr-id 2.2.2.2 [PE1] mpls ldp [PE1-ldp] lsp-trigger all [PE1-ldp] quit # Enable MPLS and LDP on GigabitEthernet 2/0.
  • Page 324 [PE1-ospf-1-area-0.0.0.0] network 1.1.0.0 0.0.255.255 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit Configure PE 2: # Enable LDP globally, and configure the LSP generation policy. <PE2> system-view [PE2] mpls lsr-id 3.3.3.3 [PE2] mpls ldp [PE2-mpls-ldp] lsp-trigger all [PE2-mpls-ldp] quit # Enable MPLS and LDP on GigabitEthernet 2/0. [PE2] interface gigabitethernet 2/0 [PE2-GigabitEthernet2/0] mpls enable [PE2-GigabitEthernet2/0] mpls ldp enable...

  • Page 325: Bfd For Ipv6 Bgp Configuration Example

    [PE1] display bgp routing-table ipv6 Total number of routes: 5 BGP local router ID is 2.2.2.2 Status codes: * - valid, > - best, d - dampened, h - history, s - suppressed, S - stale, i - internal, e - external Origin: i - IGP, e - EGP, ? - incomplete * >...
  • Page 326 Configure BFD over the path. Then if the path fails, BFD can quickly detect the failure and notify it to IPv6 BGP. Then the path Router A<—>Router D<—>Router C takes effect immediately. Figure 75 Network diagram Router B GE2/0 GE1/0 3001::2/64 3002::1/64 GE2/0...
  • Page 327 # Apply routing policy apply_med_50 to routes outgoing to peer 3002::2, and apply routing policy apply_med_100 to routes outgoing to peer 2002::2. [RouterA] bgp 200 [RouterA-bgp] address-family ipv6 unicast [RouterA-bgp-ipv6] peer 3002::2 route-policy apply_med_50 export [RouterA-bgp-ipv6] peer 2002::2 route-policy apply_med_100 export [RouterA-bgp-ipv6] quit # Enable BFD for peer 3002::2.
  • Page 328 <RouterC> display bgp peer ipv6 BGP local router ID: 3.3.3.3 Local AS number: 200 Total number of peers: 2 Peers in established state: 2 Peer MsgRcvd MsgSent OutQ PrefRcv Up/Down State 2001::1 0 00:04:45 Established 3001::1 0 00:01:53 Established The output shows that Router C has established two BGP connections with Router A, and both connections are in Established state.

  • Page 329: Ipv6 Bgp Frr Configuration Example

    AttrID: 0x0 Neighbor: 2001::1 Flags: 0x10060 OrigNextHop: 2001::1 Label: NULL RealNextHop: FE80::20C:29FF:FE40:715 BkLabel: NULL BkNextHop: N/A Tunnel ID: Invalid Interface: GigabitEthernet2/0 BkTunnel ID: Invalid BkInterface: N/A The output shows that Router C communicates with network 1200::0/64 through the path Router C<—>Router D<—>Router A.
  • Page 330 [RouterA-bgp-ipv6] quit [RouterA-bgp] quit # Configure Router B to establish an EBGP session with Router A, and an IBGP session with Router <RouterB> system-view [RouterB] bgp 200 [RouterB] router-id 2.2.2.2 [RouterB-bgp] peer 3001::1 as-number 100 [RouterB-bgp] peer 3002::2 as-number 200 [RouterB-bgp] address-family ipv6 unicast [RouterB-bgp-ipv6] peer 3001::1 enable [RouterB-bgp-ipv6] peer 3002::2 enable...
  • Page 331 [RouterD-bgp-ipv6] quit [RouterD-bgp] quit Configure BGP FRR: # On Router A, create routing policy frr to set a backup next hop 2001::2 (Router C) for the route destined for 4::/64. <RouterA> system-view [RouterA] ipv6 prefix-list abc index 10 permit 4:: 64 [RouterA] route-policy frr permit node 10 [RouterA-route-policy] if-match ipv6 address prefix-list abc [RouterA-route-policy] apply ipv6 fast-reroute backup-nexthop 2001::2...

  • Page 332: Ipsec For Ipv6 Bgp Packets Configuration Example

    AttrID: 0x3 Neighbor: 3001::2 Flags: 0x10060 OrigNextHop: 3001::2 Label: NULL RealNextHop: 3001::2 BkLabel: NULL BkNextHop: 2001::2 Tunnel ID: Invalid Interface: GE1/0 BkTunnel ID: Invalid BkInterface: GE2/0 FtnIndex: 0x0 # Display detailed information about the route to 1::/64 on Router D. The output shows the backup next hop for the route.
  • Page 333 # Configure Router A. <RouterA> system-view [RouterA] bgp 65008 [RouterA-bgp] router-id 1.1.1.1 [RouterA-bgp] group ibgp internal [RouterA-bgp] peer 1::2 group ibgp [RouterA-bgp] address-family ipv6 unicast [RouterA-bgp-ipv6] peer ibgp enable [RouterA-bgp-ipv6] quit [RouterA-bgp] quit # Configure Router B. <RouterB> system-view [RouterB] bgp 65008 [RouterB-bgp] router-id 2.2.2.2 [RouterB-bgp] group ibgp internal [RouterB-bgp] peer 1::1 group ibgp...
  • Page 334 [RouterA-ipsec-transform-set-tran1] esp encryption-algorithm des [RouterA-ipsec-transform-set-tran1] esp authentication-algorithm sha1 [RouterA-ipsec-transform-set-tran1] quit [RouterA] ipsec profile policy001 manual [RouterA-ipsec-profile-policy001-manual] transform-set tran1 [RouterA-ipsec-profile-policy001-manual] sa spi outbound esp 12345 [RouterA-ipsec-profile-policy001-manual] sa spi inbound esp 12345 [RouterA-ipsec-profile-policy001-manual] sa string-key outbound esp simple abcdefg [RouterA-ipsec-profile-policy001-manual] sa string-key inbound esp simple abcdefg [RouterA-ipsec-profile-policy001-manual] quit # On Router B, create an IPsec transform set named tran1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to DES, and authentication...
  • Page 335 [RouterC] ipsec transform-set tran2 [RouterC-ipsec-transform-set-tran2] encapsulation-mode transport [RouterC-ipsec-transform-set-tran2] esp encryption-algorithm des [RouterC-ipsec-transform-set-tran2] esp authentication-algorithm sha1 [RouterC-ipsec-transform-set-tran2] quit [RouterC] ipsec profile policy002 manual [RouterC-ipsec-profile-policy002-manual] transform-set tran2 [RouterC-ipsec-profile-policy002-manual] sa spi outbound esp 54321 [RouterC-ipsec-profile-policy002-manual] sa spi inbound esp 54321 [RouterC-ipsec-profile-policy002-manual] sa string-key outbound esp simple gfedcba [RouterC-ipsec-profile-policy002-manual] sa string-key inbound esp simple gfedcba [RouterC-ipsec-profile-policy002-manual] quit Configure IPsec to protect IPv6 BGP packets between Router A and Router B:...
  • Page 336 Peer support BGP route refresh capability Peer support BGP route AS4 capability Address family IPv6 Unicast: advertised and received InQ updates: 0, OutQ updates: 0 NLRI statistics: Rcvd: UnReach NLRI Reach NLRI Sent: UnReach NLRI Reach NLRI Message statistics: Msg type Last rcvd time/ Current rcvd count/ History rcvd count/...

  • Page 337: Troubleshooting Bgp

    Peer support BGP multi-protocol extended Peer support BGP route refresh capability Peer support BGP route AS4 capability Address family IPv6 Unicast: advertised and received Received: Total 8 messages, Update messages 1 Sent: Total 8 messages, Update messages 1 Maximum allowed prefix number: 4294967295 Threshold: 75% Minimum time between advertisements is 30 seconds Optional capabilities:...

  • Page 338: Configuring Pbr

    Configuring PBR Introduction to PBR Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify the next hop, output interface, default next hop, default output interface, and other parameters for packets that match specific criteria such as ACLs or that have specific lengths. A device forwards received packets using the following process: The device uses PBR to forward matching packets.
  • Page 339 apply clause PBR supports the following types of apply clauses, as shown in Table 14. You can specify multiple apply clauses for a node, but some of them might not be executed. The apply clauses that determine the packet forwarding paths are apply access-vpn vpn-instance, apply next-hop, apply output-interface, apply default-next-hop, and apply default-output-interface in a descending priority order.

  • Page 340: Pbr And Track

    Relationship between the match mode and clauses on the node Does a packet match all Match mode the if-match clauses on Permit Deny the node? • If the node is configured with apply clauses, PBR executes the apply clauses on the node. If the PBR-based forwarding succeeds, PBR does not match the packet against the next node.

  • Page 341: Configuring A Policy

    Tasks at a glance (Required.) Configuring PBR: • Configuring local PBR • Configuring interface PBR (Optional.) Enabling PBR notification sending Configuring a policy Creating a node Step Command Remarks Enter system view. system-view Create a node for a policy, and policy-based-route policy-name By default, no policy node is enter policy node view.
  • Page 342 Step Command Remarks Set the DF bit in the apply ip-df df-value By default, the DF bit in the IP header is not set. IP header. By default, no VPN instance is specified. You can specify up to six VPN instances for a apply access-vpn vpn-instance Set VPN instances.

  • Page 343: Configuring Pbr

    Step Command Remarks By default, PBR does not match packets Match packets against the next node upon match failure on against the next the current node. node upon match apply continue failure on the This command takes effect only when the current node.

  • Page 344: Enabling Pbr Notification Sending

    Enabling PBR notification sending Perform this task to enable PBR notification sending so that PBR can generate notifications when the next hop becomes invalid. The generated notifications are sent to the SNMP module. The output rules for PBR notifications depend on the SNMP notification configuration. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

  • Page 345: Packet Type-Based Interface Pbr Configuration Example

    Configuration procedure Configure Router A: # Configure IP addresses for the interfaces. <RouterA> system-view [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ip address 1.1.2.1 24 [RouterA-GigabitEthernet1/0] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ip address 1.1.3.1 24 [RouterA-GigabitEthernet2/0] quit # Configure ACL 3101 to match TCP packets. [RouterA] acl number 3101 [RouterA-acl-adv-3101] rule permit tcp [RouterA-acl-adv-3101] quit...
  • Page 346 Figure 79 Network diagram Router B Router C GE1/0 GE2/0 1.1.2.2/24 1.1.3.2/24 GE1/0 GE2/0 1.1.2.1/24 1.1.3.1/24 Router A GE3/0 10.110.0.10/24 Subnet 10.110.0.0/24 Host A Host B 10.110.0.20/24 Gateway: 10.110.0.10 Configuration procedure Configure Router A: # Configure IP addresses for the interfaces. <RouterA>...

  • Page 347: Packet Length-Based Interface Pbr Configuration Example

    <RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ip address 1.1.2.2 24 [RouterB-GigabitEthernet1/0] quit # Configure a static route to subnet 10.110.0.0/24. [RouterB] ip route-static 10.110.0.0 24 1.1.2.1 Configure Router C: # Configure an IP address for the interface. <RouterC> system-view [RouterC] interface gigabitethernet 2/0 [RouterC-GigabitEthernet2/0] ip address 1.1.3.2 24 [RouterC-GigabitEthernet2/0] quit...
  • Page 348 Configuration procedure Configure Router A: # Configure IP addresses for the interfaces. <RouterA> system-view [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ip address 150.1.1.1 24 [RouterA-GigabitEthernet1/0] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ip address 151.1.1.1 24 [RouterA-GigabitEthernet2/0] quit # Configure RIP. [RouterA] rip [RouterA-rip-1] network 192.1.1.0 [RouterA-rip-1] network 150.1.0.0 [RouterA-rip-1] network 151.1.0.0...
  • Page 349 [RouterB-rip-1] network 10.0.0.0 [RouterB-rip-1] network 150.1.0.0 [RouterB-rip-1] network 151.1.0.0 [RouterB-rip-1] quit Verifying the configuration # Execute the debugging ip policy-based-route command on Router A. <RouterA> debugging ip policy-based-route <RouterA> terminal logging level 7 <RouterA> terminal monitor # Ping Loopback 0 of Router B from Host A, and set the data length to 64 bytes. C:\>ping –n 1 -l 64 10.1.1.1 Pinging 10.1.1.1 with 64 bytes of data: Reply from 10.1.1.1: bytes=64 time=1ms TTL=64...

  • Page 350: Packet Source-Ip-Based Interface Pbr Configuration Example

    The output shows that Router A sets the next hop for the received packets to 151.1.1.2 according to PBR. The packets are forwarded through GigabitEthernet 2/0. Packet source-IP-based interface PBR configuration example Network requirements As shown in Figure 81, configure interface PBR to guide the forwarding of packets received on GigabitEthernet 3/0 of Router A as follows: Set the next hop of packets sourced from 192.168.10.2 to 4.1.1.2/24.
  • Page 351 # Configure Node 0 for policy aaa to forward packets sourced from 192.168.10.2 to next hop 4.1.1.2, and configure Node 1 for policy aaa to forward other packets to next hop 5.1.1.2. [RouterA] policy-based-route aaa permit node 0 [RouterA-pbr-aaa-0] if-match acl 2000 [RouterA-pbr-aaa-0] apply next-hop 4.1.1.2 [RouterA-pbr-aaa-0] quit [RouterA] policy-based-route aaa permit node 1...

  • Page 352: Configuring Ipv6 Static Routing

    Configuring IPv6 static routing Static routes are manually configured and cannot adapt to network topology changes. If a fault or a topological change occurs in the network, the network administrator must modify the static routes manually. IPv6 static routing works well in a simple IPv6 network. Configuring an IPv6 static route Before you configure an IPv6 static route, complete the following tasks: Configure parameters for the related interfaces.

  • Page 353: Configuring Bfd For Ipv6 Static Routes

    Configuring BFD for IPv6 static routes BFD provides a general purpose, standard, and medium- and protocol-independent fast failure detection mechanism. It can uniformly and quickly detect the failures of the bidirectional forwarding paths between two routers for protocols, such as routing protocols and MPLS. For more information about BFD, see High Availability Configuration Guide.

  • Page 354: Single-Hop Echo Mode

    Step Command Remarks • Method 1: ipv6 route-static ipv6-address prefix-length { next-hop-address bfd control-packet bfd-source ipv6-address | vpn-instance d-vpn-instance-name Use either next-hop-address bfd control-packet bfd-source method. ipv6-address } [ preference preference-value ] [ tag Configure BFD By default, BFD tag-value ] [ description description-text ] control mode for an control mode •...

  • Page 355: Displaying And Maintaining Ipv6 Static Routes

    Step Command Remarks • Method 1: ipv6 route-static ipv6-address prefix-length interface-type interface-number next-hop-address bfd echo-packet Use either method. [ preference preference-value ] [ tag tag-value ] [ description description-text ] By default, BFD echo mode for Configure BFD echo • an IPv6 static route is not Method 2: mode for an IPv6...
  • Page 356 Figure 82 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure IPv6 static routes: # Configure the default IPv6 route on Router A. <RouterA> system-view [RouterA] ipv6 route-static :: 0 4::2 # Configure two IPv6 static routes on Router B. <RouterB>...
  • Page 357 [RouterB] display ipv6 routing-table protocol static Summary Count : 2 Static Routing table Status : <Active> Summary Count : 2 Destination: 1::/64 Protocol : Static NextHop : 4::1 Preference: 60 Interface : GE1/0 Cost Destination: 3::/64 Protocol : Static NextHop : 5::1 Preference: 60 Interface...

  • Page 358: Bfd For Ipv6 Static Routes Configuration Example (Direct Next Hop)

    BFD for IPv6 static routes configuration example (direct next hop) Network requirements Figure 83, configure an IPv6 static route to subnet 120::/64 on Router A, and configure an IPv6 static route to subnet 121::/64 on Router B. Enable BFD for both routes. Configure an IPv6 static route to subnet 120::/64 and an IPv6 static route to subnet 121::/64 on Router C.
  • Page 359 [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] bfd min-transmit-interval 500 [RouterB-GigabitEthernet1/0] bfd min-receive-interval 500 [RouterB-GigabitEthernet1/0] bfd detect-multiplier 9 [RouterB-GigabitEthernet1/0] quit [RouterB] ipv6 route-static 121:: 64 gigabitethernet 1/0 FE80::2A0:FCFF:FE00:580A bfd control-packet [RouterB] ipv6 route-static 121:: 64 13::2 preference 65 [RouterB] quit # Configure IPv6 static routes on Router C. <RouterC>...

  • Page 360: Bfd For Ipv6 Static Routes Configuration Example (Indirect Next Hop)

    <RouterA> display ipv6 routing-table protocol static Summary Count : 1 Static Routing table Status : <Active> Summary Count : 1 Destination: 120::/64 Protocol : Static NextHop : 10::100 Preference: 65 Interface : GE2/0 Cost Static Routing table Status : <Inactive> Summary Count : 0 The output shows that Router A communicates with Router B through GigabitEthernet 2/0.
  • Page 361 Device Interface IPv6 address Device Interface IPv6 address Router A GE2/0 10::102/64 Router B GE2/0 13::1/64 Router A Loop1 1::9/128 Router B Loop1 2::9/128 Router C GE1/0 10::100/64 Router D GE1/0 12::2/64 Router C GE2/0 13::2/64 Router D GE2/0 11::1/64 Configuration procedure Configure IPv6 addresses for interfaces.
  • Page 362 Source IP: FE80::1:1B49 (link-local address of Loopback1 on Router A) Destination IP: FE80::1:1B49 (link-local address of Loopback1 on Router B) Session State: Up Interface: N/A Hold Time: 2012ms The output shows that the BFD session has been created. # Display IPv6 static routes on Router A. <RouterA>...

  • Page 363: Configuring An Ipv6 Default Route

    Configuring an IPv6 default route A default IPv6 route is used to forward packets that match no entry in the routing table. A default IPv6 route can be configured in either of the following ways: The network administrator can configure a default route with a destination prefix of ::/0. For more •...

  • Page 364: Configuring Ripng

    Configuring RIPng RIP next generation (RIPng) is an extension of RIP-2 for support of IPv6. Most RIP concepts are applicable to RIPng. Overview RIPng is a distance vector routing protocol. It employs UDP to exchange route information through port 521. RIPng uses a hop count to measure the distance to a destination. The hop count is the metric or cost. The hop count from a router to a directly connected network is 0.

  • Page 365: Protocols And Standards

    When a RIPng neighbor receives the request packet, it sends back a response packet that contains the local routing table. RIPng can also advertise route updates in response packets periodically or advertise a triggered update caused by a route change. After RIPng receives the response, it checks the validity of the response before adding routes to its routing table, such as whether the source IPv6 address is the link-local address and whether the port number is correct.

  • Page 366: Configuring Ripng Route Control

    Step Command Remarks interface interface-type Enter interface view. interface-number By default, RIPng is disabled. If RIPng is not enabled on an Enable RIPng on the interface. ripng process-id enable interface, the interface does not send or receive any RIPng route. Configuring RIPng route control Before you configure RIPng, complete the following tasks: Configure IPv6 addresses for interfaces to ensure IPv6 connectivity between neighboring nodes.

  • Page 367: Advertising A Default Route

    To configure RIPng route summarization: Step Command Remarks Enter system view. system-view Enter interface view. interface interface-type interface-number Advertise a summary IPv6 ripng summary-address ipv6-address By default, the summary IPv6 prefix. prefix-length prefix is not configured. Advertising a default route Step Command Remarks...

  • Page 368: Configuring Ripng Route Redistribution

    Step Command Remarks Enter system view. system-view ripng [ process-id ] [ vpn-instance Enter RIPng view. vpn-instance-name ] Configure a preference for preference [ route-policy The default setting is 100. RIPng. route-policy-name ] value Configuring RIPng route redistribution Step Command Remarks Enter system view.

  • Page 369: Configuring Split Horizon And Poison Reverse

    Configuring split horizon Split horizon disables RIPng from sending routes through the interface where the routes were learned to prevent routing loops between neighbors. HP recommends enabling split horizon to prevent routing loops in normal cases. To configure split horizon: Step...

  • Page 370: Configuring The Maximum Number Of Ecmp Routes

    Step Command Remarks Enter system view. system-view ripng [ process-id ] [ vpn-instance Enter RIPng view. vpn-instance-name ] Enable the zero field check on checkzero By default, this feature is enabled. incoming RIPng packets. Configuring the maximum number of ECMP routes Step Command Remarks...

  • Page 371: Displaying And Maintaining Ripng

    Step Command Remarks interface interface-type Enter interface view. interface-number Apply an IPsec profile to the By default, no IPsec profile is ripng ipsec-profile profile-name interface. applied. Displaying and maintaining RIPng Execute display commands in any view and reset commands in user view. Task Command Display configuration information of a RIPng...
  • Page 372 <RouterA> system-view [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ripng 1 enable [RouterA-GigabitEthernet1/0] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ripng 1 enable [RouterA-GigabitEthernet2/0] quit # Configure Router B. <RouterB> system-view [RouterB] ripng 1 [RouterB-ripng-1] quit [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ripng 1 enable [RouterB-GigabitEthernet1/0] quit [RouterB] interface gigabitethernet 2/0...
  • Page 373 via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs Destination 5::/64, via FE80::20F:E2FF:FE00:100, cost 1, tag 0, AOF, 11 secs # Display the RIPng routing table on Router A. [RouterA] display ripng 1 route Route Flags: A - Aging, S - Suppressed, G - Garbage-collect, D – Direct O - Optimal, F - Flush to RIB ---------------------------------------------------------------- Peer FE80::200:2FF:FE64:8904 on GigabitEthernet1/0...

  • Page 374: Configuring Ripng Route Redistribution

    ---------------------------------------------------------------- Peer FE80::2:1 on GigabitEthernet1/0 Destination 4::/64, via FE80::1:1, cost 2, tag 0, AOF, 2 secs Configuring RIPng route redistribution Network requirements As shown in Figure 86, Router B communicates with Router A through RIPng 100 and with Router C through RIPng 200.
  • Page 375 <RouterC> system-view [RouterC] ripng 200 [RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] ripng 200 enable [RouterC-GigabitEthernet1/0] quit [RouterC] interface gigabitethernet 2/0 [RouterC-GigabitEthernet2/0] ripng 200 enable [RouterC-GigabitEthernet2/0] quit # Display the routing table on Router A. [RouterA] display ipv6 routing-table Destinations : 7 Routes : 7 Destination: ::1/128 Protocol : Direct...

  • Page 376: Configuring Ripng Ipsec Profiles

    # Display the routing table on Router A. [RouterA] display ipv6 routing-table Destinations : 8 Routes : 8 Destination: ::1/128 Protocol : Direct NextHop : ::1 Preference: 0 Interface : InLoop0 Cost Destination: 1::/64 Protocol : Direct NextHop : 1::1 Preference: 0 Interface : GE2/0...
  • Page 377 Figure 87 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure RIPng basic functions: # Configure Router A. <RouterA> system-view [RouterA] ripng 1 [RouterA-ripng-1] quit [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ripng 1 enable [RouterA-GigabitEthernet1/0] quit # Configure Router B. <RouterB>...
  • Page 378 [RouterA-ipsec-profile-profile001-manual] sa spi inbound esp 256 [RouterA-ipsec-profile-profile001-manual] sa spi outbound esp 256 [RouterA-ipsec-profile-profile001-manual] sa string-key inbound esp simple abc [RouterA-ipsec-profile-profile001-manual] sa string-key outbound esp simple abc [RouterA-ipsec-profile-profile001-manual] quit # On Router B, create an IPsec transform set named protrf1, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to 3DES, and authentication algorithm to MD5.
  • Page 379 # Configure Router C. [RouterC] ripng 1 [RouterC-ripng-1] enable ipsec-profile profile001 [RouterC-ripng-1] quit Verifying the configuration RIPng packets between Routers A, B, and C are protected by IPsec.

  • Page 380: Configuring Ospfv3

    Configuring OSPFv3 This chapter describes how to configure RFC 2740-compliant Open Shortest Path First version 3 (OSPFv3) for an IPv6 network. For more information about OSPFv2, see "Configuring OSPF." OSPFv3 overview OSPFv3 and OSPFv2 have the following in common: 32-bit router ID and area ID •...

  • Page 381: Protocols And Standards

    Inter-Area-Router LSA—Type-4 LSA, originated by ABRs and flooded throughout the LSA's • associated area. Each Inter-Area-Router LSA describes a route to ASBR. AS External LSA—Type-5 LSA, originated by ASBRs, and flooded throughout the AS, except stub • and NSSA areas. Each AS External LSA describes a route to another AS. A default route can be described by an AS External LSA.

  • Page 382: Enabling Ospfv3

    Tasks at a glance (Optional.) Tuning and optimizing OSPFv3 networks: • Configuring OSPFv3 timers • Specifying LSA transmission delay • Configuring a DR priority for an interface • Specifying SPF calculation interval • Specifying the LSA generation interval • Ignoring MTU check for DD packets •...

  • Page 383: Configuring Ospfv3 Area Parameters

    Configuring OSPFv3 area parameters OSPFv3 has the same stub area, NSSA area, and virtual link features as OSPFv2. After you split an OSPFv3 AS into multiple areas, the LSA number is reduced and OSPFv3 applications are extended. To further reduce the size of routing tables and the number of LSAs, configure the non-backbone areas at an AS edge as stub areas.

  • Page 384: Configuring An Ospfv3 Virtual Link

    To configure a totally NSSA area, configure the nssa no-summary command on the ABR. The ABR of a totally NSSA area does not advertise inter-area routes into the area. To configure an NSSA area: Step Command Remarks Enter system view. system-view ospfv3 [ process-id | vpn-instance Enter OSPFv3 view.

  • Page 385: Configuring Ospfv3 Network Types

    Configuring OSPFv3 network types OSPFv3 classifies networks into the following types by the link layer protocol: • Broadcast—When the link layer protocol is Ethernet or FDDI, OSPFv3 considers the network type as broadcast by default. • NBMA—When the link layer protocol is ATM, Frame Relay, or X.25, OSPFv3 considers the network type as NBMA by default.

  • Page 386: Configuring Ospfv3 Route Control

    Step Command Remarks Specify an NBMA or P2MP ospfv3 peer ipv6-address [ cost By default, no link-local (unicast) neighbor and its DR value | dr-priority dr-priority ] address is specified for the priority. [ instance instance-id ] neighbor interface. Configuring OSPFv3 route control Configuration prerequisites Before you configure OSPFv3 route control, complete the following tasks: Configure IPv6 addresses for interfaces to ensure IPv6 connectivity between neighboring nodes.

  • Page 387: Configuring Inter-Area-Prefix Lsa Filtering

    Step Command Remarks By default, OSPFv3 accepts all filter-policy { acl6-number [ gateway routes calculated using received prefix-list-name ] | prefix-list LSAs. Configure OSPFv3 to prefix-list-name [ gateway filter routes calculated This command can only filter routes prefix-list-name ] | gateway using received LSAs.

  • Page 388: Configuring The Maximum Number Of Ospfv3 Ecmp Routes

    Step Command Remarks Enter system view. system-view ospfv3 [ process-id | vpn-instance Enter OSPFv3 view. vpn-instance-name ] * Configure a bandwidth bandwidth-reference value The default setting is 100 Mbps. reference value. Configuring the maximum number of OSPFv3 ECMP routes Perform this task to implement load sharing over ECMP routes. To configure the maximum number of ECMP routes: Step Command...

  • Page 389: Tuning And Optimizing Ospfv3 Networks

    Step Command Remarks Enter system view. system-view ospfv3 [ process-id | vpn-instance Enter OSPFv3 view. vpn-instance-name ] * (Optional.) Specify a default default cost value The default setting is 1. cost for redistributed routes. import-route protocol [ process-id | Configure OSPFv3 to all-processes | allow-ibgp ] By default, route redistribution redistribute routes from other...

  • Page 390: Specifying Lsa Transmission Delay

    Step Command Remarks By default, the dead interval on P2P and broadcast interfaces is 40 seconds. ospfv3 timer dead seconds The dead interval set on neighboring Configure the dead interval. [ instance instance-id ] interfaces cannot be too short. Otherwise, a neighbor is easily considered down.

  • Page 391: Specifying The Lsa Generation Interval

    Step Command Remarks By default: • The maximum interval is 5 seconds. spf-schedule-interval maximum-interval Specify the SPF [ minimum-interval • The minimum interval is 50 calculation interval. [ incremental-interval ] ] milliseconds. • The incremental interval is 200 milliseconds. Specifying the LSA generation interval You can adjust the LSA generation interval to protect network resources and routers from being over consumed by frequent network changes.

  • Page 392: Disabling Interfaces From Receiving And Sending Ospfv3 Packets

    Step Command Remarks Enter system view. system-view interface interface-type Enter interface view. interface-number Ignore MTU check for DD ospfv3 mtu-ignore [ instance By default, OSPFv3 does not packets. instance-id ] ignore MTU check for DD packets. Disabling interfaces from receiving and sending OSPFv3 packets After an OSPFv3 interface is set to silent, direct routes of the interface can still be advertised in Intra-Area-Prefix LSAs through other interfaces, but other OSPFv3 packets cannot be advertised.

  • Page 393: Configuring The Lsu Transmit Rate

    LSA, the neighbors with the GR helper capability enter the helper mode (and are called "GR helpers"). Then, the GR restarter retrieves its adjacencies and LSDB with the help of the GR helpers. The VSR1000 routers can act as GR helpers only. Configuring GR restarter You can configure the GR restarter capability on a GR restarter.

  • Page 394: Configuring Gr Helper

    Step Command Remarks (Optional.) Configure graceful-restart interval By default, the GR interval is 120 the GR interval. interval-value seconds. Configuring GR helper You can configure the GR helper capability on a GR helper. To configure GR helper: Step Command Remarks Enter system view.

  • Page 395: Applying An Ipsec Profile

    Applying an IPsec profile To protect routing information and prevent attacks, OSPFv3 can authenticate protocol packets by using an IPsec profile. For more information about IPsec profiles, see Security Configuration Guide. Outbound OSPFv3 packets carry the Security Parameter Index (SPI) defined in the relevant IPsec profile. A device uses the SPI carried in a received packet to match against the configured IPsec profile.

  • Page 396: Displaying And Maintaining Ospfv3

    Step Command Remarks Enter OSPFv3 area view. area area-id vlink-peer router-id [ dead seconds | hello Apply an IPsec profile to a seconds | instance instance-id | retransmit By default, no IPsec profile is virtual link. seconds | trans-delay seconds | applied.

  • Page 397: Ospfv3 Configuration Examples

    OSPFv3 configuration examples OSPFv3 stub area configuration example Network requirements As shown in Figure Enable OSPFv3 on all routers. • Split the AS into three areas. • Configure Router B and Router C as ABRs to forward routing information between areas. •...
  • Page 398 [RouterB-GigabitEthernet1/0] quit [RouterB] interface gigabitethernet 2/0 [RouterB-GigabitEthernet2/0] ospfv3 1 area 1 [RouterB-GigabitEthernet2/0] quit # Configure Router C: enable OSPFv3 and specify the router ID as 3.3.3.3. <RouterC> system-view [RouterC] ospfv3 1 [RouterC-ospfv3-1] router-id 3.3.3.3 [RouterC-ospfv3-1] quit [RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] ospfv3 1 area 0 [RouterC-GigabitEthernet1/0] quit [RouterC] interface gigabitethernet 2/0...
  • Page 399 ------------------------------------------------------------------------- Router ID Pri State Dead-Time InstID Interface 4.4.4.4 Full/BDR 00:00:40 GE2/0 # Display OSPFv3 neighbors on Router D. [RouterD] display ospfv3 routing OSPFv3 Process 1 with Router ID 4.4.4.4 ------------------------------------------------------------------------- - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route IA - Inter area route, E2 - Type 2 external route,...
  • Page 400 [RouterC-ospfv3-1-area-0.0.0.2] stub [RouterC-ospfv3-1-area-0.0.0.2] default-cost 10 # Display OSPFv3 routing table on Router D. [RouterD] display ospfv3 routing OSPFv3 Process 1 with Router ID 4.4.4.4 ------------------------------------------------------------------------- - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route...

  • Page 401: Ospfv3 Nssa Area Configuration Example

    # Display OSPFv3 routing table on Router D. [RouterD] display ospfv3 routing OSPFv3 Process 1 with Router ID 4.4.4.4 ------------------------------------------------------------------------- - Intra area route, E1 - Type 1 external route, N1 - Type 1 NSSA route IA - Inter area route, E2 - Type 2 external route, N2 - Type 2 NSSA route - Selected route...
  • Page 402 Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure basic OSPFv3 (see "OSPFv3 stub area configuration example"). Configure Area 1 as an NSSA area: # Configure Router A. <RouterA> system-view [RouterA] ospfv3 [RouterA-ospfv3-1] area 1 [RouterA-ospfv3-1-area-0.0.0.2] nssa [RouterA-ospfv3-1-area-0.0.0.2] quit [RouterA-ospfv3-1] quit # Configure Router B.
  • Page 403 *Destination: 2001:2::/64 Type : IA Cost NextHop : FE80::20C:29FF:FE74:59C6 Interface: GE1/0 AdvRouter : 2.2.2.2 Area : 0.0.0.1 Preference : 10 Total: 3 Intra area: 1 Inter area: 2 ASE: 0 NSSA: 0 Configure route redistribution: # Configure an IPv6 static route, and configure OSPFv3 to redistribute the static route on Router A. [RouterA] ipv6 route-static 1234:: 64 null 0 [RouterA] ospfv3 1 [RouterA-ospfv3-1] import-route static...

  • Page 404: Ospfv3 Dr Election Configuration Example

    Intra area: 1 Inter area: 2 ASE: 1 NSSA: 0 The output shows an AS external route imported from the NSSA area exists on Router D. OSPFv3 DR election configuration example Network requirements Configure router priority 100 for Router A, the highest priority on the network, so it will become the •...
  • Page 405 # Configure Router C: enable OSPFv3, and specify the router ID as 3.3.3.3. <RouterC> system-view [RouterC] ospfv3 [RouterC-ospfv3-1] router-id 3.3.3.3 [RouterC-ospfv3-1] quit [RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] ospfv3 1 area 0 [RouterC-GigabitEthernet1/0] quit # Configure Router D: enable OSPFv3, and specify the router ID as 4.4.4.4. <RouterD>...
  • Page 406 [RouterB-GigabitEthernet1/0] quit # Specify the router priority for the interface GigabitEthernet 1/0 of Router c as 2. [RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] ospfv3 dr-priority 2 [RouterC-GigabitEthernet1/0] quit # Display neighbors on Router A. The output shows that the router priorities have been changed, but the DR and BDR are not changed.

  • Page 407: Ospfv3 Route Redistribution Configuration Example

    OSPFv3 Process 1 with Router ID 4.4.4.4 Area: 0.0.0.0 ------------------------------------------------------------------------- Router ID Pri State Dead-Time InstID Interface 1.1.1.1 100 Full/DR 00:00:30 GE1/0 2.2.2.2 2-Way/DROther 00:00:37 GE1/0 3.3.3.3 Full/BDR 00:00:31 GE1/0 The output shows that Router A becomes the DR. OSPFv3 route redistribution configuration example Network requirements As shown in Figure...
  • Page 408 # Enable OSPFv3 process 1 and OSPFv3 process 2 on Router B. <RouterB> system-view [RouterB] ospfv3 1 [RouterB-ospfv3-1] router-id 2.2.2.2 [RouterB-ospfv3-1] quit [RouterB] interface gigabitethernet 2/0 [RouterB-GigabitEthernet2/0] ospfv3 1 area 2 [RouterB-GigabitEthernet2/0] quit [RouterB] ospfv3 2 [RouterB-ospfv3-2] router-id 3.3.3.3 [RouterB-ospfv3-2] quit [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ospfv3 2 area 2 [RouterB-GigabitEthernet1/0] quit...
  • Page 409 Interface : InLoop0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Configure OSPFv3 route redistribution: # Configure OSPFv3 process 2 to redistribute direct routes and the routes from OSPFv3 process 1 on Router B.

  • Page 410: Bfd For Ospfv3 Configuration Example

    Interface : InLoop0 Cost Destination: FE80::/10 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 Cost Destination: FF00::/8 Protocol : Direct NextHop : :: Preference: 0 Interface : NULL0 BFD for OSPFv3 configuration example Network requirements As shown in Figure Configure OSPFv3 on Router A, Router B and Router C and configure BFD over the link Router •...
  • Page 411 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ospfv3 1 area 0 [RouterA-GigabitEthernet1/0] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ospfv3 1 area 0 [RouterA-GigabitEthernet2/0] quit # Enable OSPFv3 and set the router ID to 2.2.2.2 on Router B. <RouterB>...

  • Page 412: Ospfv3 Ipsec Profile Configuration Example

    Verifying the configuration # Display the BFD information on Router A. <RouterA> display bfd session Total Session Num: 1 Up Session Num: 1 Init Mode: Active IPv6 Session Working Under Ctrl Mode: Local Discr: 1441 Remote Discr: 1450 Source IP: FE80::20F:FF:FE00:1202 (link-local address of GigabitEthernet1/0 on Router A) Destination IP: FE80::20F:FF:FE00:1200 (link-local address of GigabitEthernet1/0 on Router B)
  • Page 413 Figure 93 Network diagram Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure OSPFv3 basic functions: # On Router A, enable OSPFv3 and configure the router ID as 1.1.1.1. <RouterA> system-view [RouterA] ospfv3 1 [RouterA-ospfv3-1] router-id 1.1.1.1 [RouterA-ospfv3-1] quit [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ospfv3 1 area 1 [RouterA-GigabitEthernet2/0] quit...
  • Page 414 reference IPsec transform set trans, and set the SPIs of the inbound and outbound SAs to 123 and the keys for the inbound and outbound SAs to abc using ESP. [RouterA] ipsec transform-set trans [RouterA-ipsec-transform-set-trans] encapsulation-mode transport [RouterA-ipsec-transform-set-trans] esp encryption-algorithm 3des-cbc [RouterA-ipsec-transform-set-trans] esp authentication-algorithm md5 [RouterA-ipsec-transform-set-trans] ah authentication-algorithm md5 [RouterA-ipsec-transform-set-trans] quit...
  • Page 415 [RouterB-ipsec-profile-profile002-manual] sa string-key outbound ah simple hello [RouterB-ipsec-profile-profile002-manual] sa string-key inbound esp simple byebye [RouterB-ipsec-profile-profile002-manual] sa string-key outbound esp simple byebye [RouterB-ipsec-profile-profile002-manual] quit # On Router C, create an IPsec transform set named trans, and set the encapsulation mode to transport mode, the security protocol to ESP, the encryption algorithm to 3DES, and authentication algorithm to MD5.
  • Page 416 Verifying the configuration OSPFv3 packets between Routers A, B, and C are protected by IPsec.

  • Page 417: Configuring Ipv6 Is-Is

    Configuring IPv6 IS-IS IPv6 IS-IS supports all IPv4 IS-IS features except that it advertises IPv6 routing information. This chapter describes only IPv6 IS-IS specific configuration tasks. For information about IS-IS, see "Configuring IS-IS." Overview Intermediate System-to-Intermediate System (IS-IS) supports multiple network protocols, including IPv6. To support IPv6, the IETF added two type-length-values (TLVs) and a new network layer protocol identifier (NLPID).

  • Page 418: Configuring Ipv6 Is-Is Route Control

    Step Command Remarks Enable IPv6 for an IS-IS isis ipv6 enable [ process-id ] The default setting is disabled. process on the interface. Configuring IPv6 IS-IS route control Before you configure IPv6 IS-IS route control, complete basic IPv6 IS-IS configuration. To configure IPv6 IS-IS route control: Step Command...

  • Page 419: Configuring Ipv6 Is-Is Link Cost

    Step Command Remarks import-route isisv6 level-1 into level-2 Configure route By default, IPv6 IS-IS [ filter-policy { acl6-number | prefix-list advertisement from Level- 1 advertises routes from prefix-list-name | route-policy to Level-2. Level-1 to Level-2. route-policy-name } | tag tag ] * Specify the maximum By default, the maximum number of ECMP routes for...

  • Page 420: Tuning And Optimizing Ipv6 Is-Is Networks

    Enabling automatic link cost calculation Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] By default, the IS-IS cost style is Specify an IS-IS cost style. cost-style { wide | wide-compatible } narrow.

  • Page 421: Setting The Lsdb Overload Bit

    Step Command Remarks • prefix-priority { critical | high | medium } { prefix-list Use either command. prefix-list-name | tag Assign a convergence priority By default, IPv6 IS-IS routes, except tag-value } to specific IPv6 IS-IS routes. IPv6 IS-IS host routes, have the low •...

  • Page 422: Controlling Spf Calculation Interval

    Controlling SPF calculation interval Step Command Remarks Enter system view. system-view isis [ process-id ] [ vpn-instance Enter IS-IS view. vpn-instance-name ] cost-style { wide | wide-compatible | By default, the IS-IS cost style is Specify an IS-IS cost style. compatible } narrow.

  • Page 423: Configuring Bfd For Ipv6 Is-Is

    Step Command Remarks interface interface-type Enter interface view. interface-number Enable prefix suppression on By default, prefix suppression is isis ipv6 prefix-suppression the interface. disabled on an interface. Configuring BFD for IPv6 IS-IS Bidirectional forwarding detection (BFD) can quickly detect faults between IPv6 IS-IS neighbors to improve the convergence speed of IPv6 IS-IS.

  • Page 424: Displaying And Maintaining Ipv6 Is-Is

    Figure 94 Network diagram Router A Router B IPv6 IPv6 IPv6 IPv4 IPv6 IPv4 IPv4 IPv4 Router C Router D As shown in Figure 94, the numbers refer to the link costs. Router A, Router B, and Router D support both IPv4 and IPv6.

  • Page 425: Ipv6 Is-Is Configuration Examples

    Task Command display isis route ipv6 [ ipv6-address ] [ [ level-1 | level-2 ] | Display IPv6 IS-IS routing information. verbose ] * [ process-id ] display isis spf-tree ipv6 [ [ level-1 | level-2 ] | verbose ] * Display IPv6 IS-IS topology information.
  • Page 426 [RouterB] isis 1 [RouterB-isis-1] is-level level-1 [RouterB-isis-1] network-entity 10.0000.0000.0002.00 [RouterB-isis-1] address-family ipv6 [RouterB-isis-1-ipv6] quit [RouterB-isis-1] quit [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] isis ipv6 enable 1 [RouterB-GigabitEthernet1/0] quit # Configure Router C. <RouterC> system-view [RouterC] isis 1 [RouterC-isis-1] network-entity 10.0000.0000.0003.00 [RouterC-isis-1] address-family ipv6 [RouterC-isis-1-ipv6] quit [RouterC-isis-1] quit [RouterC] interface gigabitethernet 1/0...
  • Page 427 ----------------------------- Destination : :: PrefixLen: 0 Flag : R/-/- Cost : 10 Next Hop : FE80::200:FF:FE0F:4 Interface: GE1/0 Destination : 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: GE1/0 Destination : 2001:2:: PrefixLen: 64 Flag : R/-/- Cost...
  • Page 428 [RouterC] display isis route ipv6 Route information for IS-IS(1) ------------------------------ Level-1 IPv6 Forwarding Table ----------------------------- Destination : 2001:1:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop : Direct Interface: GE2/0 Destination : 2001:2:: PrefixLen: 64 Flag : D/L/- Cost : 10 Next Hop...

  • Page 429: Bfd For Ipv6 Is-Is Configuration Example

    Level-2 IPv6 Forwarding Table ----------------------------- Destination : 2001:1:: PrefixLen: 64 Flag : R/-/- Cost : 20 Next Hop : FE80::200:FF:FE0F:4 Interface: GE1/0 Destination : 2001:2:: PrefixLen: 64 Flag : R/-/- Cost : 20 Next Hop : FE80::200:FF:FE0F:4 Interface: GE1/0 Destination : 2001:3:: PrefixLen: 64 Flag : D/L/-...
  • Page 430 Device Interface IPv6 address Device Interface IPv6 address Router B GE1/0 2001::2/64 Router C GE2/0 2001:3::1/64 Configuration procedure Configure IPv6 addresses for interfaces. (Details not shown.) Configure IPv6 IS-IS: # Configure Router A. <RouterA> system-view [RouterA] isis 1 [RouterA-isis-1] is-level level-1 [RouterA-isis-1] network-entity 10.0000.0000.0001.00 [RouterA-isis-1] address-family ipv6 [RouterA-isis-1-ipv6] quit...
  • Page 431 [RouterC-GigabitEthernet2/0] quit Configure BFD functions: # Enable BFD and configure BFD parameters on Router A. [RouterA] bfd session init-mode active [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] isis ipv6 bfd enable [RouterA-GigabitEthernet1/0] bfd min-transmit-interval 500 [RouterA-GigabitEthernet1/0] bfd min-receive-interval 500 [RouterA-GigabitEthernet1/0] bfd detect-multiplier 7 [RouterA-GigabitEthernet1/0] return # Enable BFD and configure BFD parameters on Router B.
  • Page 432 Summary Count : 1 Destination: 2001:4::/64 Protocol : ISISv6 NextHop : FE80::BAAF:67FF:FE27:DCD0 Preference: 15 Interface : GE2/0 Cost : 20 The output shows that Router A and Router B communicate through GigabitEthernet 2/0.

  • Page 433: Configuring Ipv6 Pbr

    Configuring IPv6 PBR Introduction to IPv6 PBR Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify the next hop, output interface, default next hop, default output interface, and other parameters for packets that match specific criteria such as ACLs or that have specific lengths. A device forwards received packets using the following process: The device uses PBR to forward matching packets.
  • Page 434 apply clause IPv6 PBR supports the following types of apply clauses, as shown in Table 19. You can specify multiple apply clauses for a node, but some of them might not be executed. The apply clauses that determine the packet forwarding paths are apply access-vpn vpn-instance, apply next-hop, apply output-interface, apply default-next-hop, and apply default-output-interface in a descending priority order.

  • Page 435: Pbr And Track

    Relationship between the match mode and clauses on the node Does a packet match all the Match mode if-match clauses on the In permit mode In deny mode node? • If the node is configured with apply clauses, IPv6 PBR executes the apply clauses on the node.

  • Page 436: Ipv6 Pbr Configuration Task List

    IPv6 PBR configuration task list Tasks at a glance (Required.) Configuring an IPv6 policy: • Creating an IPv6 node • Configuring match criteria for an IPv6 node • Configuring actions for an IPv6 node (Required.) Configuring IPv6 PBR: • Configuring IPv6 local PBR •...

  • Page 437: Configuring Actions For An Ipv6 Node

    Configuring actions for an IPv6 node Step Command Remarks Enter system view. system-view Enter IPv6 policy ipv6 policy-based-route policy-name [ deny node view. | permit ] node node-number Set an IP By default, no IP precedence is apply precedence { type | value } precedence.

  • Page 438: Configuring Ipv6 Pbr

    Step Command Remarks Enable load sharing among By default, the default next hops apply loadshare default-next-hop multiple default operate in primary/backup mode. next hops. By default, no default output interface is specified. You can specify multiple default apply default-output-interface Set default output output interfaces for backup or load { interface-type interface-number [ track interfaces.

  • Page 439: Enabling Ipv6 Pbr Notification Sending

    You can apply only one policy to an interface. Before you apply a new policy, you must first remove the current policy from the interface. You can apply a policy to multiple interfaces. To configure IPv6 interface PBR: Step Command Remarks Enter system view.

  • Page 440: Ipv6 Pbr Configuration Examples

    IPv6 PBR configuration examples Packet type-based IPv6 local PBR configuration example Network requirements As shown in Figure 97, configure IPv6 PBR on Router A to forward all TCP packets to the next hop 1::2. Router A forwards other packets according to the routing table. Figure 97 Network diagram Configuration procedure Configure Router A:...

  • Page 441: Packet Type-Based Ipv6 Interface Pbr Configuration Example

    Verifying the configuration # Telnet to Router B on Router A. The operation succeeds. # Telnet to Router C on Router A. The operation fails. # Ping Router C from Router A. The operation succeeds. Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets sent from Router A are forwarded to the next hop 1::2, and other packets are forwarded through GigabitEthernet 2/0.
  • Page 442 [RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] ipv6 address 2::1 64 [RouterA-GigabitEthernet2/0] ripng 1 enable [RouterA-GigabitEthernet2/0] quit # Configure ACL 3001 to match TCP packets. [RouterA] acl ipv6 number 3001 [RouterA-acl6-adv-3001] rule permit tcp [RouterA-acl6-adv-3001] quit # Configure Node 5 for policy aaa to forward TCP packets to next hop 1::2. [RouterA] ipv6 policy-based-route aaa permit node 5 [RouterA-pbr6-aaa-5] if-match acl 3001 [RouterA-pbr6-aaa-5] apply next-hop 1::2...

  • Page 443: Packet Length-Based Ipv6 Interface Pbr Configuration Example

    Telnet uses TCP, and ping uses ICMP. The preceding results show that all TCP packets arriving on GigabitEthernet 3/0 of Router A are forwarded to the next hop 1::2, and other packets are forwarded through GigabitEthernet 2/0. The IPv6 interface PBR configuration is effective. Packet length-based IPv6 interface PBR configuration example Network requirements As shown in...
  • Page 444 [RouterA-pbr6-lab1-20] quit # Configure IPv6 interface PBR by applying policy lab1 to GigabitEthernet 3/0. [RouterA] interface gigabitethernet 3/0 [RouterA-GigabitEthernet3/0] ipv6 address 192::1 64 [RouterA-GigabitEthernet3/0] undo ipv6 nd ra halt [RouterA-GigabitEthernet3/0] ripng 1 enable [RouterA-GigabitEthernet3/0] ipv6 policy-based-route lab1 [RouterA-GigabitEthernet3/0] return Configure RIPng on Router B. <RouterB>...
  • Page 445 *Jun 26 13:04:33:519 2012 RouterA PBR6/7/PBR Forward Info: -MDC=1; Policy:lab1, Node: 10,match succeeded. *Jun 26 13:04:33:519 2012 RouterA PBR6/7/PBR Forward Info: -MDC=1; apply next-hop ::2. The output shows that Router A sets the next hop for the received packets to 150::2 according to IPv6 PBR.

  • Page 446: Configuring Routing Policies

    Configuring routing policies Routing policies control routing paths by filtering and modifying routing information. This chapter describes both IPv4 and IPv6 routing policies. Overview Routing policies can filter advertised, received, and redistributed routes, and modify attributes for specific routes. To configure a routing policy: Configure filters based on route attributes, such as destination address and the advertising router's address.

  • Page 447: Routing Policy

    For more information about extended community lists, see MPLS Configuration Guide. MAC list A MAC list matches MAC addresses contained in EVI IS-IS packets. A MAC list can contain multiple items that specify MAC address ranges. Each MAC address entry in an EVI IS-IS packet is compared with these items in ascending order of their index numbers.

  • Page 448: Configuring An Ip Prefix List

    Configuring an IP prefix list Configuring an IPv4 prefix list If all the items are set to deny mode, no routes can pass the IPv4 prefix list. To permit unmatched IPv4 routes, you must configure the permit 0.0.0.0 0 less-equal 32 item following multiple deny items. To configure an IPv4 prefix list: Step Command...

  • Page 449: Configuring An Extended Community List

    Step Command Remarks Enter system view. system-view • Configure a basic community list: ip community-list { basic-comm-list-num | basic basic-comm-list-name } { deny | permit } [ community-number&<1-32> | aa:nn&<1-32> ] Use either method. [ internet | no-advertise | no-export | Configure a community By default, no no-export-subconfed ] *...

  • Page 450: Creating A Routing Policy

    Creating a routing policy For a routing policy that has more than one node, configure at least one permit node. A route that does not match any node cannot pass the routing policy. If all the nodes are in deny mode, no routes can pass the routing policy.

  • Page 451: Configuring Apply Clauses

    Step Command Remarks if-match community Match BGP routes whose { { basic-community-list-number | By default, no COMMUNITY COMMUNITY attribute matches name comm-list-name } match criterion is matched. a specified community list. [ whole-match ] | adv-community-list-number }&<1-32> Match routes having the By default, no cost match if-match cost value specified cost.
  • Page 452 Step Command Remarks Delete the specified apply comm-list By default, no COMMUNITY COMMUNITY attribute for { comm-list-number | attribute is deleted for BGP routes. BGP routes. comm-list-name } delete apply community { none | additive | { community-number&<1-32> | Set the specified COMMUNITY By default, no community attribute is aa:nn&<1-32>...

  • Page 453: Configuring The Continue Clause

    Step Command Remarks • Method 1: apply fast-reroute { backup-interface interface-type interface-number [ backup-nexthop Use either method. Set a backup link for fast ip-address ] | By default, no backup link is set for reroute (FRR). backup-nexthop FRR. ip-address } •...

  • Page 454: Routing Policy Configuration Examples

    Task Command Display BGP AS path list information. display ip as-path [ as-path-number ] display ip community-list [ basic-community-list-number | Display BGP community list information. adv-community-list-number | name comm-list-name ] Display BGP extended community list display ip extcommunity-list [ ext-comm-list-number ] information.
  • Page 455 <RouterC> system-view [RouterC] isis [RouterC-isis-1] is-level level-2 [RouterC-isis-1] network-entity 10.0000.0000.0001.00 [RouterC-isis-1] quit [RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] isis enable [RouterC-GigabitEthernet1/0] quit [RouterC] interface gigabitethernet 2/0 [RouterC-GigabitEthernet2/0] isis enable [RouterC-GigabitEthernet2/0] quit [RouterC] interface gigabitethernet 3/0 [RouterC-GigabitEthernet3/0] isis enable [RouterC-GigabitEthernet3/0] quit [RouterC] interface gigabitethernet 4/0 [RouterC-GigabitEthernet4/0] isis enable [RouterC-GigabitEthernet4/0] quit # Configure Router B.
  • Page 456 Routing for Network Destination Cost Type NextHop AdvRouter Area 192.168.1.0/24 Transit 192.168.1.1 192.168.1.1 0.0.0.0 Routing for ASEs Destination Cost Type NextHop AdvRouter 172.17.1.0/24 Type2 192.168.1.2 192.168.2.2 172.17.2.0/24 Type2 192.168.1.2 192.168.2.2 172.17.3.0/24 Type2 192.168.1.2 192.168.2.2 Total Nets: 4 Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: 0...

  • Page 457: Applying A Routing Policy To Ipv6 Route Redistribution

    172.17.1.0/24 Type2 192.168.1.2 192.168.2.2 172.17.2.0/24 Type2 192.168.1.2 192.168.2.2 172.17.3.0/24 Type2 192.168.1.2 192.168.2.2 Total Nets: 4 Intra Area: 1 Inter Area: 0 ASE: 3 NSSA: 0 The output shows that the cost of route 172.17.1.0/24 is 100 and the tag of route 172.17.2.0/24 is 20.
  • Page 458 [RouterA] route-policy static2ripng deny node 0 [RouterA-route-policy-static2ripng-0] if-match ipv6 address prefix-list a [RouterA-route-policy-static2ripng-0] quit [RouterA] route-policy static2ripng permit node 10 [RouterA-route-policy-static2ripng-10] quit # Enable RIPng and apply routing policy static2ripng to filter redistributed static routes on Router [RouterA] ripng [RouterA-ripng-1] import-route static route-policy static2ripng Configure Router B: # Configure the IPv6 address of GigabitEthernet 1/0.

  • Page 459: Support And Other Resources

    Related information Documents To find related documents, browse to the Manuals page of the HP Business Support Center website: http://www.hp.com/support/manuals For related documentation, navigate to the Networking section, and select a networking category. •...

  • Page 460: Conventions

    Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are optional. Braces enclose a set of required syntax choices separated by vertical bars, from which { x | y | ...
  • Page 461 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

  • Page 462: Index

    Configuring basic IPv6 IS-IS,405 Configuring the maximum lifetime for routes in the Configuring basic IS-IS,131 FIB,5 Configuring basic RIP,24 Contacting HP,447 Configuring basic RIPng,353 Controlling BGP path selection,222 Configuring BFD for BGP,260 Controlling route distribution and reception,212 Configuring BFD for IPv6...
  • Page 463 Enabling IPv6 IS-IS MTR,41 1 Overview,179 Enabling IPv6 PBR notification sending,427 Overview,405 Enabling logging of session state changes,260 Overview,352 Enabling OSPF,67 Overview,434 Enabling OSPFv3,370 Overview,123 Enabling PBR notification sending,332 Enabling SNMP notifications for BGP,259 PBR configuration examples,332 Enhancing IS-IS network security,150 PBR configuration task list,328...

Table of Contents